diff --git a/go.mod b/go.mod
index 15702b5a3..08083f34b 100644
--- a/go.mod
+++ b/go.mod
@@ -4,64 +4,64 @@ go 1.19
 
 require (
 	cloud.google.com/go/storage v1.30.1
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0
 	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0
 	github.com/VictoriaMetrics/fastcache v1.12.1
 
 	// Do not use the original github.com/valyala/fasthttp because of issues
 	// like https://github.com/valyala/fasthttp/commit/996610f021ff45fdc98c2ce7884d5fa4e7f9199b
 	github.com/VictoriaMetrics/fasthttp v1.2.0
-	github.com/VictoriaMetrics/metrics v1.23.1
+	github.com/VictoriaMetrics/metrics v1.24.0
 	github.com/VictoriaMetrics/metricsql v0.56.2
-	github.com/aws/aws-sdk-go-v2 v1.17.7
-	github.com/aws/aws-sdk-go-v2/config v1.18.19
-	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.60
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.31.1
+	github.com/aws/aws-sdk-go-v2 v1.18.0
+	github.com/aws/aws-sdk-go-v2/config v1.18.25
+	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.67
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.33.1
 	github.com/cespare/xxhash/v2 v2.2.0
 	github.com/cheggaaa/pb/v3 v3.1.2
 	github.com/gogo/protobuf v1.3.2
 	github.com/golang/snappy v0.0.4
 	github.com/googleapis/gax-go/v2 v2.8.0
-	github.com/influxdata/influxdb v1.11.0
-	github.com/klauspost/compress v1.16.4
-	github.com/prometheus/prometheus v0.43.0
-	github.com/urfave/cli/v2 v2.25.1
+	github.com/influxdata/influxdb v1.11.1
+	github.com/klauspost/compress v1.16.5
+	github.com/prometheus/prometheus v0.44.0
+	github.com/urfave/cli/v2 v2.25.3
 	github.com/valyala/fastjson v1.6.4
 	github.com/valyala/fastrand v1.1.0
 	github.com/valyala/fasttemplate v1.2.2
-	github.com/valyala/gozstd v1.19.0
+	github.com/valyala/gozstd v1.20.1
 	github.com/valyala/histogram v1.2.0
 	github.com/valyala/quicktemplate v1.7.0
-	golang.org/x/net v0.8.0
-	golang.org/x/oauth2 v0.6.0
-	golang.org/x/sys v0.7.0
-	google.golang.org/api v0.116.0
+	golang.org/x/net v0.10.0
+	golang.org/x/oauth2 v0.8.0
+	golang.org/x/sys v0.8.0
+	google.golang.org/api v0.123.0
 	gopkg.in/yaml.v2 v2.4.0
 )
 
 require (
-	cloud.google.com/go v0.110.0 // indirect
-	cloud.google.com/go/compute v1.19.0 // indirect
+	cloud.google.com/go v0.110.2 // indirect
+	cloud.google.com/go/compute v1.19.3 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v1.0.0 // indirect
+	cloud.google.com/go/iam v1.0.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
 	github.com/VividCortex/ewma v1.2.0 // indirect
 	github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
-	github.com/aws/aws-sdk-go v1.44.237 // indirect
+	github.com/aws/aws-sdk-go v1.44.265 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.18 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.1 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.31 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.25 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.32 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.23 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.24 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.25 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.26 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.25 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.18.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.28 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.19.0 // indirect
 	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
@@ -76,6 +76,7 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/s2a-go v0.1.3 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
 	github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd // indirect
@@ -89,9 +90,9 @@ require (
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_golang v1.14.0 // indirect
-	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/prometheus/common v0.42.0 // indirect
+	github.com/prometheus/client_golang v1.15.1 // indirect
+	github.com/prometheus/client_model v0.4.0 // indirect
+	github.com/prometheus/common v0.43.0 // indirect
 	github.com/prometheus/common/sigv4 v0.1.0 // indirect
 	github.com/prometheus/procfs v0.9.0 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
@@ -100,20 +101,21 @@ require (
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.40.0 // indirect
-	go.opentelemetry.io/otel v1.14.0 // indirect
-	go.opentelemetry.io/otel/metric v0.37.0 // indirect
-	go.opentelemetry.io/otel/trace v1.14.0 // indirect
-	go.uber.org/atomic v1.10.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.41.1 // indirect
+	go.opentelemetry.io/otel v1.15.1 // indirect
+	go.opentelemetry.io/otel/metric v0.38.1 // indirect
+	go.opentelemetry.io/otel/trace v1.15.1 // indirect
+	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/goleak v1.2.1 // indirect
-	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/sync v0.1.0 // indirect
-	golang.org/x/text v0.8.0 // indirect
+	golang.org/x/crypto v0.9.0 // indirect
+	golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc // indirect
+	golang.org/x/sync v0.2.0 // indirect
+	golang.org/x/text v0.9.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230403163135-c38d8f061ccd // indirect
-	google.golang.org/grpc v1.54.0 // indirect
+	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
+	google.golang.org/grpc v1.55.0 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/go.sum b/go.sum
index 19f2a6bbf..5073d2b94 100644
--- a/go.sum
+++ b/go.sum
@@ -13,22 +13,22 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV
 cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
 cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
 cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys=
-cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY=
+cloud.google.com/go v0.110.2 h1:sdFPBr6xG9/wkBbfhmUz/JmZC7X6LavQgcrVINrKiVA=
+cloud.google.com/go v0.110.2/go.mod h1:k04UEeEtb6ZBRTv3dZz4CeJC3jKGxyhl0sAiVVquxiw=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.19.0 h1:+9zda3WGgW1ZSTlVppLCYFIr48Pa35q1uG2N1itbCEQ=
-cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU=
+cloud.google.com/go/compute v1.19.3 h1:DcTwsFgGev/wV5+q8o2fzgcHOaac+DKGC91ZlvpsQds=
+cloud.google.com/go/compute v1.19.3/go.mod h1:qxvISKp/gYnXkSAD1ppcSOveRAmzxicEv/JlizULFrI=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/iam v1.0.0 h1:hlQJMovyJJwYjZcTohUH4o1L8Z8kYz+E+W/zktiLCBc=
-cloud.google.com/go/iam v1.0.0/go.mod h1:ikbQ4f1r91wTmBmmOtBCOtuEOei6taatNXytzB7Cxew=
+cloud.google.com/go/iam v1.0.1 h1:lyeCAU6jpnVNrE9zGQkTl3WgNgK/X+uWwaw0kynZJMU=
+cloud.google.com/go/iam v1.0.1/go.mod h1:yR3tmSL8BcZB4bxByRv2jkSIahVmCtfKZwLYGBalRE8=
 cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
@@ -43,8 +43,8 @@ cloud.google.com/go/storage v1.30.1 h1:uOdMxAs8HExqBlnLtnQyP0YkvbiDpdGShGKtx6U/o
 cloud.google.com/go/storage v1.30.1/go.mod h1:NfxhC0UJE1aXSx7CIIbCf7y9HKT7BiccwkR7+P7gN8E=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/Azure/azure-sdk-for-go v65.0.0+incompatible h1:HzKLt3kIwMm4KeJYTdx9EbjRYTySD/t8i1Ee/W5EGXw=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0 h1:rTnT/Jrcm+figWlYz4Ixzt0SJVR2cMC8lvZcimipiEY=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0/go.mod h1:ON4tFdPTwRcgWEaVDrN3584Ef+b7GgSJaXxe5fW9t4M=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 h1:8kDqDngH+DmVBiCtIjCFTGa7MBnsIOkF9IccInFEbjk=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4SathZPhDhF4mVwpBMFlYjyAqy8=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
@@ -52,7 +52,7 @@ github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0 h1:u/LLAOFgsMv7HmNL4
 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0/go.mod h1:2e8rMJtl2+2j+HXbTBwnyGpm5Nou7KhvSfxOq8JpTag=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
 github.com/Azure/go-autorest/autorest v0.11.28 h1:ndAExarwr5Y+GaHE6VCaY1kyS/HwwGGyuimVhWsHOEM=
-github.com/Azure/go-autorest/autorest/adal v0.9.22 h1:/GblQdIudfEM3AWWZ0mrYJQSd7JS4S/Mbzh6F0ov0Xc=
+github.com/Azure/go-autorest/autorest/adal v0.9.23 h1:Yepx8CvFxwNKpH6ja7RZ+sKX+DWYNldbLiALMC3BTz8=
 github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
 github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=
 github.com/Azure/go-autorest/autorest/validation v0.3.1 h1:AgyqjAd94fwNAoTjl/WQXg4VvFeRFpO+UhNyRXqF1ac=
@@ -67,8 +67,8 @@ github.com/VictoriaMetrics/fastcache v1.12.1/go.mod h1:tX04vaqcNoQeGLD+ra5pU5sWk
 github.com/VictoriaMetrics/fasthttp v1.2.0 h1:nd9Wng4DlNtaI27WlYh5mGXCJOmee/2c2blTJwfyU9I=
 github.com/VictoriaMetrics/fasthttp v1.2.0/go.mod h1:zv5YSmasAoSyv8sBVexfArzFDIGGTN4TfCKAtAw7IfE=
 github.com/VictoriaMetrics/metrics v1.18.1/go.mod h1:ArjwVz7WpgpegX/JpB0zpNF2h2232kErkEnzH1sxMmA=
-github.com/VictoriaMetrics/metrics v1.23.1 h1:/j8DzeJBxSpL2qSIdqnRFLvQQhbJyJbbEi22yMm7oL0=
-github.com/VictoriaMetrics/metrics v1.23.1/go.mod h1:rAr/llLpEnAdTehiNlUxKgnjcOuROSzpw0GvjpEbvFc=
+github.com/VictoriaMetrics/metrics v1.24.0 h1:ILavebReOjYctAGY5QU2F9X0MYvkcrG3aEn2RKa1Zkw=
+github.com/VictoriaMetrics/metrics v1.24.0/go.mod h1:eFT25kvsTidQFHb6U0oa0rTrDRdz4xTYjpL8+UPohys=
 github.com/VictoriaMetrics/metricsql v0.56.2 h1:quBAbYOlWMhmdgzFSCr1yjtVcdZYZrVQJ7nR9zor7ZM=
 github.com/VictoriaMetrics/metricsql v0.56.2/go.mod h1:6pP1ZeLVJHqJrHlF6Ij3gmpQIznSsgktEcZgsAWYel0=
 github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
@@ -84,46 +84,47 @@ github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156 h1:eMwmnE/GDgah
 github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156/go.mod h1:Cb/ax3seSYIx7SuZdm2G2xzfwmv3TPSk2ucNfQESPXM=
 github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
 github.com/andybalholm/brotli v1.0.3/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
+github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA=
 github.com/aws/aws-sdk-go v1.38.35/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
-github.com/aws/aws-sdk-go v1.44.237 h1:gsmVP8eTB6id4tmEsBPcjLlYi1sXtKA047bSn7kJZAI=
-github.com/aws/aws-sdk-go v1.44.237/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
-github.com/aws/aws-sdk-go-v2 v1.17.7 h1:CLSjnhJSTSogvqUGhIC6LqFKATMRexcxLZ0i/Nzk9Eg=
-github.com/aws/aws-sdk-go-v2 v1.17.7/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
+github.com/aws/aws-sdk-go v1.44.265 h1:rlBuD8OYjM5Vfcf7jDa264oVHqlPqY7y7o+JmrjNFUc=
+github.com/aws/aws-sdk-go v1.44.265/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go-v2 v1.18.0 h1:882kkTpSFhdgYRKVZ/VCgf7sd0ru57p2JCxz4/oN5RY=
+github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 h1:dK82zF6kkPeCo8J1e+tGx4JdvDIQzj7ygIoLg8WMuGs=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10/go.mod h1:VeTZetY5KRJLuD/7fkQXMU6Mw7H5m/KP2J5Iy9osMno=
-github.com/aws/aws-sdk-go-v2/config v1.18.19 h1:AqFK6zFNtq4i1EYu+eC7lcKHYnZagMn6SW171la0bGw=
-github.com/aws/aws-sdk-go-v2/config v1.18.19/go.mod h1:XvTmGMY8d52ougvakOv1RpiTLPz9dlG/OQHsKU/cMmY=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.18 h1:EQMdtHwz0ILTW1hoP+EwuWhwCG1hD6l3+RWFQABET4c=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.18/go.mod h1:vnwlwjIe+3XJPBYKu1et30ZPABG3VaXJYr8ryohpIyM=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.1 h1:gt57MN3liKiyGopcqgNzJb2+d9MJaKT/q1OksHNXVE4=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.1/go.mod h1:lfUx8puBRdM5lVVMQlwt2v+ofiG/X6Ms+dy0UkG/kXw=
-github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.60 h1:BRLcU36boYxw6BPOEvwJbDPuCtP7FqMhXMFk2NM6poM=
-github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.60/go.mod h1:HLWzCoNyzaPkOOs9yZ3muJ91lSk8O9DJbJw5aKAWWHY=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.31 h1:sJLYcS+eZn5EeNINGHSCRAwUJMFVqklwkH36Vbyai7M=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.31/go.mod h1:QT0BqUvX1Bh2ABdTGnjqEjvjzrCfIniM9Sc8zn9Yndo=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.25 h1:1mnRASEKnkqsntcxHaysxwgVoUUp5dkiB+l3llKnqyg=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.25/go.mod h1:zBHOPwhBc3FlQjQJE/D3IfPWiWaQmT06Vq9aNukDo0k=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.32 h1:p5luUImdIqywn6JpQsW3tq5GNOxKmOnEpybzPx+d1lk=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.32/go.mod h1:XGhIBZDEgfqmFIugclZ6FU7v75nHhBDtzuB4xB/tEi4=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.23 h1:DWYZIsyqagnWL00f8M/SOr9fN063OEQWn9LLTbdYXsk=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.23/go.mod h1:uIiFgURZbACBEQJfqTZPb/jxO7R+9LeoHUFudtIdeQI=
+github.com/aws/aws-sdk-go-v2/config v1.18.25 h1:JuYyZcnMPBiFqn87L2cRppo+rNwgah6YwD3VuyvaW6Q=
+github.com/aws/aws-sdk-go-v2/config v1.18.25/go.mod h1:dZnYpD5wTW/dQF0rRNLVypB396zWCcPiBIvdvSWHEg4=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.24 h1:PjiYyls3QdCrzqUN35jMWtUK1vqVZ+zLfdOa/UPFDp0=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.24/go.mod h1:jYPYi99wUOPIFi0rhiOvXeSEReVOzBqFNOX5bXYoG2o=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 h1:jJPgroehGvjrde3XufFIJUZVK5A2L9a3KwSFgKy9n8w=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3/go.mod h1:4Q0UFP0YJf0NrsEuEYHpM9fTSEVnD16Z3uyEF7J9JGM=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.67 h1:fI9/5BDEaAv/pv1VO1X1n3jfP9it+IGqWsCuuBQI8wM=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.67/go.mod h1:zQClPRIwQZfJlZq6WZve+s4Tb4JW+3V6eS+4+KrYeP8=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 h1:kG5eQilShqmJbv11XL1VpyDbaEJzWxd4zRiCG30GSn4=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33/go.mod h1:7i0PF1ME/2eUPFcjkVIwq+DOygHEoK92t5cDqNgYbIw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 h1:vFQlirhuM8lLlpI7imKOMsjdQLuN9CPi+k44F/OFVsk=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27/go.mod h1:UrHnn3QV/d0pBZ6QBAEQcqFLf8FAzLmoUfPVIueOvoM=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 h1:gGLG7yKaXG02/jBlg210R7VgQIotiQntNhsCFejawx8=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34/go.mod h1:Etz2dj6UHYuw+Xw830KfzCfWGMzqvUTCjUj5b76GVDc=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.25 h1:AzwRi5OKKwo4QNqPf7TjeO+tK8AyOK3GVSwmRPo7/Cs=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.25/go.mod h1:SUbB4wcbSEyCvqBxv/O/IBf93RbEze7U7OnoTlpPB+g=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 h1:y2+VQzC6Zh2ojtV2LoC0MNwHWc6qXv/j2vrQtlftkdA=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11/go.mod h1:iV4q2hsqtNECrfmlXyord9u4zyuFEJX9eLgLpSPzWA8=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.26 h1:CeuSeq/8FnYpPtnuIeLQEEvDv9zUjneuYi8EghMBdwQ=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.26/go.mod h1:2UqAAwMUXKeRkAHIlDJqvMVgOWkUi/AUXPk/YIe+Dg4=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.25 h1:5LHn8JQ0qvjD9L9JhMtylnkcw7j05GDZqM9Oin6hpr0=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.25/go.mod h1:/95IA+0lMnzW6XzqYJRpjjsAbKEORVeO0anQqjd2CNU=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.0 h1:e2ooMhpYGhDnBfSvIyusvAwX7KexuZaHbQY2Dyei7VU=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.0/go.mod h1:bh2E0CXKZsQN+faiKVqC40vfNMAWheoULBCnEgO9K+8=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.31.1 h1:PJH4I+qYjPXclKRbVCW47iYUvtXEh1u6YmDhn5J8VQE=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.31.1/go.mod h1:ncltU6n4Nof5uJttDtcNQ537uNuwYqsZZQcpkd2/GUQ=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.6 h1:5V7DWLBd7wTELVz5bPpwzYy/sikk0gsgZfj40X+l5OI=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.6/go.mod h1:Y1VOmit/Fn6Tz1uFAeCO6Q7M2fmfXSCLeL5INVYsLuY=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.6 h1:B8cauxOH1W1v7rd8RdI/MWnoR4Ze0wIHWrb90qczxj4=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.6/go.mod h1:Lh/bc9XUf8CfOY6Jp5aIkQtN+j1mc+nExc+KXj9jx2s=
-github.com/aws/aws-sdk-go-v2/service/sts v1.18.7 h1:bWNgNdRko2x6gqa0blfATqAZKZokPIeM1vfmQt2pnvM=
-github.com/aws/aws-sdk-go-v2/service/sts v1.18.7/go.mod h1:JuTnSoeePXmMVe9G8NcjjwgOKEfZ4cOjMuT2IBT/2eI=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.28 h1:vGWm5vTpMr39tEZfQeDiDAMgk+5qsnvRny3FjLpnH5w=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.28/go.mod h1:spfrICMD6wCAhjhzHuy6DOZZ+LAIY10UxhUmLzpJTTs=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 h1:0iKliEXAcCa2qVtRs7Ot5hItA2MsufrphbRFlz1Owxo=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27/go.mod h1:EOwBD4J4S5qYszS5/3DpkejfuK+Z5/1uzICfPaZLtqw=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.2 h1:NbWkRxEEIRSCqxhsHQuMiTH7yo+JZW1gp8v3elSVMTQ=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.2/go.mod h1:4tfW5l4IAB32VWCDEBxCRtR9T4BWy4I4kr1spr8NgZM=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.33.1 h1:O+9nAy9Bb6bJFTpeNFtd9UfHbgxO1o4ZDAM9rQp5NsY=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.33.1/go.mod h1:J9kLNzEiHSeGMyN7238EjJmBpCniVzFda75Gxl/NqB8=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 h1:UBQjaMTCKwyUYwiVnUt6toEJwGXsLBI6al083tpjJzY=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.10/go.mod h1:ouy2P4z6sJN70fR3ka3wD3Ro3KezSxU6eKGQI2+2fjI=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 h1:PkHIIJs8qvq0e5QybnZoG1K/9QTrLr9OsqCIo59jOBA=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10/go.mod h1:AFvkxc8xfBe8XA+5St5XIHHrQQtkxqrRincx4hmMHOk=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.0 h1:2DQLAKDteoEDI8zpCzqBMaZlJuoE9iTYD0gFmXVax9E=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.0/go.mod h1:BgQOMsg8av8jset59jelyPW7NoZcZXLVpDsXunGDrk8=
 github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -141,7 +142,12 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/xds/go v0.0.0-20230112175826-46e39c7b9b43 h1:XP+uhjN0yBCN/tPkr8Z0BNDc5rZam9RG6UWyf2FrSQ0=
+github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
+github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195 h1:58f1tJ1ra+zFINPlwLWvQsR9CzAKt2e+EWV2yX9oXQ4=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -149,10 +155,10 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dennwc/varint v1.0.0 h1:kGNFFSSw8ToIy3obO/kKr8U9GZYUAxQEVuix4zfDWzE=
 github.com/dennwc/varint v1.0.0/go.mod h1:hnItb35rvZvJrbTALZtY/iQfDs48JKRG1RPpgziApxA=
-github.com/digitalocean/godo v1.97.0 h1:p9w1yCcWMZcxFSLPToNGXA96WfUVLXqoHti6GzVomL4=
+github.com/digitalocean/godo v1.98.0 h1:potyC1eD0N9n5/P4/WmJuKgg+OGYZOBWEW+/aKTX6QQ=
 github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
-github.com/docker/docker v23.0.1+incompatible h1:vjgvJZxprTTE1A37nm+CLNAdwu6xZekyoiVlUZEINcY=
+github.com/docker/docker v23.0.4+incompatible h1:Kd3Bh9V/rO+XpTP/BLqM+gx8z7+Yb0AA2Ibj+nNo4ek=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/edsrzf/mmap-go v1.1.0 h1:6EUwBLQ/Mcr1EYLE4Tn1VdW1A4ckqCQWZBw8Hr0kjpQ=
@@ -160,14 +166,17 @@ github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKf
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/go-control-plane v0.11.0 h1:jtLewhRR2vMRNnq2ZZUoCjUlgut+Y0+sDDWPOfwOi1o=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/envoyproxy/protoc-gen-validate v0.9.1 h1:PS7VIOgmSVhWUEeZwTe7z7zouA22Cr590PzXKbZHOVY=
+github.com/envoyproxy/protoc-gen-validate v0.10.1 h1:c0g45+xCJhdgFGw7a5QAfdS4byAbud7miNWJ1WwEVf8=
 github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
 github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -225,6 +234,7 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
@@ -261,6 +271,8 @@ github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/s2a-go v0.1.3 h1:FAgZmpLl/SXurPEZyCMPBIiiYeTbqfjlbdnCNTAkbGE=
+github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -270,10 +282,11 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.8.0 h1:UBtEZqx1bjXtOQ5BVTkuYghXrr3N4V123VKJK67vJZc=
 github.com/googleapis/gax-go/v2 v2.8.0/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI=
-github.com/gophercloud/gophercloud v1.2.0 h1:1oXyj4g54KBg/kFtCdMM6jtxSzeIyg8wv4z1HoGPp1E=
+github.com/gophercloud/gophercloud v1.3.0 h1:RUKyCMiZoQR3VlVR5E3K7PK1AC3/qppsWYo6dtBiqs8=
 github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
 github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd h1:PpuIBO5P3e9hpqBD0O/HjhShYuM6XE0i/lbE6J94kww=
 github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd/go.mod h1:M5qHK+eWfAv8VR/265dIuEpL3fNfeC21tXXp9itM24A=
+github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/hashicorp/consul/api v1.20.0 h1:9IHTjNVSZ7MIwjlW3N3a7iGiykCMDpxZu8jsxFJh0yc=
 github.com/hashicorp/cronexpr v1.1.1 h1:NJZDd87hGXjoZBdvyCF9mX4DCq5Wy7+A/w+A7q0wn6c=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
@@ -286,14 +299,14 @@ github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5O
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.6.0 h1:uL2shRDx7RTrOrTCUZEGP/wJUFiUI8QT6E7z5o8jga4=
-github.com/hashicorp/nomad/api v0.0.0-20230308192510-48e7d70fcd4b h1:EkuSTU8c/63q4LMayj8ilgg/4I5PXDFVcnqKfs9qcwI=
+github.com/hashicorp/nomad/api v0.0.0-20230418003350-3067191c5197 h1:I5xhKLePXpXgM6pZ4xZNTiurLLS3sGuZrZFFzAbM67A=
 github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY=
-github.com/hetznercloud/hcloud-go v1.41.0 h1:KJGFRRc68QiVu4PrEP5BmCQVveCP2CM26UGQUKGpIUs=
+github.com/hetznercloud/hcloud-go v1.42.0 h1:Es/CDOForQN3nOOP5Vxh1N/YHjpCg386iYEX5zCgi+A=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
-github.com/influxdata/influxdb v1.11.0 h1:0X+ZsbcOWc6AEi5MHee9BYqXCKmz8IZsljrRYjmV8Qg=
-github.com/influxdata/influxdb v1.11.0/go.mod h1:V93tJcidY0Zh0LtSONZWnXXGDyt20dtVf+Ddp4EnhaA=
-github.com/ionos-cloud/sdk-go/v6 v6.1.4 h1:BJHhFA8Q1SZC7VOXqKKr2BV2ysQ2/4hlk1e4hZte7GY=
+github.com/influxdata/influxdb v1.11.1 h1:VEkQVMJ83gjpyS2FJuQaSbt4Mu+btGBoZbVq0XwTHGQ=
+github.com/influxdata/influxdb v1.11.1/go.mod h1:WSTwm8ZvJARODSZJfcxdghcjCQVstHwClgO6MrbnGt0=
+github.com/ionos-cloud/sdk-go/v6 v6.1.6 h1:0n4irdqNska+1s3YMCRhrAqKbibEgQ7SwwhAlHzYT5A=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
@@ -313,19 +326,19 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
 github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.16.4 h1:91KN02FnsOYhuunwU4ssRe8lc2JosWmizWa91B5v1PU=
-github.com/klauspost/compress v1.16.4/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
+github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b h1:udzkj9S/zlT5X367kqJis0QP7YMxobob6zhzq6Yre00=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
-github.com/linode/linodego v1.14.1 h1:uGxQyy0BidoEpLGdvfi4cPgEW+0YUFsEGrLEhcTfjNc=
+github.com/linode/linodego v1.16.1 h1:5otq57M4PdHycPERRfSFZ0s1yz1ETVWGjCp3hh7+F9w=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
@@ -337,7 +350,7 @@ github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/miekg/dns v1.1.51 h1:0+Xg7vObnhrz/4ZCZcZh7zPXlmU0aveS2HDBd0m0qSo=
+github.com/miekg/dns v1.1.53 h1:ZBkuHr5dxHtB1caEOlZTLPo7D3L3TWckgUUs/RHfDxw=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -354,7 +367,7 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM=
-github.com/ovh/go-ovh v1.3.0 h1:mvZaddk4E4kLcXhzb+cxBsMPYp2pHqiQpWYkInsuZPQ=
+github.com/ovh/go-ovh v1.4.1 h1:VBGa5wMyQtTP7Zb+w97zRCh9sLtM/2YKRyy+MEJmWaM=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -366,20 +379,20 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
-github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
+github.com/prometheus/client_golang v1.15.1 h1:8tXpTmJbyH5lydzFPoxSIJ0J46jdh3tylbvM1xCv0LI=
+github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
-github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
+github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
+github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
 github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM=
-github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc=
+github.com/prometheus/common v0.43.0 h1:iq+BVjvYLei5f27wiuNiB1DN6DYQkp1c8Bx0Vykh5us=
+github.com/prometheus/common v0.43.0/go.mod h1:NCvr5cQIh3Y/gy73/RdVtC9r8xxrxwJnB+2lB3BxrFc=
 github.com/prometheus/common/sigv4 v0.1.0 h1:qoVebwtwwEhS85Czm2dSROY5fTo2PAPEVdDeppTwGX4=
 github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
@@ -388,15 +401,17 @@ github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI=
 github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY=
-github.com/prometheus/prometheus v0.43.0 h1:18iCSfrbAHbXvYFvR38U1Pt4uZmU9SmDcCpCrBKUiGg=
-github.com/prometheus/prometheus v0.43.0/go.mod h1:2BA14LgBeqlPuzObSEbh+Y+JwLH2GcqDlJKbF2sA6FM=
+github.com/prometheus/prometheus v0.44.0 h1:sgn8Fdx+uE5tHQn0/622swlk2XnIj6udoZCnbVjHIgc=
+github.com/prometheus/prometheus v0.44.0/go.mod h1:aPsmIK3py5XammeTguyqTmuqzX/jeCdyOWWobLHNKQg=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
 github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.14 h1:yFl3jyaSVLNYXlnNYM5z2pagEk1dYQhfr1p20T1NyKY=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15 h1:Y7xOFbD+3jaPw+VN7lkakNJ/pa+ZSQVFp1ONtJaBxns=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
@@ -408,14 +423,15 @@ github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpE
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/urfave/cli/v2 v2.25.1 h1:zw8dSP7ghX0Gmm8vugrs6q9Ku0wzweqPyshy+syu9Gw=
-github.com/urfave/cli/v2 v2.25.1/go.mod h1:GHupkWPMM0M/sj1a2b4wUrWBPzazNrIjouW6fmdJLxc=
+github.com/urfave/cli/v2 v2.25.3 h1:VJkt6wvEBOoSjPFQvOkv6iWIrsJyCrKGtCtxXWwmGeY=
+github.com/urfave/cli/v2 v2.25.3/go.mod h1:GHupkWPMM0M/sj1a2b4wUrWBPzazNrIjouW6fmdJLxc=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasthttp v1.30.0/go.mod h1:2rsYD01CKFrjjsvFxx75KlEUNpWNBY9JWD3K/7o2Cus=
@@ -425,8 +441,8 @@ github.com/valyala/fastrand v1.1.0 h1:f+5HkLW4rsgzdNoleUOB69hyT9IlD2ZQh9GyDMfb5G
 github.com/valyala/fastrand v1.1.0/go.mod h1:HWqCzkrkg6QXT8V2EXWvXCoow7vLwOFN002oeRzjapQ=
 github.com/valyala/fasttemplate v1.2.2 h1:lxLXG0uE3Qnshl9QyaK6XJxMXlQZELvChBOCmQD0Loo=
 github.com/valyala/fasttemplate v1.2.2/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
-github.com/valyala/gozstd v1.19.0 h1:BS0M7sH3dcuyw2SQBrTLprAdGuNxfiH0c4IAM8kX07c=
-github.com/valyala/gozstd v1.19.0/go.mod h1:y5Ew47GLlP37EkTB+B4s7r6A5rdaeB7ftbl9zoYiIPQ=
+github.com/valyala/gozstd v1.20.1 h1:xPnnnvjmaDDitMFfDxmQ4vpx0+3CdTg2o3lALvXTU/g=
+github.com/valyala/gozstd v1.20.1/go.mod h1:y5Ew47GLlP37EkTB+B4s7r6A5rdaeB7ftbl9zoYiIPQ=
 github.com/valyala/histogram v1.2.0 h1:wyYGAZZt3CpwUiIb9AU/Zbllg1llXyrtApRS815OLoQ=
 github.com/valyala/histogram v1.2.0/go.mod h1:Hb4kBwb4UxsaNbbbh+RRz8ZR6pdodR57tzWUS3BUzXY=
 github.com/valyala/quicktemplate v1.7.0 h1:LUPTJmlVcb46OOUY3IeD9DojFpAVbsG+5WFTcjMJzCM=
@@ -447,16 +463,17 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.40.0 h1:lE9EJyw3/JhrjWH/hEy9FptnalDQgj7vpbgC2KCCCxE=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.40.0/go.mod h1:pcQ3MM3SWvrA71U4GDqv9UFDJ3HQsW7y5ZO3tDTlUdI=
-go.opentelemetry.io/otel v1.14.0 h1:/79Huy8wbf5DnIPhemGB+zEPVwnN6fuQybr/SRXa6hM=
-go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU=
-go.opentelemetry.io/otel/metric v0.37.0 h1:pHDQuLQOZwYD+Km0eb657A25NaRzy0a+eLyKfDXedEs=
-go.opentelemetry.io/otel/metric v0.37.0/go.mod h1:DmdaHfGt54iV6UKxsV9slj2bBRJcKC1B1uvDLIioc1s=
-go.opentelemetry.io/otel/trace v1.14.0 h1:wp2Mmvj41tDsyAJXiWDWpfNsOiIyd38fy85pyKcFq/M=
-go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8=
-go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
-go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.41.1 h1:pX+lppB8PArapyhS6nBStyQmkaDUPWdQf0UmEGRCQ54=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.41.1/go.mod h1:2FmkXne0k9nkp27LD/m+uoh8dNlstsiCJ7PLc/S72aI=
+go.opentelemetry.io/otel v1.15.1 h1:3Iwq3lfRByPaws0f6bU3naAqOR1n5IeDWd9390kWHa8=
+go.opentelemetry.io/otel v1.15.1/go.mod h1:mHHGEHVDLal6YrKMmk9LqC4a3sF5g+fHfrttQIB1NTc=
+go.opentelemetry.io/otel/metric v0.38.1 h1:2MM7m6wPw9B8Qv8iHygoAgkbejed59uUR6ezR5T3X2s=
+go.opentelemetry.io/otel/metric v0.38.1/go.mod h1:FwqNHD3I/5iX9pfrRGZIlYICrJv0rHEUl2Ln5vdIVnQ=
+go.opentelemetry.io/otel/trace v1.15.1 h1:uXLo6iHJEzDfrNC0L0mNjItIp06SyaBQxu5t3xMlngY=
+go.opentelemetry.io/otel/trace v1.15.1/go.mod h1:IWdQG/5N1x7f6YUlmdLeJvH9yxtuJAfc4VW5Agv9r/8=
+go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
+go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
+go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -467,7 +484,9 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
+golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
+golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -478,8 +497,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc h1:mCRnTeVUjcrhlRmO0VK8a6k6Rrf6TF9htwo2pJVSjIU=
+golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -501,7 +520,7 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzB
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs=
+golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -535,18 +554,19 @@ golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw=
-golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw=
+golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
+golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -558,8 +578,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
+golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -604,12 +624,12 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
-golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
+golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -617,9 +637,10 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -668,7 +689,7 @@ golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4=
+golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -691,8 +712,8 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M
 google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
 google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
 google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/api v0.116.0 h1:09tOPVufPwfm5W4aA8EizGHJ7BcoRDsIareM2a15gO4=
-google.golang.org/api v0.116.0/go.mod h1:9cD4/t6uvd9naoEJFA+M96d0IuB6BqFuyhpw68+mRGg=
+google.golang.org/api v0.123.0 h1:yHVU//vA+qkOhm4reEC9LtzHVUCN/IqqNRl1iQ9xE20=
+google.golang.org/api v0.123.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -724,14 +745,15 @@ google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfG
 google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
 google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20230403163135-c38d8f061ccd h1:sLpv7bNL1AsX3fdnWh9WVh7ejIzXdOc1RRHGeAmeStU=
-google.golang.org/genproto v0.0.0-20230403163135-c38d8f061ccd/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak=
+google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
+google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -744,9 +766,12 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa
 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag=
-google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g=
+google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
+google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag=
+google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -771,6 +796,7 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/vendor/cloud.google.com/go/compute/internal/version.go b/vendor/cloud.google.com/go/compute/internal/version.go
index ac02a3ce1..7513e24cc 100644
--- a/vendor/cloud.google.com/go/compute/internal/version.go
+++ b/vendor/cloud.google.com/go/compute/internal/version.go
@@ -15,4 +15,4 @@
 package internal
 
 // Version is the current tagged release of the library.
-const Version = "1.19.0"
+const Version = "1.19.3"
diff --git a/vendor/cloud.google.com/go/iam/CHANGES.md b/vendor/cloud.google.com/go/iam/CHANGES.md
index 770be01dd..b32aaa5e0 100644
--- a/vendor/cloud.google.com/go/iam/CHANGES.md
+++ b/vendor/cloud.google.com/go/iam/CHANGES.md
@@ -1,6 +1,13 @@
 # Changes
 
 
+## [1.0.1](https://github.com/googleapis/google-cloud-go/compare/iam/v1.0.0...iam/v1.0.1) (2023-05-08)
+
+
+### Bug Fixes
+
+* **iam:** Update grpc to v1.55.0 ([1147ce0](https://github.com/googleapis/google-cloud-go/commit/1147ce02a990276ca4f8ab7a1ab65c14da4450ef))
+
 ## [1.0.0](https://github.com/googleapis/google-cloud-go/compare/iam/v0.13.0...iam/v1.0.0) (2023-04-04)
 
 
diff --git a/vendor/cloud.google.com/go/iam/apiv1/iampb/iam_policy.pb.go b/vendor/cloud.google.com/go/iam/apiv1/iampb/iam_policy.pb.go
index 736731d95..dc1c74e0e 100644
--- a/vendor/cloud.google.com/go/iam/apiv1/iampb/iam_policy.pb.go
+++ b/vendor/cloud.google.com/go/iam/apiv1/iampb/iam_policy.pb.go
@@ -14,7 +14,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
+// 	protoc-gen-go v1.30.0
 // 	protoc        v3.21.12
 // source: google/iam/v1/iam_policy.proto
 
@@ -342,26 +342,26 @@ var file_google_iam_v1_iam_policy_proto_rawDesc = []byte{
 	0x53, 0x65, 0x74, 0x49, 0x61, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75,
 	0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d,
 	0x2e, 0x76, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x29, 0x82, 0xd3, 0xe4, 0x93,
-	0x02, 0x23, 0x22, 0x1e, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
-	0x65, 0x3d, 0x2a, 0x2a, 0x7d, 0x3a, 0x73, 0x65, 0x74, 0x49, 0x61, 0x6d, 0x50, 0x6f, 0x6c, 0x69,
-	0x63, 0x79, 0x3a, 0x01, 0x2a, 0x12, 0x74, 0x0a, 0x0c, 0x47, 0x65, 0x74, 0x49, 0x61, 0x6d, 0x50,
+	0x02, 0x23, 0x3a, 0x01, 0x2a, 0x22, 0x1e, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x72, 0x65, 0x73, 0x6f,
+	0x75, 0x72, 0x63, 0x65, 0x3d, 0x2a, 0x2a, 0x7d, 0x3a, 0x73, 0x65, 0x74, 0x49, 0x61, 0x6d, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x74, 0x0a, 0x0c, 0x47, 0x65, 0x74, 0x49, 0x61, 0x6d, 0x50,
 	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69,
 	0x61, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x49, 0x61, 0x6d, 0x50, 0x6f, 0x6c, 0x69,
 	0x63, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
 	0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
-	0x22, 0x29, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x23, 0x22, 0x1e, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x72,
-	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x3d, 0x2a, 0x2a, 0x7d, 0x3a, 0x67, 0x65, 0x74, 0x49,
-	0x61, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x3a, 0x01, 0x2a, 0x12, 0x9a, 0x01, 0x0a, 0x12,
+	0x22, 0x29, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x23, 0x3a, 0x01, 0x2a, 0x22, 0x1e, 0x2f, 0x76, 0x31,
+	0x2f, 0x7b, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x3d, 0x2a, 0x2a, 0x7d, 0x3a, 0x67,
+	0x65, 0x74, 0x49, 0x61, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x9a, 0x01, 0x0a, 0x12,
 	0x54, 0x65, 0x73, 0x74, 0x49, 0x61, 0x6d, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f,
 	0x6e, 0x73, 0x12, 0x28, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e,
 	0x76, 0x31, 0x2e, 0x54, 0x65, 0x73, 0x74, 0x49, 0x61, 0x6d, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73,
 	0x73, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x29, 0x2e, 0x67,
 	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x65, 0x73,
 	0x74, 0x49, 0x61, 0x6d, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x2f, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x29, 0x22,
-	0x24, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x3d, 0x2a,
-	0x2a, 0x7d, 0x3a, 0x74, 0x65, 0x73, 0x74, 0x49, 0x61, 0x6d, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73,
-	0x73, 0x69, 0x6f, 0x6e, 0x73, 0x3a, 0x01, 0x2a, 0x1a, 0x1e, 0xca, 0x41, 0x1b, 0x69, 0x61, 0x6d,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x2f, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x29, 0x3a,
+	0x01, 0x2a, 0x22, 0x24, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
+	0x65, 0x3d, 0x2a, 0x2a, 0x7d, 0x3a, 0x74, 0x65, 0x73, 0x74, 0x49, 0x61, 0x6d, 0x50, 0x65, 0x72,
+	0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x1e, 0xca, 0x41, 0x1b, 0x69, 0x61, 0x6d,
 	0x2d, 0x6d, 0x65, 0x74, 0x61, 0x2d, 0x61, 0x70, 0x69, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
 	0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x42, 0x7f, 0x0a, 0x11, 0x63, 0x6f, 0x6d, 0x2e,
 	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x69, 0x61, 0x6d, 0x2e, 0x76, 0x31, 0x42, 0x0e, 0x49,
diff --git a/vendor/cloud.google.com/go/iam/apiv1/iampb/options.pb.go b/vendor/cloud.google.com/go/iam/apiv1/iampb/options.pb.go
index d41b01107..b7360b648 100644
--- a/vendor/cloud.google.com/go/iam/apiv1/iampb/options.pb.go
+++ b/vendor/cloud.google.com/go/iam/apiv1/iampb/options.pb.go
@@ -14,7 +14,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
+// 	protoc-gen-go v1.30.0
 // 	protoc        v3.21.12
 // source: google/iam/v1/options.proto
 
diff --git a/vendor/cloud.google.com/go/iam/apiv1/iampb/policy.pb.go b/vendor/cloud.google.com/go/iam/apiv1/iampb/policy.pb.go
index 9e2a900eb..7f5115aee 100644
--- a/vendor/cloud.google.com/go/iam/apiv1/iampb/policy.pb.go
+++ b/vendor/cloud.google.com/go/iam/apiv1/iampb/policy.pb.go
@@ -14,7 +14,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
+// 	protoc-gen-go v1.30.0
 // 	protoc        v3.21.12
 // source: google/iam/v1/policy.proto
 
diff --git a/vendor/cloud.google.com/go/internal/.repo-metadata-full.json b/vendor/cloud.google.com/go/internal/.repo-metadata-full.json
index 2dd0e1814..9482956b1 100644
--- a/vendor/cloud.google.com/go/internal/.repo-metadata-full.json
+++ b/vendor/cloud.google.com/go/internal/.repo-metadata-full.json
@@ -4,7 +4,7 @@
     "description": "Access Approval API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/accessapproval/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/accessapproval/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -13,16 +13,25 @@
     "description": "Access Context Manager API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/accesscontextmanager/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/accesscontextmanager/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
+  "cloud.google.com/go/advisorynotifications/apiv1": {
+    "distribution_name": "cloud.google.com/go/advisorynotifications/apiv1",
+    "description": "Advisory Notifications API",
+    "language": "Go",
+    "client_library_type": "generated",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/advisorynotifications/apiv1",
+    "release_level": "beta",
+    "library_type": "GAPIC_AUTO"
+  },
   "cloud.google.com/go/aiplatform/apiv1": {
     "distribution_name": "cloud.google.com/go/aiplatform/apiv1",
     "description": "Vertex AI API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/aiplatform/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/aiplatform/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -31,7 +40,34 @@
     "description": "Vertex AI API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/aiplatform/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/aiplatform/apiv1beta1",
+    "release_level": "beta",
+    "library_type": "GAPIC_AUTO"
+  },
+  "cloud.google.com/go/alloydb/apiv1": {
+    "distribution_name": "cloud.google.com/go/alloydb/apiv1",
+    "description": "AlloyDB API",
+    "language": "Go",
+    "client_library_type": "generated",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/alloydb/apiv1",
+    "release_level": "ga",
+    "library_type": "GAPIC_AUTO"
+  },
+  "cloud.google.com/go/alloydb/apiv1alpha": {
+    "distribution_name": "cloud.google.com/go/alloydb/apiv1alpha",
+    "description": "AlloyDB API",
+    "language": "Go",
+    "client_library_type": "generated",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/alloydb/apiv1alpha",
+    "release_level": "alpha",
+    "library_type": "GAPIC_AUTO"
+  },
+  "cloud.google.com/go/alloydb/apiv1beta": {
+    "distribution_name": "cloud.google.com/go/alloydb/apiv1beta",
+    "description": "AlloyDB API",
+    "language": "Go",
+    "client_library_type": "generated",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/alloydb/apiv1beta",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -40,7 +76,7 @@
     "description": "Google Analytics Admin API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/analytics/latest/admin/apiv1alpha",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/analytics/admin/apiv1alpha",
     "release_level": "alpha",
     "library_type": "GAPIC_AUTO"
   },
@@ -49,7 +85,7 @@
     "description": "API Gateway API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/apigateway/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/apigateway/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -58,7 +94,7 @@
     "description": "Apigee Connect API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/apigeeconnect/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/apigeeconnect/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -67,7 +103,7 @@
     "description": "Apigee Registry API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/apigeeregistry/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/apigeeregistry/apiv1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -76,8 +112,8 @@
     "description": "API Keys API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/apikeys/latest/apiv2",
-    "release_level": "beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/apikeys/apiv2",
+    "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
   "cloud.google.com/go/appengine/apiv1": {
@@ -85,7 +121,7 @@
     "description": "App Engine Admin API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/appengine/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/appengine/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -94,7 +130,7 @@
     "description": "Area120 Tables API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/area120/latest/tables/apiv1alpha1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/area120/tables/apiv1alpha1",
     "release_level": "alpha",
     "library_type": "GAPIC_AUTO"
   },
@@ -103,8 +139,8 @@
     "description": "Artifact Registry API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/artifactregistry/latest/apiv1",
-    "release_level": "beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/artifactregistry/apiv1",
+    "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
   "cloud.google.com/go/artifactregistry/apiv1beta2": {
@@ -112,8 +148,8 @@
     "description": "Artifact Registry API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/artifactregistry/latest/apiv1beta2",
-    "release_level": "ga",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/artifactregistry/apiv1beta2",
+    "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
   "cloud.google.com/go/asset/apiv1": {
@@ -121,7 +157,7 @@
     "description": "Cloud Asset API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/asset/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/asset/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -130,7 +166,7 @@
     "description": "Cloud Asset API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/asset/latest/apiv1p2beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/asset/apiv1p2beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -139,7 +175,7 @@
     "description": "Cloud Asset API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/asset/latest/apiv1p5beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/asset/apiv1p5beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -148,7 +184,7 @@
     "description": "Assured Workloads API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/assuredworkloads/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/assuredworkloads/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -157,7 +193,7 @@
     "description": "Assured Workloads API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/assuredworkloads/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/assuredworkloads/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -166,7 +202,7 @@
     "description": "Cloud AutoML API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/automl/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/automl/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -175,7 +211,7 @@
     "description": "Cloud AutoML API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/automl/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/automl/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -184,8 +220,8 @@
     "description": "Bare Metal Solution API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/baremetalsolution/latest/apiv2",
-    "release_level": "beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/baremetalsolution/apiv2",
+    "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
   "cloud.google.com/go/batch/apiv1": {
@@ -193,8 +229,8 @@
     "description": "Batch API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/batch/latest/apiv1",
-    "release_level": "beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/batch/apiv1",
+    "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
   "cloud.google.com/go/beyondcorp/appconnections/apiv1": {
@@ -202,7 +238,7 @@
     "description": "BeyondCorp API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/beyondcorp/latest/appconnections/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/beyondcorp/appconnections/apiv1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -211,7 +247,7 @@
     "description": "BeyondCorp API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/beyondcorp/latest/appconnectors/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/beyondcorp/appconnectors/apiv1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -220,7 +256,7 @@
     "description": "BeyondCorp API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/beyondcorp/latest/appgateways/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/beyondcorp/appgateways/apiv1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -229,7 +265,7 @@
     "description": "BeyondCorp API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/beyondcorp/latest/clientconnectorservices/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/beyondcorp/clientconnectorservices/apiv1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -238,7 +274,7 @@
     "description": "BeyondCorp API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/beyondcorp/latest/clientgateways/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/beyondcorp/clientgateways/apiv1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -256,7 +292,7 @@
     "description": "Analytics Hub API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/bigquery/latest/analyticshub/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/bigquery/analyticshub/apiv1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -265,7 +301,7 @@
     "description": "BigQuery Connection API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/bigquery/latest/connection/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/bigquery/connection/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -274,7 +310,7 @@
     "description": "BigQuery Connection API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/bigquery/latest/connection/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/bigquery/connection/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -283,7 +319,7 @@
     "description": "Analytics Hub API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/bigquery/latest/dataexchange/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/bigquery/dataexchange/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -292,7 +328,7 @@
     "description": "BigQuery Data Policy API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/bigquery/latest/datapolicies/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/bigquery/datapolicies/apiv1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -301,7 +337,7 @@
     "description": "BigQuery Data Policy API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/bigquery/latest/datapolicies/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/bigquery/datapolicies/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -310,7 +346,7 @@
     "description": "BigQuery Data Transfer API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/bigquery/latest/datatransfer/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/bigquery/datatransfer/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -319,7 +355,7 @@
     "description": "BigQuery Migration API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/bigquery/latest/migration/apiv2",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/bigquery/migration/apiv2",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -328,7 +364,7 @@
     "description": "BigQuery Migration API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/bigquery/latest/migration/apiv2alpha",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/bigquery/migration/apiv2alpha",
     "release_level": "alpha",
     "library_type": "GAPIC_AUTO"
   },
@@ -337,7 +373,7 @@
     "description": "BigQuery Reservation API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/bigquery/latest/reservation/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/bigquery/reservation/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -346,7 +382,7 @@
     "description": "BigQuery Storage API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/bigquery/latest/storage/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/bigquery/storage/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -355,7 +391,7 @@
     "description": "BigQuery Storage API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/bigquery/latest/storage/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/bigquery/storage/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -364,7 +400,7 @@
     "description": "BigQuery Storage API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/bigquery/latest/storage/apiv1beta2",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/bigquery/storage/apiv1beta2",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -382,7 +418,7 @@
     "description": "Cloud Billing API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/billing/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/billing/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -391,7 +427,7 @@
     "description": "Cloud Billing Budget API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/billing/latest/budgets/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/billing/budgets/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -400,7 +436,7 @@
     "description": "Cloud Billing Budget API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/billing/latest/budgets/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/billing/budgets/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -409,7 +445,7 @@
     "description": "Binary Authorization API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/binaryauthorization/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/binaryauthorization/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -418,7 +454,7 @@
     "description": "Binary Authorization API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/binaryauthorization/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/binaryauthorization/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -427,7 +463,7 @@
     "description": "Certificate Manager API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/certificatemanager/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/certificatemanager/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -436,7 +472,7 @@
     "description": "Cloud Channel API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/channel/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/channel/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -445,7 +481,16 @@
     "description": "Cloud Build API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/cloudbuild/latest/apiv1/v2",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/cloudbuild/apiv1/v2",
+    "release_level": "ga",
+    "library_type": "GAPIC_AUTO"
+  },
+  "cloud.google.com/go/cloudbuild/apiv2": {
+    "distribution_name": "cloud.google.com/go/cloudbuild/apiv2",
+    "description": "Cloud Build API",
+    "language": "Go",
+    "client_library_type": "generated",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/cloudbuild/apiv2",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -454,7 +499,7 @@
     "description": "Database Migration API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/clouddms/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/clouddms/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -463,7 +508,7 @@
     "description": "Cloud Tasks API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/cloudtasks/latest/apiv2",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/cloudtasks/apiv2",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -472,7 +517,7 @@
     "description": "Cloud Tasks API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/cloudtasks/latest/apiv2beta2",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/cloudtasks/apiv2beta2",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -481,7 +526,7 @@
     "description": "Cloud Tasks API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/cloudtasks/latest/apiv2beta3",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/cloudtasks/apiv2beta3",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -490,7 +535,7 @@
     "description": "Google Compute Engine API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/compute/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/compute/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -503,12 +548,30 @@
     "release_level": "ga",
     "library_type": "CORE"
   },
+  "cloud.google.com/go/confidentialcomputing/apiv1": {
+    "distribution_name": "cloud.google.com/go/confidentialcomputing/apiv1",
+    "description": "Confidential Computing API",
+    "language": "Go",
+    "client_library_type": "generated",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/confidentialcomputing/apiv1",
+    "release_level": "beta",
+    "library_type": "GAPIC_AUTO"
+  },
+  "cloud.google.com/go/confidentialcomputing/apiv1alpha1": {
+    "distribution_name": "cloud.google.com/go/confidentialcomputing/apiv1alpha1",
+    "description": "Confidential Computing API",
+    "language": "Go",
+    "client_library_type": "generated",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/confidentialcomputing/apiv1alpha1",
+    "release_level": "alpha",
+    "library_type": "GAPIC_AUTO"
+  },
   "cloud.google.com/go/contactcenterinsights/apiv1": {
     "distribution_name": "cloud.google.com/go/contactcenterinsights/apiv1",
     "description": "Contact Center AI Insights API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/contactcenterinsights/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/contactcenterinsights/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -517,7 +580,7 @@
     "description": "Kubernetes Engine API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/container/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/container/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -526,7 +589,7 @@
     "description": "Container Analysis API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/containeranalysis/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/containeranalysis/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -535,7 +598,7 @@
     "description": "Google Cloud Data Catalog API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/datacatalog/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/datacatalog/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -544,7 +607,7 @@
     "description": "Google Cloud Data Catalog API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/datacatalog/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/datacatalog/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -553,7 +616,7 @@
     "description": "Data Lineage API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/datacatalog/latest/lineage/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/datacatalog/lineage/apiv1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -562,7 +625,7 @@
     "description": "Dataflow API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/dataflow/latest/apiv1beta3",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/dataflow/apiv1beta3",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -571,7 +634,7 @@
     "description": "Dataform API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/dataform/latest/apiv1alpha2",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/dataform/apiv1alpha2",
     "release_level": "alpha",
     "library_type": "GAPIC_AUTO"
   },
@@ -580,7 +643,7 @@
     "description": "Dataform API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/dataform/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/dataform/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -589,7 +652,7 @@
     "description": "Cloud Data Fusion API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/datafusion/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/datafusion/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -598,7 +661,7 @@
     "description": "Data Labeling API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/datalabeling/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/datalabeling/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -607,16 +670,16 @@
     "description": "Cloud Dataplex API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/dataplex/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/dataplex/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
-  "cloud.google.com/go/dataproc/apiv1": {
-    "distribution_name": "cloud.google.com/go/dataproc/apiv1",
+  "cloud.google.com/go/dataproc/v2/apiv1": {
+    "distribution_name": "cloud.google.com/go/dataproc/v2/apiv1",
     "description": "Cloud Dataproc API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/dataproc/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/dataproc/v2/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -625,7 +688,7 @@
     "description": "Data QnA API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/dataqna/latest/apiv1alpha",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/dataqna/apiv1alpha",
     "release_level": "alpha",
     "library_type": "GAPIC_AUTO"
   },
@@ -643,8 +706,8 @@
     "description": "Cloud Datastore API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/datastore/latest/admin/apiv1",
-    "release_level": "alpha",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/datastore/admin/apiv1",
+    "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
   "cloud.google.com/go/datastream/apiv1": {
@@ -652,7 +715,7 @@
     "description": "Datastream API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/datastream/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/datastream/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -661,7 +724,7 @@
     "description": "Datastream API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/datastream/latest/apiv1alpha1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/datastream/apiv1alpha1",
     "release_level": "alpha",
     "library_type": "GAPIC_AUTO"
   },
@@ -670,7 +733,7 @@
     "description": "Stackdriver Debugger API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/latest/debugger/apiv2",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/debugger/apiv2",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -679,7 +742,7 @@
     "description": "Google Cloud Deploy API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/deploy/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/deploy/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -688,7 +751,7 @@
     "description": "Dialogflow API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/dialogflow/latest/apiv2",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/dialogflow/apiv2",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -697,7 +760,7 @@
     "description": "Dialogflow API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/dialogflow/latest/apiv2beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/dialogflow/apiv2beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -706,7 +769,7 @@
     "description": "Dialogflow API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/dialogflow/latest/cx/apiv3",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/dialogflow/cx/apiv3",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -715,7 +778,7 @@
     "description": "Dialogflow API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/dialogflow/latest/cx/apiv3beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/dialogflow/cx/apiv3beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -724,7 +787,7 @@
     "description": "Discovery Engine API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/discoveryengine/latest/apiv1beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/discoveryengine/apiv1beta",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -733,7 +796,7 @@
     "description": "Cloud Data Loss Prevention (DLP) API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/dlp/latest/apiv2",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/dlp/apiv2",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -742,7 +805,7 @@
     "description": "Cloud Document AI API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/documentai/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/documentai/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -751,7 +814,7 @@
     "description": "Cloud Document AI API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/documentai/latest/apiv1beta3",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/documentai/apiv1beta3",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -760,7 +823,7 @@
     "description": "Cloud Domains API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/domains/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/domains/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -769,8 +832,8 @@
     "description": "Distributed Cloud Edge Container API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/edgecontainer/latest/apiv1",
-    "release_level": "beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/edgecontainer/apiv1",
+    "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
   "cloud.google.com/go/errorreporting": {
@@ -787,7 +850,7 @@
     "description": "Error Reporting API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/errorreporting/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/errorreporting/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -796,7 +859,7 @@
     "description": "Essential Contacts API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/essentialcontacts/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/essentialcontacts/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -805,7 +868,7 @@
     "description": "Eventarc API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/eventarc/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/eventarc/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -814,7 +877,7 @@
     "description": "Eventarc Publishing API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/eventarc/latest/publishing/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/eventarc/publishing/apiv1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -823,7 +886,7 @@
     "description": "Cloud Filestore API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/filestore/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/filestore/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -841,16 +904,7 @@
     "description": "Cloud Firestore API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/firestore/latest/apiv1",
-    "release_level": "ga",
-    "library_type": "GAPIC_AUTO"
-  },
-  "cloud.google.com/go/firestore/apiv1/admin": {
-    "distribution_name": "cloud.google.com/go/firestore/apiv1/admin",
-    "description": "Cloud Firestore API",
-    "language": "Go",
-    "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/firestore/latest/apiv1/admin",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/firestore/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -859,7 +913,7 @@
     "description": "Cloud Functions API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/functions/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/functions/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -868,8 +922,8 @@
     "description": "Cloud Functions API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/functions/latest/apiv2",
-    "release_level": "beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/functions/apiv2",
+    "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
   "cloud.google.com/go/functions/apiv2beta": {
@@ -877,7 +931,7 @@
     "description": "Cloud Functions API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/functions/latest/apiv2beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/functions/apiv2beta",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -895,7 +949,7 @@
     "description": "Game Services API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/gaming/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/gaming/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -904,7 +958,7 @@
     "description": "Game Services API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/gaming/latest/apiv1beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/gaming/apiv1beta",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -913,8 +967,8 @@
     "description": "Backup for GKE API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/gkebackup/latest/apiv1",
-    "release_level": "beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/gkebackup/apiv1",
+    "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
   "cloud.google.com/go/gkeconnect/gateway/apiv1beta1": {
@@ -922,7 +976,7 @@
     "description": "Connect Gateway API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/gkeconnect/latest/gateway/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/gkeconnect/gateway/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -931,7 +985,7 @@
     "description": "GKE Hub API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/gkehub/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/gkehub/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -940,7 +994,7 @@
     "description": "Anthos Multi-Cloud API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/gkemulticloud/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/gkemulticloud/apiv1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -949,7 +1003,7 @@
     "description": "Google Workspace Add-ons API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/gsuiteaddons/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/gsuiteaddons/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -967,8 +1021,8 @@
     "description": "IAM Meta API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/iam/latest/apiv1",
-    "release_level": "beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/iam/apiv1",
+    "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
   "cloud.google.com/go/iam/apiv2": {
@@ -976,8 +1030,8 @@
     "description": "Identity and Access Management (IAM) API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/iam/latest/apiv2",
-    "release_level": "beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/iam/apiv2",
+    "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
   "cloud.google.com/go/iam/credentials/apiv1": {
@@ -985,7 +1039,7 @@
     "description": "IAM Service Account Credentials API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/iam/latest/credentials/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/iam/credentials/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -994,7 +1048,7 @@
     "description": "Cloud Identity-Aware Proxy API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/iap/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/iap/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1003,7 +1057,7 @@
     "description": "Cloud IDS API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/ids/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/ids/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1012,7 +1066,7 @@
     "description": "Cloud IoT API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/iot/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/iot/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1021,16 +1075,25 @@
     "description": "Cloud Key Management Service (KMS) API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/kms/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/kms/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
+  "cloud.google.com/go/kms/inventory/apiv1": {
+    "distribution_name": "cloud.google.com/go/kms/inventory/apiv1",
+    "description": "KMS Inventory API",
+    "language": "Go",
+    "client_library_type": "generated",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/kms/inventory/apiv1",
+    "release_level": "beta",
+    "library_type": "GAPIC_AUTO"
+  },
   "cloud.google.com/go/language/apiv1": {
     "distribution_name": "cloud.google.com/go/language/apiv1",
     "description": "Cloud Natural Language API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/language/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/language/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1039,7 +1102,7 @@
     "description": "Cloud Natural Language API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/language/latest/apiv1beta2",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/language/apiv1beta2",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1048,7 +1111,7 @@
     "description": "Cloud Life Sciences API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/lifesciences/latest/apiv2beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/lifesciences/apiv2beta",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1066,7 +1129,7 @@
     "description": "Cloud Logging API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/logging/latest/apiv2",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/logging/apiv2",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1075,8 +1138,8 @@
     "description": "Long Running Operations API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/longrunning/latest/autogen",
-    "release_level": "alpha",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/longrunning/autogen",
+    "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
   "cloud.google.com/go/managedidentities/apiv1": {
@@ -1084,7 +1147,7 @@
     "description": "Managed Service for Microsoft Active Directory API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/managedidentities/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/managedidentities/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1093,8 +1156,8 @@
     "description": "Address Validation API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/maps/latest/addressvalidation/apiv1",
-    "release_level": "beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/maps/addressvalidation/apiv1",
+    "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
   "cloud.google.com/go/maps/mapsplatformdatasets/apiv1alpha": {
@@ -1102,7 +1165,7 @@
     "description": "Maps Platform Datasets API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/maps/latest/mapsplatformdatasets/apiv1alpha",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/maps/mapsplatformdatasets/apiv1alpha",
     "release_level": "alpha",
     "library_type": "GAPIC_AUTO"
   },
@@ -1111,8 +1174,8 @@
     "description": "Routes API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/maps/latest/routing/apiv2",
-    "release_level": "beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/maps/routing/apiv2",
+    "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
   "cloud.google.com/go/mediatranslation/apiv1beta1": {
@@ -1120,7 +1183,7 @@
     "description": "Media Translation API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/mediatranslation/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/mediatranslation/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1129,7 +1192,7 @@
     "description": "Cloud Memorystore for Memcached API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/memcache/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/memcache/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1138,7 +1201,7 @@
     "description": "Cloud Memorystore for Memcached API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/memcache/latest/apiv1beta2",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/memcache/apiv1beta2",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1147,7 +1210,7 @@
     "description": "Dataproc Metastore API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/metastore/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/metastore/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1156,7 +1219,7 @@
     "description": "Dataproc Metastore API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/metastore/latest/apiv1alpha",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/metastore/apiv1alpha",
     "release_level": "alpha",
     "library_type": "GAPIC_AUTO"
   },
@@ -1165,7 +1228,7 @@
     "description": "Dataproc Metastore API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/metastore/latest/apiv1beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/metastore/apiv1beta",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1174,7 +1237,7 @@
     "description": "Cloud Monitoring API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/monitoring/latest/apiv3/v2",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/monitoring/apiv3/v2",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1183,7 +1246,7 @@
     "description": "Cloud Monitoring API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/monitoring/latest/dashboard/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/monitoring/dashboard/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1192,7 +1255,7 @@
     "description": "Cloud Monitoring API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/monitoring/latest/metricsscope/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/monitoring/metricsscope/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1201,7 +1264,7 @@
     "description": "Network Connectivity API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/networkconnectivity/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/networkconnectivity/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1210,7 +1273,7 @@
     "description": "Network Connectivity API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/networkconnectivity/latest/apiv1alpha1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/networkconnectivity/apiv1alpha1",
     "release_level": "alpha",
     "library_type": "GAPIC_AUTO"
   },
@@ -1219,7 +1282,7 @@
     "description": "Network Management API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/networkmanagement/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/networkmanagement/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1228,7 +1291,7 @@
     "description": "Network Security API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/networksecurity/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/networksecurity/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1237,7 +1300,7 @@
     "description": "Notebooks API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/notebooks/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/notebooks/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1246,7 +1309,7 @@
     "description": "Notebooks API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/notebooks/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/notebooks/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1255,7 +1318,7 @@
     "description": "Cloud Optimization API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/optimization/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/optimization/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1264,7 +1327,7 @@
     "description": "Cloud Composer API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/orchestration/latest/airflow/service/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/orchestration/airflow/service/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1273,7 +1336,7 @@
     "description": "Organization Policy API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/orgpolicy/latest/apiv2",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/orgpolicy/apiv2",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1282,7 +1345,7 @@
     "description": "OS Config API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/osconfig/latest/agentendpoint/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/osconfig/agentendpoint/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1291,7 +1354,7 @@
     "description": "OS Config API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/osconfig/latest/agentendpoint/apiv1beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/osconfig/agentendpoint/apiv1beta",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1300,7 +1363,7 @@
     "description": "OS Config API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/osconfig/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/osconfig/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1309,7 +1372,7 @@
     "description": "OS Config API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/osconfig/latest/apiv1alpha",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/osconfig/apiv1alpha",
     "release_level": "alpha",
     "library_type": "GAPIC_AUTO"
   },
@@ -1318,7 +1381,7 @@
     "description": "OS Config API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/osconfig/latest/apiv1beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/osconfig/apiv1beta",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1327,7 +1390,7 @@
     "description": "Cloud OS Login API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/oslogin/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/oslogin/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1336,7 +1399,7 @@
     "description": "Cloud OS Login API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/oslogin/latest/apiv1beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/oslogin/apiv1beta",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1345,7 +1408,7 @@
     "description": "Phishing Protection API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/phishingprotection/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/phishingprotection/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1354,7 +1417,7 @@
     "description": "Policy Troubleshooter API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/policytroubleshooter/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/policytroubleshooter/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1363,7 +1426,7 @@
     "description": "Cloud Private Catalog API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/privatecatalog/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/privatecatalog/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1390,7 +1453,7 @@
     "description": "Cloud Pub/Sub API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/pubsub/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/pubsub/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1408,7 +1471,7 @@
     "description": "Pub/Sub Lite API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/pubsublite/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/pubsublite/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1417,7 +1480,7 @@
     "description": "reCAPTCHA Enterprise API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/recaptchaenterprise/v2/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/recaptchaenterprise/v2/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1426,7 +1489,7 @@
     "description": "reCAPTCHA Enterprise API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/recaptchaenterprise/v2/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/recaptchaenterprise/v2/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1435,7 +1498,7 @@
     "description": "Recommendations AI",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/recommendationengine/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/recommendationengine/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1444,7 +1507,7 @@
     "description": "Recommender API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/recommender/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/recommender/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1453,7 +1516,7 @@
     "description": "Recommender API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/recommender/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/recommender/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1462,7 +1525,7 @@
     "description": "Google Cloud Memorystore for Redis API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/redis/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/redis/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1471,7 +1534,7 @@
     "description": "Google Cloud Memorystore for Redis API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/redis/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/redis/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1480,7 +1543,7 @@
     "description": "Cloud Resource Manager API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/resourcemanager/latest/apiv2",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/resourcemanager/apiv2",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1489,8 +1552,8 @@
     "description": "Cloud Resource Manager API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/resourcemanager/latest/apiv3",
-    "release_level": "beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/resourcemanager/apiv3",
+    "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
   "cloud.google.com/go/resourcesettings/apiv1": {
@@ -1498,7 +1561,7 @@
     "description": "Resource Settings API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/resourcesettings/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/resourcesettings/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1507,7 +1570,7 @@
     "description": "Retail API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/retail/latest/apiv2",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/retail/apiv2",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1516,7 +1579,7 @@
     "description": "Retail API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/retail/latest/apiv2alpha",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/retail/apiv2alpha",
     "release_level": "alpha",
     "library_type": "GAPIC_AUTO"
   },
@@ -1525,7 +1588,7 @@
     "description": "Retail API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/retail/latest/apiv2beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/retail/apiv2beta",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1543,8 +1606,8 @@
     "description": "Cloud Run Admin API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/run/latest/apiv2",
-    "release_level": "beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/run/apiv2",
+    "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
   "cloud.google.com/go/scheduler/apiv1": {
@@ -1552,7 +1615,7 @@
     "description": "Cloud Scheduler API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/scheduler/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/scheduler/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1561,7 +1624,7 @@
     "description": "Cloud Scheduler API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/scheduler/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/scheduler/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1570,7 +1633,7 @@
     "description": "Secret Manager API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/secretmanager/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/secretmanager/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1579,25 +1642,16 @@
     "description": "Certificate Authority API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/security/latest/privateca/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/security/privateca/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
-  "cloud.google.com/go/security/privateca/apiv1beta1": {
-    "distribution_name": "cloud.google.com/go/security/privateca/apiv1beta1",
-    "description": "Certificate Authority API",
-    "language": "Go",
-    "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/security/latest/privateca/apiv1beta1",
-    "release_level": "beta",
-    "library_type": "GAPIC_AUTO"
-  },
   "cloud.google.com/go/security/publicca/apiv1beta1": {
     "distribution_name": "cloud.google.com/go/security/publicca/apiv1beta1",
     "description": "Public Certificate Authority API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/security/latest/publicca/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/security/publicca/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1606,7 +1660,7 @@
     "description": "Security Command Center API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/securitycenter/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1615,7 +1669,7 @@
     "description": "Security Command Center API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/securitycenter/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1624,7 +1678,7 @@
     "description": "Security Command Center API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/apiv1p1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/securitycenter/apiv1p1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1633,7 +1687,7 @@
     "description": "Cloud Security Command Center API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/securitycenter/latest/settings/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/securitycenter/settings/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1642,7 +1696,7 @@
     "description": "Service Control API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/servicecontrol/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/servicecontrol/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1651,7 +1705,7 @@
     "description": "Service Directory API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/servicedirectory/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/servicedirectory/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1660,7 +1714,7 @@
     "description": "Service Directory API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/servicedirectory/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/servicedirectory/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1669,7 +1723,7 @@
     "description": "Service Management API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/servicemanagement/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/servicemanagement/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1678,7 +1732,7 @@
     "description": "Service Usage API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/serviceusage/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/serviceusage/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1687,7 +1741,7 @@
     "description": "Cloud Shell API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/shell/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/shell/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1705,7 +1759,7 @@
     "description": "Cloud Spanner API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/spanner/latest/admin/database/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/spanner/admin/database/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1714,7 +1768,7 @@
     "description": "Cloud Spanner Instance Admin API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/spanner/latest/admin/instance/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/spanner/admin/instance/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1723,7 +1777,7 @@
     "description": "Cloud Spanner API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/spanner/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/spanner/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1732,7 +1786,7 @@
     "description": "Cloud Speech-to-Text API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/speech/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/speech/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1741,7 +1795,7 @@
     "description": "Cloud Speech-to-Text API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/speech/latest/apiv1p1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/speech/apiv1p1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1750,7 +1804,7 @@
     "description": "Cloud Speech-to-Text API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/speech/latest/apiv2",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/speech/apiv2",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1768,8 +1822,17 @@
     "description": "Cloud Storage API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/storage/latest/internal/apiv2",
-    "release_level": "alpha",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/storage/internal/apiv2",
+    "release_level": "ga",
+    "library_type": "GAPIC_AUTO"
+  },
+  "cloud.google.com/go/storageinsights/apiv1": {
+    "distribution_name": "cloud.google.com/go/storageinsights/apiv1",
+    "description": "Storage Insights API",
+    "language": "Go",
+    "client_library_type": "generated",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/storageinsights/apiv1",
+    "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
   "cloud.google.com/go/storagetransfer/apiv1": {
@@ -1777,16 +1840,25 @@
     "description": "Storage Transfer API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/storagetransfer/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/storagetransfer/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
+  "cloud.google.com/go/support/apiv2": {
+    "distribution_name": "cloud.google.com/go/support/apiv2",
+    "description": "Google Cloud Support API",
+    "language": "Go",
+    "client_library_type": "generated",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/support/apiv2",
+    "release_level": "beta",
+    "library_type": "GAPIC_AUTO"
+  },
   "cloud.google.com/go/talent/apiv4": {
     "distribution_name": "cloud.google.com/go/talent/apiv4",
     "description": "Cloud Talent Solution API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/talent/latest/apiv4",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/talent/apiv4",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1795,7 +1867,7 @@
     "description": "Cloud Talent Solution API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/talent/latest/apiv4beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/talent/apiv4beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1804,7 +1876,7 @@
     "description": "Cloud Text-to-Speech API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/texttospeech/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/texttospeech/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1813,7 +1885,7 @@
     "description": "Cloud TPU API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/tpu/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/tpu/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1822,7 +1894,7 @@
     "description": "Stackdriver Trace API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/trace/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/trace/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1831,8 +1903,8 @@
     "description": "Stackdriver Trace API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/trace/latest/apiv2",
-    "release_level": "ga",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/trace/apiv2",
+    "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
   "cloud.google.com/go/translate/apiv3": {
@@ -1840,7 +1912,7 @@
     "description": "Cloud Translation API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/translate/latest/apiv3",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/translate/apiv3",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1849,7 +1921,7 @@
     "description": "Live Stream API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/video/latest/livestream/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/video/livestream/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1858,7 +1930,7 @@
     "description": "Video Stitcher API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/video/latest/stitcher/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/video/stitcher/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1867,7 +1939,7 @@
     "description": "Transcoder API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/video/latest/transcoder/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/video/transcoder/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1876,7 +1948,7 @@
     "description": "Cloud Video Intelligence API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/videointelligence/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/videointelligence/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1885,7 +1957,7 @@
     "description": "Google Cloud Video Intelligence API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/videointelligence/latest/apiv1beta2",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/videointelligence/apiv1beta2",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1894,7 +1966,7 @@
     "description": "Cloud Video Intelligence API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/videointelligence/latest/apiv1p3beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/videointelligence/apiv1p3beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1903,7 +1975,7 @@
     "description": "Cloud Vision API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/vision/v2/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/vision/v2/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1912,7 +1984,7 @@
     "description": "Cloud Vision API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/vision/v2/latest/apiv1p1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/vision/v2/apiv1p1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1921,7 +1993,7 @@
     "description": "VM Migration API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/vmmigration/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/vmmigration/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1930,7 +2002,7 @@
     "description": "VMware Engine API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/vmwareengine/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/vmwareengine/apiv1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1939,7 +2011,7 @@
     "description": "Serverless VPC Access API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/vpcaccess/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/vpcaccess/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1948,7 +2020,7 @@
     "description": "Web Risk API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/webrisk/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/webrisk/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1957,7 +2029,7 @@
     "description": "Web Risk API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/webrisk/latest/apiv1beta1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/webrisk/apiv1beta1",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1966,7 +2038,7 @@
     "description": "Web Security Scanner API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/websecurityscanner/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/websecurityscanner/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1975,7 +2047,7 @@
     "description": "Workflows API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/workflows/latest/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/workflows/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -1984,7 +2056,7 @@
     "description": "Workflows API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/workflows/latest/apiv1beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/workflows/apiv1beta",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   },
@@ -1993,7 +2065,7 @@
     "description": "Workflow Executions API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/workflows/latest/executions/apiv1",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/workflows/executions/apiv1",
     "release_level": "ga",
     "library_type": "GAPIC_AUTO"
   },
@@ -2002,7 +2074,25 @@
     "description": "Workflow Executions API",
     "language": "Go",
     "client_library_type": "generated",
-    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/workflows/latest/executions/apiv1beta",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/workflows/executions/apiv1beta",
+    "release_level": "beta",
+    "library_type": "GAPIC_AUTO"
+  },
+  "cloud.google.com/go/workstations/apiv1": {
+    "distribution_name": "cloud.google.com/go/workstations/apiv1",
+    "description": "Cloud Workstations API",
+    "language": "Go",
+    "client_library_type": "generated",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/workstations/apiv1",
+    "release_level": "beta",
+    "library_type": "GAPIC_AUTO"
+  },
+  "cloud.google.com/go/workstations/apiv1beta": {
+    "distribution_name": "cloud.google.com/go/workstations/apiv1beta",
+    "description": "Cloud Workstations API",
+    "language": "Go",
+    "client_library_type": "generated",
+    "docs_url": "https://cloud.google.com/go/docs/reference/cloud.google.com/go\ncloud.google.com/go/accessapproval\ncloud.google.com/go/accesscontextmanager\ncloud.google.com/go/advisorynotifications\ncloud.google.com/go/aiplatform\ncloud.google.com/go/alloydb\ncloud.google.com/go/analytics\ncloud.google.com/go/apigateway\ncloud.google.com/go/apigeeconnect\ncloud.google.com/go/apigeeregistry\ncloud.google.com/go/apikeys\ncloud.google.com/go/appengine\ncloud.google.com/go/area120\ncloud.google.com/go/artifactregistry\ncloud.google.com/go/asset\ncloud.google.com/go/assuredworkloads\ncloud.google.com/go/automl\ncloud.google.com/go/baremetalsolution\ncloud.google.com/go/batch\ncloud.google.com/go/beyondcorp\ncloud.google.com/go/bigquery\ncloud.google.com/go/bigtable\ncloud.google.com/go/billing\ncloud.google.com/go/binaryauthorization\ncloud.google.com/go/certificatemanager\ncloud.google.com/go/channel\ncloud.google.com/go/cloudbuild\ncloud.google.com/go/clouddms\ncloud.google.com/go/cloudtasks\ncloud.google.com/go/compute\ncloud.google.com/go/compute/metadata\ncloud.google.com/go/confidentialcomputing\ncloud.google.com/go/contactcenterinsights\ncloud.google.com/go/container\ncloud.google.com/go/containeranalysis\ncloud.google.com/go/datacatalog\ncloud.google.com/go/dataflow\ncloud.google.com/go/dataform\ncloud.google.com/go/datafusion\ncloud.google.com/go/datalabeling\ncloud.google.com/go/dataplex\ncloud.google.com/go/dataproc/v2\ncloud.google.com/go/dataqna\ncloud.google.com/go/datastore\ncloud.google.com/go/datastream\ncloud.google.com/go/deploy\ncloud.google.com/go/dialogflow\ncloud.google.com/go/discoveryengine\ncloud.google.com/go/dlp\ncloud.google.com/go/documentai\ncloud.google.com/go/domains\ncloud.google.com/go/edgecontainer\ncloud.google.com/go/errorreporting\ncloud.google.com/go/essentialcontacts\ncloud.google.com/go/eventarc\ncloud.google.com/go/filestore\ncloud.google.com/go/firestore\ncloud.google.com/go/functions\ncloud.google.com/go/gaming\ncloud.google.com/go/gkebackup\ncloud.google.com/go/gkeconnect\ncloud.google.com/go/gkehub\ncloud.google.com/go/gkemulticloud\ncloud.google.com/go/grafeas\ncloud.google.com/go/gsuiteaddons\ncloud.google.com/go/iam\ncloud.google.com/go/iap\ncloud.google.com/go/ids\ncloud.google.com/go/internal/actions\ncloud.google.com/go/internal/aliasfix\ncloud.google.com/go/internal/aliasgen\ncloud.google.com/go/internal/carver\ncloud.google.com/go/internal/examples/fake\ncloud.google.com/go/internal/examples/mock\ncloud.google.com/go/internal/gapicgen\ncloud.google.com/go/internal/generated\ncloud.google.com/go/internal/gensnippets\ncloud.google.com/go/internal/godocfx\ncloud.google.com/go/internal/postprocessor\ncloud.google.com/go/iot\ncloud.google.com/go/kms\ncloud.google.com/go/language\ncloud.google.com/go/lifesciences\ncloud.google.com/go/logging\ncloud.google.com/go/longrunning\ncloud.google.com/go/managedidentities\ncloud.google.com/go/maps\ncloud.google.com/go/mediatranslation\ncloud.google.com/go/memcache\ncloud.google.com/go/metastore\ncloud.google.com/go/monitoring\ncloud.google.com/go/networkconnectivity\ncloud.google.com/go/networkmanagement\ncloud.google.com/go/networksecurity\ncloud.google.com/go/notebooks\ncloud.google.com/go/optimization\ncloud.google.com/go/orchestration\ncloud.google.com/go/orgpolicy\ncloud.google.com/go/osconfig\ncloud.google.com/go/oslogin\ncloud.google.com/go/phishingprotection\ncloud.google.com/go/policytroubleshooter\ncloud.google.com/go/privatecatalog\ncloud.google.com/go/profiler\ncloud.google.com/go/pubsub\ncloud.google.com/go/pubsublite\ncloud.google.com/go/recaptchaenterprise\ncloud.google.com/go/recaptchaenterprise/v2\ncloud.google.com/go/recommendationengine\ncloud.google.com/go/recommender\ncloud.google.com/go/redis\ncloud.google.com/go/resourcemanager\ncloud.google.com/go/resourcesettings\ncloud.google.com/go/retail\ncloud.google.com/go/run\ncloud.google.com/go/scheduler\ncloud.google.com/go/secretmanager\ncloud.google.com/go/security\ncloud.google.com/go/securitycenter\ncloud.google.com/go/servicecontrol\ncloud.google.com/go/servicedirectory\ncloud.google.com/go/servicemanagement\ncloud.google.com/go/serviceusage\ncloud.google.com/go/shell\ncloud.google.com/go/spanner\ncloud.google.com/go/speech\ncloud.google.com/go/storage\nmain\ncloud.google.com/go/storagetransfer\ncloud.google.com/go/talent\ncloud.google.com/go/texttospeech\ncloud.google.com/go/tpu\ncloud.google.com/go/trace\ncloud.google.com/go/translate\ncloud.google.com/go/video\ncloud.google.com/go/videointelligence\ncloud.google.com/go/vision\ncloud.google.com/go/vision/v2\ncloud.google.com/go/vmmigration\ncloud.google.com/go/vmwareengine\ncloud.google.com/go/vpcaccess\ncloud.google.com/go/webrisk\ncloud.google.com/go/websecurityscanner\ncloud.google.com/go/workflows\ncloud.google.com/go/workstations/latest/cloud.google.com/go/workstations/apiv1beta",
     "release_level": "beta",
     "library_type": "GAPIC_AUTO"
   }
diff --git a/vendor/cloud.google.com/go/internal/README.md b/vendor/cloud.google.com/go/internal/README.md
index c1dc6bdff..b38a4c1a2 100644
--- a/vendor/cloud.google.com/go/internal/README.md
+++ b/vendor/cloud.google.com/go/internal/README.md
@@ -19,25 +19,26 @@ metadata required. For now, `.repo-metadata-full.json` includes everything.
 
 ## cloudbuild.yaml
 
-To kick off a build locally run from the repo root:
+The `cloudbuild.yaml` Cloud Build configuration currently supports:
+
+* Building a docker container from the `internal/postprocessor/Dockerfile`.
+
+The build can be run locally in the `google-cloud-go` root directory:
 
 ```bash
 gcloud builds submit --project=cloud-devrel-kokoro-resources --config=internal/cloudbuild.yaml
 ```
 
+See the [postprocessor/README](postprocessor/README.md) for instructions
+regarding updating the post-processor docker container.
+
 ### Updating OwlBot SHA
 
-You may want to manually update the which version of the post processor will be
-used -- to do this you need to update the SHA in the OwlBot lock file. Start by
-running the following commands:
+You may want to manually update the which version of the post-processor will be
+used -- to do this you need to update the SHA in the OwlBot lock file.
 
-```bash
-docker pull gcr.io/cloud-devrel-public-resources/owlbot-go:latest
-docker inspect --format='{{index .RepoDigests 0}}' gcr.io/cloud-devrel-public-resources/owlbot-go:latest
-```
-
-This will give you a SHA. You can use this value to update the value in
-`.github/.OwlBot.lock.yaml`.
+See the [postprocessor/README](postprocessor/README.md) for detailed
+instructions.
 
 *Note*: OwlBot will eventually open a pull request to update this value if it
 discovers a new version of the container.
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/CHANGELOG.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/CHANGELOG.md
index 5ad5318d2..7ecc8f2a9 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/CHANGELOG.md
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/CHANGELOG.md
@@ -1,5 +1,33 @@
 # Release History
 
+## 1.6.0 (2023-05-04)
+
+### Features Added
+* Added support for ARM cross-tenant authentication. Set the `AuxiliaryTenants` field of `arm.ClientOptions` to enable.
+* Added `TenantID` field to `policy.TokenRequestOptions`.
+
+## 1.5.0 (2023-04-06)
+
+### Features Added
+* Added `ShouldRetry` to `policy.RetryOptions` for finer-grained control over when to retry.
+
+### Breaking Changes
+> These changes affect only code written against a beta version such as v1.5.0-beta.1
+> These features will return in v1.6.0-beta.1.
+* Removed `TokenRequestOptions.Claims` and `.TenantID`
+* Removed ARM client support for CAE and cross-tenant auth.
+
+### Bugs Fixed
+* Added non-conformant LRO terminal states `Cancelled` and `Completed`.
+
+### Other Changes
+* Updated to latest `internal` module.
+
+## 1.5.0-beta.1 (2023-03-02)
+
+### Features Added
+* This release includes the features added in v1.4.0-beta.1
+
 ## 1.4.0 (2023-03-02)
 > This release doesn't include features added in v1.4.0-beta.1. They will return in v1.5.0-beta.1.
 
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported/exported.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported/exported.go
index 2ffbc0e47..a1236b362 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported/exported.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported/exported.go
@@ -11,8 +11,6 @@ import (
 	"io"
 	"net/http"
 	"time"
-
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared"
 )
 
 type nopCloser struct {
@@ -43,24 +41,6 @@ func HasStatusCode(resp *http.Response, statusCodes ...int) bool {
 	return false
 }
 
-// Payload reads and returns the response body or an error.
-// On a successful read, the response body is cached.
-// Subsequent reads will access the cached value.
-// Exported as runtime.Payload().
-func Payload(resp *http.Response) ([]byte, error) {
-	// r.Body won't be a nopClosingBytesReader if downloading was skipped
-	if buf, ok := resp.Body.(*shared.NopClosingBytesReader); ok {
-		return buf.Bytes(), nil
-	}
-	bytesBody, err := io.ReadAll(resp.Body)
-	resp.Body.Close()
-	if err != nil {
-		return nil, err
-	}
-	resp.Body = shared.NewNopClosingBytesReader(bytesBody)
-	return bytesBody, nil
-}
-
 // AccessToken represents an Azure service bearer access token with expiry information.
 // Exported as azcore.AccessToken.
 type AccessToken struct {
@@ -73,6 +53,10 @@ type AccessToken struct {
 type TokenRequestOptions struct {
 	// Scopes contains the list of permission scopes required for the token.
 	Scopes []string
+
+	// TenantID identifies the tenant from which to request the token. azidentity credentials authenticate in
+	// their configured default tenants when this field isn't set.
+	TenantID string
 }
 
 // TokenCredential represents a credential capable of providing an OAuth token.
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported/response_error.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported/response_error.go
index 3db6acc83..7df2f88c1 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported/response_error.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported/response_error.go
@@ -12,6 +12,8 @@ import (
 	"fmt"
 	"net/http"
 	"regexp"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/exported"
 )
 
 // NewResponseError creates a new *ResponseError from the provided HTTP response.
@@ -29,7 +31,7 @@ func NewResponseError(resp *http.Response) error {
 	}
 
 	// if we didn't get x-ms-error-code, check in the response body
-	body, err := Payload(resp)
+	body, err := exported.Payload(resp, nil)
 	if err != nil {
 		return err
 	}
@@ -121,7 +123,7 @@ func (e *ResponseError) Error() string {
 		fmt.Fprintln(msg, "ERROR CODE UNAVAILABLE")
 	}
 	fmt.Fprintln(msg, "--------------------------------------------------------------------------------")
-	body, err := Payload(e.RawResponse)
+	body, err := exported.Payload(e.RawResponse, nil)
 	if err != nil {
 		// this really shouldn't fail at this point as the response
 		// body is already cached (it was read in NewResponseError)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/async/async.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/async/async.go
index d34f161c7..b05bd8b38 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/async/async.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/async/async.go
@@ -16,6 +16,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/log"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared"
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/poller"
 )
 
 // see https://github.com/Azure/azure-resource-manager-rpc/blob/master/v1.0/async-api-reference.md
@@ -68,15 +69,15 @@ func New[T any](pl exported.Pipeline, resp *http.Response, finalState pollers.Fi
 	if asyncURL == "" {
 		return nil, errors.New("response is missing Azure-AsyncOperation header")
 	}
-	if !pollers.IsValidURL(asyncURL) {
+	if !poller.IsValidURL(asyncURL) {
 		return nil, fmt.Errorf("invalid polling URL %s", asyncURL)
 	}
 	// check for provisioning state.  if the operation is a RELO
 	// and terminates synchronously this will prevent extra polling.
 	// it's ok if there's no provisioning state.
-	state, _ := pollers.GetProvisioningState(resp)
+	state, _ := poller.GetProvisioningState(resp)
 	if state == "" {
-		state = pollers.StatusInProgress
+		state = poller.StatusInProgress
 	}
 	p := &Poller[T]{
 		pl:         pl,
@@ -93,17 +94,17 @@ func New[T any](pl exported.Pipeline, resp *http.Response, finalState pollers.Fi
 
 // Done returns true if the LRO is in a terminal state.
 func (p *Poller[T]) Done() bool {
-	return pollers.IsTerminalState(p.CurState)
+	return poller.IsTerminalState(p.CurState)
 }
 
 // Poll retrieves the current state of the LRO.
 func (p *Poller[T]) Poll(ctx context.Context) (*http.Response, error) {
 	err := pollers.PollHelper(ctx, p.AsyncURL, p.pl, func(resp *http.Response) (string, error) {
-		if !pollers.StatusCodeValid(resp) {
+		if !poller.StatusCodeValid(resp) {
 			p.resp = resp
 			return "", exported.NewResponseError(resp)
 		}
-		state, err := pollers.GetStatus(resp)
+		state, err := poller.GetStatus(resp)
 		if err != nil {
 			return "", err
 		} else if state == "" {
@@ -122,7 +123,7 @@ func (p *Poller[T]) Poll(ctx context.Context) (*http.Response, error) {
 func (p *Poller[T]) Result(ctx context.Context, out *T) error {
 	if p.resp.StatusCode == http.StatusNoContent {
 		return nil
-	} else if pollers.Failed(p.CurState) {
+	} else if poller.Failed(p.CurState) {
 		return exported.NewResponseError(p.resp)
 	}
 	var req *exported.Request
@@ -154,5 +155,5 @@ func (p *Poller[T]) Result(ctx context.Context, out *T) error {
 		p.resp = resp
 	}
 
-	return pollers.ResultHelper(p.resp, pollers.Failed(p.CurState), out)
+	return pollers.ResultHelper(p.resp, poller.Failed(p.CurState), out)
 }
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/body/body.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/body/body.go
index 7efdd8a0d..2bb9e105b 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/body/body.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/body/body.go
@@ -14,6 +14,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/log"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers"
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/poller"
 )
 
 // Kind is the identifier of this type in a resume token.
@@ -72,9 +73,9 @@ func New[T any](pl exported.Pipeline, resp *http.Response) (*Poller[T], error) {
 	}
 	// default initial state to InProgress.  depending on the HTTP
 	// status code and provisioning state, we might change the value.
-	curState := pollers.StatusInProgress
-	provState, err := pollers.GetProvisioningState(resp)
-	if err != nil && !errors.Is(err, pollers.ErrNoBody) {
+	curState := poller.StatusInProgress
+	provState, err := poller.GetProvisioningState(resp)
+	if err != nil && !errors.Is(err, poller.ErrNoBody) {
 		return nil, err
 	}
 	if resp.StatusCode == http.StatusCreated && provState != "" {
@@ -85,37 +86,37 @@ func New[T any](pl exported.Pipeline, resp *http.Response) (*Poller[T], error) {
 			curState = provState
 		} else if provState == "" {
 			// for a 200, absense of provisioning state indicates success
-			curState = pollers.StatusSucceeded
+			curState = poller.StatusSucceeded
 		}
 	} else if resp.StatusCode == http.StatusNoContent {
-		curState = pollers.StatusSucceeded
+		curState = poller.StatusSucceeded
 	}
 	p.CurState = curState
 	return p, nil
 }
 
 func (p *Poller[T]) Done() bool {
-	return pollers.IsTerminalState(p.CurState)
+	return poller.IsTerminalState(p.CurState)
 }
 
 func (p *Poller[T]) Poll(ctx context.Context) (*http.Response, error) {
 	err := pollers.PollHelper(ctx, p.PollURL, p.pl, func(resp *http.Response) (string, error) {
-		if !pollers.StatusCodeValid(resp) {
+		if !poller.StatusCodeValid(resp) {
 			p.resp = resp
 			return "", exported.NewResponseError(resp)
 		}
 		if resp.StatusCode == http.StatusNoContent {
 			p.resp = resp
-			p.CurState = pollers.StatusSucceeded
+			p.CurState = poller.StatusSucceeded
 			return p.CurState, nil
 		}
-		state, err := pollers.GetProvisioningState(resp)
-		if errors.Is(err, pollers.ErrNoBody) {
+		state, err := poller.GetProvisioningState(resp)
+		if errors.Is(err, poller.ErrNoBody) {
 			// a missing response body in non-204 case is an error
 			return "", err
 		} else if state == "" {
 			// a response body without provisioning state is considered terminal success
-			state = pollers.StatusSucceeded
+			state = poller.StatusSucceeded
 		} else if err != nil {
 			return "", err
 		}
@@ -130,5 +131,5 @@ func (p *Poller[T]) Poll(ctx context.Context) (*http.Response, error) {
 }
 
 func (p *Poller[T]) Result(ctx context.Context, out *T) error {
-	return pollers.ResultHelper(p.resp, pollers.Failed(p.CurState), out)
+	return pollers.ResultHelper(p.resp, poller.Failed(p.CurState), out)
 }
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/loc/loc.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/loc/loc.go
index 276685da4..d6be89876 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/loc/loc.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/loc/loc.go
@@ -16,6 +16,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/log"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared"
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/poller"
 )
 
 // Kind is the identifier of this type in a resume token.
@@ -61,15 +62,15 @@ func New[T any](pl exported.Pipeline, resp *http.Response) (*Poller[T], error) {
 	if locURL == "" {
 		return nil, errors.New("response is missing Location header")
 	}
-	if !pollers.IsValidURL(locURL) {
+	if !poller.IsValidURL(locURL) {
 		return nil, fmt.Errorf("invalid polling URL %s", locURL)
 	}
 	// check for provisioning state.  if the operation is a RELO
 	// and terminates synchronously this will prevent extra polling.
 	// it's ok if there's no provisioning state.
-	state, _ := pollers.GetProvisioningState(resp)
+	state, _ := poller.GetProvisioningState(resp)
 	if state == "" {
-		state = pollers.StatusInProgress
+		state = poller.StatusInProgress
 	}
 	return &Poller[T]{
 		pl:       pl,
@@ -81,7 +82,7 @@ func New[T any](pl exported.Pipeline, resp *http.Response) (*Poller[T], error) {
 }
 
 func (p *Poller[T]) Done() bool {
-	return pollers.IsTerminalState(p.CurState)
+	return poller.IsTerminalState(p.CurState)
 }
 
 func (p *Poller[T]) Poll(ctx context.Context) (*http.Response, error) {
@@ -93,17 +94,17 @@ func (p *Poller[T]) Poll(ctx context.Context) (*http.Response, error) {
 		// if provisioning state is available, use that.  this is only
 		// for some ARM LRO scenarios (e.g. DELETE with a Location header)
 		// so if it's missing then use HTTP status code.
-		provState, _ := pollers.GetProvisioningState(resp)
+		provState, _ := poller.GetProvisioningState(resp)
 		p.resp = resp
 		if provState != "" {
 			p.CurState = provState
 		} else if resp.StatusCode == http.StatusAccepted {
-			p.CurState = pollers.StatusInProgress
+			p.CurState = poller.StatusInProgress
 		} else if resp.StatusCode > 199 && resp.StatusCode < 300 {
 			// any 2xx other than a 202 indicates success
-			p.CurState = pollers.StatusSucceeded
+			p.CurState = poller.StatusSucceeded
 		} else {
-			p.CurState = pollers.StatusFailed
+			p.CurState = poller.StatusFailed
 		}
 		return p.CurState, nil
 	})
@@ -114,5 +115,5 @@ func (p *Poller[T]) Poll(ctx context.Context) (*http.Response, error) {
 }
 
 func (p *Poller[T]) Result(ctx context.Context, out *T) error {
-	return pollers.ResultHelper(p.resp, pollers.Failed(p.CurState), out)
+	return pollers.ResultHelper(p.resp, poller.Failed(p.CurState), out)
 }
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/op/op.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/op/op.go
index c3c648266..1bc7ad0ac 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/op/op.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/op/op.go
@@ -16,6 +16,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/log"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared"
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/poller"
 )
 
 // Applicable returns true if the LRO is using Operation-Location.
@@ -54,19 +55,19 @@ func New[T any](pl exported.Pipeline, resp *http.Response, finalState pollers.Fi
 	if opURL == "" {
 		return nil, errors.New("response is missing Operation-Location header")
 	}
-	if !pollers.IsValidURL(opURL) {
+	if !poller.IsValidURL(opURL) {
 		return nil, fmt.Errorf("invalid Operation-Location URL %s", opURL)
 	}
 	locURL := resp.Header.Get(shared.HeaderLocation)
 	// Location header is optional
-	if locURL != "" && !pollers.IsValidURL(locURL) {
+	if locURL != "" && !poller.IsValidURL(locURL) {
 		return nil, fmt.Errorf("invalid Location URL %s", locURL)
 	}
 	// default initial state to InProgress.  if the
 	// service sent us a status then use that instead.
-	curState := pollers.StatusInProgress
-	status, err := pollers.GetStatus(resp)
-	if err != nil && !errors.Is(err, pollers.ErrNoBody) {
+	curState := poller.StatusInProgress
+	status, err := poller.GetStatus(resp)
+	if err != nil && !errors.Is(err, poller.ErrNoBody) {
 		return nil, err
 	}
 	if status != "" {
@@ -86,16 +87,16 @@ func New[T any](pl exported.Pipeline, resp *http.Response, finalState pollers.Fi
 }
 
 func (p *Poller[T]) Done() bool {
-	return pollers.IsTerminalState(p.CurState)
+	return poller.IsTerminalState(p.CurState)
 }
 
 func (p *Poller[T]) Poll(ctx context.Context) (*http.Response, error) {
 	err := pollers.PollHelper(ctx, p.OpLocURL, p.pl, func(resp *http.Response) (string, error) {
-		if !pollers.StatusCodeValid(resp) {
+		if !poller.StatusCodeValid(resp) {
 			p.resp = resp
 			return "", exported.NewResponseError(resp)
 		}
-		state, err := pollers.GetStatus(resp)
+		state, err := poller.GetStatus(resp)
 		if err != nil {
 			return "", err
 		} else if state == "" {
@@ -118,7 +119,7 @@ func (p *Poller[T]) Result(ctx context.Context, out *T) error {
 		req, err = exported.NewRequest(ctx, http.MethodGet, p.LocURL)
 	} else if p.FinalState == pollers.FinalStateViaOpLocation && p.Method == http.MethodPost {
 		// no final GET required, terminal response should have it
-	} else if rl, rlErr := pollers.GetResourceLocation(p.resp); rlErr != nil && !errors.Is(rlErr, pollers.ErrNoBody) {
+	} else if rl, rlErr := poller.GetResourceLocation(p.resp); rlErr != nil && !errors.Is(rlErr, poller.ErrNoBody) {
 		return rlErr
 	} else if rl != "" {
 		req, err = exported.NewRequest(ctx, http.MethodGet, rl)
@@ -140,5 +141,5 @@ func (p *Poller[T]) Result(ctx context.Context, out *T) error {
 		p.resp = resp
 	}
 
-	return pollers.ResultHelper(p.resp, pollers.Failed(p.CurState), out)
+	return pollers.ResultHelper(p.resp, poller.Failed(p.CurState), out)
 }
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/util.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/util.go
index 17ab7dadc..d8d86a46c 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/util.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/util.go
@@ -12,49 +12,15 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
-	"net/url"
 	"reflect"
-	"strings"
 
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported"
+	azexported "github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/log"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared"
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/exported"
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/poller"
 )
 
-// the well-known set of LRO status/provisioning state values.
-const (
-	StatusSucceeded  = "Succeeded"
-	StatusCanceled   = "Canceled"
-	StatusFailed     = "Failed"
-	StatusInProgress = "InProgress"
-)
-
-// IsTerminalState returns true if the LRO's state is terminal.
-func IsTerminalState(s string) bool {
-	return strings.EqualFold(s, StatusSucceeded) || strings.EqualFold(s, StatusFailed) || strings.EqualFold(s, StatusCanceled)
-}
-
-// Failed returns true if the LRO's state is terminal failure.
-func Failed(s string) bool {
-	return strings.EqualFold(s, StatusFailed) || strings.EqualFold(s, StatusCanceled)
-}
-
-// Succeeded returns true if the LRO's state is terminal success.
-func Succeeded(s string) bool {
-	return strings.EqualFold(s, StatusSucceeded)
-}
-
-// returns true if the LRO response contains a valid HTTP status code
-func StatusCodeValid(resp *http.Response) bool {
-	return exported.HasStatusCode(resp, http.StatusOK, http.StatusAccepted, http.StatusCreated, http.StatusNoContent)
-}
-
-// IsValidURL verifies that the URL is valid and absolute.
-func IsValidURL(s string) bool {
-	u, err := url.Parse(s)
-	return err == nil && u.IsAbs()
-}
-
 // getTokenTypeName creates a type name from the type parameter T.
 func getTokenTypeName[T any]() (string, error) {
 	tt := shared.TypeOfT[T]()
@@ -130,102 +96,6 @@ func IsTokenValid[T any](token string) error {
 	return nil
 }
 
-// ErrNoBody is returned if the response didn't contain a body.
-var ErrNoBody = errors.New("the response did not contain a body")
-
-// GetJSON reads the response body into a raw JSON object.
-// It returns ErrNoBody if there was no content.
-func GetJSON(resp *http.Response) (map[string]interface{}, error) {
-	body, err := exported.Payload(resp)
-	if err != nil {
-		return nil, err
-	}
-	if len(body) == 0 {
-		return nil, ErrNoBody
-	}
-	// unmarshall the body to get the value
-	var jsonBody map[string]interface{}
-	if err = json.Unmarshal(body, &jsonBody); err != nil {
-		return nil, err
-	}
-	return jsonBody, nil
-}
-
-// provisioningState returns the provisioning state from the response or the empty string.
-func provisioningState(jsonBody map[string]interface{}) string {
-	jsonProps, ok := jsonBody["properties"]
-	if !ok {
-		return ""
-	}
-	props, ok := jsonProps.(map[string]interface{})
-	if !ok {
-		return ""
-	}
-	rawPs, ok := props["provisioningState"]
-	if !ok {
-		return ""
-	}
-	ps, ok := rawPs.(string)
-	if !ok {
-		return ""
-	}
-	return ps
-}
-
-// status returns the status from the response or the empty string.
-func status(jsonBody map[string]interface{}) string {
-	rawStatus, ok := jsonBody["status"]
-	if !ok {
-		return ""
-	}
-	status, ok := rawStatus.(string)
-	if !ok {
-		return ""
-	}
-	return status
-}
-
-// GetStatus returns the LRO's status from the response body.
-// Typically used for Azure-AsyncOperation flows.
-// If there is no status in the response body the empty string is returned.
-func GetStatus(resp *http.Response) (string, error) {
-	jsonBody, err := GetJSON(resp)
-	if err != nil {
-		return "", err
-	}
-	return status(jsonBody), nil
-}
-
-// GetProvisioningState returns the LRO's state from the response body.
-// If there is no state in the response body the empty string is returned.
-func GetProvisioningState(resp *http.Response) (string, error) {
-	jsonBody, err := GetJSON(resp)
-	if err != nil {
-		return "", err
-	}
-	return provisioningState(jsonBody), nil
-}
-
-// GetResourceLocation returns the LRO's resourceLocation value from the response body.
-// Typically used for Operation-Location flows.
-// If there is no resourceLocation in the response body the empty string is returned.
-func GetResourceLocation(resp *http.Response) (string, error) {
-	jsonBody, err := GetJSON(resp)
-	if err != nil {
-		return "", err
-	}
-	v, ok := jsonBody["resourceLocation"]
-	if !ok {
-		// it might be ok if the field doesn't exist, the caller must make that determination
-		return "", nil
-	}
-	vv, ok := v.(string)
-	if !ok {
-		return "", fmt.Errorf("the resourceLocation value %v was not in string format", v)
-	}
-	return vv, nil
-}
-
 // used if the operation synchronously completed
 type NopPoller[T any] struct {
 	resp   *http.Response
@@ -239,7 +109,7 @@ func NewNopPoller[T any](resp *http.Response) (*NopPoller[T], error) {
 	if resp.StatusCode == http.StatusNoContent {
 		return np, nil
 	}
-	payload, err := exported.Payload(resp)
+	payload, err := exported.Payload(resp, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -269,8 +139,8 @@ func (p *NopPoller[T]) Result(ctx context.Context, out *T) error {
 // If the request fails, the update func is not called.
 // The update func returns the state of the operation for logging purposes or an error
 // if it fails to extract the required state from the response.
-func PollHelper(ctx context.Context, endpoint string, pl exported.Pipeline, update func(resp *http.Response) (string, error)) error {
-	req, err := exported.NewRequest(ctx, http.MethodGet, endpoint)
+func PollHelper(ctx context.Context, endpoint string, pl azexported.Pipeline, update func(resp *http.Response) (string, error)) error {
+	req, err := azexported.NewRequest(ctx, http.MethodGet, endpoint)
 	if err != nil {
 		return err
 	}
@@ -296,13 +166,13 @@ func ResultHelper[T any](resp *http.Response, failed bool, out *T) error {
 	}
 
 	defer resp.Body.Close()
-	if !StatusCodeValid(resp) || failed {
+	if !poller.StatusCodeValid(resp) || failed {
 		// the LRO failed.  unmarshall the error and update state
-		return exported.NewResponseError(resp)
+		return azexported.NewResponseError(resp)
 	}
 
 	// success case
-	payload, err := exported.Payload(resp)
+	payload, err := exported.Payload(resp, nil)
 	if err != nil {
 		return err
 	}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/constants.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/constants.go
index b3b477f90..681167bcb 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/constants.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/constants.go
@@ -21,6 +21,7 @@ const (
 	HeaderOperationLocation      = "Operation-Location"
 	HeaderRetryAfter             = "Retry-After"
 	HeaderUserAgent              = "User-Agent"
+	HeaderWWWAuthenticate        = "WWW-Authenticate"
 	HeaderXMSClientRequestID     = "x-ms-client-request-id"
 )
 
@@ -31,5 +32,5 @@ const (
 	Module = "azcore"
 
 	// Version is the semantic version (see http://semver.org) of this module.
-	Version = "v1.4.0"
+	Version = "v1.6.0"
 )
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/shared.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/shared.go
index 7c71df307..930ab8c83 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/shared.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/shared.go
@@ -8,9 +8,7 @@ package shared
 
 import (
 	"context"
-	"errors"
 	"fmt"
-	"io"
 	"net/http"
 	"reflect"
 	"regexp"
@@ -64,71 +62,6 @@ func TypeOfT[T any]() reflect.Type {
 	return reflect.TypeOf((*T)(nil)).Elem()
 }
 
-// BytesSetter abstracts replacing a byte slice on some type.
-type BytesSetter interface {
-	Set(b []byte)
-}
-
-// NewNopClosingBytesReader creates a new *NopClosingBytesReader for the specified slice.
-func NewNopClosingBytesReader(data []byte) *NopClosingBytesReader {
-	return &NopClosingBytesReader{s: data}
-}
-
-// NopClosingBytesReader is an io.ReadSeekCloser around a byte slice.
-// It also provides direct access to the byte slice to avoid rereading.
-type NopClosingBytesReader struct {
-	s []byte
-	i int64
-}
-
-// Bytes returns the underlying byte slice.
-func (r *NopClosingBytesReader) Bytes() []byte {
-	return r.s
-}
-
-// Close implements the io.Closer interface.
-func (*NopClosingBytesReader) Close() error {
-	return nil
-}
-
-// Read implements the io.Reader interface.
-func (r *NopClosingBytesReader) Read(b []byte) (n int, err error) {
-	if r.i >= int64(len(r.s)) {
-		return 0, io.EOF
-	}
-	n = copy(b, r.s[r.i:])
-	r.i += int64(n)
-	return
-}
-
-// Set replaces the existing byte slice with the specified byte slice and resets the reader.
-func (r *NopClosingBytesReader) Set(b []byte) {
-	r.s = b
-	r.i = 0
-}
-
-// Seek implements the io.Seeker interface.
-func (r *NopClosingBytesReader) Seek(offset int64, whence int) (int64, error) {
-	var i int64
-	switch whence {
-	case io.SeekStart:
-		i = offset
-	case io.SeekCurrent:
-		i = r.i + offset
-	case io.SeekEnd:
-		i = int64(len(r.s)) + offset
-	default:
-		return 0, errors.New("nopClosingBytesReader: invalid whence")
-	}
-	if i < 0 {
-		return 0, errors.New("nopClosingBytesReader: negative position")
-	}
-	r.i = i
-	return i, nil
-}
-
-var _ BytesSetter = (*NopClosingBytesReader)(nil)
-
 // TransportFunc is a helper to use a first-class func to satisfy the Transporter interface.
 type TransportFunc func(*http.Request) (*http.Response, error)
 
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/policy/policy.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/policy/policy.go
index c427e14d8..b20004783 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/policy/policy.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/policy/policy.go
@@ -99,7 +99,7 @@ type RetryOptions struct {
 
 	// MaxRetryDelay specifies the maximum delay allowed before retrying an operation.
 	// Typically the value is greater than or equal to the value specified in RetryDelay.
-	// The default Value is 120 seconds.  A value less than zero means there is no cap.
+	// The default Value is 60 seconds.  A value less than zero means there is no cap.
 	MaxRetryDelay time.Duration
 
 	// StatusCodes specifies the HTTP status codes that indicate the operation should be retried.
@@ -113,6 +113,15 @@ type RetryOptions struct {
 	// Specifying values will replace the default values.
 	// Specifying an empty slice will disable retries for HTTP status codes.
 	StatusCodes []int
+
+	// ShouldRetry evaluates if the retry policy should retry the request.
+	// When specified, the function overrides comparison against the list of
+	// HTTP status codes and error checking within the retry policy. Context
+	// and NonRetriable errors remain evaluated before calling ShouldRetry.
+	// The *http.Response and error parameters are mutually exclusive, i.e.
+	// if one is nil, the other is not nil.
+	// A return value of true means the retry policy should retry.
+	ShouldRetry func(*http.Response, error) bool
 }
 
 // TelemetryOptions configures the telemetry policy's behavior.
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_body_download.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_body_download.go
index 02d621ee8..99dc029f0 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_body_download.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_body_download.go
@@ -11,7 +11,6 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/errorinfo"
 )
@@ -29,7 +28,7 @@ func bodyDownloadPolicy(req *policy.Request) (*http.Response, error) {
 	}
 	// Either bodyDownloadPolicyOpValues was not specified (so skip is false)
 	// or it was specified and skip is false: don't skip downloading the body
-	_, err = exported.Payload(resp)
+	_, err = Payload(resp)
 	if err != nil {
 		return resp, newBodyDownloadError(err, req)
 	}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_retry.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_retry.go
index b33002018..5f52ba75b 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_retry.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_retry.go
@@ -19,6 +19,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/errorinfo"
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/exported"
 )
 
 const (
@@ -133,7 +134,7 @@ func (p *retryPolicy) Do(req *policy.Request) (resp *http.Response, err error) {
 			// if the body was already downloaded or there was an error it's safe to cancel the context now
 			if err != nil {
 				tryCancel()
-			} else if _, ok := resp.Body.(*shared.NopClosingBytesReader); ok {
+			} else if exported.PayloadDownloaded(resp) {
 				tryCancel()
 			} else {
 				// must cancel the context after the body has been read and closed
@@ -146,11 +147,7 @@ func (p *retryPolicy) Do(req *policy.Request) (resp *http.Response, err error) {
 			log.Writef(log.EventRetryPolicy, "error %v", err)
 		}
 
-		if err == nil && !HasStatusCode(resp, options.StatusCodes...) {
-			// if there is no error and the response code isn't in the list of retry codes then we're done.
-			log.Write(log.EventRetryPolicy, "exit due to non-retriable status code")
-			return
-		} else if ctxErr := req.Raw().Context().Err(); ctxErr != nil {
+		if ctxErr := req.Raw().Context().Err(); ctxErr != nil {
 			// don't retry if the parent context has been cancelled or its deadline exceeded
 			err = ctxErr
 			log.Writef(log.EventRetryPolicy, "abort due to %v", err)
@@ -165,6 +162,19 @@ func (p *retryPolicy) Do(req *policy.Request) (resp *http.Response, err error) {
 			return
 		}
 
+		if options.ShouldRetry != nil {
+			// a non-nil ShouldRetry overrides our HTTP status code check
+			if !options.ShouldRetry(resp, err) {
+				// predicate says we shouldn't retry
+				log.Write(log.EventRetryPolicy, "exit due to ShouldRetry")
+				return
+			}
+		} else if err == nil && !HasStatusCode(resp, options.StatusCodes...) {
+			// if there is no error and the response code isn't in the list of retry codes then we're done.
+			log.Write(log.EventRetryPolicy, "exit due to non-retriable status code")
+			return
+		}
+
 		if try == options.MaxRetries+1 {
 			// max number of tries has been reached, don't sleep again
 			log.Writef(log.EventRetryPolicy, "MaxRetries %d exceeded", options.MaxRetries)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/poller.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/poller.go
index 0be5210a4..3d029a3d1 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/poller.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/poller.go
@@ -23,6 +23,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/loc"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/pollers/op"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared"
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/poller"
 )
 
 // FinalStateVia is the enumerated type for the possible final-state-via values.
@@ -75,7 +76,7 @@ func NewPoller[T any](resp *http.Response, pl exported.Pipeline, options *NewPol
 	defer resp.Body.Close()
 	// this is a back-stop in case the swagger is incorrect (i.e. missing one or more status codes for success).
 	// ideally the codegen should return an error if the initial response failed and not even create a poller.
-	if !pollers.StatusCodeValid(resp) {
+	if !poller.StatusCodeValid(resp) {
 		return nil, errors.New("the operation failed or was cancelled")
 	}
 
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/response.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/response.go
index f86ec0b95..d1f58e9e2 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/response.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/response.go
@@ -15,15 +15,14 @@ import (
 	"io"
 	"net/http"
 
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported"
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared"
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/exported"
 )
 
 // Payload reads and returns the response body or an error.
 // On a successful read, the response body is cached.
 // Subsequent reads will access the cached value.
 func Payload(resp *http.Response) ([]byte, error) {
-	return exported.Payload(resp)
+	return exported.Payload(resp, nil)
 }
 
 // HasStatusCode returns true if the Response's status code is one of the specified values.
@@ -92,15 +91,15 @@ func Drain(resp *http.Response) {
 
 // removeBOM removes any byte-order mark prefix from the payload if present.
 func removeBOM(resp *http.Response) error {
-	payload, err := Payload(resp)
+	_, err := exported.Payload(resp, &exported.PayloadOptions{
+		BytesModifier: func(b []byte) []byte {
+			// UTF8
+			return bytes.TrimPrefix(b, []byte("\xef\xbb\xbf"))
+		},
+	})
 	if err != nil {
 		return err
 	}
-	// UTF8
-	trimmed := bytes.TrimPrefix(payload, []byte("\xef\xbb\xbf"))
-	if len(trimmed) < len(payload) {
-		resp.Body.(shared.BytesSetter).Set(trimmed)
-	}
 	return nil
 }
 
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/exported/exported.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/exported/exported.go
new file mode 100644
index 000000000..d4ed6ccc8
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/exported/exported.go
@@ -0,0 +1,124 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package exported
+
+import (
+	"errors"
+	"io"
+	"net/http"
+)
+
+// HasStatusCode returns true if the Response's status code is one of the specified values.
+// Exported as runtime.HasStatusCode().
+func HasStatusCode(resp *http.Response, statusCodes ...int) bool {
+	if resp == nil {
+		return false
+	}
+	for _, sc := range statusCodes {
+		if resp.StatusCode == sc {
+			return true
+		}
+	}
+	return false
+}
+
+// PayloadOptions contains the optional values for the Payload func.
+// NOT exported but used by azcore.
+type PayloadOptions struct {
+	// BytesModifier receives the downloaded byte slice and returns an updated byte slice.
+	// Use this to modify the downloaded bytes in a payload (e.g. removing a BOM).
+	BytesModifier func([]byte) []byte
+}
+
+// Payload reads and returns the response body or an error.
+// On a successful read, the response body is cached.
+// Subsequent reads will access the cached value.
+// Exported as runtime.Payload() WITHOUT the opts parameter.
+func Payload(resp *http.Response, opts *PayloadOptions) ([]byte, error) {
+	modifyBytes := func(b []byte) []byte { return b }
+	if opts != nil && opts.BytesModifier != nil {
+		modifyBytes = opts.BytesModifier
+	}
+
+	// r.Body won't be a nopClosingBytesReader if downloading was skipped
+	if buf, ok := resp.Body.(*nopClosingBytesReader); ok {
+		bytesBody := modifyBytes(buf.Bytes())
+		buf.Set(bytesBody)
+		return bytesBody, nil
+	}
+
+	bytesBody, err := io.ReadAll(resp.Body)
+	resp.Body.Close()
+	if err != nil {
+		return nil, err
+	}
+
+	bytesBody = modifyBytes(bytesBody)
+	resp.Body = &nopClosingBytesReader{s: bytesBody}
+	return bytesBody, nil
+}
+
+// PayloadDownloaded returns true if the response body has already been downloaded.
+// This implies that the Payload() func above has been previously called.
+// NOT exported but used by azcore.
+func PayloadDownloaded(resp *http.Response) bool {
+	_, ok := resp.Body.(*nopClosingBytesReader)
+	return ok
+}
+
+// nopClosingBytesReader is an io.ReadSeekCloser around a byte slice.
+// It also provides direct access to the byte slice to avoid rereading.
+type nopClosingBytesReader struct {
+	s []byte
+	i int64
+}
+
+// Bytes returns the underlying byte slice.
+func (r *nopClosingBytesReader) Bytes() []byte {
+	return r.s
+}
+
+// Close implements the io.Closer interface.
+func (*nopClosingBytesReader) Close() error {
+	return nil
+}
+
+// Read implements the io.Reader interface.
+func (r *nopClosingBytesReader) Read(b []byte) (n int, err error) {
+	if r.i >= int64(len(r.s)) {
+		return 0, io.EOF
+	}
+	n = copy(b, r.s[r.i:])
+	r.i += int64(n)
+	return
+}
+
+// Set replaces the existing byte slice with the specified byte slice and resets the reader.
+func (r *nopClosingBytesReader) Set(b []byte) {
+	r.s = b
+	r.i = 0
+}
+
+// Seek implements the io.Seeker interface.
+func (r *nopClosingBytesReader) Seek(offset int64, whence int) (int64, error) {
+	var i int64
+	switch whence {
+	case io.SeekStart:
+		i = offset
+	case io.SeekCurrent:
+		i = r.i + offset
+	case io.SeekEnd:
+		i = int64(len(r.s)) + offset
+	default:
+		return 0, errors.New("nopClosingBytesReader: invalid whence")
+	}
+	if i < 0 {
+		return 0, errors.New("nopClosingBytesReader: negative position")
+	}
+	r.i = i
+	return i, nil
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/poller/util.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/poller/util.go
new file mode 100644
index 000000000..db8269627
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/internal/poller/util.go
@@ -0,0 +1,155 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package poller
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/exported"
+)
+
+// the well-known set of LRO status/provisioning state values.
+const (
+	StatusSucceeded  = "Succeeded"
+	StatusCanceled   = "Canceled"
+	StatusFailed     = "Failed"
+	StatusInProgress = "InProgress"
+)
+
+// these are non-conformant states that we've seen in the wild.
+// we support them for back-compat.
+const (
+	StatusCancelled = "Cancelled"
+	StatusCompleted = "Completed"
+)
+
+// IsTerminalState returns true if the LRO's state is terminal.
+func IsTerminalState(s string) bool {
+	return Failed(s) || Succeeded(s)
+}
+
+// Failed returns true if the LRO's state is terminal failure.
+func Failed(s string) bool {
+	return strings.EqualFold(s, StatusFailed) || strings.EqualFold(s, StatusCanceled) || strings.EqualFold(s, StatusCancelled)
+}
+
+// Succeeded returns true if the LRO's state is terminal success.
+func Succeeded(s string) bool {
+	return strings.EqualFold(s, StatusSucceeded) || strings.EqualFold(s, StatusCompleted)
+}
+
+// returns true if the LRO response contains a valid HTTP status code
+func StatusCodeValid(resp *http.Response) bool {
+	return exported.HasStatusCode(resp, http.StatusOK, http.StatusAccepted, http.StatusCreated, http.StatusNoContent)
+}
+
+// IsValidURL verifies that the URL is valid and absolute.
+func IsValidURL(s string) bool {
+	u, err := url.Parse(s)
+	return err == nil && u.IsAbs()
+}
+
+// ErrNoBody is returned if the response didn't contain a body.
+var ErrNoBody = errors.New("the response did not contain a body")
+
+// GetJSON reads the response body into a raw JSON object.
+// It returns ErrNoBody if there was no content.
+func GetJSON(resp *http.Response) (map[string]any, error) {
+	body, err := exported.Payload(resp, nil)
+	if err != nil {
+		return nil, err
+	}
+	if len(body) == 0 {
+		return nil, ErrNoBody
+	}
+	// unmarshall the body to get the value
+	var jsonBody map[string]any
+	if err = json.Unmarshal(body, &jsonBody); err != nil {
+		return nil, err
+	}
+	return jsonBody, nil
+}
+
+// provisioningState returns the provisioning state from the response or the empty string.
+func provisioningState(jsonBody map[string]any) string {
+	jsonProps, ok := jsonBody["properties"]
+	if !ok {
+		return ""
+	}
+	props, ok := jsonProps.(map[string]any)
+	if !ok {
+		return ""
+	}
+	rawPs, ok := props["provisioningState"]
+	if !ok {
+		return ""
+	}
+	ps, ok := rawPs.(string)
+	if !ok {
+		return ""
+	}
+	return ps
+}
+
+// status returns the status from the response or the empty string.
+func status(jsonBody map[string]any) string {
+	rawStatus, ok := jsonBody["status"]
+	if !ok {
+		return ""
+	}
+	status, ok := rawStatus.(string)
+	if !ok {
+		return ""
+	}
+	return status
+}
+
+// GetStatus returns the LRO's status from the response body.
+// Typically used for Azure-AsyncOperation flows.
+// If there is no status in the response body the empty string is returned.
+func GetStatus(resp *http.Response) (string, error) {
+	jsonBody, err := GetJSON(resp)
+	if err != nil {
+		return "", err
+	}
+	return status(jsonBody), nil
+}
+
+// GetProvisioningState returns the LRO's state from the response body.
+// If there is no state in the response body the empty string is returned.
+func GetProvisioningState(resp *http.Response) (string, error) {
+	jsonBody, err := GetJSON(resp)
+	if err != nil {
+		return "", err
+	}
+	return provisioningState(jsonBody), nil
+}
+
+// GetResourceLocation returns the LRO's resourceLocation value from the response body.
+// Typically used for Operation-Location flows.
+// If there is no resourceLocation in the response body the empty string is returned.
+func GetResourceLocation(resp *http.Response) (string, error) {
+	jsonBody, err := GetJSON(resp)
+	if err != nil {
+		return "", err
+	}
+	v, ok := jsonBody["resourceLocation"]
+	if !ok {
+		// it might be ok if the field doesn't exist, the caller must make that determination
+		return "", nil
+	}
+	vv, ok := v.(string)
+	if !ok {
+		return "", fmt.Errorf("the resourceLocation value %v was not in string format", v)
+	}
+	return vv, nil
+}
diff --git a/vendor/github.com/VictoriaMetrics/metrics/process_metrics_other.go b/vendor/github.com/VictoriaMetrics/metrics/process_metrics_other.go
index ca7167f80..4c1c766d7 100644
--- a/vendor/github.com/VictoriaMetrics/metrics/process_metrics_other.go
+++ b/vendor/github.com/VictoriaMetrics/metrics/process_metrics_other.go
@@ -1,5 +1,5 @@
-//go:build !linux
-// +build !linux
+//go:build !linux && !windows
+// +build !linux,!windows
 
 package metrics
 
diff --git a/vendor/github.com/VictoriaMetrics/metrics/process_metrics_windows.go b/vendor/github.com/VictoriaMetrics/metrics/process_metrics_windows.go
new file mode 100644
index 000000000..e824ada94
--- /dev/null
+++ b/vendor/github.com/VictoriaMetrics/metrics/process_metrics_windows.go
@@ -0,0 +1,85 @@
+//go:build windows
+// +build windows
+
+package metrics
+
+import (
+	"fmt"
+	"io"
+	"log"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+var (
+	modpsapi    = syscall.NewLazyDLL("psapi.dll")
+	modkernel32 = syscall.NewLazyDLL("kernel32.dll")
+
+	// https://learn.microsoft.com/en-us/windows/win32/api/psapi/nf-psapi-getprocessmemoryinfo
+	procGetProcessMemoryInfo  = modpsapi.NewProc("GetProcessMemoryInfo")
+	procGetProcessHandleCount = modkernel32.NewProc("GetProcessHandleCount")
+)
+
+// https://learn.microsoft.com/en-us/windows/win32/api/psapi/ns-psapi-process_memory_counters_ex
+type processMemoryCounters struct {
+	_                          uint32
+	PageFaultCount             uint32
+	PeakWorkingSetSize         uintptr
+	WorkingSetSize             uintptr
+	QuotaPeakPagedPoolUsage    uintptr
+	QuotaPagedPoolUsage        uintptr
+	QuotaPeakNonPagedPoolUsage uintptr
+	QuotaNonPagedPoolUsage     uintptr
+	PagefileUsage              uintptr
+	PeakPagefileUsage          uintptr
+	PrivateUsage               uintptr
+}
+
+func writeProcessMetrics(w io.Writer) {
+	h := windows.CurrentProcess()
+	var startTime, exitTime, stime, utime windows.Filetime
+	err := windows.GetProcessTimes(h, &startTime, &exitTime, &stime, &utime)
+	if err != nil {
+		log.Printf("ERROR: metrics: cannot read process times: %s", err)
+		return
+	}
+	var mc processMemoryCounters
+	r1, _, err := procGetProcessMemoryInfo.Call(
+		uintptr(h),
+		uintptr(unsafe.Pointer(&mc)),
+		unsafe.Sizeof(mc),
+	)
+	if r1 != 1 {
+		log.Printf("ERROR: metrics: cannot read process memory information: %s", err)
+		return
+	}
+	stimeSeconds := (uint64(stime.HighDateTime)<<32 + uint64(stime.LowDateTime)) / 1e7
+	utimeSeconds := (uint64(utime.HighDateTime)<<32 + uint64(utime.LowDateTime)) / 1e7
+	fmt.Fprintf(w, "process_cpu_seconds_system_total %d\n", stimeSeconds)
+	fmt.Fprintf(w, "process_cpu_seconds_total %d\n", stimeSeconds+utimeSeconds)
+	fmt.Fprintf(w, "process_cpu_seconds_user_total %d\n", stimeSeconds)
+	fmt.Fprintf(w, "process_pagefaults_total %d\n", mc.PageFaultCount)
+	fmt.Fprintf(w, "process_start_time_seconds %d\n", startTime.Nanoseconds()/1e9)
+	fmt.Fprintf(w, "process_virtual_memory_bytes %d\n", mc.PrivateUsage)
+	fmt.Fprintf(w, "process_resident_memory_peak_bytes %d\n", mc.PeakWorkingSetSize)
+	fmt.Fprintf(w, "process_resident_memory_bytes %d\n", mc.WorkingSetSize)
+}
+
+func writeFDMetrics(w io.Writer) {
+	h := windows.CurrentProcess()
+	var count uint32
+	r1, _, err := procGetProcessHandleCount.Call(
+		uintptr(h),
+		uintptr(unsafe.Pointer(&count)),
+	)
+	if r1 != 1 {
+		log.Printf("ERROR: metrics: cannot determine open file descriptors count: %s", err)
+		return
+	}
+	// it seems to be hard-coded limit for 64-bit systems
+	// https://learn.microsoft.com/en-us/archive/blogs/markrussinovich/pushing-the-limits-of-windows-handles#maximum-number-of-handles
+	fmt.Fprintf(w, "process_max_fds %d\n", 16777216)
+	fmt.Fprintf(w, "process_open_fds %d\n", count)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/CHANGELOG.md
index 74d26b879..7e053de8d 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/CHANGELOG.md
@@ -1,3 +1,393 @@
+# Release (2023-04-24)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2`: v1.18.0
+  * **Feature**: add recursion detection middleware to all SDK requests to avoid recursion invocation in Lambda
+* `github.com/aws/aws-sdk-go-v2/service/appflow`: [v1.27.0](service/appflow/CHANGELOG.md#v1270-2023-04-24)
+  * **Feature**: Increased the max length for RefreshToken and AuthCode from 2048 to 4096.
+* `github.com/aws/aws-sdk-go-v2/service/codecatalyst`: [v1.2.5](service/codecatalyst/CHANGELOG.md#v125-2023-04-24)
+  * **Documentation**: Documentation updates for Amazon CodeCatalyst.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.94.0](service/ec2/CHANGELOG.md#v1940-2023-04-24)
+  * **Feature**: API changes to AWS Verified Access related to identity providers' information.
+* `github.com/aws/aws-sdk-go-v2/service/mediaconvert`: [v1.36.0](service/mediaconvert/CHANGELOG.md#v1360-2023-04-24)
+  * **Feature**: This release introduces a noise reduction pre-filter, linear interpolation deinterlace mode, video pass-through, updated default job settings, and expanded LC-AAC Stereo audio bitrate ranges.
+* `github.com/aws/aws-sdk-go-v2/service/rekognition`: [v1.25.0](service/rekognition/CHANGELOG.md#v1250-2023-04-24)
+  * **Feature**: Added new status result to Liveness session status.
+* `github.com/aws/aws-sdk-go-v2/service/route53`: [v1.28.0](service/route53/CHANGELOG.md#v1280-2023-04-24)
+  * **Feature**: added paginator for listResourceRecordSets
+* `github.com/aws/aws-sdk-go-v2/service/s3`: [v1.33.0](service/s3/CHANGELOG.md#v1330-2023-04-24)
+  * **Feature**: added custom paginators for listMultipartUploads and ListObjectVersions
+
+# Release (2023-04-21)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.52.0](service/connect/CHANGELOG.md#v1520-2023-04-21)
+  * **Feature**: This release adds a new API CreateParticipant. For Amazon Connect Chat, you can use this new API to customize chat flow experiences.
+* `github.com/aws/aws-sdk-go-v2/service/ecs`: [v1.26.1](service/ecs/CHANGELOG.md#v1261-2023-04-21)
+  * **Documentation**: Documentation update to address various Amazon ECS tickets.
+* `github.com/aws/aws-sdk-go-v2/service/fms`: [v1.23.0](service/fms/CHANGELOG.md#v1230-2023-04-21)
+  * **Feature**: AWS Firewall Manager adds support for multiple administrators. You can now delegate more than one administrator per organization.
+
+# Release (2023-04-20)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/chime`: [v1.23.0](service/chime/CHANGELOG.md#v1230-2023-04-20)
+  * **Feature**: Adds support for Hindi and Thai languages and additional Amazon Transcribe parameters to the StartMeetingTranscription API.
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkmediapipelines`: [v1.4.0](service/chimesdkmediapipelines/CHANGELOG.md#v140-2023-04-20)
+  * **Feature**: This release adds support for specifying the recording file format in an S3 recording sink configuration.
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkmeetings`: [v1.15.0](service/chimesdkmeetings/CHANGELOG.md#v1150-2023-04-20)
+  * **Feature**: Adds support for Hindi and Thai languages and additional Amazon Transcribe parameters to the StartMeetingTranscription API.
+* `github.com/aws/aws-sdk-go-v2/service/gamelift`: [v1.18.0](service/gamelift/CHANGELOG.md#v1180-2023-04-20)
+  * **Feature**: Amazon GameLift supports creating Builds for Windows 2016 operating system.
+* `github.com/aws/aws-sdk-go-v2/service/guardduty`: [v1.21.0](service/guardduty/CHANGELOG.md#v1210-2023-04-20)
+  * **Feature**: This release adds support for the new Lambda Protection feature.
+* `github.com/aws/aws-sdk-go-v2/service/iot`: [v1.36.0](service/iot/CHANGELOG.md#v1360-2023-04-20)
+  * **Feature**: Support additional OTA states in GetOTAUpdate API
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.74.0](service/sagemaker/CHANGELOG.md#v1740-2023-04-20)
+  * **Feature**: Amazon SageMaker Canvas adds ModelRegisterSettings support for CanvasAppSettings.
+* `github.com/aws/aws-sdk-go-v2/service/snowball`: [v1.19.0](service/snowball/CHANGELOG.md#v1190-2023-04-20)
+  * **Feature**: Adds support for Amazon S3 compatible storage. AWS Snow Family customers can now use Amazon S3 compatible storage on Snowball Edge devices. Also adds support for V3_5S. This is a refreshed AWS Snowball Edge Storage Optimized device type with 210TB SSD (customer usable).
+* `github.com/aws/aws-sdk-go-v2/service/wafv2`: [v1.30.0](service/wafv2/CHANGELOG.md#v1300-2023-04-20)
+  * **Feature**: You can now create encrypted API keys to use in a client application integration of the JavaScript CAPTCHA API . You can also retrieve a list of your API keys and the JavaScript application integration URL.
+
+# Release (2023-04-19)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/comprehend`: [v1.24.0](service/comprehend/CHANGELOG.md#v1240-2023-04-19)
+  * **Feature**: This release supports native document models for custom classification, in addition to plain-text models. You train native document models using documents (PDF, Word, images) in their native format.
+* `github.com/aws/aws-sdk-go-v2/service/ecs`: [v1.26.0](service/ecs/CHANGELOG.md#v1260-2023-04-19)
+  * **Feature**: This release supports the Account Setting "TagResourceAuthorization" that allows for enhanced Tagging security controls.
+* `github.com/aws/aws-sdk-go-v2/service/ram`: [v1.18.0](service/ram/CHANGELOG.md#v1180-2023-04-19)
+  * **Feature**: This release adds support for customer managed permissions. Customer managed permissions enable customers to author and manage tailored permissions for resources shared using RAM.
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.43.1](service/rds/CHANGELOG.md#v1431-2023-04-19)
+  * **Documentation**: Adds support for the ImageId parameter of CreateCustomDBEngineVersion to RDS Custom for Oracle
+* `github.com/aws/aws-sdk-go-v2/service/s3`: [v1.32.0](service/s3/CHANGELOG.md#v1320-2023-04-19)
+  * **Feature**: Provides support for "Snow" Storage class.
+* `github.com/aws/aws-sdk-go-v2/service/secretsmanager`: [v1.19.4](service/secretsmanager/CHANGELOG.md#v1194-2023-04-19)
+  * **Documentation**: Documentation updates for Secrets Manager
+
+# Release (2023-04-17)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appflow`: [v1.26.0](service/appflow/CHANGELOG.md#v1260-2023-04-17)
+  * **Feature**: This release adds a Client Token parameter to the following AppFlow APIs: Create/Update Connector Profile, Create/Update Flow, Start Flow, Register Connector, Update Connector Registration. The Client Token parameter allows idempotent operations for these APIs.
+* `github.com/aws/aws-sdk-go-v2/service/drs`: [v1.13.0](service/drs/CHANGELOG.md#v1130-2023-04-17)
+  * **Feature**: Changed existing APIs and added new APIs to support using an account-level launch configuration template with AWS Elastic Disaster Recovery.
+* `github.com/aws/aws-sdk-go-v2/service/dynamodb`: [v1.19.5](service/dynamodb/CHANGELOG.md#v1195-2023-04-17)
+  * **Documentation**: Documentation updates for DynamoDB API
+* `github.com/aws/aws-sdk-go-v2/service/emrserverless`: [v1.7.0](service/emrserverless/CHANGELOG.md#v170-2023-04-17)
+  * **Feature**: The GetJobRun API has been updated to include the job's billed resource utilization. This utilization shows the aggregate vCPU, memory and storage that AWS has billed for the job run. The billed resources include a 1-minute minimum usage for workers, plus additional storage over 20 GB per worker.
+* `github.com/aws/aws-sdk-go-v2/service/internetmonitor`: [v1.2.0](service/internetmonitor/CHANGELOG.md#v120-2023-04-17)
+  * **Feature**: This release includes a new configurable value, TrafficPercentageToMonitor, which allows users to adjust the amount of traffic monitored by percentage
+* `github.com/aws/aws-sdk-go-v2/service/iotwireless`: [v1.27.0](service/iotwireless/CHANGELOG.md#v1270-2023-04-17)
+  * **Feature**: Supports the new feature of LoRaWAN roaming, allows to configure MaxEirp for LoRaWAN gateway, and allows to configure PingSlotPeriod for LoRaWAN multicast group
+* `github.com/aws/aws-sdk-go-v2/service/lambda`: [v1.33.0](service/lambda/CHANGELOG.md#v1330-2023-04-17)
+  * **Feature**: Add Python 3.10 (python3.10) support to AWS Lambda
+
+# Release (2023-04-14)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ecs`: [v1.25.1](service/ecs/CHANGELOG.md#v1251-2023-04-14)
+  * **Documentation**: This release supports  ephemeral storage for AWS Fargate Windows containers.
+* `github.com/aws/aws-sdk-go-v2/service/lambda`: [v1.32.0](service/lambda/CHANGELOG.md#v1320-2023-04-14)
+  * **Feature**: This release adds SnapStart related exceptions to InvokeWithResponseStream API. IAM access related documentation is also added for this API.
+* `github.com/aws/aws-sdk-go-v2/service/migrationhubrefactorspaces`: [v1.9.8](service/migrationhubrefactorspaces/CHANGELOG.md#v198-2023-04-14)
+  * **Documentation**: Doc only update for Refactor Spaces environments without network bridge feature.
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.43.0](service/rds/CHANGELOG.md#v1430-2023-04-14)
+  * **Feature**: This release adds support of modifying the engine mode of database clusters.
+
+# Release (2023-04-13)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkvoice`: [v1.5.0](service/chimesdkvoice/CHANGELOG.md#v150-2023-04-13)
+  * **Feature**: This release adds tagging support for Voice Connectors and SIP Media Applications
+* `github.com/aws/aws-sdk-go-v2/service/mediaconnect`: [v1.19.0](service/mediaconnect/CHANGELOG.md#v1190-2023-04-13)
+  * **Feature**: Gateway is a new feature of AWS Elemental MediaConnect. Gateway allows the deployment of on-premises resources for the purpose of transporting live video to and from the AWS Cloud.
+
+# Release (2023-04-12)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/groundstation`: [v1.18.0](service/groundstation/CHANGELOG.md#v1180-2023-04-12)
+  * **Feature**: AWS Ground Station Wideband DigIF GA Release
+* `github.com/aws/aws-sdk-go-v2/service/managedblockchain`: [v1.15.5](service/managedblockchain/CHANGELOG.md#v1155-2023-04-12)
+  * **Documentation**: Removal of the Ropsten network. The Ethereum foundation ceased support of Ropsten on December 31st, 2022..
+
+# Release (2023-04-11)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ecrpublic`: [v1.16.0](service/ecrpublic/CHANGELOG.md#v1160-2023-04-11)
+  * **Feature**: This release will allow using registry alias as registryId in BatchDeleteImage request.
+* `github.com/aws/aws-sdk-go-v2/service/emrserverless`: [v1.6.0](service/emrserverless/CHANGELOG.md#v160-2023-04-11)
+  * **Feature**: This release extends GetJobRun API to return job run timeout (executionTimeoutMinutes) specified during StartJobRun call (or default timeout of 720 minutes if none was specified).
+* `github.com/aws/aws-sdk-go-v2/service/eventbridge`: [v1.19.0](service/eventbridge/CHANGELOG.md#v1190-2023-04-11)
+  * **Feature**: EventBridge PutTarget support for multiple SQL arguments on RedshiftDataParameters
+* `github.com/aws/aws-sdk-go-v2/service/iotdataplane`: [v1.15.0](service/iotdataplane/CHANGELOG.md#v1150-2023-04-11)
+  * **Feature**: This release adds support for MQTT5 user properties when calling the AWS IoT GetRetainedMessage API
+* `github.com/aws/aws-sdk-go-v2/service/wafv2`: [v1.29.0](service/wafv2/CHANGELOG.md#v1290-2023-04-11)
+  * **Feature**: For web ACLs that protect CloudFront protections, the default request body inspection size is now 16 KB, and you can use the new association configuration to increase the inspection size further, up to 64 KB. Sizes over 16 KB can incur additional costs.
+
+# Release (2023-04-10)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.51.0](service/connect/CHANGELOG.md#v1510-2023-04-10)
+  * **Feature**: This release adds the ability to configure an agent's routing profile to receive contacts from multiple channels at the same time via extending the UpdateRoutingProfileConcurrency, CreateRoutingProfile and DescribeRoutingProfile APIs.
+* `github.com/aws/aws-sdk-go-v2/service/ecs`: [v1.25.0](service/ecs/CHANGELOG.md#v1250-2023-04-10)
+  * **Feature**: This release adds support for enabling FIPS compliance on Amazon ECS Fargate tasks
+* `github.com/aws/aws-sdk-go-v2/service/marketplacecatalog`: [v1.16.0](service/marketplacecatalog/CHANGELOG.md#v1160-2023-04-10)
+  * **Feature**: Added three new APIs to support resource sharing: GetResourcePolicy, PutResourcePolicy, and DeleteResourcePolicy. Added new OwnershipType field to ListEntities request to let users filter on entities that are shared with them. Increased max page size of ListEntities response from 20 to 50 results.
+* `github.com/aws/aws-sdk-go-v2/service/mediaconvert`: [v1.35.0](service/mediaconvert/CHANGELOG.md#v1350-2023-04-10)
+  * **Feature**: AWS Elemental MediaConvert SDK now supports conversion of 608 paint-on captions to pop-on captions for SCC sources.
+* `github.com/aws/aws-sdk-go-v2/service/omics`: [v1.3.0](service/omics/CHANGELOG.md#v130-2023-04-10)
+  * **Feature**: Remove unexpected API changes.
+* `github.com/aws/aws-sdk-go-v2/service/rekognition`: [v1.24.0](service/rekognition/CHANGELOG.md#v1240-2023-04-10)
+  * **Feature**: This release adds support for Face Liveness APIs in Amazon Rekognition. Updates UpdateStreamProcessor to return ResourceInUseException Exception. Minor updates to API documentation.
+
+# Release (2023-04-07)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/dlm`: [v1.15.0](service/dlm/CHANGELOG.md#v1150-2023-04-07)
+  * **Announcement**: This release includes breaking changes for the timestamp trait on the data lifecycle management client.
+  * **Feature**: Updated timestamp format for GetLifecyclePolicy API
+  * **Bug Fix**: Correct timestamp type for data lifecycle manager.
+* `github.com/aws/aws-sdk-go-v2/service/docdb`: [v1.21.0](service/docdb/CHANGELOG.md#v1210-2023-04-07)
+  * **Feature**: This release adds a new parameter 'DBClusterParameterGroupName' to 'RestoreDBClusterFromSnapshot' API to associate the name of the DB cluster parameter group while performing restore.
+* `github.com/aws/aws-sdk-go-v2/service/fsx`: [v1.28.8](service/fsx/CHANGELOG.md#v1288-2023-04-07)
+  * **Documentation**: Amazon FSx for Lustre now supports creating data repository associations on Persistent_1 and Scratch_2 file systems.
+* `github.com/aws/aws-sdk-go-v2/service/lambda`: [v1.31.0](service/lambda/CHANGELOG.md#v1310-2023-04-07)
+  * **Feature**: This release adds a new Lambda InvokeWithResponseStream API to support streaming Lambda function responses. The release also adds a new InvokeMode parameter to Function Url APIs to control whether the response will be streamed or buffered.
+* `github.com/aws/aws-sdk-go-v2/service/quicksight`: [v1.34.0](service/quicksight/CHANGELOG.md#v1340-2023-04-07)
+  * **Feature**: This release has two changes: adding the OR condition to tag-based RLS rules in CreateDataSet and UpdateDataSet; adding RefreshSchedule and Incremental RefreshProperties operations for users to programmatically configure SPICE dataset ingestions.
+* `github.com/aws/aws-sdk-go-v2/service/redshiftdata`: [v1.19.3](service/redshiftdata/CHANGELOG.md#v1193-2023-04-07)
+  * **Documentation**: Update documentation of API descriptions as needed in support of temporary credentials with IAM identity.
+* `github.com/aws/aws-sdk-go-v2/service/servicecatalog`: [v1.18.1](service/servicecatalog/CHANGELOG.md#v1181-2023-04-07)
+  * **Documentation**: Updates description for property
+
+# Release (2023-04-06)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cloudformation`: [v1.27.0](service/cloudformation/CHANGELOG.md#v1270-2023-04-06)
+  * **Feature**: Including UPDATE_COMPLETE as a failed status for DeleteStack waiter.
+* `github.com/aws/aws-sdk-go-v2/service/greengrassv2`: [v1.22.0](service/greengrassv2/CHANGELOG.md#v1220-2023-04-06)
+  * **Feature**: Add support for SUCCEEDED value in coreDeviceExecutionStatus field. Documentation updates for Greengrass V2.
+* `github.com/aws/aws-sdk-go-v2/service/proton`: [v1.21.0](service/proton/CHANGELOG.md#v1210-2023-04-06)
+  * **Feature**: This release adds support for the AWS Proton service sync feature. Service sync enables managing an AWS Proton service (creating and updating instances) and all of it's corresponding service instances from a Git repository.
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.42.1](service/rds/CHANGELOG.md#v1421-2023-04-06)
+  * **Documentation**: Adds and updates the SDK examples
+
+# Release (2023-04-05)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/configservice`: [v1.31.0](service/configservice/CHANGELOG.md#v1310-2023-04-05)
+  * **Feature**: This release adds resourceType enums for types released in March 2023.
+* `github.com/aws/aws-sdk-go-v2/service/ecs`: [v1.24.3](service/ecs/CHANGELOG.md#v1243-2023-04-05)
+  * **Documentation**: This is a document only updated to add information about Amazon Elastic Inference (EI).
+* `github.com/aws/aws-sdk-go-v2/service/identitystore`: [v1.16.7](service/identitystore/CHANGELOG.md#v1167-2023-04-05)
+  * **Documentation**: Documentation updates for Identity Store CLI command reference.
+* `github.com/aws/aws-sdk-go-v2/service/ivsrealtime`: [v1.1.0](service/ivsrealtime/CHANGELOG.md#v110-2023-04-05)
+  * **Feature**: Fix ParticipantToken ExpirationTime format
+* `github.com/aws/aws-sdk-go-v2/service/networkfirewall`: [v1.26.0](service/networkfirewall/CHANGELOG.md#v1260-2023-04-05)
+  * **Feature**: AWS Network Firewall now supports IPv6-only subnets.
+* `github.com/aws/aws-sdk-go-v2/service/servicecatalog`: [v1.18.0](service/servicecatalog/CHANGELOG.md#v1180-2023-04-05)
+  * **Feature**: removed incorrect product type value
+* `github.com/aws/aws-sdk-go-v2/service/vpclattice`: [v1.0.1](service/vpclattice/CHANGELOG.md#v101-2023-04-05)
+  * **Documentation**: This release removes the entities in the API doc model package for auth policies.
+
+# Release (2023-04-04)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/amplifyuibuilder`: [v1.10.0](service/amplifyuibuilder/CHANGELOG.md#v1100-2023-04-04)
+  * **Feature**: Support StorageField and custom displays for data-bound options in form builder. Support non-string operands for predicates in collections. Support choosing client to get token from.
+* `github.com/aws/aws-sdk-go-v2/service/autoscaling`: [v1.28.1](service/autoscaling/CHANGELOG.md#v1281-2023-04-04)
+  * **Documentation**: Documentation updates for Amazon EC2 Auto Scaling
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.93.0](service/ec2/CHANGELOG.md#v1930-2023-04-04)
+  * **Feature**: C6in, M6in, M6idn, R6in and R6idn bare metal instances are powered by 3rd Generation Intel Xeon Scalable processors and offer up to 200 Gbps of network bandwidth.
+* `github.com/aws/aws-sdk-go-v2/service/elasticinference`: [v1.13.0](service/elasticinference/CHANGELOG.md#v1130-2023-04-04)
+  * **Feature**: Updated public documentation for the Describe and Tagging APIs.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.73.0](service/sagemaker/CHANGELOG.md#v1730-2023-04-04)
+  * **Feature**: Amazon SageMaker Asynchronous Inference now allows customer's to receive failure model responses in S3 and receive success/failure model responses in SNS notifications.
+* `github.com/aws/aws-sdk-go-v2/service/sagemakerruntime`: [v1.19.0](service/sagemakerruntime/CHANGELOG.md#v1190-2023-04-04)
+  * **Feature**: Amazon SageMaker Asynchronous Inference now provides customers a FailureLocation as a response parameter in InvokeEndpointAsync API to capture the model failure responses.
+* `github.com/aws/aws-sdk-go-v2/service/wafv2`: [v1.28.0](service/wafv2/CHANGELOG.md#v1280-2023-04-04)
+  * **Feature**: This release rolls back association config feature for webACLs that protect CloudFront protections.
+
+# Release (2023-04-03)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.45.0](service/glue/CHANGELOG.md#v1450-2023-04-03)
+  * **Feature**: Add support for database-level federation
+* `github.com/aws/aws-sdk-go-v2/service/lakeformation`: [v1.21.0](service/lakeformation/CHANGELOG.md#v1210-2023-04-03)
+  * **Feature**: Add support for database-level federation
+* `github.com/aws/aws-sdk-go-v2/service/licensemanager`: [v1.18.0](service/licensemanager/CHANGELOG.md#v1180-2023-04-03)
+  * **Feature**: This release adds grant override options to the CreateGrantVersion API. These options can be used to specify grant replacement behavior during grant activation.
+* `github.com/aws/aws-sdk-go-v2/service/mwaa`: [v1.15.0](service/mwaa/CHANGELOG.md#v1150-2023-04-03)
+  * **Feature**: This Amazon MWAA release adds the ability to customize the Apache Airflow environment by launching a shell script at startup. This shell script is hosted in your environment's Amazon S3 bucket. Amazon MWAA runs the script before installing requirements and initializing the Apache Airflow process.
+* `github.com/aws/aws-sdk-go-v2/service/servicecatalog`: [v1.17.0](service/servicecatalog/CHANGELOG.md#v1170-2023-04-03)
+  * **Feature**: This release introduces Service Catalog support for Terraform open source. It enables 1. The notify* APIs to Service Catalog. These APIs are used by the terraform engine to notify the result of the provisioning engine execution. 2. Adds a new TERRAFORM_OPEN_SOURCE product type in CreateProduct API.
+* `github.com/aws/aws-sdk-go-v2/service/wafv2`: [v1.27.0](service/wafv2/CHANGELOG.md#v1270-2023-04-03)
+  * **Feature**: For web ACLs that protect CloudFront protections, the default request body inspection size is now 16 KB, and you can use the new association configuration to increase the inspection size further, up to 64 KB. Sizes over 16 KB can incur additional costs.
+
+# Release (2023-03-31)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.92.1](service/ec2/CHANGELOG.md#v1921-2023-03-31)
+  * **Documentation**: Documentation updates for EC2 On Demand Capacity Reservations
+* `github.com/aws/aws-sdk-go-v2/service/internetmonitor`: [v1.1.0](service/internetmonitor/CHANGELOG.md#v110-2023-03-31)
+  * **Feature**: This release adds a new feature for Amazon CloudWatch Internet Monitor that enables customers to deliver internet measurements to Amazon S3 buckets as well as CloudWatch Logs.
+* `github.com/aws/aws-sdk-go-v2/service/resiliencehub`: [v1.10.1](service/resiliencehub/CHANGELOG.md#v1101-2023-03-31)
+  * **Documentation**: Adding EKS related documentation for appTemplateBody
+* `github.com/aws/aws-sdk-go-v2/service/s3`: [v1.31.1](service/s3/CHANGELOG.md#v1311-2023-03-31)
+  * **Documentation**: Documentation updates for Amazon S3
+* `github.com/aws/aws-sdk-go-v2/service/sagemakerfeaturestoreruntime`: [v1.14.0](service/sagemakerfeaturestoreruntime/CHANGELOG.md#v1140-2023-03-31)
+  * **Feature**: In this release, you can now chose between soft delete and hard delete when calling the DeleteRecord API, so you have more flexibility when it comes to managing online store data.
+
+# Release (2023-03-30)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/athena`: [v1.25.0](service/athena/CHANGELOG.md#v1250-2023-03-30)
+  * **Feature**: Make DefaultExecutorDpuSize and CoordinatorDpuSize  fields optional  in StartSession
+* `github.com/aws/aws-sdk-go-v2/service/autoscaling`: [v1.28.0](service/autoscaling/CHANGELOG.md#v1280-2023-03-30)
+  * **Feature**: Amazon EC2 Auto Scaling now supports Elastic Load Balancing traffic sources with the AttachTrafficSources, DetachTrafficSources, and DescribeTrafficSources APIs. This release also introduces a new activity status, "WaitingForConnectionDraining", for VPC Lattice to the DescribeScalingActivities API.
+* `github.com/aws/aws-sdk-go-v2/service/batch`: [v1.23.0](service/batch/CHANGELOG.md#v1230-2023-03-30)
+  * **Feature**: This feature allows Batch on EKS to support configuration of Pod Labels through Metadata for Batch on EKS Jobs.
+* `github.com/aws/aws-sdk-go-v2/service/computeoptimizer`: [v1.22.0](service/computeoptimizer/CHANGELOG.md#v1220-2023-03-30)
+  * **Feature**: This release adds support for HDD EBS volume types and io2 Block Express. We are also adding support for 61 new instance types and instances that have non consecutive runtime.
+* `github.com/aws/aws-sdk-go-v2/service/drs`: [v1.12.0](service/drs/CHANGELOG.md#v1120-2023-03-30)
+  * **Feature**: Adding a field to the replication configuration APIs to support the auto replicate new disks feature. We also deprecated RetryDataReplication.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.92.0](service/ec2/CHANGELOG.md#v1920-2023-03-30)
+  * **Feature**: This release adds support for Tunnel Endpoint Lifecycle control, a new feature that provides Site-to-Site VPN customers with better visibility and control of their VPN tunnel maintenance updates.
+* `github.com/aws/aws-sdk-go-v2/service/emr`: [v1.24.0](service/emr/CHANGELOG.md#v1240-2023-03-30)
+  * **Feature**: Updated DescribeCluster and ListClusters API responses to include ErrorDetail that specifies error code, programmatically accessible error data,and an error message. ErrorDetail provides the underlying reason for cluster failure and recommends actions to simplify troubleshooting of EMR clusters.
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.44.0](service/glue/CHANGELOG.md#v1440-2023-03-30)
+  * **Feature**: This release adds support for AWS Glue Data Quality, which helps you evaluate and monitor the quality of your data and includes the API for creating, deleting, or updating data quality rulesets, runs and evaluations.
+* `github.com/aws/aws-sdk-go-v2/service/guardduty`: [v1.20.0](service/guardduty/CHANGELOG.md#v1200-2023-03-30)
+  * **Feature**: Added EKS Runtime Monitoring feature support to existing detector, finding APIs and introducing new Coverage APIs
+* `github.com/aws/aws-sdk-go-v2/service/imagebuilder`: [v1.23.0](service/imagebuilder/CHANGELOG.md#v1230-2023-03-30)
+  * **Feature**: Adds support for new image workflow details and image vulnerability detection.
+* `github.com/aws/aws-sdk-go-v2/service/ivs`: [v1.21.0](service/ivs/CHANGELOG.md#v1210-2023-03-30)
+  * **Feature**: Amazon Interactive Video Service (IVS) now offers customers the ability to configure IVS channels to allow insecure RTMP ingest.
+* `github.com/aws/aws-sdk-go-v2/service/kendra`: [v1.39.0](service/kendra/CHANGELOG.md#v1390-2023-03-30)
+  * **Feature**: AWS Kendra now supports featured results for a query.
+* `github.com/aws/aws-sdk-go-v2/service/networkfirewall`: [v1.25.0](service/networkfirewall/CHANGELOG.md#v1250-2023-03-30)
+  * **Feature**: AWS Network Firewall added TLS inspection configurations to allow TLS traffic inspection.
+* `github.com/aws/aws-sdk-go-v2/service/sagemakergeospatial`: [v1.2.0](service/sagemakergeospatial/CHANGELOG.md#v120-2023-03-30)
+  * **Feature**: Amazon SageMaker geospatial capabilities now supports server-side encryption with customer managed KMS key and SageMaker notebooks with a SageMaker geospatial image in a Amazon SageMaker Domain with VPC only mode.
+* `github.com/aws/aws-sdk-go-v2/service/vpclattice`: [v1.0.0](service/vpclattice/CHANGELOG.md#v100-2023-03-30)
+  * **Release**: New AWS service client module
+  * **Feature**: General Availability (GA) release of Amazon VPC Lattice
+* `github.com/aws/aws-sdk-go-v2/service/wellarchitected`: [v1.19.0](service/wellarchitected/CHANGELOG.md#v1190-2023-03-30)
+  * **Feature**: AWS Well-Architected SDK now supports getting consolidated report metrics and generating a consolidated report PDF.
+
+# Release (2023-03-29)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/opensearchserverless`: [v1.2.0](service/opensearchserverless/CHANGELOG.md#v120-2023-03-29)
+  * **Feature**: This release includes two new exception types "ServiceQuotaExceededException" and "OcuLimitExceededException".
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.42.0](service/rds/CHANGELOG.md#v1420-2023-03-29)
+  * **Feature**: Add support for creating a read replica DB instance from a Multi-AZ DB cluster.
+
+# Release (2023-03-28)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ssmcontacts`: [v1.15.0](service/ssmcontacts/CHANGELOG.md#v1150-2023-03-28)
+  * **Feature**: This release adds 12 new APIs as part of Oncall Schedule feature release, adds support for a new contact type: ONCALL_SCHEDULE. Check public documentation for AWS ssm-contacts for more information
+* `github.com/aws/aws-sdk-go-v2/service/ssmincidents`: [v1.21.0](service/ssmincidents/CHANGELOG.md#v1210-2023-03-28)
+  * **Feature**: Increased maximum length of "TriggerDetails.rawData" to 10K characters and "IncidentSummary" to 8K characters.
+
+# Release (2023-03-27)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/athena`: [v1.24.0](service/athena/CHANGELOG.md#v1240-2023-03-27)
+  * **Feature**: Enforces a minimal level of encryption for the workgroup for query and calculation results that are written to Amazon S3. When enabled, workgroup users can set encryption only to the minimum level set by the administrator or higher when they submit queries.
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkvoice`: [v1.4.0](service/chimesdkvoice/CHANGELOG.md#v140-2023-03-27)
+  * **Feature**: Documentation updates for Amazon Chime SDK Voice.
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.50.0](service/connect/CHANGELOG.md#v1500-2023-03-27)
+  * **Feature**: This release introduces support for RelatedContactId in the StartChatContact API. Interactive message and interactive message response have been added to the list of supported message content types for this API as well.
+* `github.com/aws/aws-sdk-go-v2/service/connectparticipant`: [v1.15.7](service/connectparticipant/CHANGELOG.md#v1157-2023-03-27)
+  * **Documentation**: This release provides an update to the SendMessage API to handle interactive message response content-types.
+* `github.com/aws/aws-sdk-go-v2/service/iotwireless`: [v1.26.0](service/iotwireless/CHANGELOG.md#v1260-2023-03-27)
+  * **Feature**: Introducing new APIs that enable Sidewalk devices to communicate with AWS IoT Core through Sidewalk gateways. This will empower AWS customers to connect Sidewalk devices with other AWS IoT Services, creating  possibilities for seamless integration and advanced device management.
+* `github.com/aws/aws-sdk-go-v2/service/medialive`: [v1.31.0](service/medialive/CHANGELOG.md#v1310-2023-03-27)
+  * **Feature**: AWS Elemental MediaLive now supports ID3 tag insertion for audio only HLS output groups. AWS Elemental Link devices now support tagging.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.72.1](service/sagemaker/CHANGELOG.md#v1721-2023-03-27)
+  * **Documentation**: Fixed some improperly rendered links in SDK documentation.
+* `github.com/aws/aws-sdk-go-v2/service/securityhub`: [v1.30.0](service/securityhub/CHANGELOG.md#v1300-2023-03-27)
+  * **Feature**: Added new resource detail objects to ASFF, including resources for AwsEksCluster, AWSS3Bucket, AwsEc2RouteTable and AwsEC2Instance.
+* `github.com/aws/aws-sdk-go-v2/service/servicecatalogappregistry`: [v1.17.0](service/servicecatalogappregistry/CHANGELOG.md#v1170-2023-03-27)
+  * **Feature**: In this release, we started supporting ARN in applicationSpecifier and attributeGroupSpecifier. GetAttributeGroup, ListAttributeGroups and ListAttributeGroupsForApplication APIs will now have CreatedBy field in the response.
+* `github.com/aws/aws-sdk-go-v2/service/voiceid`: [v1.13.0](service/voiceid/CHANGELOG.md#v1130-2023-03-27)
+  * **Feature**: Amazon Connect Voice ID now supports multiple fraudster watchlists. Every domain has a default watchlist where all existing fraudsters are placed by default. Custom watchlists may now be created, managed, and evaluated against for known fraudster detection.
+
+# Release (2023-03-24)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cloudwatch`: [v1.25.7](service/cloudwatch/CHANGELOG.md#v1257-2023-03-24)
+  * **Documentation**: Doc-only update to correct alarm actions list
+* `github.com/aws/aws-sdk-go-v2/service/comprehend`: [v1.23.0](service/comprehend/CHANGELOG.md#v1230-2023-03-24)
+  * **Feature**: This release adds a new field (FlywheelArn) to the EntitiesDetectionJobProperties object. The FlywheelArn field is returned in the DescribeEntitiesDetectionJob and ListEntitiesDetectionJobs responses when the EntitiesDetection job is started with a FlywheelArn instead of an EntityRecognizerArn .
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.41.0](service/rds/CHANGELOG.md#v1410-2023-03-24)
+  * **Feature**: Added error code CreateCustomDBEngineVersionFault for when the create custom engine version for Custom engines fails.
+
+# Release (2023-03-23)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/batch`: [v1.22.0](service/batch/CHANGELOG.md#v1220-2023-03-23)
+  * **Feature**: This feature allows Batch to support configuration of ephemeral storage size for jobs running on FARGATE
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkidentity`: [v1.11.0](service/chimesdkidentity/CHANGELOG.md#v1110-2023-03-23)
+  * **Feature**: AppInstanceBots can be used to add a bot powered by Amazon Lex to chat channels.  ExpirationSettings provides automatic resource deletion for AppInstanceUsers.
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkmediapipelines`: [v1.3.0](service/chimesdkmediapipelines/CHANGELOG.md#v130-2023-03-23)
+  * **Feature**: This release adds Amazon Chime SDK call analytics. Call analytics include voice analytics, which provides speaker search and voice tone analysis. These capabilities can be used with Amazon Transcribe and Transcribe Call Analytics to generate machine-learning-powered insights from real-time audio.
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkmessaging`: [v1.14.0](service/chimesdkmessaging/CHANGELOG.md#v1140-2023-03-23)
+  * **Feature**: ExpirationSettings provides automatic resource deletion for Channels.
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkvoice`: [v1.3.0](service/chimesdkvoice/CHANGELOG.md#v130-2023-03-23)
+  * **Feature**: This release adds Amazon Chime SDK call analytics. Call analytics include voice analytics, which provides speaker search and voice tone analysis. These capabilities can be used with Amazon Transcribe and Transcribe Call Analytics to generate machine-learning-powered insights from real-time audio.
+* `github.com/aws/aws-sdk-go-v2/service/codeartifact`: [v1.18.0](service/codeartifact/CHANGELOG.md#v1180-2023-03-23)
+  * **Feature**: Repository CreationTime is added to the CreateRepository and ListRepositories API responses.
+* `github.com/aws/aws-sdk-go-v2/service/guardduty`: [v1.19.0](service/guardduty/CHANGELOG.md#v1190-2023-03-23)
+  * **Feature**: Adds AutoEnableOrganizationMembers attribute to DescribeOrganizationConfiguration and UpdateOrganizationConfiguration APIs.
+* `github.com/aws/aws-sdk-go-v2/service/ivsrealtime`: [v1.0.0](service/ivsrealtime/CHANGELOG.md#v100-2023-03-23)
+  * **Release**: New AWS service client module
+  * **Feature**: Initial release of the Amazon Interactive Video Service RealTime API.
+* `github.com/aws/aws-sdk-go-v2/service/mediaconvert`: [v1.34.0](service/mediaconvert/CHANGELOG.md#v1340-2023-03-23)
+  * **Feature**: AWS Elemental MediaConvert SDK now supports passthrough of ID3v2 tags for audio inputs to audio-only HLS outputs.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.72.0](service/sagemaker/CHANGELOG.md#v1720-2023-03-23)
+  * **Feature**: Amazon SageMaker Autopilot adds two new APIs - CreateAutoMLJobV2 and DescribeAutoMLJobV2. Amazon SageMaker Notebook Instances now supports the ml.geospatial.interactive instance type.
+* `github.com/aws/aws-sdk-go-v2/service/servicediscovery`: [v1.21.0](service/servicediscovery/CHANGELOG.md#v1210-2023-03-23)
+  * **Feature**: Reverted the throttling exception RequestLimitExceeded for AWS Cloud Map APIs introduced in SDK version 1.12.424 2023-03-09 to previous exception specified in the ErrorCode.
+* `github.com/aws/aws-sdk-go-v2/service/textract`: [v1.21.0](service/textract/CHANGELOG.md#v1210-2023-03-23)
+  * **Feature**: The AnalyzeDocument - Tables feature adds support for new elements in the API: table titles, footers, section titles, summary cells/tables, and table type.
+
+# Release (2023-03-22)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/iam`: [v1.19.8](service/iam/CHANGELOG.md#v1198-2023-03-22)
+  * **Documentation**: Documentation updates for AWS Identity and Access Management (IAM).
+* `github.com/aws/aws-sdk-go-v2/service/iottwinmaker`: [v1.11.0](service/iottwinmaker/CHANGELOG.md#v1110-2023-03-22)
+  * **Feature**: This release adds support of adding metadata when creating a new scene or updating an existing scene.
+* `github.com/aws/aws-sdk-go-v2/service/networkmanager`: [v1.17.8](service/networkmanager/CHANGELOG.md#v1178-2023-03-22)
+  * **Documentation**: This release includes an update to create-transit-gateway-route-table-attachment, showing example usage for TransitGatewayRouteTableArn.
+* `github.com/aws/aws-sdk-go-v2/service/resiliencehub`: [v1.10.0](service/resiliencehub/CHANGELOG.md#v1100-2023-03-22)
+  * **Feature**: This release provides customers with the ability to import resources from within an EKS cluster and assess the resiliency of EKS cluster workloads.
+* `github.com/aws/aws-sdk-go-v2/service/ssm`: [v1.36.0](service/ssm/CHANGELOG.md#v1360-2023-03-22)
+  * **Feature**: This Patch Manager release supports creating, updating, and deleting Patch Baselines for AmazonLinux2023, AlmaLinux.
+
 # Release (2023-03-21)
 
 ## General Highlights
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
index 472cb94bb..38edf047e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
@@ -3,4 +3,4 @@
 package aws
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.17.7"
+const goModuleVersion = "1.18.0"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/recursion_detection.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/recursion_detection.go
new file mode 100644
index 000000000..3f6aaf231
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/recursion_detection.go
@@ -0,0 +1,94 @@
+package middleware
+
+import (
+	"context"
+	"fmt"
+	"github.com/aws/smithy-go/middleware"
+	smithyhttp "github.com/aws/smithy-go/transport/http"
+	"os"
+)
+
+const envAwsLambdaFunctionName = "AWS_LAMBDA_FUNCTION_NAME"
+const envAmznTraceID = "_X_AMZN_TRACE_ID"
+const amznTraceIDHeader = "X-Amzn-Trace-Id"
+
+// AddRecursionDetection adds recursionDetection to the middleware stack
+func AddRecursionDetection(stack *middleware.Stack) error {
+	return stack.Build.Add(&RecursionDetection{}, middleware.After)
+}
+
+// RecursionDetection detects Lambda environment and sets its X-Ray trace ID to request header if absent
+// to avoid recursion invocation in Lambda
+type RecursionDetection struct{}
+
+// ID returns the middleware identifier
+func (m *RecursionDetection) ID() string {
+	return "RecursionDetection"
+}
+
+// HandleBuild detects Lambda environment and adds its trace ID to request header if absent
+func (m *RecursionDetection) HandleBuild(
+	ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler,
+) (
+	out middleware.BuildOutput, metadata middleware.Metadata, err error,
+) {
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown request type %T", req)
+	}
+
+	_, hasLambdaEnv := os.LookupEnv(envAwsLambdaFunctionName)
+	xAmznTraceID, hasTraceID := os.LookupEnv(envAmznTraceID)
+	value := req.Header.Get(amznTraceIDHeader)
+	// only set the X-Amzn-Trace-Id header when it is not set initially, the
+	// current environment is Lambda and the _X_AMZN_TRACE_ID env variable exists
+	if value != "" || !hasLambdaEnv || !hasTraceID {
+		return next.HandleBuild(ctx, in)
+	}
+
+	req.Header.Set(amznTraceIDHeader, percentEncode(xAmznTraceID))
+	return next.HandleBuild(ctx, in)
+}
+
+func percentEncode(s string) string {
+	upperhex := "0123456789ABCDEF"
+	hexCount := 0
+	for i := 0; i < len(s); i++ {
+		c := s[i]
+		if shouldEncode(c) {
+			hexCount++
+		}
+	}
+
+	if hexCount == 0 {
+		return s
+	}
+
+	required := len(s) + 2*hexCount
+	t := make([]byte, required)
+	j := 0
+	for i := 0; i < len(s); i++ {
+		if c := s[i]; shouldEncode(c) {
+			t[j] = '%'
+			t[j+1] = upperhex[c>>4]
+			t[j+2] = upperhex[c&15]
+			j += 3
+		} else {
+			t[j] = c
+			j++
+		}
+	}
+	return string(t)
+}
+
+func shouldEncode(c byte) bool {
+	if 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z' || '0' <= c && c <= '9' {
+		return false
+	}
+	switch c {
+	case '-', '=', ';', ':', '+', '&', '[', ']', '{', '}', '"', '\'', ',':
+		return false
+	default:
+		return true
+	}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
index c695e6fe5..00d7d3eee 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
@@ -95,8 +95,13 @@ func (r RetryableConnectionError) IsErrorRetryable(err error) aws.Ternary {
 	var timeoutErr interface{ Timeout() bool }
 	var urlErr *url.Error
 	var netOpErr *net.OpError
+	var dnsError *net.DNSError
 
 	switch {
+	case errors.As(err, &dnsError):
+		// NXDOMAIN errors should not be retried
+		retryable = !dnsError.IsNotFound && dnsError.IsTemporary
+
 	case errors.As(err, &conErr) && conErr.ConnectionError():
 		retryable = true
 
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md
index 4932d6bb0..e870fd1a5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md
@@ -1,3 +1,27 @@
+# v1.18.25 (2023-05-09)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.24 (2023-05-08)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.23 (2023-05-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.22 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.21 (2023-04-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.20 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.18.19 (2023-03-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go
index 719872dab..70d331424 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go
@@ -3,4 +3,4 @@
 package config
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.18.19"
+const goModuleVersion = "1.18.25"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md
index 7a0981d85..dd1b12213 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md
@@ -1,3 +1,27 @@
+# v1.13.24 (2023-05-09)
+
+* No change notes available for this release.
+
+# v1.13.23 (2023-05-08)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.22 (2023-05-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.21 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.20 (2023-04-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.19 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.13.18 (2023-03-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go
index c715edbed..4bd7f6708 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go
@@ -3,4 +3,4 @@
 package credentials
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.13.18"
+const goModuleVersion = "1.13.24"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/doc.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/doc.go
index 43e5676d3..ece1e65f7 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/doc.go
@@ -11,12 +11,11 @@
 // # Loading AWS SSO credentials with the AWS shared configuration file
 //
 // You can use configure AWS SSO credentials from the AWS shared configuration file by
-// providing the specifying the required keys in the profile:
+// specifying the required keys in the profile and referencing an sso-session:
 //
+//	sso_session
 //	sso_account_id
-//	sso_region
 //	sso_role_name
-//	sso_start_url
 //
 // For example, the following defines a profile "devsso" and specifies the AWS
 // SSO parameters that defines the target account, role, sign-on portal, and
@@ -24,11 +23,15 @@
 // provided, or an error will be returned.
 //
 //	[profile devsso]
-//	sso_start_url = https://my-sso-portal.awsapps.com/start
+//	sso_session = dev-session
 //	sso_role_name = SSOReadOnlyRole
-//	sso_region = us-east-1
 //	sso_account_id = 123456789012
 //
+//	[sso-session dev-session]
+//	sso_start_url = https://my-sso-portal.awsapps.com/start
+//	sso_region = us-east-1
+//	sso_registration_scopes = sso:account:access
+//
 // Using the config module, you can load the AWS SDK shared configuration, and
 // specify that this profile be used to retrieve credentials. For example:
 //
@@ -43,10 +46,17 @@
 // and provide the necessary information to load and retrieve temporary
 // credentials using an access token from ~/.aws/sso/cache.
 //
-//	client := sso.NewFromConfig(cfg)
+//	ssoClient := sso.NewFromConfig(cfg)
+//	ssoOidcClient := ssooidc.NewFromConfig(cfg)
+//	tokenPath, err := ssocreds.StandardCachedTokenFilepath("dev-session")
+//	if err != nil {
+//	    return err
+//	}
 //
 //	var provider aws.CredentialsProvider
-//	provider = ssocreds.New(client, "123456789012", "SSOReadOnlyRole", "us-east-1", "https://my-sso-portal.awsapps.com/start")
+//	provider = ssocreds.New(ssoClient, "123456789012", "SSOReadOnlyRole", "https://my-sso-portal.awsapps.com/start", func(options *ssocreds.Options) {
+//	  options.SSOTokenProvider = ssocreds.NewSSOTokenProvider(ssoOidcClient, tokenPath)
+//	})
 //
 //	// Wrap the provider with aws.CredentialsCache to cache the credentials until their expire time
 //	provider = aws.NewCredentialsCache(provider)
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md
index 482cbdbb5..90257d68b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v1.13.3 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.2 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.13.1 (2023-03-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go
index 8fc542cf8..0eda1a620 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go
@@ -3,4 +3,4 @@
 package imds
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.13.1"
+const goModuleVersion = "1.13.3"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/CHANGELOG.md
index 5239d69e7..1a97c5189 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/CHANGELOG.md
@@ -1,3 +1,31 @@
+# v1.11.67 (2023-05-09)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.66 (2023-05-08)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.65 (2023-05-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.64 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.63 (2023-04-19)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.62 (2023-04-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.61 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.11.60 (2023-03-31)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/go_module_metadata.go
index b8ef0d89a..6a2827016 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/go_module_metadata.go
@@ -3,4 +3,4 @@
 package manager
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.11.60"
+const goModuleVersion = "1.11.67"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
index e11379507..e454f4841 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v1.1.33 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.32 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.1.31 (2023-03-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
index 47e3ce35f..17cd02639 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
@@ -3,4 +3,4 @@
 package configsources
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.1.31"
+const goModuleVersion = "1.1.33"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
index 8bed21121..ec1fb792e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v2.4.27 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.26 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v2.4.25 (2023-03-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
index 0ebdc4a4c..6812eb227 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
@@ -3,4 +3,4 @@
 package endpoints
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "2.4.25"
+const goModuleVersion = "2.4.27"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md
index 546275dd5..568adf9db 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v1.3.34 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.33 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.3.32 (2023-03-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go
index bf3754abc..19a09abc2 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go
@@ -3,4 +3,4 @@
 package ini
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.3.32"
+const goModuleVersion = "1.3.34"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md
index ab404bb2d..b2ce10fbf 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v1.0.25 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.0.24 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.0.23 (2023-03-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go
index ff822ea03..5a7daf6fe 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go
@@ -3,4 +3,4 @@
 package v4a
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.0.23"
+const goModuleVersion = "1.0.25"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/CHANGELOG.md
index 5c2fb5ae2..98a18323f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v1.1.28 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.27 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.1.26 (2023-03-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/go_module_metadata.go
index 29c440e38..9b8f1e8a1 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/go_module_metadata.go
@@ -3,4 +3,4 @@
 package checksum
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.1.26"
+const goModuleVersion = "1.1.28"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
index fc8eb85af..9412e1724 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v1.9.27 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.26 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.9.25 (2023-03-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go
index 0aa7a7949..67628ea4b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go
@@ -3,4 +3,4 @@
 package presignedurl
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.9.25"
+const goModuleVersion = "1.9.27"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/CHANGELOG.md
index 02a44bf54..cd75796b9 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v1.14.2 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.14.1 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.14.0 (2023-03-21)
 
 * **Feature**: port v1 sdk 100-continue http header customization for s3 PutObject/UploadPart request and enable user config
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/go_module_metadata.go
index 90cc9b213..79be6d3e9 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/go_module_metadata.go
@@ -3,4 +3,4 @@
 package s3shared
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.14.0"
+const goModuleVersion = "1.14.2"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md
index 45cd145aa..f832cfa6d 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md
@@ -1,3 +1,24 @@
+# v1.33.1 (2023-05-04)
+
+* **Documentation**: Documentation updates for Amazon S3
+
+# v1.33.0 (2023-04-24)
+
+* **Feature**: added custom paginators for listMultipartUploads and ListObjectVersions
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.32.0 (2023-04-19)
+
+* **Feature**: Provides support for "Snow" Storage class.
+
+# v1.31.3 (2023-04-10)
+
+* No change notes available for this release.
+
+# v1.31.2 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.31.1 (2023-03-31)
 
 * **Documentation**: Documentation updates for Amazon S3
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_client.go
index e462917a7..8ed262016 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_client.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_client.go
@@ -32,8 +32,8 @@ import (
 const ServiceID = "S3"
 const ServiceAPIVersion = "2006-03-01"
 
-// Client provides the API client to make operations call for Amazon Simple Storage
-// Service.
+// Client provides the API client to make operations call for Amazon Simple
+// Storage Service.
 type Client struct {
 	options Options
 }
@@ -135,7 +135,7 @@ type Options struct {
 	Retryer aws.Retryer
 
 	// The RuntimeEnvironment configuration, only populated if the DefaultsMode is set
-	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig. You
+	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You
 	// should not populate this structure programmatically, or rely on the values here
 	// within your applications.
 	RuntimeEnvironment aws.RuntimeEnvironment
@@ -159,8 +159,8 @@ type Options struct {
 	UseDualstack bool
 
 	// Allows you to enable the client to use path-style addressing, i.e.,
-	// https://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will use virtual
-	// hosted bucket addressing when possible(https://BUCKET.s3.amazonaws.com/KEY).
+	// https://s3.amazonaws.com/BUCKET/KEY . By default, the S3 client will use virtual
+	// hosted bucket addressing when possible( https://BUCKET.s3.amazonaws.com/KEY ).
 	UsePathStyle bool
 
 	// Signature Version 4a (SigV4a) Signer
@@ -539,8 +539,8 @@ func add100Continue(stack *middleware.Stack, options Options) error {
 	return s3shared.Add100Continue(stack, options.ContinueHeaderThresholdBytes)
 }
 
-// ComputedInputChecksumsMetadata provides information about the algorithms used to
-// compute the checksum(s) of the input payload.
+// ComputedInputChecksumsMetadata provides information about the algorithms used
+// to compute the checksum(s) of the input payload.
 type ComputedInputChecksumsMetadata struct {
 	// ComputedChecksums is a map of algorithm name to checksum value of the computed
 	// input payload's checksums.
@@ -560,8 +560,8 @@ func GetComputedInputChecksumsMetadata(m middleware.Metadata) (ComputedInputChec
 
 }
 
-// ChecksumValidationMetadata contains metadata such as the checksum algorithm used
-// for data integrity validation.
+// ChecksumValidationMetadata contains metadata such as the checksum algorithm
+// used for data integrity validation.
 type ChecksumValidationMetadata struct {
 	// AlgorithmsUsed is the set of the checksum algorithms used to validate the
 	// response payload. The response payload must be completely read in order for the
@@ -570,10 +570,10 @@ type ChecksumValidationMetadata struct {
 	AlgorithmsUsed []string
 }
 
-// GetChecksumValidationMetadata returns the set of algorithms that will be used to
-// validate the response payload with. The response payload must be completely read
-// in order for the checksum validation to be performed. An error is returned by
-// the operation output's response io.ReadCloser if the computed checksums are
+// GetChecksumValidationMetadata returns the set of algorithms that will be used
+// to validate the response payload with. The response payload must be completely
+// read in order for the checksum validation to be performed. An error is returned
+// by the operation output's response io.ReadCloser if the computed checksums are
 // invalid. Returns false if no checksum algorithm used metadata was found.
 func GetChecksumValidationMetadata(m middleware.Metadata) (ChecksumValidationMetadata, bool) {
 	values, ok := internalChecksum.GetOutputValidationAlgorithmsUsed(m)
@@ -600,8 +600,8 @@ func disableAcceptEncodingGzip(stack *middleware.Stack) error {
 	return acceptencodingcust.AddAcceptEncodingGzip(stack, acceptencodingcust.AddAcceptEncodingGzipOptions{})
 }
 
-// ResponseError provides the HTTP centric error type wrapping the underlying error
-// with the HTTP response value and the deserialized RequestID.
+// ResponseError provides the HTTP centric error type wrapping the underlying
+// error with the HTTP response value and the deserialized RequestID.
 type ResponseError interface {
 	error
 
@@ -611,8 +611,8 @@ type ResponseError interface {
 
 var _ ResponseError = (*s3shared.ResponseError)(nil)
 
-// GetHostIDMetadata retrieves the host id from middleware metadata returns host id
-// as string along with a boolean indicating presence of hostId on middleware
+// GetHostIDMetadata retrieves the host id from middleware metadata returns host
+// id as string along with a boolean indicating presence of hostId on middleware
 // metadata.
 func GetHostIDMetadata(metadata middleware.Metadata) (string, bool) {
 	return s3shared.GetHostIDMetadata(metadata)
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_AbortMultipartUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_AbortMultipartUpload.go
index 5825cdbb8..72607462e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_AbortMultipartUpload.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_AbortMultipartUpload.go
@@ -19,32 +19,16 @@ import (
 // result, it might be necessary to abort a given multipart upload multiple times
 // in order to completely free all storage consumed by all parts. To verify that
 // all parts have been removed, so you don't get charged for the part storage, you
-// should call the ListParts
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) action and
-// ensure that the parts list is empty. For information about permissions required
-// to use the multipart upload, see Multipart Upload and Permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). The
-// following operations are related to AbortMultipartUpload:
-//
-// *
-// CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-// *
-// UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-// *
-// CompleteMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-// *
-// ListParts
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-// *
-// ListMultipartUploads
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
+// should call the ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+// action and ensure that the parts list is empty. For information about
+// permissions required to use the multipart upload, see Multipart Upload and
+// Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
+// . The following operations are related to AbortMultipartUpload :
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
 func (c *Client) AbortMultipartUpload(ctx context.Context, params *AbortMultipartUploadInput, optFns ...func(*Options)) (*AbortMultipartUploadOutput, error) {
 	if params == nil {
 		params = &AbortMultipartUploadInput{}
@@ -68,17 +52,15 @@ type AbortMultipartUploadInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -101,8 +83,7 @@ type AbortMultipartUploadInput struct {
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -178,6 +159,9 @@ func (c *Client) addOperationAbortMultipartUploadMiddlewares(stack *middleware.S
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addAbortMultipartUploadUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CompleteMultipartUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CompleteMultipartUpload.go
index 8ff319098..7ae2e1041 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CompleteMultipartUpload.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CompleteMultipartUpload.go
@@ -13,10 +13,9 @@ import (
 )
 
 // Completes a multipart upload by assembling previously uploaded parts. You first
-// initiate the multipart upload and then upload all parts using the UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) operation.
-// After successfully uploading all relevant parts of an upload, you call this
-// action to complete the upload. Upon receiving this request, Amazon S3
+// initiate the multipart upload and then upload all parts using the UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+// operation. After successfully uploading all relevant parts of an upload, you
+// call this action to complete the upload. Upon receiving this request, Amazon S3
 // concatenates all the parts in ascending order by part number to create a new
 // object. In the Complete Multipart Upload request, you must provide the parts
 // list. You must ensure that the parts list is complete. This action concatenates
@@ -36,74 +35,38 @@ import (
 // persists, the SDKs throws an exception (or, for the SDKs that don't use
 // exceptions, they return the error). Note that if CompleteMultipartUpload fails,
 // applications should be prepared to retry the failed requests. For more
-// information, see Amazon S3 Error Best Practices
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html). You
-// cannot use Content-Type: application/x-www-form-urlencoded with Complete
+// information, see Amazon S3 Error Best Practices (https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html)
+// . You cannot use Content-Type: application/x-www-form-urlencoded with Complete
 // Multipart Upload requests. Also, if you do not provide a Content-Type header,
 // CompleteMultipartUpload returns a 200 OK response. For more information about
-// multipart uploads, see Uploading Objects Using Multipart Upload
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). For
-// information about permissions required to use the multipart upload API, see
-// Multipart Upload and Permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html).
-// CompleteMultipartUpload has the following special errors:
+// multipart uploads, see Uploading Objects Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html)
+// . For information about permissions required to use the multipart upload API,
+// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
+// . CompleteMultipartUpload has the following special errors:
+//   - Error code: EntityTooSmall
+//   - Description: Your proposed upload is smaller than the minimum allowed
+//     object size. Each part must be at least 5 MB in size, except the last part.
+//   - 400 Bad Request
+//   - Error code: InvalidPart
+//   - Description: One or more of the specified parts could not be found. The
+//     part might not have been uploaded, or the specified entity tag might not have
+//     matched the part's entity tag.
+//   - 400 Bad Request
+//   - Error code: InvalidPartOrder
+//   - Description: The list of parts was not in ascending order. The parts list
+//     must be specified in order by part number.
+//   - 400 Bad Request
+//   - Error code: NoSuchUpload
+//   - Description: The specified multipart upload does not exist. The upload ID
+//     might be invalid, or the multipart upload might have been aborted or completed.
+//   - 404 Not Found
 //
-// * Error code:
-// EntityTooSmall
-//
-// * Description: Your proposed upload is smaller than the minimum
-// allowed object size. Each part must be at least 5 MB in size, except the last
-// part.
-//
-// * 400 Bad Request
-//
-// * Error code: InvalidPart
-//
-// * Description: One or more
-// of the specified parts could not be found. The part might not have been
-// uploaded, or the specified entity tag might not have matched the part's entity
-// tag.
-//
-// * 400 Bad Request
-//
-// * Error code: InvalidPartOrder
-//
-// * Description: The list
-// of parts was not in ascending order. The parts list must be specified in order
-// by part number.
-//
-// * 400 Bad Request
-//
-// * Error code: NoSuchUpload
-//
-// * Description:
-// The specified multipart upload does not exist. The upload ID might be invalid,
-// or the multipart upload might have been aborted or completed.
-//
-// * 404 Not
-// Found
-//
-// The following operations are related to CompleteMultipartUpload:
-//
-// *
-// CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-// *
-// UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-// *
-// AbortMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
-//
-// *
-// ListParts
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-// *
-// ListMultipartUploads
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
+// The following operations are related to CompleteMultipartUpload :
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
 func (c *Client) CompleteMultipartUpload(ctx context.Context, params *CompleteMultipartUploadInput, optFns ...func(*Options)) (*CompleteMultipartUploadOutput, error) {
 	if params == nil {
 		params = &CompleteMultipartUploadInput{}
@@ -127,17 +90,15 @@ type CompleteMultipartUploadInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -155,32 +116,28 @@ type CompleteMultipartUploadInput struct {
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 32-bit CRC32 checksum of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 32-bit CRC32C checksum of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 160-bit SHA-1 digest of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 256-bit SHA-256 digest of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -195,29 +152,25 @@ type CompleteMultipartUploadInput struct {
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
 	// The server-side encryption (SSE) algorithm used to encrypt the object. This
 	// parameter is needed only when the object was created using a checksum algorithm.
-	// For more information, see Protecting data using SSE-C keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 	// in the Amazon S3 User Guide.
 	SSECustomerAlgorithm *string
 
 	// The server-side encryption (SSE) customer managed key. This parameter is needed
 	// only when the object was created using a checksum algorithm. For more
-	// information, see Protecting data using SSE-C keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 	// in the Amazon S3 User Guide.
 	SSECustomerKey *string
 
 	// The MD5 server-side encryption (SSE) customer managed key. This parameter is
 	// needed only when the object was created using a checksum algorithm. For more
-	// information, see Protecting data using SSE-C keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 	// in the Amazon S3 User Guide.
 	SSECustomerKeyMD5 *string
 
@@ -233,17 +186,15 @@ type CompleteMultipartUploadOutput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	Bucket *string
 
 	// Indicates whether the multipart upload uses an S3 Bucket Key for server-side
@@ -253,32 +204,28 @@ type CompleteMultipartUploadOutput struct {
 	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -288,13 +235,12 @@ type CompleteMultipartUploadOutput struct {
 	// data. If the entity tag is not an MD5 digest of the object data, it will contain
 	// one or more nonhexadecimal characters and/or will consist of less than 32 or
 	// more than 32 hexadecimal digits. For more information about how the entity tag
-	// is calculated, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// is calculated, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ETag *string
 
-	// If the object expiration is configured, this will contain the expiration date
-	// (expiry-date) and rule ID (rule-id). The value of rule-id is URL-encoded.
+	// If the object expiration is configured, this will contain the expiration date (
+	// expiry-date ) and rule ID ( rule-id ). The value of rule-id is URL-encoded.
 	Expiration *string
 
 	// The object key of the newly created object.
@@ -313,11 +259,11 @@ type CompleteMultipartUploadOutput struct {
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256, aws:kms ).
 	ServerSideEncryption types.ServerSideEncryption
 
-	// Version ID of the newly created object, in case the bucket has versioning turned
-	// on.
+	// Version ID of the newly created object, in case the bucket has versioning
+	// turned on.
 	VersionId *string
 
 	// Metadata pertaining to the operation's result.
@@ -383,6 +329,9 @@ func (c *Client) addOperationCompleteMultipartUploadMiddlewares(stack *middlewar
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addCompleteMultipartUploadUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go
index dc10efb79..4d01a465e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go
@@ -18,88 +18,68 @@ import (
 // up to 5 GB in size in a single atomic action using this API. However, to copy an
 // object greater than 5 GB, you must use the multipart upload Upload Part - Copy
 // (UploadPartCopy) API. For more information, see Copy Object Using the REST
-// Multipart Upload API
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjctsUsingRESTMPUapi.html).
-// All copy requests must be authenticated. Additionally, you must have read access
-// to the source object and write access to the destination bucket. For more
-// information, see REST Authentication
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). Both
-// the Region that you want to copy the object from and the Region that you want to
-// copy the object to must be enabled for your account. A copy request might return
-// an error when Amazon S3 receives the copy request or while Amazon S3 is copying
-// the files. If the error occurs before the copy action starts, you receive a
-// standard Amazon S3 error. If the error occurs during the copy operation, the
-// error response is embedded in the 200 OK response. This means that a 200 OK
-// response can contain either a success or an error. If you call the S3 API
-// directly, make sure to design your application to parse the contents of the
-// response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs
-// handle this condition. The SDKs detect the embedded error and apply error
-// handling per your configuration settings (including automatically retrying the
-// request as appropriate). If the condition persists, the SDKs throws an exception
-// (or, for the SDKs that don't use exceptions, they return the error). If the copy
-// is successful, you receive a response with information about the copied object.
-// If the request is an HTTP 1.1 request, the response is chunk encoded. If it were
-// not, it would not contain the content-length, and you would need to read the
-// entire body. The copy request charge is based on the storage class and Region
-// that you specify for the destination object. For pricing information, see Amazon
-// S3 pricing (http://aws.amazon.com/s3/pricing/). Amazon S3 transfer acceleration
-// does not support cross-Region copies. If you request a cross-Region copy using a
-// transfer acceleration endpoint, you get a 400 Bad Request error. For more
-// information, see Transfer Acceleration
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html).
-// Metadata When copying an object, you can preserve all metadata (default) or
+// Multipart Upload API (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjctsUsingRESTMPUapi.html)
+// . All copy requests must be authenticated. Additionally, you must have read
+// access to the source object and write access to the destination bucket. For more
+// information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html)
+// . Both the Region that you want to copy the object from and the Region that you
+// want to copy the object to must be enabled for your account. A copy request
+// might return an error when Amazon S3 receives the copy request or while Amazon
+// S3 is copying the files. If the error occurs before the copy action starts, you
+// receive a standard Amazon S3 error. If the error occurs during the copy
+// operation, the error response is embedded in the 200 OK response. This means
+// that a 200 OK response can contain either a success or an error. If you call
+// the S3 API directly, make sure to design your application to parse the contents
+// of the response and handle it appropriately. If you use Amazon Web Services
+// SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply
+// error handling per your configuration settings (including automatically retrying
+// the request as appropriate). If the condition persists, the SDKs throws an
+// exception (or, for the SDKs that don't use exceptions, they return the error).
+// If the copy is successful, you receive a response with information about the
+// copied object. If the request is an HTTP 1.1 request, the response is chunk
+// encoded. If it were not, it would not contain the content-length, and you would
+// need to read the entire body. The copy request charge is based on the storage
+// class and Region that you specify for the destination object. For pricing
+// information, see Amazon S3 pricing (http://aws.amazon.com/s3/pricing/) . Amazon
+// S3 transfer acceleration does not support cross-Region copies. If you request a
+// cross-Region copy using a transfer acceleration endpoint, you get a 400 Bad
+// Request error. For more information, see Transfer Acceleration (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html)
+// . Metadata When copying an object, you can preserve all metadata (default) or
 // specify new metadata. However, the ACL is not preserved and is set to private
 // for the user making the request. To override the default ACL setting, specify a
-// new ACL when generating a copy request. For more information, see Using ACLs
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). To
-// specify whether you want the object metadata copied from the source object or
-// replaced with metadata provided in the request, you can optionally add the
+// new ACL when generating a copy request. For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html)
+// . To specify whether you want the object metadata copied from the source object
+// or replaced with metadata provided in the request, you can optionally add the
 // x-amz-metadata-directive header. When you grant permissions, you can use the
 // s3:x-amz-metadata-directive condition key to enforce certain metadata behavior
 // when objects are uploaded. For more information, see Specifying Conditions in a
-// Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html) in
-// the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition
-// keys, see Actions, Resources, and Condition Keys for Amazon S3
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html).
-// x-amz-website-redirect-location is unique to each object and must be specified
-// in the request headers to copy the value. x-amz-copy-source-if Headers To only
-// copy an object under certain conditions, such as whether the Etag matches or
-// whether the object was modified before or after a specified date, use the
-// following request parameters:
+// Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html)
+// in the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition
+// keys, see Actions, Resources, and Condition Keys for Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html)
+// . x-amz-website-redirect-location is unique to each object and must be
+// specified in the request headers to copy the value. x-amz-copy-source-if Headers
+// To only copy an object under certain conditions, such as whether the Etag
+// matches or whether the object was modified before or after a specified date, use
+// the following request parameters:
+//   - x-amz-copy-source-if-match
+//   - x-amz-copy-source-if-none-match
+//   - x-amz-copy-source-if-unmodified-since
+//   - x-amz-copy-source-if-modified-since
 //
-// * x-amz-copy-source-if-match
+// If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since
+// headers are present in the request and evaluate as follows, Amazon S3 returns
+// 200 OK and copies the data:
+//   - x-amz-copy-source-if-match condition evaluates to true
+//   - x-amz-copy-source-if-unmodified-since condition evaluates to false
 //
-// *
-// x-amz-copy-source-if-none-match
+// If both the x-amz-copy-source-if-none-match and
+// x-amz-copy-source-if-modified-since headers are present in the request and
+// evaluate as follows, Amazon S3 returns the 412 Precondition Failed response
+// code:
+//   - x-amz-copy-source-if-none-match condition evaluates to false
+//   - x-amz-copy-source-if-modified-since condition evaluates to true
 //
-// * x-amz-copy-source-if-unmodified-since
-//
-// *
-// x-amz-copy-source-if-modified-since
-//
-// If both the x-amz-copy-source-if-match and
-// x-amz-copy-source-if-unmodified-since headers are present in the request and
-// evaluate as follows, Amazon S3 returns 200 OK and copies the data:
-//
-// *
-// x-amz-copy-source-if-match condition evaluates to true
-//
-// *
-// x-amz-copy-source-if-unmodified-since condition evaluates to false
-//
-// If both the
-// x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since headers
-// are present in the request and evaluate as follows, Amazon S3 returns the 412
-// Precondition Failed response code:
-//
-// * x-amz-copy-source-if-none-match condition
-// evaluates to false
-//
-// * x-amz-copy-source-if-modified-since condition evaluates to
-// true
-//
-// All headers with the x-amz- prefix, including x-amz-copy-source, must be
+// All headers with the x-amz- prefix, including x-amz-copy-source , must be
 // signed. Server-side encryption Amazon S3 automatically encrypts all new objects
 // that are copied to an S3 bucket. When copying an object, if you don't specify
 // encryption information in your copy request, the encryption setting of the
@@ -121,29 +101,24 @@ import (
 // object for the copy is stored in Amazon S3 using SSE-C, you must provide the
 // necessary encryption information in your request so that Amazon S3 can decrypt
 // the object for copying. For more information about server-side encryption, see
-// Using Server-Side Encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html). If
-// a target object uses SSE-KMS, you can enable an S3 Bucket Key for the object.
-// For more information, see Amazon S3 Bucket Keys
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the Amazon
-// S3 User Guide. Access Control List (ACL)-Specific Request Headers When copying
-// an object, you can optionally use headers to grant ACL-based permissions. By
-// default, all objects are private. Only the owner has full access control. When
-// adding a new object, you can grant permissions to individual Amazon Web Services
-// accounts or to predefined groups defined by Amazon S3. These permissions are
-// then added to the ACL on the object. For more information, see Access Control
-// List (ACL) Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) and Managing
-// ACLs Using the REST API
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html). If
-// the bucket that you're copying objects to uses the bucket owner enforced setting
-// for S3 Object Ownership, ACLs are disabled and no longer affect permissions.
-// Buckets that use this setting only accept PUT requests that don't specify an ACL
-// or PUT requests that specify bucket owner full control ACLs, such as the
-// bucket-owner-full-control canned ACL or an equivalent form of this ACL expressed
-// in the XML format. For more information, see  Controlling ownership of objects
-// and disabling ACLs
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)
+// . If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the
+// object. For more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html)
+// in the Amazon S3 User Guide. Access Control List (ACL)-Specific Request Headers
+// When copying an object, you can optionally use headers to grant ACL-based
+// permissions. By default, all objects are private. Only the owner has full access
+// control. When adding a new object, you can grant permissions to individual
+// Amazon Web Services accounts or to predefined groups defined by Amazon S3. These
+// permissions are then added to the ACL on the object. For more information, see
+// Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html)
+// . If the bucket that you're copying objects to uses the bucket owner enforced
+// setting for S3 Object Ownership, ACLs are disabled and no longer affect
+// permissions. Buckets that use this setting only accept PUT requests that don't
+// specify an ACL or PUT requests that specify bucket owner full control ACLs, such
+// as the bucket-owner-full-control canned ACL or an equivalent form of this ACL
+// expressed in the XML format. For more information, see Controlling ownership of
+// objects and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
 // in the Amazon S3 User Guide. If your bucket uses the bucket owner enforced
 // setting for Object Ownership, all objects written to the bucket by any account
 // will be owned by the bucket owner. Checksums When copying an object, if it has a
@@ -152,33 +127,23 @@ import (
 // to use with the x-amz-checksum-algorithm header. Storage Class Options You can
 // use the CopyObject action to change the storage class of an object that is
 // already stored in Amazon S3 using the StorageClass parameter. For more
-// information, see Storage Classes
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) in
-// the Amazon S3 User Guide. Versioning By default, x-amz-copy-source identifies
-// the current version of an object to copy. If the current version is a delete
-// marker, Amazon S3 behaves as if the object was deleted. To copy a different
-// version, use the versionId subresource. If you enable versioning on the target
-// bucket, Amazon S3 generates a unique version ID for the object being copied.
-// This version ID is different from the version ID of the source object. Amazon S3
-// returns the version ID of the copied object in the x-amz-version-id response
-// header in the response. If you do not enable versioning or suspend it on the
-// target bucket, the version ID that Amazon S3 generates is always null. If the
-// source object's storage class is GLACIER, you must restore a copy of this object
-// before you can use it as a source object for the copy operation. For more
-// information, see RestoreObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). The
-// following operations are related to CopyObject:
-//
-// * PutObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-// *
-// GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// For more
-// information, see Copying Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html).
+// information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+// in the Amazon S3 User Guide. If the source object's storage class is GLACIER,
+// you must restore a copy of this object before you can use it as a source object
+// for the copy operation. For more information, see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html)
+// . For more information, see Copying Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html)
+// . Versioning By default, x-amz-copy-source identifies the current version of an
+// object to copy. If the current version is a delete marker, Amazon S3 behaves as
+// if the object was deleted. To copy a different version, use the versionId
+// subresource. If you enable versioning on the target bucket, Amazon S3 generates
+// a unique version ID for the object being copied. This version ID is different
+// from the version ID of the source object. Amazon S3 returns the version ID of
+// the copied object in the x-amz-version-id response header in the response. If
+// you do not enable versioning or suspend it on the target bucket, the version ID
+// that Amazon S3 generates is always null. The following operations are related to
+// CopyObject :
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
 func (c *Client) CopyObject(ctx context.Context, params *CopyObjectInput, optFns ...func(*Options)) (*CopyObjectOutput, error) {
 	if params == nil {
 		params = &CopyObjectInput{}
@@ -196,58 +161,53 @@ func (c *Client) CopyObject(ctx context.Context, params *CopyObjectInput, optFns
 
 type CopyObjectInput struct {
 
-	// The name of the destination bucket. When using this action with an access point,
-	// you must direct requests to the access point hostname. The access point hostname
-	// takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
-	// When using this action with an access point through the Amazon Web Services
-	// SDKs, you provide the access point ARN in place of the bucket name. For more
-	// information about access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// The name of the destination bucket. When using this action with an access
+	// point, you must direct requests to the access point hostname. The access point
+	// hostname takes the form
+	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
+	// action with an access point through the Amazon Web Services SDKs, you provide
+	// the access point ARN in place of the bucket name. For more information about
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
 
-	// Specifies the source object for the copy operation. You specify the value in one
-	// of two formats, depending on whether you want to access the source object
-	// through an access point
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html):
-	//
-	// *
-	// For objects not accessed through an access point, specify the name of the source
-	// bucket and the key of the source object, separated by a slash (/). For example,
-	// to copy the object reports/january.pdf from the bucket awsexamplebucket, use
-	// awsexamplebucket/reports/january.pdf. The value must be URL-encoded.
-	//
-	// * For
-	// objects accessed through access points, specify the Amazon Resource Name (ARN)
-	// of the object as accessed through the access point, in the format
-	// arn:aws:s3:::accesspoint//object/. For example, to copy the object
-	// reports/january.pdf through access point my-access-point owned by account
-	// 123456789012 in Region us-west-2, use the URL encoding of
-	// arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf.
-	// The value must be URL encoded. Amazon S3 supports copy operations using access
-	// points only when the source and destination buckets are in the same Amazon Web
-	// Services Region. Alternatively, for objects accessed through Amazon S3 on
-	// Outposts, specify the ARN of the object as accessed in the format
-	// arn:aws:s3-outposts:::outpost//object/. For example, to copy the object
-	// reports/january.pdf through outpost my-outpost owned by account 123456789012 in
-	// Region us-west-2, use the URL encoding of
-	// arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf.
-	// The value must be URL-encoded.
-	//
-	// To copy a specific version of an object, append
-	// ?versionId= to the value (for example,
-	// awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893).
-	// If you don't specify a version ID, Amazon S3 copies the latest version of the
+	// Specifies the source object for the copy operation. You specify the value in
+	// one of two formats, depending on whether you want to access the source object
+	// through an access point (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html)
+	// :
+	//   - For objects not accessed through an access point, specify the name of the
+	//   source bucket and the key of the source object, separated by a slash (/). For
+	//   example, to copy the object reports/january.pdf from the bucket
+	//   awsexamplebucket , use awsexamplebucket/reports/january.pdf . The value must
+	//   be URL-encoded.
+	//   - For objects accessed through access points, specify the Amazon Resource
+	//   Name (ARN) of the object as accessed through the access point, in the format
+	//   arn:aws:s3:::accesspoint//object/ . For example, to copy the object
+	//   reports/january.pdf through access point my-access-point owned by account
+	//   123456789012 in Region us-west-2 , use the URL encoding of
+	//   arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf
+	//   . The value must be URL encoded. Amazon S3 supports copy operations using access
+	//   points only when the source and destination buckets are in the same Amazon Web
+	//   Services Region. Alternatively, for objects accessed through Amazon S3 on
+	//   Outposts, specify the ARN of the object as accessed in the format
+	//   arn:aws:s3-outposts:::outpost//object/ . For example, to copy the object
+	//   reports/january.pdf through outpost my-outpost owned by account 123456789012
+	//   in Region us-west-2 , use the URL encoding of
+	//   arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf
+	//   . The value must be URL-encoded.
+	// To copy a specific version of an object, append ?versionId= to the value (for
+	// example,
+	// awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893
+	// ). If you don't specify a version ID, Amazon S3 copies the latest version of the
 	// source object.
 	//
 	// This member is required.
@@ -258,8 +218,8 @@ type CopyObjectInput struct {
 	// This member is required.
 	Key *string
 
-	// The canned ACL to apply to the object. This action is not supported by Amazon S3
-	// on Outposts.
+	// The canned ACL to apply to the object. This action is not supported by Amazon
+	// S3 on Outposts.
 	ACL types.ObjectCannedACL
 
 	// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption
@@ -272,9 +232,8 @@ type CopyObjectInput struct {
 	// Specifies caching behavior along the request/reply chain.
 	CacheControl *string
 
-	// Indicates the algorithm you want Amazon S3 to use to create the checksum for the
-	// object. For more information, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Indicates the algorithm you want Amazon S3 to use to create the checksum for
+	// the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
@@ -339,8 +298,8 @@ type CopyObjectInput struct {
 	// supported by Amazon S3 on Outposts.
 	GrantRead *string
 
-	// Allows grantee to read the object ACL. This action is not supported by Amazon S3
-	// on Outposts.
+	// Allows grantee to read the object ACL. This action is not supported by Amazon
+	// S3 on Outposts.
 	GrantReadACP *string
 
 	// Allows grantee to write the ACL for the applicable object. This action is not
@@ -350,8 +309,8 @@ type CopyObjectInput struct {
 	// A map of metadata to store with the object in S3.
 	Metadata map[string]string
 
-	// Specifies whether the metadata is copied from the source object or replaced with
-	// metadata provided in the request.
+	// Specifies whether the metadata is copied from the source object or replaced
+	// with metadata provided in the request.
 	MetadataDirective types.MetadataDirective
 
 	// Specifies whether you want to apply a legal hold to the copied object.
@@ -366,8 +325,7 @@ type CopyObjectInput struct {
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -396,26 +354,24 @@ type CopyObjectInput struct {
 	// GET and PUT requests for an object protected by Amazon Web Services KMS will
 	// fail if not made via SSL or using SigV4. For information about configuring using
 	// any of the officially supported Amazon Web Services SDKs and Amazon Web Services
-	// CLI, see Specifying the Signature Version in Request Authentication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version)
+	// CLI, see Specifying the Signature Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version)
 	// in the Amazon S3 User Guide.
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256, aws:kms ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// By default, Amazon S3 uses the STANDARD Storage Class to store newly created
 	// objects. The STANDARD storage class provides high durability and high
 	// availability. Depending on performance needs, you can specify a different
 	// Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For
-	// more information, see Storage Classes
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) in
-	// the Amazon S3 User Guide.
+	// more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+	// in the Amazon S3 User Guide.
 	StorageClass types.StorageClass
 
 	// The tag-set for the object destination object this value must be used in
-	// conjunction with the TaggingDirective. The tag-set must be encoded as URL Query
+	// conjunction with the TaggingDirective . The tag-set must be encoded as URL Query
 	// parameters.
 	Tagging *string
 
@@ -452,13 +408,14 @@ type CopyObjectOutput struct {
 	// request.
 	RequestCharged types.RequestCharged
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm used.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header confirming the encryption
+	// algorithm used.
 	SSECustomerAlgorithm *string
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header to provide round-trip message
+	// integrity verification of the customer-provided encryption key.
 	SSECustomerKeyMD5 *string
 
 	// If present, specifies the Amazon Web Services KMS Encryption Context to use for
@@ -472,7 +429,7 @@ type CopyObjectOutput struct {
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256, aws:kms ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// Version ID of the newly created copy.
@@ -541,6 +498,9 @@ func (c *Client) addOperationCopyObjectMiddlewares(stack *middleware.Stack, opti
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addCopyObjectUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -571,8 +531,9 @@ func newServiceMetadataMiddleware_opCopyObject(region string) *awsmiddleware.Reg
 	}
 }
 
-// getCopyObjectBucketMember returns a pointer to string denoting a provided bucket
-// member valueand a boolean indicating if the input has a modeled bucket name,
+// getCopyObjectBucketMember returns a pointer to string denoting a provided
+// bucket member valueand a boolean indicating if the input has a modeled bucket
+// name,
 func getCopyObjectBucketMember(input interface{}) (*string, bool) {
 	in := input.(*CopyObjectInput)
 	if in.Bucket == nil {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go
index 27322a2c6..2675b0df3 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go
@@ -16,121 +16,81 @@ import (
 // and have a valid Amazon Web Services Access Key ID to authenticate requests.
 // Anonymous requests are never allowed to create buckets. By creating the bucket,
 // you become the bucket owner. Not every string is an acceptable bucket name. For
-// information about bucket naming restrictions, see Bucket naming rules
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html).
-// If you want to create an Amazon S3 on Outposts bucket, see Create Bucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html).
-// By default, the bucket is created in the US East (N. Virginia) Region. You can
+// information about bucket naming restrictions, see Bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html)
+// . If you want to create an Amazon S3 on Outposts bucket, see Create Bucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html)
+// . By default, the bucket is created in the US East (N. Virginia) Region. You can
 // optionally specify a Region in the request body. You might choose a Region to
 // optimize latency, minimize costs, or address regulatory requirements. For
 // example, if you reside in Europe, you will probably find it advantageous to
 // create buckets in the Europe (Ireland) Region. For more information, see
-// Accessing a bucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro).
-// If you send your create bucket request to the s3.amazonaws.com endpoint, the
+// Accessing a bucket (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro)
+// . If you send your create bucket request to the s3.amazonaws.com endpoint, the
 // request goes to the us-east-1 Region. Accordingly, the signature calculations in
 // Signature Version 4 must use us-east-1 as the Region, even if the location
 // constraint in the request specifies another Region where the bucket is to be
 // created. If you create a bucket in a Region other than US East (N. Virginia),
 // your application must be able to handle 307 redirect. For more information, see
-// Virtual hosting of buckets
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html). Access
-// control lists (ACLs) When creating a bucket using this operation, you can
-// optionally configure the bucket ACL to specify the accounts or groups that
+// Virtual hosting of buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html)
+// . Access control lists (ACLs) When creating a bucket using this operation, you
+// can optionally configure the bucket ACL to specify the accounts or groups that
 // should be granted specific permissions on the bucket. If your CreateBucket
 // request sets bucket owner enforced for S3 Object Ownership and specifies a
 // bucket ACL that provides access to an external Amazon Web Services account, your
 // request fails with a 400 error and returns the
 // InvalidBucketAclWithObjectOwnership error code. For more information, see
-// Controlling object ownership
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// Controlling object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
 // in the Amazon S3 User Guide. There are two ways to grant the appropriate
 // permissions using the request headers.
+//   - Specify a canned ACL using the x-amz-acl request header. Amazon S3 supports
+//     a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined
+//     set of grantees and permissions. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL)
+//     .
+//   - Specify access permissions explicitly using the x-amz-grant-read ,
+//     x-amz-grant-write , x-amz-grant-read-acp , x-amz-grant-write-acp , and
+//     x-amz-grant-full-control headers. These headers map to the set of permissions
+//     Amazon S3 supports in an ACL. For more information, see Access control list
+//     (ACL) overview (https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html)
+//     . You specify each grantee as a type=value pair, where the type is one of the
+//     following:
+//   - id – if the value specified is the canonical user ID of an Amazon Web
+//     Services account
+//   - uri – if you are granting permissions to a predefined group
+//   - emailAddress – if the value specified is the email address of an Amazon Web
+//     Services account Using email addresses to specify a grantee is only supported in
+//     the following Amazon Web Services Regions:
+//   - US East (N. Virginia)
+//   - US West (N. California)
+//   - US West (Oregon)
+//   - Asia Pacific (Singapore)
+//   - Asia Pacific (Sydney)
+//   - Asia Pacific (Tokyo)
+//   - Europe (Ireland)
+//   - South America (São Paulo) For a list of all the Amazon S3 supported Regions
+//     and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+//     in the Amazon Web Services General Reference. For example, the following
+//     x-amz-grant-read header grants the Amazon Web Services accounts identified by
+//     account IDs permissions to read object data and its metadata:
+//     x-amz-grant-read: id="11112222333", id="444455556666"
 //
-// * Specify a canned ACL using the
-// x-amz-acl request header. Amazon S3 supports a set of predefined ACLs, known as
-// canned ACLs. Each canned ACL has a predefined set of grantees and permissions.
-// For more information, see Canned ACL
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
+// You can use either a canned ACL or specify access permissions explicitly. You
+// cannot do both. Permissions In addition to s3:CreateBucket , the following
+// permissions are required when your CreateBucket includes specific headers:
+//   - ACLs - If your CreateBucket request specifies ACL permissions and the ACL is
+//     public-read, public-read-write, authenticated-read, or if you specify access
+//     permissions explicitly through any other ACL, both s3:CreateBucket and
+//     s3:PutBucketAcl permissions are needed. If the ACL the CreateBucket request is
+//     private or doesn't specify any ACLs, only s3:CreateBucket permission is
+//     needed.
+//   - Object Lock - If ObjectLockEnabledForBucket is set to true in your
+//     CreateBucket request, s3:PutBucketObjectLockConfiguration and
+//     s3:PutBucketVersioning permissions are required.
+//   - S3 Object Ownership - If your CreateBucket request includes the
+//     x-amz-object-ownership header, s3:PutBucketOwnershipControls permission is
+//     required.
 //
-// *
-// Specify access permissions explicitly using the x-amz-grant-read,
-// x-amz-grant-write, x-amz-grant-read-acp, x-amz-grant-write-acp, and
-// x-amz-grant-full-control headers. These headers map to the set of permissions
-// Amazon S3 supports in an ACL. For more information, see Access control list
-// (ACL) overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html). You
-// specify each grantee as a type=value pair, where the type is one of the
-// following:
-//
-// * id – if the value specified is the canonical user ID of an Amazon
-// Web Services account
-//
-// * uri – if you are granting permissions to a predefined
-// group
-//
-// * emailAddress – if the value specified is the email address of an Amazon
-// Web Services account Using email addresses to specify a grantee is only
-// supported in the following Amazon Web Services Regions:
-//
-// * US East (N.
-// Virginia)
-//
-// * US West (N. California)
-//
-// * US West (Oregon)
-//
-// * Asia Pacific
-// (Singapore)
-//
-// * Asia Pacific (Sydney)
-//
-// * Asia Pacific (Tokyo)
-//
-// * Europe
-// (Ireland)
-//
-// * South America (São Paulo)
-//
-// For a list of all the Amazon S3
-// supported Regions and endpoints, see Regions and Endpoints
-// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the
-// Amazon Web Services General Reference.
-//
-// For example, the following
-// x-amz-grant-read header grants the Amazon Web Services accounts identified by
-// account IDs permissions to read object data and its metadata: x-amz-grant-read:
-// id="11112222333", id="444455556666"
-//
-// You can use either a canned ACL or specify
-// access permissions explicitly. You cannot do both. Permissions In addition to
-// s3:CreateBucket, the following permissions are required when your CreateBucket
-// includes specific headers:
-//
-// * ACLs - If your CreateBucket request specifies ACL
-// permissions and the ACL is public-read, public-read-write, authenticated-read,
-// or if you specify access permissions explicitly through any other ACL, both
-// s3:CreateBucket and s3:PutBucketAcl permissions are needed. If the ACL the
-// CreateBucket request is private or doesn't specify any ACLs, only
-// s3:CreateBucket permission is needed.
-//
-// * Object Lock - If
-// ObjectLockEnabledForBucket is set to true in your CreateBucket request,
-// s3:PutBucketObjectLockConfiguration and s3:PutBucketVersioning permissions are
-// required.
-//
-// * S3 Object Ownership - If your CreateBucket request includes the the
-// x-amz-object-ownership header, s3:PutBucketOwnershipControls permission is
-// required.
-//
-// The following operations are related to CreateBucket:
-//
-// * PutObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-// *
-// DeleteBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
+// The following operations are related to CreateBucket :
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
 func (c *Client) CreateBucket(ctx context.Context, params *CreateBucketInput, optFns ...func(*Options)) (*CreateBucketOutput, error) {
 	if params == nil {
 		params = &CreateBucketInput{}
@@ -264,6 +224,9 @@ func (c *Client) addOperationCreateBucketMiddlewares(stack *middleware.Stack, op
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addCreateBucketUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go
index c971649ce..471a7057e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go
@@ -16,29 +16,25 @@ import (
 // This action initiates a multipart upload and returns an upload ID. This upload
 // ID is used to associate all of the parts in the specific multipart upload. You
 // specify this upload ID in each of your subsequent upload part requests (see
-// UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)). You also
-// include this upload ID in the final request to either complete or abort the
-// multipart upload request. For more information about multipart uploads, see
-// Multipart Upload Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html). If you have
-// configured a lifecycle rule to abort incomplete multipart uploads, the upload
-// must complete within the number of days specified in the bucket lifecycle
-// configuration. Otherwise, the incomplete multipart upload becomes eligible for
-// an abort action and Amazon S3 aborts the multipart upload. For more information,
-// see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config).
-// For information about the permissions required to use the multipart upload API,
-// see Multipart Upload and Permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). For
-// request signing, multipart upload is just a series of regular requests. You
-// initiate a multipart upload, send one or more requests to upload parts, and then
-// complete the multipart upload process. You sign each request individually. There
-// is nothing special about signing multipart upload requests. For more information
-// about signing, see Authenticating Requests (Amazon Web Services Signature
-// Version 4)
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html).
-// After you initiate a multipart upload and upload one or more parts, to stop
+// UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+// ). You also include this upload ID in the final request to either complete or
+// abort the multipart upload request. For more information about multipart
+// uploads, see Multipart Upload Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html)
+// . If you have configured a lifecycle rule to abort incomplete multipart uploads,
+// the upload must complete within the number of days specified in the bucket
+// lifecycle configuration. Otherwise, the incomplete multipart upload becomes
+// eligible for an abort action and Amazon S3 aborts the multipart upload. For more
+// information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle
+// Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
+// . For information about the permissions required to use the multipart upload
+// API, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
+// . For request signing, multipart upload is just a series of regular requests.
+// You initiate a multipart upload, send one or more requests to upload parts, and
+// then complete the multipart upload process. You sign each request individually.
+// There is nothing special about signing multipart upload requests. For more
+// information about signing, see Authenticating Requests (Amazon Web Services
+// Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html)
+// . After you initiate a multipart upload and upload one or more parts, to stop
 // being charged for storing the uploaded parts, you must either complete or abort
 // the multipart upload. Amazon S3 frees up the space used to store the parts and
 // stop charging you for storing them only after you either complete or abort a
@@ -60,199 +56,123 @@ import (
 // customer-provided key. If the encryption setting in your request is different
 // from the default encryption configuration of the destination bucket, the
 // encryption setting in your request takes precedence. If you choose to provide
-// your own encryption key, the request headers you provide in UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) and
-// UploadPartCopy
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)
+// your own encryption key, the request headers you provide in UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+// and UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)
 // requests must match the headers you used in the request to initiate the upload
-// by using CreateMultipartUpload. you can request that Amazon S3 save the uploaded
-// parts encrypted with server-side encryption with an Amazon S3 managed key
-// (SSE-S3), an Key Management Service (KMS) key (SSE-KMS), or a customer-provided
-// encryption key (SSE-C). To perform a multipart upload with encryption by using
-// an Amazon Web Services KMS key, the requester must have permission to the
-// kms:Decrypt and kms:GenerateDataKey* actions on the key. These permissions are
-// required because Amazon S3 must decrypt and read data from the encrypted file
-// parts before it completes the multipart upload. For more information, see
-// Multipart upload API and permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions)
-// and Protecting data using server-side encryption with Amazon Web Services KMS
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html)
+// by using CreateMultipartUpload . You can request that Amazon S3 save the
+// uploaded parts encrypted with server-side encryption with an Amazon S3 managed
+// key (SSE-S3), an Key Management Service (KMS) key (SSE-KMS), or a
+// customer-provided encryption key (SSE-C). To perform a multipart upload with
+// encryption by using an Amazon Web Services KMS key, the requester must have
+// permission to the kms:Decrypt and kms:GenerateDataKey* actions on the key.
+// These permissions are required because Amazon S3 must decrypt and read data from
+// the encrypted file parts before it completes the multipart upload. For more
+// information, see Multipart upload API and permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions)
+// and Protecting data using server-side encryption with Amazon Web Services KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html)
 // in the Amazon S3 User Guide. If your Identity and Access Management (IAM) user
 // or role is in the same Amazon Web Services account as the KMS key, then you must
 // have these permissions on the key policy. If your IAM user or role belongs to a
 // different account than the key, then you must have the permissions on both the
 // key policy and your IAM user or role. For more information, see Protecting Data
-// Using Server-Side Encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html).
-// Access Permissions When copying an object, you can optionally specify the
+// Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)
+// . Access Permissions When copying an object, you can optionally specify the
 // accounts or groups that should be granted specific permissions on the new
-// object. There are two ways to grant the permissions using the request
-// headers:
+// object. There are two ways to grant the permissions using the request headers:
+//   - Specify a canned ACL with the x-amz-acl request header. For more
+//     information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL)
+//     .
+//   - Specify access permissions explicitly with the x-amz-grant-read ,
+//     x-amz-grant-read-acp , x-amz-grant-write-acp , and x-amz-grant-full-control
+//     headers. These parameters map to the set of permissions that Amazon S3 supports
+//     in an ACL. For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+//     .
 //
-// * Specify a canned ACL with the x-amz-acl request header. For more
-// information, see Canned ACL
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
+// You can use either a canned ACL or specify access permissions explicitly. You
+// cannot do both. Server-Side- Encryption-Specific Request Headers Amazon S3
+// encrypts data by using server-side encryption with an Amazon S3 managed key
+// (SSE-S3) by default. Server-side encryption is for data encryption at rest.
+// Amazon S3 encrypts your data as it writes it to disks in its data centers and
+// decrypts it when you access it. You can request that Amazon S3 encrypts data at
+// rest by using server-side encryption with other key options. The option you use
+// depends on whether you want to use KMS keys (SSE-KMS) or provide your own
+// encryption keys (SSE-C).
+//   - Use KMS keys (SSE-KMS) that include the Amazon Web Services managed key (
+//     aws/s3 ) and KMS customer managed keys stored in Key Management Service (KMS)
+//     – If you want Amazon Web Services to manage the keys used to encrypt data,
+//     specify the following headers in the request.
+//   - x-amz-server-side-encryption
+//   - x-amz-server-side-encryption-aws-kms-key-id
+//   - x-amz-server-side-encryption-context If you specify
+//     x-amz-server-side-encryption:aws:kms , but don't provide
+//     x-amz-server-side-encryption-aws-kms-key-id , Amazon S3 uses the Amazon Web
+//     Services managed key ( aws/s3 key) in KMS to protect the data. All GET and PUT
+//     requests for an object protected by KMS fail if you don't make them by using
+//     Secure Sockets Layer (SSL), Transport Layer Security (TLS), or Signature Version
+//     4. For more information about server-side encryption with KMS keys (SSE-KMS),
+//     see Protecting Data Using Server-Side Encryption with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html)
+//     .
+//   - Use customer-provided encryption keys (SSE-C) – If you want to manage your
+//     own encryption keys, provide all the following headers in the request.
+//   - x-amz-server-side-encryption-customer-algorithm
+//   - x-amz-server-side-encryption-customer-key
+//   - x-amz-server-side-encryption-customer-key-MD5 For more information about
+//     server-side encryption with customer-provided encryption keys (SSE-C), see
+//     Protecting data using server-side encryption with customer-provided encryption
+//     keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html)
+//     .
 //
-// *
-// Specify access permissions explicitly with the x-amz-grant-read,
-// x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control
-// headers. These parameters map to the set of permissions that Amazon S3 supports
-// in an ACL. For more information, see Access Control List (ACL) Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html).
+// Access-Control-List (ACL)-Specific Request Headers You also can use the
+// following access control–related headers with this operation. By default, all
+// objects are private. Only the owner has full access control. When adding a new
+// object, you can grant permissions to individual Amazon Web Services accounts or
+// to predefined groups defined by Amazon S3. These permissions are then added to
+// the access control list (ACL) on the object. For more information, see Using
+// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html) .
+// With this operation, you can grant access permissions using one of the following
+// two methods:
+//   - Specify a canned ACL ( x-amz-acl ) — Amazon S3 supports a set of predefined
+//     ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and
+//     permissions. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL)
+//     .
+//   - Specify access permissions explicitly — To explicitly grant access
+//     permissions to specific Amazon Web Services accounts or groups, use the
+//     following headers. Each header maps to specific permissions that Amazon S3
+//     supports in an ACL. For more information, see Access Control List (ACL)
+//     Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) .
+//     In the header, you specify a list of grantees who get the specific permission.
+//     To grant permissions explicitly, use:
+//   - x-amz-grant-read
+//   - x-amz-grant-write
+//   - x-amz-grant-read-acp
+//   - x-amz-grant-write-acp
+//   - x-amz-grant-full-control You specify each grantee as a type=value pair,
+//     where the type is one of the following:
+//   - id – if the value specified is the canonical user ID of an Amazon Web
+//     Services account
+//   - uri – if you are granting permissions to a predefined group
+//   - emailAddress – if the value specified is the email address of an Amazon Web
+//     Services account Using email addresses to specify a grantee is only supported in
+//     the following Amazon Web Services Regions:
+//   - US East (N. Virginia)
+//   - US West (N. California)
+//   - US West (Oregon)
+//   - Asia Pacific (Singapore)
+//   - Asia Pacific (Sydney)
+//   - Asia Pacific (Tokyo)
+//   - Europe (Ireland)
+//   - South America (São Paulo) For a list of all the Amazon S3 supported Regions
+//     and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+//     in the Amazon Web Services General Reference. For example, the following
+//     x-amz-grant-read header grants the Amazon Web Services accounts identified by
+//     account IDs permissions to read object data and its metadata:
+//     x-amz-grant-read: id="11112222333", id="444455556666"
 //
-// You can
-// use either a canned ACL or specify access permissions explicitly. You cannot do
-// both. Server-Side- Encryption-Specific Request Headers Amazon S3 encrypts data
-// by using server-side encryption with an Amazon S3 managed key (SSE-S3) by
-// default. Server-side encryption is for data encryption at rest. Amazon S3
-// encrypts your data as it writes it to disks in its data centers and decrypts it
-// when you access it. You can request that Amazon S3 encrypts data at rest by
-// using server-side encryption with other key options. The option you use depends
-// on whether you want to use KMS keys (SSE-KMS) or provide your own encryption
-// keys (SSE-C).
-//
-// * Use KMS keys (SSE-KMS) that include the Amazon Web Services
-// managed key (aws/s3) and KMS customer managed keys stored in Key Management
-// Service (KMS) – If you want Amazon Web Services to manage the keys used to
-// encrypt data, specify the following headers in the request.
-//
-// *
-// x-amz-server-side-encryption
-//
-// * x-amz-server-side-encryption-aws-kms-key-id
-//
-// *
-// x-amz-server-side-encryption-context
-//
-// If you specify
-// x-amz-server-side-encryption:aws:kms, but don't provide
-// x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web
-// Services managed key (aws/s3 key) in KMS to protect the data. All GET and PUT
-// requests for an object protected by KMS fail if you don't make them by using
-// Secure Sockets Layer (SSL), Transport Layer Security (TLS), or Signature Version
-// 4. For more information about server-side encryption with KMS keys (SSE-KMS),
-// see Protecting Data Using Server-Side Encryption with KMS keys
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html).
-//
-// *
-// Use customer-provided encryption keys (SSE-C) – If you want to manage your own
-// encryption keys, provide all the following headers in the request.
-//
-// *
-// x-amz-server-side-encryption-customer-algorithm
-//
-// *
-// x-amz-server-side-encryption-customer-key
-//
-// *
-// x-amz-server-side-encryption-customer-key-MD5
-//
-// For more information about
-// server-side encryption with customer-provided encryption keys (SSE-C), see
-// Protecting data using server-side encryption with customer-provided encryption
-// keys (SSE-C)
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html).
-//
-// Access-Control-List
-// (ACL)-Specific Request Headers You also can use the following access
-// control–related headers with this operation. By default, all objects are
-// private. Only the owner has full access control. When adding a new object, you
-// can grant permissions to individual Amazon Web Services accounts or to
-// predefined groups defined by Amazon S3. These permissions are then added to the
-// access control list (ACL) on the object. For more information, see Using ACLs
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). With
-// this operation, you can grant access permissions using one of the following two
-// methods:
-//
-// * Specify a canned ACL (x-amz-acl) — Amazon S3 supports a set of
-// predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of
-// grantees and permissions. For more information, see Canned ACL
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
-//
-// *
-// Specify access permissions explicitly — To explicitly grant access permissions
-// to specific Amazon Web Services accounts or groups, use the following headers.
-// Each header maps to specific permissions that Amazon S3 supports in an ACL. For
-// more information, see Access Control List (ACL) Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). In the
-// header, you specify a list of grantees who get the specific permission. To grant
-// permissions explicitly, use:
-//
-// * x-amz-grant-read
-//
-// * x-amz-grant-write
-//
-// *
-// x-amz-grant-read-acp
-//
-// * x-amz-grant-write-acp
-//
-// * x-amz-grant-full-control
-//
-// You
-// specify each grantee as a type=value pair, where the type is one of the
-// following:
-//
-// * id – if the value specified is the canonical user ID of an Amazon
-// Web Services account
-//
-// * uri – if you are granting permissions to a predefined
-// group
-//
-// * emailAddress – if the value specified is the email address of an Amazon
-// Web Services account Using email addresses to specify a grantee is only
-// supported in the following Amazon Web Services Regions:
-//
-// * US East (N.
-// Virginia)
-//
-// * US West (N. California)
-//
-// * US West (Oregon)
-//
-// * Asia Pacific
-// (Singapore)
-//
-// * Asia Pacific (Sydney)
-//
-// * Asia Pacific (Tokyo)
-//
-// * Europe
-// (Ireland)
-//
-// * South America (São Paulo)
-//
-// For a list of all the Amazon S3
-// supported Regions and endpoints, see Regions and Endpoints
-// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the
-// Amazon Web Services General Reference.
-//
-// For example, the following
-// x-amz-grant-read header grants the Amazon Web Services accounts identified by
-// account IDs permissions to read object data and its metadata: x-amz-grant-read:
-// id="11112222333", id="444455556666"
-//
-// The following operations are related to
-// CreateMultipartUpload:
-//
-// * UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-// *
-// CompleteMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-// *
-// AbortMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
-//
-// *
-// ListParts
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-// *
-// ListMultipartUploads
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
+// The following operations are related to CreateMultipartUpload :
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
 func (c *Client) CreateMultipartUpload(ctx context.Context, params *CreateMultipartUploadInput, optFns ...func(*Options)) (*CreateMultipartUploadOutput, error) {
 	if params == nil {
 		params = &CreateMultipartUploadInput{}
@@ -276,17 +196,15 @@ type CreateMultipartUploadInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -296,8 +214,8 @@ type CreateMultipartUploadInput struct {
 	// This member is required.
 	Key *string
 
-	// The canned ACL to apply to the object. This action is not supported by Amazon S3
-	// on Outposts.
+	// The canned ACL to apply to the object. This action is not supported by Amazon
+	// S3 on Outposts.
 	ACL types.ObjectCannedACL
 
 	// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption
@@ -310,9 +228,8 @@ type CreateMultipartUploadInput struct {
 	// Specifies caching behavior along the request/reply chain.
 	CacheControl *string
 
-	// Indicates the algorithm you want Amazon S3 to use to create the checksum for the
-	// object. For more information, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Indicates the algorithm you want Amazon S3 to use to create the checksum for
+	// the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
@@ -346,8 +263,8 @@ type CreateMultipartUploadInput struct {
 	// supported by Amazon S3 on Outposts.
 	GrantRead *string
 
-	// Allows grantee to read the object ACL. This action is not supported by Amazon S3
-	// on Outposts.
+	// Allows grantee to read the object ACL. This action is not supported by Amazon
+	// S3 on Outposts.
 	GrantReadACP *string
 
 	// Allows grantee to write the ACL for the applicable object. This action is not
@@ -369,8 +286,7 @@ type CreateMultipartUploadInput struct {
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -400,22 +316,20 @@ type CreateMultipartUploadInput struct {
 	// Web Services KMS will fail if not made via SSL or using SigV4. For information
 	// about configuring using any of the officially supported Amazon Web Services SDKs
 	// and Amazon Web Services CLI, see Specifying the Signature Version in Request
-	// Authentication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version)
+	// Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version)
 	// in the Amazon S3 User Guide.
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256, aws:kms ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// By default, Amazon S3 uses the STANDARD Storage Class to store newly created
 	// objects. The STANDARD storage class provides high durability and high
 	// availability. Depending on performance needs, you can specify a different
 	// Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For
-	// more information, see Storage Classes
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) in
-	// the Amazon S3 User Guide.
+	// more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+	// in the Amazon S3 User Guide.
 	StorageClass types.StorageClass
 
 	// The tag-set for the object. The tag-set must be encoded as URL Query parameters.
@@ -431,15 +345,14 @@ type CreateMultipartUploadInput struct {
 
 type CreateMultipartUploadOutput struct {
 
-	// If the bucket has a lifecycle rule configured with an action to abort incomplete
-	// multipart uploads and the prefix in the lifecycle rule matches the object name
-	// in the request, the response includes this header. The header indicates when the
-	// initiated multipart upload becomes eligible for an abort operation. For more
-	// information, see  Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle
-	// Policy
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config).
-	// The response also includes the x-amz-abort-rule-id header that provides the ID
-	// of the lifecycle configuration rule that defines this action.
+	// If the bucket has a lifecycle rule configured with an action to abort
+	// incomplete multipart uploads and the prefix in the lifecycle rule matches the
+	// object name in the request, the response includes this header. The header
+	// indicates when the initiated multipart upload becomes eligible for an abort
+	// operation. For more information, see Aborting Incomplete Multipart Uploads
+	// Using a Bucket Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
+	// . The response also includes the x-amz-abort-rule-id header that provides the
+	// ID of the lifecycle configuration rule that defines this action.
 	AbortDate *time.Time
 
 	// This header is returned along with the x-amz-abort-date header. It identifies
@@ -454,17 +367,15 @@ type CreateMultipartUploadOutput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	Bucket *string
 
 	// Indicates whether the multipart upload uses an S3 Bucket Key for server-side
@@ -481,13 +392,14 @@ type CreateMultipartUploadOutput struct {
 	// request.
 	RequestCharged types.RequestCharged
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm used.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header confirming the encryption
+	// algorithm used.
 	SSECustomerAlgorithm *string
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header to provide round-trip message
+	// integrity verification of the customer-provided encryption key.
 	SSECustomerKeyMD5 *string
 
 	// If present, specifies the Amazon Web Services KMS Encryption Context to use for
@@ -501,7 +413,7 @@ type CreateMultipartUploadOutput struct {
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256, aws:kms ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// ID for the initiated multipart upload.
@@ -570,6 +482,9 @@ func (c *Client) addOperationCreateMultipartUploadMiddlewares(stack *middleware.
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addCreateMultipartUploadUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucket.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucket.go
index 6bfb43c22..06dee26ae 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucket.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucket.go
@@ -13,14 +13,9 @@ import (
 
 // Deletes the S3 bucket. All objects (including all object versions and delete
 // markers) in the bucket must be deleted before the bucket itself can be deleted.
-// Related Resources
-//
-// * CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// *
-// DeleteObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
+// The following operations are related to DeleteBucket :
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
 func (c *Client) DeleteBucket(ctx context.Context, params *DeleteBucketInput, optFns ...func(*Options)) (*DeleteBucketOutput, error) {
 	if params == nil {
 		params = &DeleteBucketInput{}
@@ -115,6 +110,9 @@ func (c *Client) addOperationDeleteBucketMiddlewares(stack *middleware.Stack, op
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketAnalyticsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketAnalyticsConfiguration.go
index e016d9763..652081c6a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketAnalyticsConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketAnalyticsConfiguration.go
@@ -13,29 +13,17 @@ import (
 
 // Deletes an analytics configuration for the bucket (specified by the analytics
 // configuration ID). To use this operation, you must have permissions to perform
-// the s3:PutAnalyticsConfiguration action. The bucket owner has this permission by
-// default. The bucket owner can grant this permission to others. For more
+// the s3:PutAnalyticsConfiguration action. The bucket owner has this permission
+// by default. The bucket owner can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// For information about the Amazon S3 analytics feature, see Amazon S3 Analytics –
-// Storage Class Analysis
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html).
-// The following operations are related to DeleteBucketAnalyticsConfiguration:
-//
-// *
-// GetBucketAnalyticsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html)
-//
-// *
-// ListBucketAnalyticsConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html)
-//
-// *
-// PutBucketAnalyticsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html)
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . For information about the Amazon S3 analytics feature, see Amazon S3
+// Analytics – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html)
+// . The following operations are related to DeleteBucketAnalyticsConfiguration :
+//   - GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html)
+//   - ListBucketAnalyticsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html)
+//   - PutBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html)
 func (c *Client) DeleteBucketAnalyticsConfiguration(ctx context.Context, params *DeleteBucketAnalyticsConfigurationInput, optFns ...func(*Options)) (*DeleteBucketAnalyticsConfigurationOutput, error) {
 	if params == nil {
 		params = &DeleteBucketAnalyticsConfigurationInput{}
@@ -135,6 +123,9 @@ func (c *Client) addOperationDeleteBucketAnalyticsConfigurationMiddlewares(stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketAnalyticsConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketCors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketCors.go
index 79045abe2..1415e1a1f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketCors.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketCors.go
@@ -14,16 +14,11 @@ import (
 // Deletes the cors configuration information set for the bucket. To use this
 // operation, you must have permission to perform the s3:PutBucketCORS action. The
 // bucket owner has this permission by default and can grant this permission to
-// others. For information about cors, see Enabling Cross-Origin Resource Sharing
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon S3
-// User Guide. Related Resources:
-//
-// * PutBucketCors
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html)
-//
-// *
-// RESTOPTIONSobject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html)
+// others. For information about cors , see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html)
+// in the Amazon S3 User Guide. The following operations are related to
+// DeleteBucketCors :
+//   - PutBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html)
+//   - RESTOPTIONSobject (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html)
 func (c *Client) DeleteBucketCors(ctx context.Context, params *DeleteBucketCorsInput, optFns ...func(*Options)) (*DeleteBucketCorsOutput, error) {
 	if params == nil {
 		params = &DeleteBucketCorsInput{}
@@ -118,6 +113,9 @@ func (c *Client) addOperationDeleteBucketCorsMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketCorsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketEncryption.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketEncryption.go
index 9f5084dc3..e2b6626e1 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketEncryption.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketEncryption.go
@@ -14,24 +14,17 @@ import (
 // This implementation of the DELETE action resets the default encryption for the
 // bucket as server-side encryption with Amazon S3 managed keys (SSE-S3). For
 // information about the bucket default encryption feature, see Amazon S3 Bucket
-// Default Encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the
-// Amazon S3 User Guide. To use this operation, you must have permissions to
+// Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
+// in the Amazon S3 User Guide. To use this operation, you must have permissions to
 // perform the s3:PutEncryptionConfiguration action. The bucket owner has this
 // permission by default. The bucket owner can grant this permission to others. For
 // more information about permissions, see Permissions Related to Bucket
-// Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
-// in the Amazon S3 User Guide. Related Resources
-//
-// * PutBucketEncryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html)
-//
-// *
-// GetBucketEncryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html)
+// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// in the Amazon S3 User Guide. The following operations are related to
+// DeleteBucketEncryption :
+//   - PutBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html)
+//   - GetBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html)
 func (c *Client) DeleteBucketEncryption(ctx context.Context, params *DeleteBucketEncryptionInput, optFns ...func(*Options)) (*DeleteBucketEncryptionOutput, error) {
 	if params == nil {
 		params = &DeleteBucketEncryptionInput{}
@@ -127,6 +120,9 @@ func (c *Client) addOperationDeleteBucketEncryptionMiddlewares(stack *middleware
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketEncryptionUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketIntelligentTieringConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketIntelligentTieringConfiguration.go
index 139dd78a0..f844a427e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketIntelligentTieringConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketIntelligentTieringConfiguration.go
@@ -24,21 +24,11 @@ import (
 // monitored and not eligible for auto-tiering. Smaller objects can be stored, but
 // they are always charged at the Frequent Access tier rates in the S3
 // Intelligent-Tiering storage class. For more information, see Storage class for
-// automatically optimizing frequently and infrequently accessed objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
-// Operations related to DeleteBucketIntelligentTieringConfiguration include:
-//
-// *
-// GetBucketIntelligentTieringConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html)
-//
-// *
-// PutBucketIntelligentTieringConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html)
-//
-// *
-// ListBucketIntelligentTieringConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
+// automatically optimizing frequently and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access)
+// . Operations related to DeleteBucketIntelligentTieringConfiguration include:
+//   - GetBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html)
+//   - PutBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html)
+//   - ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
 func (c *Client) DeleteBucketIntelligentTieringConfiguration(ctx context.Context, params *DeleteBucketIntelligentTieringConfigurationInput, optFns ...func(*Options)) (*DeleteBucketIntelligentTieringConfigurationOutput, error) {
 	if params == nil {
 		params = &DeleteBucketIntelligentTieringConfigurationInput{}
@@ -134,6 +124,9 @@ func (c *Client) addOperationDeleteBucketIntelligentTieringConfigurationMiddlewa
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketIntelligentTieringConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketInventoryConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketInventoryConfiguration.go
index 32fe81f12..e31814737 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketInventoryConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketInventoryConfiguration.go
@@ -16,25 +16,13 @@ import (
 // s3:PutInventoryConfiguration action. The bucket owner has this permission by
 // default. The bucket owner can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// For information about the Amazon S3 inventory feature, see Amazon S3 Inventory
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html).
-// Operations related to DeleteBucketInventoryConfiguration include:
-//
-// *
-// GetBucketInventoryConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html)
-//
-// *
-// PutBucketInventoryConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html)
-//
-// *
-// ListBucketInventoryConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html)
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . For information about the Amazon S3 inventory feature, see Amazon S3 Inventory (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html)
+// . Operations related to DeleteBucketInventoryConfiguration include:
+//   - GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html)
+//   - PutBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html)
+//   - ListBucketInventoryConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html)
 func (c *Client) DeleteBucketInventoryConfiguration(ctx context.Context, params *DeleteBucketInventoryConfigurationInput, optFns ...func(*Options)) (*DeleteBucketInventoryConfigurationOutput, error) {
 	if params == nil {
 		params = &DeleteBucketInventoryConfigurationInput{}
@@ -134,6 +122,9 @@ func (c *Client) addOperationDeleteBucketInventoryConfigurationMiddlewares(stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketInventoryConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketLifecycle.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketLifecycle.go
index c110bfb44..0b6f80a18 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketLifecycle.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketLifecycle.go
@@ -11,25 +11,19 @@ import (
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Deletes the lifecycle configuration from the specified bucket. Amazon S3 removes
-// all the lifecycle configuration rules in the lifecycle subresource associated
-// with the bucket. Your objects never expire, and Amazon S3 no longer
+// Deletes the lifecycle configuration from the specified bucket. Amazon S3
+// removes all the lifecycle configuration rules in the lifecycle subresource
+// associated with the bucket. Your objects never expire, and Amazon S3 no longer
 // automatically deletes any objects on the basis of rules contained in the deleted
 // lifecycle configuration. To use this operation, you must have permission to
 // perform the s3:PutLifecycleConfiguration action. By default, the bucket owner
 // has this permission and the bucket owner can grant this permission to others.
 // There is usually some time lag before lifecycle configuration deletion is fully
 // propagated to all the Amazon S3 systems. For more information about the object
-// expiration, see Elements to Describe Lifecycle Actions
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#intro-lifecycle-rules-actions).
-// Related actions include:
-//
-// * PutBucketLifecycleConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
-//
-// *
-// GetBucketLifecycleConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
+// expiration, see Elements to Describe Lifecycle Actions (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#intro-lifecycle-rules-actions)
+// . Related actions include:
+//   - PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
+//   - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
 func (c *Client) DeleteBucketLifecycle(ctx context.Context, params *DeleteBucketLifecycleInput, optFns ...func(*Options)) (*DeleteBucketLifecycleOutput, error) {
 	if params == nil {
 		params = &DeleteBucketLifecycleInput{}
@@ -124,6 +118,9 @@ func (c *Client) addOperationDeleteBucketLifecycleMiddlewares(stack *middleware.
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketLifecycleUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetricsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetricsConfiguration.go
index 54bfa8cb8..c7ba9b857 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetricsConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetricsConfiguration.go
@@ -17,30 +17,15 @@ import (
 // permissions to perform the s3:PutMetricsConfiguration action. The bucket owner
 // has this permission by default. The bucket owner can grant this permission to
 // others. For more information about permissions, see Permissions Related to
-// Bucket Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// For information about CloudWatch request metrics for Amazon S3, see Monitoring
-// Metrics with Amazon CloudWatch
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
-// The following operations are related to DeleteBucketMetricsConfiguration:
-//
-// *
-// GetBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html)
-//
-// *
-// PutBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
-//
-// *
-// ListBucketMetricsConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html)
-//
-// *
-// Monitoring Metrics with Amazon CloudWatch
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
+// Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . For information about CloudWatch request metrics for Amazon S3, see
+// Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
+// . The following operations are related to DeleteBucketMetricsConfiguration :
+//   - GetBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html)
+//   - PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
+//   - ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html)
+//   - Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
 func (c *Client) DeleteBucketMetricsConfiguration(ctx context.Context, params *DeleteBucketMetricsConfigurationInput, optFns ...func(*Options)) (*DeleteBucketMetricsConfigurationOutput, error) {
 	if params == nil {
 		params = &DeleteBucketMetricsConfigurationInput{}
@@ -141,6 +126,9 @@ func (c *Client) addOperationDeleteBucketMetricsConfigurationMiddlewares(stack *
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketMetricsConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketOwnershipControls.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketOwnershipControls.go
index 6186db5e1..bfe782866 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketOwnershipControls.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketOwnershipControls.go
@@ -13,16 +13,11 @@ import (
 
 // Removes OwnershipControls for an Amazon S3 bucket. To use this operation, you
 // must have the s3:PutBucketOwnershipControls permission. For more information
-// about Amazon S3 permissions, see Specifying Permissions in a Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
-// For information about Amazon S3 Object Ownership, see Using Object Ownership
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html).
-// The following operations are related to DeleteBucketOwnershipControls:
-//
-// *
-// GetBucketOwnershipControls
-//
-// * PutBucketOwnershipControls
+// about Amazon S3 permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// . For information about Amazon S3 Object Ownership, see Using Object Ownership (https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html)
+// . The following operations are related to DeleteBucketOwnershipControls :
+//   - GetBucketOwnershipControls
+//   - PutBucketOwnershipControls
 func (c *Client) DeleteBucketOwnershipControls(ctx context.Context, params *DeleteBucketOwnershipControlsInput, optFns ...func(*Options)) (*DeleteBucketOwnershipControlsOutput, error) {
 	if params == nil {
 		params = &DeleteBucketOwnershipControlsInput{}
@@ -117,6 +112,9 @@ func (c *Client) addOperationDeleteBucketOwnershipControlsMiddlewares(stack *mid
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketOwnershipControlsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketPolicy.go
index 618d9bede..05d0de250 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketPolicy.go
@@ -19,20 +19,17 @@ import (
 // have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied
 // error. If you have the correct permissions, but you're not using an identity
 // that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not
-// Allowed error. As a security precaution, the root user of the Amazon Web
-// Services account that owns a bucket can always use this operation, even if the
-// policy explicitly denies the root user the ability to perform this action. For
-// more information about bucket policies, see Using Bucket Policies and
-// UserPolicies
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). The
-// following operations are related to DeleteBucketPolicy
-//
-// * CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// *
-// DeleteObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
+// Allowed error. To ensure that bucket owners don't inadvertently lock themselves
+// out of their own buckets, the root principal in a bucket owner's Amazon Web
+// Services account can perform the GetBucketPolicy , PutBucketPolicy , and
+// DeleteBucketPolicy API actions, even if their bucket policy explicitly denies
+// the root principal's access. Bucket owner root principals can only be blocked
+// from performing these API actions by VPC endpoint policies and Amazon Web
+// Services Organizations policies. For more information about bucket policies, see
+// Using Bucket Policies and UserPolicies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html)
+// . The following operations are related to DeleteBucketPolicy
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
 func (c *Client) DeleteBucketPolicy(ctx context.Context, params *DeleteBucketPolicyInput, optFns ...func(*Options)) (*DeleteBucketPolicyOutput, error) {
 	if params == nil {
 		params = &DeleteBucketPolicyInput{}
@@ -127,6 +124,9 @@ func (c *Client) addOperationDeleteBucketPolicyMiddlewares(stack *middleware.Sta
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketPolicyUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketReplication.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketReplication.go
index ad2d772d4..a394dc7fe 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketReplication.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketReplication.go
@@ -15,22 +15,14 @@ import (
 // you must have permissions to perform the s3:PutReplicationConfiguration action.
 // The bucket owner has these permissions by default and can grant it to others.
 // For more information about permissions, see Permissions Related to Bucket
-// Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// It can take a while for the deletion of a replication configuration to fully
-// propagate. For information about replication configuration, see Replication
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) in the Amazon
-// S3 User Guide. The following operations are related to
-// DeleteBucketReplication:
-//
-// * PutBucketReplication
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html)
-//
-// *
-// GetBucketReplication
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html)
+// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . It can take a while for the deletion of a replication configuration to fully
+// propagate. For information about replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
+// in the Amazon S3 User Guide. The following operations are related to
+// DeleteBucketReplication :
+//   - PutBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html)
+//   - GetBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html)
 func (c *Client) DeleteBucketReplication(ctx context.Context, params *DeleteBucketReplicationInput, optFns ...func(*Options)) (*DeleteBucketReplicationOutput, error) {
 	if params == nil {
 		params = &DeleteBucketReplicationInput{}
@@ -125,6 +117,9 @@ func (c *Client) addOperationDeleteBucketReplicationMiddlewares(stack *middlewar
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketReplicationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go
index 063f0bc59..fae0d3655 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go
@@ -14,14 +14,9 @@ import (
 // Deletes the tags from the bucket. To use this operation, you must have
 // permission to perform the s3:PutBucketTagging action. By default, the bucket
 // owner has this permission and can grant this permission to others. The following
-// operations are related to DeleteBucketTagging:
-//
-// * GetBucketTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html)
-//
-// *
-// PutBucketTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html)
+// operations are related to DeleteBucketTagging :
+//   - GetBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html)
+//   - PutBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html)
 func (c *Client) DeleteBucketTagging(ctx context.Context, params *DeleteBucketTaggingInput, optFns ...func(*Options)) (*DeleteBucketTaggingOutput, error) {
 	if params == nil {
 		params = &DeleteBucketTaggingInput{}
@@ -116,6 +111,9 @@ func (c *Client) addOperationDeleteBucketTaggingMiddlewares(stack *middleware.St
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketTaggingUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketWebsite.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketWebsite.go
index 7eb72b86a..ded4e63d0 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketWebsite.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketWebsite.go
@@ -21,16 +21,10 @@ import (
 // bucket owners can grant other users permission to delete the website
 // configuration by writing a bucket policy granting them the
 // S3:DeleteBucketWebsite permission. For more information about hosting websites,
-// see Hosting Websites on Amazon S3
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). The
-// following operations are related to DeleteBucketWebsite:
-//
-// * GetBucketWebsite
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketWebsite.html)
-//
-// *
-// PutBucketWebsite
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html)
+// see Hosting Websites on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html)
+// . The following operations are related to DeleteBucketWebsite :
+//   - GetBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketWebsite.html)
+//   - PutBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html)
 func (c *Client) DeleteBucketWebsite(ctx context.Context, params *DeleteBucketWebsiteInput, optFns ...func(*Options)) (*DeleteBucketWebsiteOutput, error) {
 	if params == nil {
 		params = &DeleteBucketWebsiteInput{}
@@ -125,6 +119,9 @@ func (c *Client) addOperationDeleteBucketWebsiteMiddlewares(stack *middleware.St
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteBucketWebsiteUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go
index 5c421af11..27ca720bf 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go
@@ -18,24 +18,19 @@ import (
 // command was successful. To remove a specific version, you must use the version
 // Id subresource. Using this subresource permanently deletes the version. If the
 // object deleted is a delete marker, Amazon S3 sets the response header,
-// x-amz-delete-marker, to true. If the object you want to delete is in a bucket
+// x-amz-delete-marker , to true. If the object you want to delete is in a bucket
 // where the bucket versioning configuration is MFA Delete enabled, you must
 // include the x-amz-mfa request header in the DELETE versionId request. Requests
 // that include x-amz-mfa must use HTTPS. For more information about MFA Delete,
-// see Using MFA Delete
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html). To see
-// sample requests that use versioning, see Sample Request
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete).
-// You can delete objects by explicitly calling DELETE Object or configure its
-// lifecycle (PutBucketLifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html))
-// to enable Amazon S3 to remove them for you. If you want to block users or
+// see Using MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html)
+// . To see sample requests that use versioning, see Sample Request (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete)
+// . You can delete objects by explicitly calling DELETE Object or configure its
+// lifecycle ( PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)
+// ) to enable Amazon S3 to remove them for you. If you want to block users or
 // accounts from removing or deleting objects from your bucket, you must deny them
-// the s3:DeleteObject, s3:DeleteObjectVersion, and s3:PutLifeCycleConfiguration
-// actions. The following action is related to DeleteObject:
-//
-// * PutObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+// the s3:DeleteObject , s3:DeleteObjectVersion , and s3:PutLifeCycleConfiguration
+// actions. The following action is related to DeleteObject :
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
 func (c *Client) DeleteObject(ctx context.Context, params *DeleteObjectInput, optFns ...func(*Options)) (*DeleteObjectOutput, error) {
 	if params == nil {
 		params = &DeleteObjectInput{}
@@ -53,23 +48,21 @@ func (c *Client) DeleteObject(ctx context.Context, params *DeleteObjectInput, op
 
 type DeleteObjectInput struct {
 
-	// The bucket name of the bucket containing the object. When using this action with
-	// an access point, you must direct requests to the access point hostname. The
+	// The bucket name of the bucket containing the object. When using this action
+	// with an access point, you must direct requests to the access point hostname. The
 	// access point hostname takes the form
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -89,16 +82,16 @@ type DeleteObjectInput struct {
 	// (access denied).
 	ExpectedBucketOwner *string
 
-	// The concatenation of the authentication device's serial number, a space, and the
-	// value that is displayed on your authentication device. Required to permanently
-	// delete a versioned object if versioning is configured with MFA delete enabled.
+	// The concatenation of the authentication device's serial number, a space, and
+	// the value that is displayed on your authentication device. Required to
+	// permanently delete a versioned object if versioning is configured with MFA
+	// delete enabled.
 	MFA *string
 
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -185,6 +178,9 @@ func (c *Client) addOperationDeleteObjectMiddlewares(stack *middleware.Stack, op
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteObjectUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjectTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjectTagging.go
index 64877b5b3..294d33079 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjectTagging.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjectTagging.go
@@ -11,21 +11,15 @@ import (
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Removes the entire tag set from the specified object. For more information about
-// managing object tags, see  Object Tagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). To use
-// this operation, you must have permission to perform the s3:DeleteObjectTagging
-// action. To delete tags of a specific object version, add the versionId query
-// parameter in the request. You will need permission for the
+// Removes the entire tag set from the specified object. For more information
+// about managing object tags, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html)
+// . To use this operation, you must have permission to perform the
+// s3:DeleteObjectTagging action. To delete tags of a specific object version, add
+// the versionId query parameter in the request. You will need permission for the
 // s3:DeleteObjectVersionTagging action. The following operations are related to
-// DeleteObjectTagging:
-//
-// * PutObjectTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html)
-//
-// *
-// GetObjectTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
+// DeleteObjectTagging :
+//   - PutObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html)
+//   - GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
 func (c *Client) DeleteObjectTagging(ctx context.Context, params *DeleteObjectTaggingInput, optFns ...func(*Options)) (*DeleteObjectTaggingOutput, error) {
 	if params == nil {
 		params = &DeleteObjectTaggingInput{}
@@ -43,23 +37,21 @@ func (c *Client) DeleteObjectTagging(ctx context.Context, params *DeleteObjectTa
 
 type DeleteObjectTaggingInput struct {
 
-	// The bucket name containing the objects from which to remove the tags. When using
-	// this action with an access point, you must direct requests to the access point
-	// hostname. The access point hostname takes the form
+	// The bucket name containing the objects from which to remove the tags. When
+	// using this action with an access point, you must direct requests to the access
+	// point hostname. The access point hostname takes the form
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -148,6 +140,9 @@ func (c *Client) addOperationDeleteObjectTaggingMiddlewares(stack *middleware.St
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteObjectTaggingUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjects.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjects.go
index fb0e4bdce..7fc9cdfde 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjects.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjects.go
@@ -33,31 +33,16 @@ import (
 // even if there are non-versioned objects you are trying to delete. If you provide
 // an invalid token, whether there are versioned keys in the request or not, the
 // entire Multi-Object Delete request will fail. For information about MFA Delete,
-// see  MFA Delete
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete).
-// Finally, the Content-MD5 header is required for all Multi-Object Delete
+// see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete)
+// . Finally, the Content-MD5 header is required for all Multi-Object Delete
 // requests. Amazon S3 uses the header value to ensure that your request body has
 // not been altered in transit. The following operations are related to
-// DeleteObjects:
-//
-// * CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-// *
-// UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-// *
-// CompleteMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-// *
-// ListParts
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-// *
-// AbortMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+// DeleteObjects :
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
 func (c *Client) DeleteObjects(ctx context.Context, params *DeleteObjectsInput, optFns ...func(*Options)) (*DeleteObjectsOutput, error) {
 	if params == nil {
 		params = &DeleteObjectsInput{}
@@ -75,23 +60,21 @@ func (c *Client) DeleteObjects(ctx context.Context, params *DeleteObjectsInput,
 
 type DeleteObjectsInput struct {
 
-	// The bucket name containing the objects to delete. When using this action with an
-	// access point, you must direct requests to the access point hostname. The access
-	// point hostname takes the form
+	// The bucket name containing the objects to delete. When using this action with
+	// an access point, you must direct requests to the access point hostname. The
+	// access point hostname takes the form
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -110,9 +93,8 @@ type DeleteObjectsInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter. This checksum algorithm must
 	// be the same for all parts and it match the checksum value supplied in the
@@ -124,16 +106,16 @@ type DeleteObjectsInput struct {
 	// (access denied).
 	ExpectedBucketOwner *string
 
-	// The concatenation of the authentication device's serial number, a space, and the
-	// value that is displayed on your authentication device. Required to permanently
-	// delete a versioned object if versioning is configured with MFA delete enabled.
+	// The concatenation of the authentication device's serial number, a space, and
+	// the value that is displayed on your authentication device. Required to
+	// permanently delete a versioned object if versioning is configured with MFA
+	// delete enabled.
 	MFA *string
 
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -217,6 +199,9 @@ func (c *Client) addOperationDeleteObjectsMiddlewares(stack *middleware.Stack, o
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeleteObjectsInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -247,8 +232,8 @@ func newServiceMetadataMiddleware_opDeleteObjects(region string) *awsmiddleware.
 	}
 }
 
-// getDeleteObjectsRequestAlgorithmMember gets the request checksum algorithm value
-// provided as input.
+// getDeleteObjectsRequestAlgorithmMember gets the request checksum algorithm
+// value provided as input.
 func getDeleteObjectsRequestAlgorithmMember(input interface{}) (string, bool) {
 	in := input.(*DeleteObjectsInput)
 	if len(in.ChecksumAlgorithm) == 0 {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeletePublicAccessBlock.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeletePublicAccessBlock.go
index 3defd538c..393ba676a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeletePublicAccessBlock.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeletePublicAccessBlock.go
@@ -11,30 +11,16 @@ import (
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Removes the PublicAccessBlock configuration for an Amazon S3 bucket. To use this
-// operation, you must have the s3:PutBucketPublicAccessBlock permission. For more
-// information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// The following operations are related to DeletePublicAccessBlock:
-//
-// * Using Amazon
-// S3 Block Public Access
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
-//
-// *
-// GetPublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
-//
-// *
-// PutPublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html)
-//
-// *
-// GetBucketPolicyStatus
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html)
+// Removes the PublicAccessBlock configuration for an Amazon S3 bucket. To use
+// this operation, you must have the s3:PutBucketPublicAccessBlock permission. For
+// more information about permissions, see Permissions Related to Bucket
+// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . The following operations are related to DeletePublicAccessBlock :
+//   - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
+//   - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
+//   - PutPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html)
+//   - GetBucketPolicyStatus (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html)
 func (c *Client) DeletePublicAccessBlock(ctx context.Context, params *DeletePublicAccessBlockInput, optFns ...func(*Options)) (*DeletePublicAccessBlockOutput, error) {
 	if params == nil {
 		params = &DeletePublicAccessBlockInput{}
@@ -129,6 +115,9 @@ func (c *Client) addOperationDeletePublicAccessBlockMiddlewares(stack *middlewar
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addDeletePublicAccessBlockUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAccelerateConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAccelerateConfiguration.go
index d1690f3ea..2d608c316 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAccelerateConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAccelerateConfiguration.go
@@ -14,28 +14,23 @@ import (
 
 // This implementation of the GET action uses the accelerate subresource to return
 // the Transfer Acceleration state of a bucket, which is either Enabled or
-// Suspended. Amazon S3 Transfer Acceleration is a bucket-level feature that
+// Suspended . Amazon S3 Transfer Acceleration is a bucket-level feature that
 // enables you to perform faster data transfers to and from Amazon S3. To use this
 // operation, you must have permission to perform the s3:GetAccelerateConfiguration
 // action. The bucket owner has this permission by default. The bucket owner can
 // grant this permission to others. For more information about permissions, see
-// Permissions Related to Bucket Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
 // in the Amazon S3 User Guide. You set the Transfer Acceleration state of an
 // existing bucket to Enabled or Suspended by using the
-// PutBucketAccelerateConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html)
+// PutBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html)
 // operation. A GET accelerate request does not return a state value for a bucket
 // that has no transfer acceleration state. A bucket has no Transfer Acceleration
 // state if a state has never been set on the bucket. For more information about
-// transfer acceleration, see Transfer Acceleration
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in
-// the Amazon S3 User Guide. Related Resources
-//
-// * PutBucketAccelerateConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html)
+// transfer acceleration, see Transfer Acceleration (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html)
+// in the Amazon S3 User Guide. The following operations are related to
+// GetBucketAccelerateConfiguration :
+//   - PutBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html)
 func (c *Client) GetBucketAccelerateConfiguration(ctx context.Context, params *GetBucketAccelerateConfigurationInput, optFns ...func(*Options)) (*GetBucketAccelerateConfigurationOutput, error) {
 	if params == nil {
 		params = &GetBucketAccelerateConfigurationInput{}
@@ -134,6 +129,9 @@ func (c *Client) addOperationGetBucketAccelerateConfigurationMiddlewares(stack *
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketAccelerateConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAcl.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAcl.go
index 2064c614d..232b97178 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAcl.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAcl.go
@@ -16,17 +16,21 @@ import (
 // access control list (ACL) of a bucket. To use GET to return the ACL of the
 // bucket, you must have READ_ACP access to the bucket. If READ_ACP permission is
 // granted to the anonymous user, you can return the ACL of the bucket without
-// using an authorization header. To use this API against an access point, provide
-// the alias of the access point in place of the bucket name. If your bucket uses
-// the bucket owner enforced setting for S3 Object Ownership, requests to read ACLs
-// are still supported and return the bucket-owner-full-control ACL with the owner
-// being the account that created the bucket. For more information, see
-// Controlling object ownership and disabling ACLs
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
-// in the Amazon S3 User Guide. Related Resources
-//
-// * ListObjects
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html)
+// using an authorization header. To use this API operation against an access
+// point, provide the alias of the access point in place of the bucket name. To use
+// this API operation against an Object Lambda access point, provide the alias of
+// the Object Lambda access point in place of the bucket name. If the Object Lambda
+// access point alias in a request is not valid, the error code
+// InvalidAccessPointAliasError is returned. For more information about
+// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+// . If your bucket uses the bucket owner enforced setting for S3 Object Ownership,
+// requests to read ACLs are still supported and return the
+// bucket-owner-full-control ACL with the owner being the account that created the
+// bucket. For more information, see Controlling object ownership and disabling
+// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// in the Amazon S3 User Guide. The following operations are related to
+// GetBucketAcl :
+//   - ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html)
 func (c *Client) GetBucketAcl(ctx context.Context, params *GetBucketAclInput, optFns ...func(*Options)) (*GetBucketAclOutput, error) {
 	if params == nil {
 		params = &GetBucketAclInput{}
@@ -44,7 +48,14 @@ func (c *Client) GetBucketAcl(ctx context.Context, params *GetBucketAclInput, op
 
 type GetBucketAclInput struct {
 
-	// Specifies the S3 bucket whose ACL is being requested.
+	// Specifies the S3 bucket whose ACL is being requested. To use this API operation
+	// against an access point, provide the alias of the access point in place of the
+	// bucket name. To use this API operation against an Object Lambda access point,
+	// provide the alias of the Object Lambda access point in place of the bucket name.
+	// If the Object Lambda access point alias in a request is not valid, the error
+	// code InvalidAccessPointAliasError is returned. For more information about
+	// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+	// .
 	//
 	// This member is required.
 	Bucket *string
@@ -128,6 +139,9 @@ func (c *Client) addOperationGetBucketAclMiddlewares(stack *middleware.Stack, op
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketAclUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAnalyticsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAnalyticsConfiguration.go
index bf2c3be67..6b7c3370b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAnalyticsConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAnalyticsConfiguration.go
@@ -17,26 +17,15 @@ import (
 // operation, you must have permissions to perform the s3:GetAnalyticsConfiguration
 // action. The bucket owner has this permission by default. The bucket owner can
 // grant this permission to others. For more information about permissions, see
-// Permissions Related to Bucket Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
 // in the Amazon S3 User Guide. For information about Amazon S3 analytics feature,
-// see Amazon S3 Analytics – Storage Class Analysis
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html)
-// in the Amazon S3 User Guide. Related Resources
-//
-// *
-// DeleteBucketAnalyticsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html)
-//
-// *
-// ListBucketAnalyticsConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html)
-//
-// *
-// PutBucketAnalyticsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html)
+// see Amazon S3 Analytics – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html)
+// in the Amazon S3 User Guide. The following operations are related to
+// GetBucketAnalyticsConfiguration :
+//   - DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html)
+//   - ListBucketAnalyticsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html)
+//   - PutBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html)
 func (c *Client) GetBucketAnalyticsConfiguration(ctx context.Context, params *GetBucketAnalyticsConfigurationInput, optFns ...func(*Options)) (*GetBucketAnalyticsConfigurationOutput, error) {
 	if params == nil {
 		params = &GetBucketAnalyticsConfigurationInput{}
@@ -140,6 +129,9 @@ func (c *Client) addOperationGetBucketAnalyticsConfigurationMiddlewares(stack *m
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketAnalyticsConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketCors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketCors.go
index b6004fdbb..54b526cd5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketCors.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketCors.go
@@ -15,18 +15,17 @@ import (
 // Returns the Cross-Origin Resource Sharing (CORS) configuration information set
 // for the bucket. To use this operation, you must have permission to perform the
 // s3:GetBucketCORS action. By default, the bucket owner has this permission and
-// can grant it to others. To use this API against an access point, provide the
-// alias of the access point in place of the bucket name. For more information
-// about CORS, see  Enabling Cross-Origin Resource Sharing
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html). The following
-// operations are related to GetBucketCors:
-//
-// * PutBucketCors
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html)
-//
-// *
-// DeleteBucketCors
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html)
+// can grant it to others. To use this API operation against an access point,
+// provide the alias of the access point in place of the bucket name. To use this
+// API operation against an Object Lambda access point, provide the alias of the
+// Object Lambda access point in place of the bucket name. If the Object Lambda
+// access point alias in a request is not valid, the error code
+// InvalidAccessPointAliasError is returned. For more information about
+// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+// . For more information about CORS, see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html)
+// . The following operations are related to GetBucketCors :
+//   - PutBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html)
+//   - DeleteBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html)
 func (c *Client) GetBucketCors(ctx context.Context, params *GetBucketCorsInput, optFns ...func(*Options)) (*GetBucketCorsOutput, error) {
 	if params == nil {
 		params = &GetBucketCorsInput{}
@@ -44,7 +43,14 @@ func (c *Client) GetBucketCors(ctx context.Context, params *GetBucketCorsInput,
 
 type GetBucketCorsInput struct {
 
-	// The bucket name for which to get the cors configuration.
+	// The bucket name for which to get the cors configuration. To use this API
+	// operation against an access point, provide the alias of the access point in
+	// place of the bucket name. To use this API operation against an Object Lambda
+	// access point, provide the alias of the Object Lambda access point in place of
+	// the bucket name. If the Object Lambda access point alias in a request is not
+	// valid, the error code InvalidAccessPointAliasError is returned. For more
+	// information about InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+	// .
 	//
 	// This member is required.
 	Bucket *string
@@ -126,6 +132,9 @@ func (c *Client) addOperationGetBucketCorsMiddlewares(stack *middleware.Stack, o
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketCorsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketEncryption.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketEncryption.go
index 526faa8c2..f16cd2359 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketEncryption.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketEncryption.go
@@ -16,25 +16,16 @@ import (
 // default, all buckets have a default encryption configuration that uses
 // server-side encryption with Amazon S3 managed keys (SSE-S3). For information
 // about the bucket default encryption feature, see Amazon S3 Bucket Default
-// Encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the
-// Amazon S3 User Guide. To use this operation, you must have permission to perform
-// the s3:GetEncryptionConfiguration action. The bucket owner has this permission
-// by default. The bucket owner can grant this permission to others. For more
-// information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// The following operations are related to GetBucketEncryption:
-//
-// *
-// PutBucketEncryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html)
-//
-// *
-// DeleteBucketEncryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html)
+// Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
+// in the Amazon S3 User Guide. To use this operation, you must have permission to
+// perform the s3:GetEncryptionConfiguration action. The bucket owner has this
+// permission by default. The bucket owner can grant this permission to others. For
+// more information about permissions, see Permissions Related to Bucket
+// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . The following operations are related to GetBucketEncryption :
+//   - PutBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html)
+//   - DeleteBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html)
 func (c *Client) GetBucketEncryption(ctx context.Context, params *GetBucketEncryptionInput, optFns ...func(*Options)) (*GetBucketEncryptionOutput, error) {
 	if params == nil {
 		params = &GetBucketEncryptionInput{}
@@ -134,6 +125,9 @@ func (c *Client) addOperationGetBucketEncryptionMiddlewares(stack *middleware.St
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketEncryptionUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketIntelligentTieringConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketIntelligentTieringConfiguration.go
index 70bbb9dfb..e1918e5ff 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketIntelligentTieringConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketIntelligentTieringConfiguration.go
@@ -25,21 +25,11 @@ import (
 // monitored and not eligible for auto-tiering. Smaller objects can be stored, but
 // they are always charged at the Frequent Access tier rates in the S3
 // Intelligent-Tiering storage class. For more information, see Storage class for
-// automatically optimizing frequently and infrequently accessed objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
-// Operations related to GetBucketIntelligentTieringConfiguration include:
-//
-// *
-// DeleteBucketIntelligentTieringConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html)
-//
-// *
-// PutBucketIntelligentTieringConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html)
-//
-// *
-// ListBucketIntelligentTieringConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
+// automatically optimizing frequently and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access)
+// . Operations related to GetBucketIntelligentTieringConfiguration include:
+//   - DeleteBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html)
+//   - PutBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html)
+//   - ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
 func (c *Client) GetBucketIntelligentTieringConfiguration(ctx context.Context, params *GetBucketIntelligentTieringConfigurationInput, optFns ...func(*Options)) (*GetBucketIntelligentTieringConfigurationOutput, error) {
 	if params == nil {
 		params = &GetBucketIntelligentTieringConfigurationInput{}
@@ -139,6 +129,9 @@ func (c *Client) addOperationGetBucketIntelligentTieringConfigurationMiddlewares
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketIntelligentTieringConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketInventoryConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketInventoryConfiguration.go
index f35a4606c..afc18c15e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketInventoryConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketInventoryConfiguration.go
@@ -14,27 +14,15 @@ import (
 
 // Returns an inventory configuration (identified by the inventory configuration
 // ID) from the bucket. To use this operation, you must have permissions to perform
-// the s3:GetInventoryConfiguration action. The bucket owner has this permission by
-// default and can grant this permission to others. For more information about
-// permissions, see Permissions Related to Bucket Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// For information about the Amazon S3 inventory feature, see Amazon S3 Inventory
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html). The
-// following operations are related to GetBucketInventoryConfiguration:
-//
-// *
-// DeleteBucketInventoryConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html)
-//
-// *
-// ListBucketInventoryConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html)
-//
-// *
-// PutBucketInventoryConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html)
+// the s3:GetInventoryConfiguration action. The bucket owner has this permission
+// by default and can grant this permission to others. For more information about
+// permissions, see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . For information about the Amazon S3 inventory feature, see Amazon S3 Inventory (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html)
+// . The following operations are related to GetBucketInventoryConfiguration :
+//   - DeleteBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html)
+//   - ListBucketInventoryConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html)
+//   - PutBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html)
 func (c *Client) GetBucketInventoryConfiguration(ctx context.Context, params *GetBucketInventoryConfigurationInput, optFns ...func(*Options)) (*GetBucketInventoryConfigurationOutput, error) {
 	if params == nil {
 		params = &GetBucketInventoryConfigurationInput{}
@@ -138,6 +126,9 @@ func (c *Client) addOperationGetBucketInventoryConfigurationMiddlewares(stack *m
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketInventoryConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLifecycleConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLifecycleConfiguration.go
index 5d72d2ebc..6cac2972d 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLifecycleConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLifecycleConfiguration.go
@@ -12,51 +12,31 @@ import (
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Bucket lifecycle configuration now supports specifying a lifecycle rule using an
-// object key name prefix, one or more object tags, or a combination of both.
+// Bucket lifecycle configuration now supports specifying a lifecycle rule using
+// an object key name prefix, one or more object tags, or a combination of both.
 // Accordingly, this section describes the latest API. The response describes the
 // new filter element that you can use to specify a filter to select a subset of
 // objects to which the rule applies. If you are using a previous version of the
 // lifecycle configuration, it still works. For the earlier action, see
-// GetBucketLifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html).
-// Returns the lifecycle configuration information set on the bucket. For
-// information about lifecycle configuration, see Object Lifecycle Management
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html). To
-// use this operation, you must have permission to perform the
+// GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html)
+// . Returns the lifecycle configuration information set on the bucket. For
+// information about lifecycle configuration, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
+// . To use this operation, you must have permission to perform the
 // s3:GetLifecycleConfiguration action. The bucket owner has this permission, by
 // default. The bucket owner can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// GetBucketLifecycleConfiguration has the following special error:
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . GetBucketLifecycleConfiguration has the following special error:
+//   - Error code: NoSuchLifecycleConfiguration
+//   - Description: The lifecycle configuration does not exist.
+//   - HTTP Status Code: 404 Not Found
+//   - SOAP Fault Code Prefix: Client
 //
-// * Error code:
-// NoSuchLifecycleConfiguration
-//
-// * Description: The lifecycle configuration does
-// not exist.
-//
-// * HTTP Status Code: 404 Not Found
-//
-// * SOAP Fault Code Prefix:
-// Client
-//
-// The following operations are related to
-// GetBucketLifecycleConfiguration:
-//
-// * GetBucketLifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html)
-//
-// *
-// PutBucketLifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)
-//
-// *
-// DeleteBucketLifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html)
+// The following operations are related to GetBucketLifecycleConfiguration :
+//   - GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html)
+//   - PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)
+//   - DeleteBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html)
 func (c *Client) GetBucketLifecycleConfiguration(ctx context.Context, params *GetBucketLifecycleConfigurationInput, optFns ...func(*Options)) (*GetBucketLifecycleConfigurationOutput, error) {
 	if params == nil {
 		params = &GetBucketLifecycleConfigurationInput{}
@@ -155,6 +135,9 @@ func (c *Client) addOperationGetBucketLifecycleConfigurationMiddlewares(stack *m
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketLifecycleConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLocation.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLocation.go
index 38f287bef..6c9bbc0f7 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLocation.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLocation.go
@@ -21,22 +21,20 @@ import (
 
 // Returns the Region the bucket resides in. You set the bucket's Region using the
 // LocationConstraint request parameter in a CreateBucket request. For more
-// information, see CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html). To use
-// this implementation of the operation, you must be the bucket owner. To use this
-// API against an access point, provide the alias of the access point in place of
-// the bucket name. For requests made using Amazon Web Services Signature Version 4
-// (SigV4), we recommend that you use HeadBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html) to return
-// the bucket Region instead of GetBucketLocation. The following operations are
-// related to GetBucketLocation:
-//
-// * GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// *
-// CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+// information, see CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+// . To use this API operation against an access point, provide the alias of the
+// access point in place of the bucket name. To use this API operation against an
+// Object Lambda access point, provide the alias of the Object Lambda access point
+// in place of the bucket name. If the Object Lambda access point alias in a
+// request is not valid, the error code InvalidAccessPointAliasError is returned.
+// For more information about InvalidAccessPointAliasError , see List of Error
+// Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+// . We recommend that you use HeadBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html)
+// to return the Region that a bucket resides in. For backward compatibility,
+// Amazon S3 continues to support GetBucketLocation. The following operations are
+// related to GetBucketLocation :
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
 func (c *Client) GetBucketLocation(ctx context.Context, params *GetBucketLocationInput, optFns ...func(*Options)) (*GetBucketLocationOutput, error) {
 	if params == nil {
 		params = &GetBucketLocationInput{}
@@ -54,7 +52,14 @@ func (c *Client) GetBucketLocation(ctx context.Context, params *GetBucketLocatio
 
 type GetBucketLocationInput struct {
 
-	// The name of the bucket for which to get the location.
+	// The name of the bucket for which to get the location. To use this API operation
+	// against an access point, provide the alias of the access point in place of the
+	// bucket name. To use this API operation against an Object Lambda access point,
+	// provide the alias of the Object Lambda access point in place of the bucket name.
+	// If the Object Lambda access point alias in a request is not valid, the error
+	// code InvalidAccessPointAliasError is returned. For more information about
+	// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+	// .
 	//
 	// This member is required.
 	Bucket *string
@@ -70,9 +75,8 @@ type GetBucketLocationInput struct {
 type GetBucketLocationOutput struct {
 
 	// Specifies the Region where the bucket resides. For a list of all the Amazon S3
-	// supported location constraints by Region, see Regions and Endpoints
-	// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region). Buckets in
-	// Region us-east-1 have a LocationConstraint of null.
+	// supported location constraints by Region, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+	// . Buckets in Region us-east-1 have a LocationConstraint of null .
 	LocationConstraint types.BucketLocationConstraint
 
 	// Metadata pertaining to the operation's result.
@@ -141,6 +145,9 @@ func (c *Client) addOperationGetBucketLocationMiddlewares(stack *middleware.Stac
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketLocationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -224,9 +231,9 @@ func newServiceMetadataMiddleware_opGetBucketLocation(region string) *awsmiddlew
 	}
 }
 
-// getGetBucketLocationBucketMember returns a pointer to string denoting a provided
-// bucket member valueand a boolean indicating if the input has a modeled bucket
-// name,
+// getGetBucketLocationBucketMember returns a pointer to string denoting a
+// provided bucket member valueand a boolean indicating if the input has a modeled
+// bucket name,
 func getGetBucketLocationBucketMember(input interface{}) (*string, bool) {
 	in := input.(*GetBucketLocationInput)
 	if in.Bucket == nil {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLogging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLogging.go
index 0a1c63895..bc101b8a1 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLogging.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLogging.go
@@ -13,15 +13,10 @@ import (
 )
 
 // Returns the logging status of a bucket and the permissions users have to view
-// and modify that status. The following operations are related to
-// GetBucketLogging:
-//
-// * CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// *
-// PutBucketLogging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLogging.html)
+// and modify that status. The following operations are related to GetBucketLogging
+// :
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//   - PutBucketLogging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLogging.html)
 func (c *Client) GetBucketLogging(ctx context.Context, params *GetBucketLoggingInput, optFns ...func(*Options)) (*GetBucketLoggingOutput, error) {
 	if params == nil {
 		params = &GetBucketLoggingInput{}
@@ -54,10 +49,9 @@ type GetBucketLoggingInput struct {
 
 type GetBucketLoggingOutput struct {
 
-	// Describes where logs are stored and the prefix that Amazon S3 assigns to all log
-	// object keys for a bucket. For more information, see PUT Bucket logging
-	// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) in
-	// the Amazon S3 API Reference.
+	// Describes where logs are stored and the prefix that Amazon S3 assigns to all
+	// log object keys for a bucket. For more information, see PUT Bucket logging (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html)
+	// in the Amazon S3 API Reference.
 	LoggingEnabled *types.LoggingEnabled
 
 	// Metadata pertaining to the operation's result.
@@ -123,6 +117,9 @@ func (c *Client) addOperationGetBucketLoggingMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketLoggingUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetricsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetricsConfiguration.go
index c1883a434..f18b7259b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetricsConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetricsConfiguration.go
@@ -18,30 +18,15 @@ import (
 // s3:GetMetricsConfiguration action. The bucket owner has this permission by
 // default. The bucket owner can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// For information about CloudWatch request metrics for Amazon S3, see Monitoring
-// Metrics with Amazon CloudWatch
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
-// The following operations are related to GetBucketMetricsConfiguration:
-//
-// *
-// PutBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
-//
-// *
-// DeleteBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html)
-//
-// *
-// ListBucketMetricsConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html)
-//
-// *
-// Monitoring Metrics with Amazon CloudWatch
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . For information about CloudWatch request metrics for Amazon S3, see
+// Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
+// . The following operations are related to GetBucketMetricsConfiguration :
+//   - PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
+//   - DeleteBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html)
+//   - ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html)
+//   - Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
 func (c *Client) GetBucketMetricsConfiguration(ctx context.Context, params *GetBucketMetricsConfigurationInput, optFns ...func(*Options)) (*GetBucketMetricsConfigurationOutput, error) {
 	if params == nil {
 		params = &GetBucketMetricsConfigurationInput{}
@@ -146,6 +131,9 @@ func (c *Client) addOperationGetBucketMetricsConfigurationMiddlewares(stack *mid
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketMetricsConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketNotificationConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketNotificationConfiguration.go
index c2e1df60c..35956ee80 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketNotificationConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketNotificationConfiguration.go
@@ -17,17 +17,18 @@ import (
 // element. By default, you must be the bucket owner to read the notification
 // configuration of a bucket. However, the bucket owner can use a bucket policy to
 // grant permission to other users to read this configuration with the
-// s3:GetBucketNotification permission. To use this API against an access point,
-// provide the alias of the access point in place of the bucket name. For more
-// information about setting and reading the notification configuration on a
-// bucket, see Setting Up Notification of Bucket Events
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). For
-// more information about bucket policies, see Using Bucket Policies
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). The
-// following action is related to GetBucketNotification:
-//
-// * PutBucketNotification
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotification.html)
+// s3:GetBucketNotification permission. To use this API operation against an access
+// point, provide the alias of the access point in place of the bucket name. To use
+// this API operation against an Object Lambda access point, provide the alias of
+// the Object Lambda access point in place of the bucket name. If the Object Lambda
+// access point alias in a request is not valid, the error code
+// InvalidAccessPointAliasError is returned. For more information about
+// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+// . For more information about setting and reading the notification configuration
+// on a bucket, see Setting Up Notification of Bucket Events (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+// . For more information about bucket policies, see Using Bucket Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html)
+// . The following action is related to GetBucketNotification :
+//   - PutBucketNotification (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotification.html)
 func (c *Client) GetBucketNotificationConfiguration(ctx context.Context, params *GetBucketNotificationConfigurationInput, optFns ...func(*Options)) (*GetBucketNotificationConfigurationOutput, error) {
 	if params == nil {
 		params = &GetBucketNotificationConfigurationInput{}
@@ -45,7 +46,14 @@ func (c *Client) GetBucketNotificationConfiguration(ctx context.Context, params
 
 type GetBucketNotificationConfigurationInput struct {
 
-	// The name of the bucket for which to get the notification configuration.
+	// The name of the bucket for which to get the notification configuration. To use
+	// this API operation against an access point, provide the alias of the access
+	// point in place of the bucket name. To use this API operation against an Object
+	// Lambda access point, provide the alias of the Object Lambda access point in
+	// place of the bucket name. If the Object Lambda access point alias in a request
+	// is not valid, the error code InvalidAccessPointAliasError is returned. For more
+	// information about InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+	// .
 	//
 	// This member is required.
 	Bucket *string
@@ -58,8 +66,8 @@ type GetBucketNotificationConfigurationInput struct {
 	noSmithyDocumentSerde
 }
 
-// A container for specifying the notification configuration of the bucket. If this
-// element is empty, notifications are turned off for the bucket.
+// A container for specifying the notification configuration of the bucket. If
+// this element is empty, notifications are turned off for the bucket.
 type GetBucketNotificationConfigurationOutput struct {
 
 	// Enables delivery of events to Amazon EventBridge.
@@ -69,12 +77,12 @@ type GetBucketNotificationConfigurationOutput struct {
 	// them.
 	LambdaFunctionConfigurations []types.LambdaFunctionConfiguration
 
-	// The Amazon Simple Queue Service queues to publish messages to and the events for
-	// which to publish messages.
+	// The Amazon Simple Queue Service queues to publish messages to and the events
+	// for which to publish messages.
 	QueueConfigurations []types.QueueConfiguration
 
-	// The topic to which notifications are sent and the events for which notifications
-	// are generated.
+	// The topic to which notifications are sent and the events for which
+	// notifications are generated.
 	TopicConfigurations []types.TopicConfiguration
 
 	// Metadata pertaining to the operation's result.
@@ -140,6 +148,9 @@ func (c *Client) addOperationGetBucketNotificationConfigurationMiddlewares(stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketNotificationConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketOwnershipControls.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketOwnershipControls.go
index 571c9566c..8a82efb14 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketOwnershipControls.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketOwnershipControls.go
@@ -14,16 +14,11 @@ import (
 
 // Retrieves OwnershipControls for an Amazon S3 bucket. To use this operation, you
 // must have the s3:GetBucketOwnershipControls permission. For more information
-// about Amazon S3 permissions, see Specifying permissions in a policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html).
-// For information about Amazon S3 Object Ownership, see Using Object Ownership
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html).
-// The following operations are related to GetBucketOwnershipControls:
-//
-// *
-// PutBucketOwnershipControls
-//
-// * DeleteBucketOwnershipControls
+// about Amazon S3 permissions, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html)
+// . For information about Amazon S3 Object Ownership, see Using Object Ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// . The following operations are related to GetBucketOwnershipControls :
+//   - PutBucketOwnershipControls
+//   - DeleteBucketOwnershipControls
 func (c *Client) GetBucketOwnershipControls(ctx context.Context, params *GetBucketOwnershipControlsInput, optFns ...func(*Options)) (*GetBucketOwnershipControlsOutput, error) {
 	if params == nil {
 		params = &GetBucketOwnershipControlsInput{}
@@ -123,6 +118,9 @@ func (c *Client) addOperationGetBucketOwnershipControlsMiddlewares(stack *middle
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketOwnershipControlsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -150,9 +148,9 @@ func newServiceMetadataMiddleware_opGetBucketOwnershipControls(region string) *a
 	}
 }
 
-// getGetBucketOwnershipControlsBucketMember returns a pointer to string denoting a
-// provided bucket member valueand a boolean indicating if the input has a modeled
-// bucket name,
+// getGetBucketOwnershipControlsBucketMember returns a pointer to string denoting
+// a provided bucket member valueand a boolean indicating if the input has a
+// modeled bucket name,
 func getGetBucketOwnershipControlsBucketMember(input interface{}) (*string, bool) {
 	in := input.(*GetBucketOwnershipControlsInput)
 	if in.Bucket == nil {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicy.go
index 5a7df8f3e..4ca448a08 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicy.go
@@ -18,17 +18,23 @@ import (
 // If you don't have GetBucketPolicy permissions, Amazon S3 returns a 403 Access
 // Denied error. If you have the correct permissions, but you're not using an
 // identity that belongs to the bucket owner's account, Amazon S3 returns a 405
-// Method Not Allowed error. As a security precaution, the root user of the Amazon
-// Web Services account that owns a bucket can always use this operation, even if
-// the policy explicitly denies the root user the ability to perform this action.
-// To use this API against an access point, provide the alias of the access point
-// in place of the bucket name. For more information about bucket policies, see
-// Using Bucket Policies and User Policies
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). The
-// following action is related to GetBucketPolicy:
-//
-// * GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+// Method Not Allowed error. To ensure that bucket owners don't inadvertently lock
+// themselves out of their own buckets, the root principal in a bucket owner's
+// Amazon Web Services account can perform the GetBucketPolicy , PutBucketPolicy ,
+// and DeleteBucketPolicy API actions, even if their bucket policy explicitly
+// denies the root principal's access. Bucket owner root principals can only be
+// blocked from performing these API actions by VPC endpoint policies and Amazon
+// Web Services Organizations policies. To use this API operation against an access
+// point, provide the alias of the access point in place of the bucket name. To use
+// this API operation against an Object Lambda access point, provide the alias of
+// the Object Lambda access point in place of the bucket name. If the Object Lambda
+// access point alias in a request is not valid, the error code
+// InvalidAccessPointAliasError is returned. For more information about
+// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+// . For more information about bucket policies, see Using Bucket Policies and
+// User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html)
+// . The following action is related to GetBucketPolicy :
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
 func (c *Client) GetBucketPolicy(ctx context.Context, params *GetBucketPolicyInput, optFns ...func(*Options)) (*GetBucketPolicyOutput, error) {
 	if params == nil {
 		params = &GetBucketPolicyInput{}
@@ -46,7 +52,14 @@ func (c *Client) GetBucketPolicy(ctx context.Context, params *GetBucketPolicyInp
 
 type GetBucketPolicyInput struct {
 
-	// The bucket name for which to get the bucket policy.
+	// The bucket name for which to get the bucket policy. To use this API operation
+	// against an access point, provide the alias of the access point in place of the
+	// bucket name. To use this API operation against an Object Lambda access point,
+	// provide the alias of the Object Lambda access point in place of the bucket name.
+	// If the Object Lambda access point alias in a request is not valid, the error
+	// code InvalidAccessPointAliasError is returned. For more information about
+	// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+	// .
 	//
 	// This member is required.
 	Bucket *string
@@ -127,6 +140,9 @@ func (c *Client) addOperationGetBucketPolicyMiddlewares(stack *middleware.Stack,
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketPolicyUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicyStatus.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicyStatus.go
index 570f60faa..bbff4a112 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicyStatus.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicyStatus.go
@@ -15,28 +15,14 @@ import (
 // Retrieves the policy status for an Amazon S3 bucket, indicating whether the
 // bucket is public. In order to use this operation, you must have the
 // s3:GetBucketPolicyStatus permission. For more information about Amazon S3
-// permissions, see Specifying Permissions in a Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
-// For more information about when Amazon S3 considers a bucket public, see The
-// Meaning of "Public"
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status).
-// The following operations are related to GetBucketPolicyStatus:
-//
-// * Using Amazon
-// S3 Block Public Access
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
-//
-// *
-// GetPublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
-//
-// *
-// PutPublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html)
-//
-// *
-// DeletePublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
+// permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// . For more information about when Amazon S3 considers a bucket public, see The
+// Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
+// . The following operations are related to GetBucketPolicyStatus :
+//   - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
+//   - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
+//   - PutPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html)
+//   - DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
 func (c *Client) GetBucketPolicyStatus(ctx context.Context, params *GetBucketPolicyStatusInput, optFns ...func(*Options)) (*GetBucketPolicyStatusOutput, error) {
 	if params == nil {
 		params = &GetBucketPolicyStatusInput{}
@@ -135,6 +121,9 @@ func (c *Client) addOperationGetBucketPolicyStatusMiddlewares(stack *middleware.
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketPolicyStatusUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketReplication.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketReplication.go
index 5d7f3115b..02040a3e2 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketReplication.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketReplication.go
@@ -15,26 +15,17 @@ import (
 // Returns the replication configuration of a bucket. It can take a while to
 // propagate the put or delete a replication configuration to all Amazon S3
 // systems. Therefore, a get request soon after put or delete can return a wrong
-// result. For information about replication configuration, see Replication
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) in the Amazon
-// S3 User Guide. This action requires permissions for the
+// result. For information about replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
+// in the Amazon S3 User Guide. This action requires permissions for the
 // s3:GetReplicationConfiguration action. For more information about permissions,
-// see Using Bucket Policies and User Policies
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). If
-// you include the Filter element in a replication configuration, you must also
-// include the DeleteMarkerReplication and Priority elements. The response also
-// returns those elements. For information about GetBucketReplication errors, see
-// List of replication-related error codes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList)
-// The following operations are related to GetBucketReplication:
-//
-// *
-// PutBucketReplication
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html)
-//
-// *
-// DeleteBucketReplication
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html)
+// see Using Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html)
+// . If you include the Filter element in a replication configuration, you must
+// also include the DeleteMarkerReplication and Priority elements. The response
+// also returns those elements. For information about GetBucketReplication errors,
+// see List of replication-related error codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList)
+// The following operations are related to GetBucketReplication :
+//   - PutBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html)
+//   - DeleteBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html)
 func (c *Client) GetBucketReplication(ctx context.Context, params *GetBucketReplicationInput, optFns ...func(*Options)) (*GetBucketReplicationOutput, error) {
 	if params == nil {
 		params = &GetBucketReplicationInput{}
@@ -134,6 +125,9 @@ func (c *Client) addOperationGetBucketReplicationMiddlewares(stack *middleware.S
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketReplicationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketRequestPayment.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketRequestPayment.go
index 45f985b95..b5194696f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketRequestPayment.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketRequestPayment.go
@@ -13,13 +13,10 @@ import (
 )
 
 // Returns the request payment configuration of a bucket. To use this version of
-// the operation, you must be the bucket owner. For more information, see Requester
-// Pays Buckets
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html). The
-// following operations are related to GetBucketRequestPayment:
-//
-// * ListObjects
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html)
+// the operation, you must be the bucket owner. For more information, see
+// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html)
+// . The following operations are related to GetBucketRequestPayment :
+//   - ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html)
 func (c *Client) GetBucketRequestPayment(ctx context.Context, params *GetBucketRequestPaymentInput, optFns ...func(*Options)) (*GetBucketRequestPaymentOutput, error) {
 	if params == nil {
 		params = &GetBucketRequestPaymentInput{}
@@ -118,6 +115,9 @@ func (c *Client) addOperationGetBucketRequestPaymentMiddlewares(stack *middlewar
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketRequestPaymentUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go
index 816d1b3e7..c8248facf 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go
@@ -16,21 +16,12 @@ import (
 // have permission to perform the s3:GetBucketTagging action. By default, the
 // bucket owner has this permission and can grant this permission to others.
 // GetBucketTagging has the following special error:
+//   - Error code: NoSuchTagSet
+//   - Description: There is no tag set associated with the bucket.
 //
-// * Error code: NoSuchTagSet
-//
-// *
-// Description: There is no tag set associated with the bucket.
-//
-// The following
-// operations are related to GetBucketTagging:
-//
-// * PutBucketTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html)
-//
-// *
-// DeleteBucketTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html)
+// The following operations are related to GetBucketTagging :
+//   - PutBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html)
+//   - DeleteBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html)
 func (c *Client) GetBucketTagging(ctx context.Context, params *GetBucketTaggingInput, optFns ...func(*Options)) (*GetBucketTaggingOutput, error) {
 	if params == nil {
 		params = &GetBucketTaggingInput{}
@@ -131,6 +122,9 @@ func (c *Client) addOperationGetBucketTaggingMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketTaggingUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketVersioning.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketVersioning.go
index 3657bd1ca..754e6d430 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketVersioning.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketVersioning.go
@@ -14,21 +14,12 @@ import (
 
 // Returns the versioning state of a bucket. To retrieve the versioning state of a
 // bucket, you must be the bucket owner. This implementation also returns the MFA
-// Delete status of the versioning state. If the MFA Delete status is enabled, the
+// Delete status of the versioning state. If the MFA Delete status is enabled , the
 // bucket owner must use an authentication device to change the versioning state of
-// the bucket. The following operations are related to GetBucketVersioning:
-//
-// *
-// GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// *
-// PutObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-// *
-// DeleteObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
+// the bucket. The following operations are related to GetBucketVersioning :
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
 func (c *Client) GetBucketVersioning(ctx context.Context, params *GetBucketVersioningInput, optFns ...func(*Options)) (*GetBucketVersioningOutput, error) {
 	if params == nil {
 		params = &GetBucketVersioningInput{}
@@ -132,6 +123,9 @@ func (c *Client) addOperationGetBucketVersioningMiddlewares(stack *middleware.St
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketVersioningUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketWebsite.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketWebsite.go
index aa866b301..a3e72eb3f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketWebsite.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketWebsite.go
@@ -14,20 +14,14 @@ import (
 
 // Returns the website configuration for a bucket. To host website on Amazon S3,
 // you can configure a bucket as website by adding a website configuration. For
-// more information about hosting websites, see Hosting Websites on Amazon S3
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). This GET
-// action requires the S3:GetBucketWebsite permission. By default, only the bucket
-// owner can read the bucket website configuration. However, bucket owners can
-// allow other users to read the website configuration by writing a bucket policy
-// granting them the S3:GetBucketWebsite permission. The following operations are
-// related to DeleteBucketWebsite:
-//
-// * DeleteBucketWebsite
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketWebsite.html)
-//
-// *
-// PutBucketWebsite
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html)
+// more information about hosting websites, see Hosting Websites on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html)
+// . This GET action requires the S3:GetBucketWebsite permission. By default, only
+// the bucket owner can read the bucket website configuration. However, bucket
+// owners can allow other users to read the website configuration by writing a
+// bucket policy granting them the S3:GetBucketWebsite permission. The following
+// operations are related to GetBucketWebsite :
+//   - DeleteBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketWebsite.html)
+//   - PutBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html)
 func (c *Client) GetBucketWebsite(ctx context.Context, params *GetBucketWebsiteInput, optFns ...func(*Options)) (*GetBucketWebsiteOutput, error) {
 	if params == nil {
 		params = &GetBucketWebsiteInput{}
@@ -63,7 +57,7 @@ type GetBucketWebsiteOutput struct {
 	// The object key name of the website error document to use for 4XX class errors.
 	ErrorDocument *types.ErrorDocument
 
-	// The name of the index document for the website (for example index.html).
+	// The name of the index document for the website (for example index.html ).
 	IndexDocument *types.IndexDocument
 
 	// Specifies the redirect behavior of all requests to a website endpoint of an
@@ -136,6 +130,9 @@ func (c *Client) addOperationGetBucketWebsiteMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetBucketWebsiteUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObject.go
index 9647cbd5b..76f352074 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObject.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObject.go
@@ -15,88 +15,66 @@ import (
 	"time"
 )
 
-// Retrieves objects from Amazon S3. To use GET, you must have READ access to the
+// Retrieves objects from Amazon S3. To use GET , you must have READ access to the
 // object. If you grant READ access to the anonymous user, you can return the
 // object without using an authorization header. An Amazon S3 bucket has no
 // directory hierarchy such as you would find in a typical computer file system.
 // You can, however, create a logical hierarchy by using object key names that
-// imply a folder structure. For example, instead of naming an object sample.jpg,
-// you can name it photos/2006/February/sample.jpg. To get an object from such a
+// imply a folder structure. For example, instead of naming an object sample.jpg ,
+// you can name it photos/2006/February/sample.jpg . To get an object from such a
 // logical hierarchy, specify the full key name for the object in the GET
 // operation. For a virtual hosted-style request example, if you have the object
-// photos/2006/February/sample.jpg, specify the resource as
-// /photos/2006/February/sample.jpg. For a path-style request example, if you have
-// the object photos/2006/February/sample.jpg in the bucket named examplebucket,
-// specify the resource as /examplebucket/photos/2006/February/sample.jpg. For more
-// information about request types, see HTTP Host Header Bucket Specification
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket).
-// For more information about returning the ACL of an object, see GetObjectAcl
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html). If the
-// object you are retrieving is stored in the S3 Glacier or S3 Glacier Deep Archive
-// storage class, or S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep
-// Archive tiers, before you can retrieve the object you must first restore a copy
-// using RestoreObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html).
-// Otherwise, this action returns an InvalidObjectState error. For information
-// about restoring archived objects, see Restoring Archived Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html).
-// Encryption request headers, like x-amz-server-side-encryption, should not be
+// photos/2006/February/sample.jpg , specify the resource as
+// /photos/2006/February/sample.jpg . For a path-style request example, if you have
+// the object photos/2006/February/sample.jpg in the bucket named examplebucket ,
+// specify the resource as /examplebucket/photos/2006/February/sample.jpg . For
+// more information about request types, see HTTP Host Header Bucket Specification (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket)
+// . For more information about returning the ACL of an object, see GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
+// . If the object you are retrieving is stored in the S3 Glacier or S3 Glacier
+// Deep Archive storage class, or S3 Intelligent-Tiering Archive or S3
+// Intelligent-Tiering Deep Archive tiers, before you can retrieve the object you
+// must first restore a copy using RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html)
+// . Otherwise, this action returns an InvalidObjectState error. For information
+// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html)
+// . Encryption request headers, like x-amz-server-side-encryption , should not be
 // sent for GET requests if your object uses server-side encryption with KMS keys
 // (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys
 // (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400
 // BadRequest error. If you encrypt an object by using server-side encryption with
 // customer-provided encryption keys (SSE-C) when you store the object in Amazon
 // S3, then when you GET the object, you must use the following headers:
+//   - x-amz-server-side-encryption-customer-algorithm
+//   - x-amz-server-side-encryption-customer-key
+//   - x-amz-server-side-encryption-customer-key-MD5
 //
-// *
-// x-amz-server-side-encryption-customer-algorithm
-//
-// *
-// x-amz-server-side-encryption-customer-key
-//
-// *
-// x-amz-server-side-encryption-customer-key-MD5
-//
-// For more information about SSE-C,
-// see Server-Side Encryption (Using Customer-Provided Encryption Keys)
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
-// Assuming you have the relevant permission to read object tags, the response also
-// returns the x-amz-tagging-count header that provides the count of number of tags
-// associated with the object. You can use GetObjectTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) to
-// retrieve the tag set associated with an object. Permissions You need the
+// For more information about SSE-C, see Server-Side Encryption (Using
+// Customer-Provided Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+// . Assuming you have the relevant permission to read object tags, the response
+// also returns the x-amz-tagging-count header that provides the count of number
+// of tags associated with the object. You can use GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
+// to retrieve the tag set associated with an object. Permissions You need the
 // relevant read object (or version) permission for this operation. For more
-// information, see Specifying Permissions in a Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). If
-// the object you request does not exist, the error Amazon S3 returns depends on
-// whether you also have the s3:ListBucket permission.
+// information, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// . If the object you request does not exist, the error Amazon S3 returns depends
+// on whether you also have the s3:ListBucket permission.
+//   - If you have the s3:ListBucket permission on the bucket, Amazon S3 will
+//     return an HTTP status code 404 ("no such key") error.
+//   - If you don’t have the s3:ListBucket permission, Amazon S3 will return an
+//     HTTP status code 403 ("access denied") error.
 //
-// * If you have the
-// s3:ListBucket permission on the bucket, Amazon S3 will return an HTTP status
-// code 404 ("no such key") error.
+// Versioning By default, the GET action returns the current version of an object.
+// To return a different version, use the versionId subresource.
+//   - If you supply a versionId , you need the s3:GetObjectVersion permission to
+//     access a specific version of an object. If you request a specific version, you
+//     do not need to have the s3:GetObject permission. If you request the current
+//     version without a specific version ID, only s3:GetObject permission is
+//     required. s3:GetObjectVersion permission won't be required.
+//   - If the current version of the object is a delete marker, Amazon S3 behaves
+//     as if the object was deleted and includes x-amz-delete-marker: true in the
+//     response.
 //
-// * If you don’t have the s3:ListBucket
-// permission, Amazon S3 will return an HTTP status code 403 ("access denied")
-// error.
-//
-// Versioning By default, the GET action returns the current version of an
-// object. To return a different version, use the versionId subresource.
-//
-// * If you
-// supply a versionId, you need the s3:GetObjectVersion permission to access a
-// specific version of an object. If you request a specific version, you do not
-// need to have the s3:GetObject permission. If you request the current version
-// without a specific version ID, only s3:GetObject permission is required.
-// s3:GetObjectVersion permission won't be required.
-//
-// * If the current version of
-// the object is a delete marker, Amazon S3 behaves as if the object was deleted
-// and includes x-amz-delete-marker: true in the response.
-//
-// For more information
-// about versioning, see PutBucketVersioning
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html).
-// Overriding Response Header Values There are times when you want to override
+// For more information about versioning, see PutBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html)
+// . Overriding Response Header Values There are times when you want to override
 // certain response header values in a GET response. For example, you might
 // override the Content-Disposition response header value in your GET request. You
 // can override values for a set of response headers using the following query
@@ -104,44 +82,30 @@ import (
 // that is, when status code 200 OK is returned. The set of headers you can
 // override using these parameters is a subset of the headers that Amazon S3
 // accepts when you create an object. The response headers that you can override
-// for the GET response are Content-Type, Content-Language, Expires, Cache-Control,
-// Content-Disposition, and Content-Encoding. To override these header values in
-// the GET response, you use the following request parameters. You must sign the
-// request, either using an Authorization header or a presigned URL, when using
-// these parameters. They cannot be used with an unsigned (anonymous) request.
+// for the GET response are Content-Type , Content-Language , Expires ,
+// Cache-Control , Content-Disposition , and Content-Encoding . To override these
+// header values in the GET response, you use the following request parameters. You
+// must sign the request, either using an Authorization header or a presigned URL,
+// when using these parameters. They cannot be used with an unsigned (anonymous)
+// request.
+//   - response-content-type
+//   - response-content-language
+//   - response-expires
+//   - response-cache-control
+//   - response-content-disposition
+//   - response-content-encoding
 //
-// *
-// response-content-type
-//
-// * response-content-language
-//
-// * response-expires
-//
-// *
-// response-cache-control
-//
-// * response-content-disposition
-//
-// *
-// response-content-encoding
-//
-// Additional Considerations about Request Headers If
-// both of the If-Match and If-Unmodified-Since headers are present in the request
-// as follows: If-Match condition evaluates to true, and; If-Unmodified-Since
-// condition evaluates to false; then, S3 returns 200 OK and the data requested. If
-// both of the If-None-Match and If-Modified-Since headers are present in the
-// request as follows: If-None-Match condition evaluates to false, and;
-// If-Modified-Since condition evaluates to true; then, S3 returns 304 Not Modified
-// response code. For more information about conditional requests, see RFC 7232
-// (https://tools.ietf.org/html/rfc7232). The following operations are related to
-// GetObject:
-//
-// * ListBuckets
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html)
-//
-// *
-// GetObjectAcl
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
+// Overriding Response Header Values If both of the If-Match and
+// If-Unmodified-Since headers are present in the request as follows: If-Match
+// condition evaluates to true , and; If-Unmodified-Since condition evaluates to
+// false ; then, S3 returns 200 OK and the data requested. If both of the
+// If-None-Match and If-Modified-Since headers are present in the request as
+// follows: If-None-Match condition evaluates to false , and; If-Modified-Since
+// condition evaluates to true ; then, S3 returns 304 Not Modified response code.
+// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232)
+// . The following operations are related to GetObject :
+//   - ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html)
+//   - GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
 func (c *Client) GetObject(ctx context.Context, params *GetObjectInput, optFns ...func(*Options)) (*GetObjectOutput, error) {
 	if params == nil {
 		params = &GetObjectInput{}
@@ -165,19 +129,17 @@ type GetObjectInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When using an Object Lambda access point the
 	// hostname takes the form
 	// AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com. When you use
 	// this action with Amazon S3 on Outposts, you must direct requests to the S3 on
 	// Outposts hostname. The S3 on Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -216,17 +178,16 @@ type GetObjectInput struct {
 	// Useful for downloading just a part of an object.
 	PartNumber int32
 
-	// Downloads the specified range bytes of an object. For more information about the
-	// HTTP Range header, see https://www.rfc-editor.org/rfc/rfc9110.html#name-range
-	// (https://www.rfc-editor.org/rfc/rfc9110.html#name-range). Amazon S3 doesn't
-	// support retrieving multiple ranges of data per GET request.
+	// Downloads the specified range bytes of an object. For more information about
+	// the HTTP Range header, see
+	// https://www.rfc-editor.org/rfc/rfc9110.html#name-range (https://www.rfc-editor.org/rfc/rfc9110.html#name-range)
+	// . Amazon S3 doesn't support retrieving multiple ranges of data per GET request.
 	Range *string
 
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -252,11 +213,11 @@ type GetObjectInput struct {
 	// AES256).
 	SSECustomerAlgorithm *string
 
-	// Specifies the customer-provided encryption key for Amazon S3 used to encrypt the
-	// data. This value is used to decrypt the object when recovering it and must match
-	// the one used when storing the data. The key must be appropriate for use with the
-	// algorithm specified in the x-amz-server-side-encryption-customer-algorithm
-	// header.
+	// Specifies the customer-provided encryption key for Amazon S3 used to encrypt
+	// the data. This value is used to decrypt the object when recovering it and must
+	// match the one used when storing the data. The key must be appropriate for use
+	// with the algorithm specified in the
+	// x-amz-server-side-encryption-customer-algorithm header.
 	SSECustomerKey *string
 
 	// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
@@ -288,32 +249,28 @@ type GetObjectOutput struct {
 	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -394,13 +351,14 @@ type GetObjectOutput struct {
 	// restored object copy.
 	Restore *string
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm used.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header confirming the encryption
+	// algorithm used.
 	SSECustomerAlgorithm *string
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header to provide round-trip message
+	// integrity verification of the customer-provided encryption key.
 	SSECustomerKeyMD5 *string
 
 	// If present, specifies the ID of the Amazon Web Services Key Management Service
@@ -409,7 +367,7 @@ type GetObjectOutput struct {
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256, aws:kms ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// Provides storage class information of the object. Amazon S3 returns this header
@@ -487,6 +445,9 @@ func (c *Client) addOperationGetObjectMiddlewares(stack *middleware.Stack, optio
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetObjectOutputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAcl.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAcl.go
index 709e62ff7..4461cf0dd 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAcl.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAcl.go
@@ -13,34 +13,22 @@ import (
 )
 
 // Returns the access control list (ACL) of an object. To use this operation, you
-// must have s3:GetObjectAcl permissions or READ_ACP access to the object. For more
-// information, see Mapping of ACL permissions and access policy permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#acl-access-policy-permission-mapping)
+// must have s3:GetObjectAcl permissions or READ_ACP access to the object. For
+// more information, see Mapping of ACL permissions and access policy permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#acl-access-policy-permission-mapping)
 // in the Amazon S3 User Guide This action is not supported by Amazon S3 on
-// Outposts. Versioning By default, GET returns ACL information about the current
-// version of an object. To return ACL information about a different version, use
-// the versionId subresource. If your bucket uses the bucket owner enforced setting
-// for S3 Object Ownership, requests to read ACLs are still supported and return
-// the bucket-owner-full-control ACL with the owner being the account that created
-// the bucket. For more information, see  Controlling object ownership and
-// disabling ACLs
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// Outposts. By default, GET returns ACL information about the current version of
+// an object. To return ACL information about a different version, use the
+// versionId subresource. If your bucket uses the bucket owner enforced setting for
+// S3 Object Ownership, requests to read ACLs are still supported and return the
+// bucket-owner-full-control ACL with the owner being the account that created the
+// bucket. For more information, see Controlling object ownership and disabling
+// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
 // in the Amazon S3 User Guide. The following operations are related to
-// GetObjectAcl:
-//
-// * GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// *
-// GetObjectAttributes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
-//
-// *
-// DeleteObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
-//
-// *
-// PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+// GetObjectAcl :
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
 func (c *Client) GetObjectAcl(ctx context.Context, params *GetObjectAclInput, optFns ...func(*Options)) (*GetObjectAclOutput, error) {
 	if params == nil {
 		params = &GetObjectAclInput{}
@@ -64,8 +52,7 @@ type GetObjectAclInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
@@ -84,8 +71,7 @@ type GetObjectAclInput struct {
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -170,6 +156,9 @@ func (c *Client) addOperationGetObjectAclMiddlewares(stack *middleware.Stack, op
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetObjectAclUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAttributes.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAttributes.go
index 7743abc0f..23db9475f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAttributes.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAttributes.go
@@ -15,111 +15,64 @@ import (
 
 // Retrieves all the metadata from an object without returning the object itself.
 // This action is useful if you're interested only in an object's metadata. To use
-// GetObjectAttributes, you must have READ access to the object.
-// GetObjectAttributes combines the functionality of HeadObject and ListParts. All
+// GetObjectAttributes , you must have READ access to the object.
+// GetObjectAttributes combines the functionality of HeadObject and ListParts . All
 // of the data returned with each of those individual calls can be returned with a
-// single call to GetObjectAttributes. If you encrypt an object by using
+// single call to GetObjectAttributes . If you encrypt an object by using
 // server-side encryption with customer-provided encryption keys (SSE-C) when you
 // store the object in Amazon S3, then when you retrieve the metadata from the
 // object, you must use the following headers:
+//   - x-amz-server-side-encryption-customer-algorithm
+//   - x-amz-server-side-encryption-customer-key
+//   - x-amz-server-side-encryption-customer-key-MD5
 //
-// *
-// x-amz-server-side-encryption-customer-algorithm
-//
-// *
-// x-amz-server-side-encryption-customer-key
-//
-// *
-// x-amz-server-side-encryption-customer-key-MD5
-//
-// For more information about SSE-C,
-// see Server-Side Encryption (Using Customer-Provided Encryption Keys)
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+// For more information about SSE-C, see Server-Side Encryption (Using
+// Customer-Provided Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 // in the Amazon S3 User Guide.
+//   - Encryption request headers, such as x-amz-server-side-encryption , should
+//     not be sent for GET requests if your object uses server-side encryption with
+//     Amazon Web Services KMS keys stored in Amazon Web Services Key Management
+//     Service (SSE-KMS) or server-side encryption with Amazon S3 managed keys
+//     (SSE-S3). If your object does use these types of keys, you'll get an HTTP 400
+//     Bad Request error.
+//   - The last modified property in this case is the creation date of the object.
 //
-// * Encryption request headers, such as
-// x-amz-server-side-encryption, should not be sent for GET requests if your object
-// uses server-side encryption with Amazon Web Services KMS keys stored in Amazon
-// Web Services Key Management Service (SSE-KMS) or server-side encryption with
-// Amazon S3 managed keys (SSE-S3). If your object does use these types of keys,
-// you'll get an HTTP 400 Bad Request error.
+// Consider the following when using request headers:
+//   - If both of the If-Match and If-Unmodified-Since headers are present in the
+//     request as follows, then Amazon S3 returns the HTTP status code 200 OK and the
+//     data requested:
+//   - If-Match condition evaluates to true .
+//   - If-Unmodified-Since condition evaluates to false .
+//   - If both of the If-None-Match and If-Modified-Since headers are present in
+//     the request as follows, then Amazon S3 returns the HTTP status code 304 Not
+//     Modified :
+//   - If-None-Match condition evaluates to false .
+//   - If-Modified-Since condition evaluates to true .
 //
-// * The last modified property in this
-// case is the creation date of the object.
-//
-// Consider the following when using
-// request headers:
-//
-// * If both of the If-Match and If-Unmodified-Since headers are
-// present in the request as follows, then Amazon S3 returns the HTTP status code
-// 200 OK and the data requested:
-//
-// * If-Match condition evaluates to true.
-//
-// *
-// If-Unmodified-Since condition evaluates to false.
-//
-// * If both of the
-// If-None-Match and If-Modified-Since headers are present in the request as
-// follows, then Amazon S3 returns the HTTP status code 304 Not Modified:
-//
-// *
-// If-None-Match condition evaluates to false.
-//
-// * If-Modified-Since condition
-// evaluates to true.
-//
-// For more information about conditional requests, see RFC
-// 7232 (https://tools.ietf.org/html/rfc7232). Permissions The permissions that you
-// need to use this operation depend on whether the bucket is versioned. If the
-// bucket is versioned, you need both the s3:GetObjectVersion and
-// s3:GetObjectVersionAttributes permissions for this operation. If the bucket is
-// not versioned, you need the s3:GetObject and s3:GetObjectAttributes permissions.
-// For more information, see Specifying Permissions in a Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) in
-// the Amazon S3 User Guide. If the object that you request does not exist, the
+// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232)
+// . Permissions The permissions that you need to use this operation depend on
+// whether the bucket is versioned. If the bucket is versioned, you need both the
+// s3:GetObjectVersion and s3:GetObjectVersionAttributes permissions for this
+// operation. If the bucket is not versioned, you need the s3:GetObject and
+// s3:GetObjectAttributes permissions. For more information, see Specifying
+// Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// in the Amazon S3 User Guide. If the object that you request does not exist, the
 // error Amazon S3 returns depends on whether you also have the s3:ListBucket
 // permission.
+//   - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an
+//     HTTP status code 404 Not Found ("no such key") error.
+//   - If you don't have the s3:ListBucket permission, Amazon S3 returns an HTTP
+//     status code 403 Forbidden ("access denied") error.
 //
-// * If you have the s3:ListBucket permission on the bucket, Amazon S3
-// returns an HTTP status code 404 Not Found ("no such key") error.
-//
-// * If you don't
-// have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403
-// Forbidden ("access denied") error.
-//
-// The following actions are related to
-// GetObjectAttributes:
-//
-// * GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// *
-// GetObjectAcl
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
-//
-// *
-// GetObjectLegalHold
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLegalHold.html)
-//
-// *
-// GetObjectLockConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLockConfiguration.html)
-//
-// *
-// GetObjectRetention
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectRetention.html)
-//
-// *
-// GetObjectTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
-//
-// *
-// HeadObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadObject.html)
-//
-// *
-// ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+// The following actions are related to GetObjectAttributes :
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//   - GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
+//   - GetObjectLegalHold (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLegalHold.html)
+//   - GetObjectLockConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLockConfiguration.html)
+//   - GetObjectRetention (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectRetention.html)
+//   - GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
+//   - HeadObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadObject.html)
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
 func (c *Client) GetObjectAttributes(ctx context.Context, params *GetObjectAttributesInput, optFns ...func(*Options)) (*GetObjectAttributesOutput, error) {
 	if params == nil {
 		params = &GetObjectAttributesInput{}
@@ -143,17 +96,15 @@ type GetObjectAttributesInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -163,8 +114,8 @@ type GetObjectAttributesInput struct {
 	// This member is required.
 	Key *string
 
-	// An XML header that specifies the fields at the root level that you want returned
-	// in the response. Fields that you do not specify are not returned.
+	// An XML header that specifies the fields at the root level that you want
+	// returned in the response. Fields that you do not specify are not returned.
 	//
 	// This member is required.
 	ObjectAttributes []types.ObjectAttributes
@@ -177,15 +128,14 @@ type GetObjectAttributesInput struct {
 	// Sets the maximum number of parts to return.
 	MaxParts int32
 
-	// Specifies the part after which listing should begin. Only parts with higher part
-	// numbers will be listed.
+	// Specifies the part after which listing should begin. Only parts with higher
+	// part numbers will be listed.
 	PartNumberMarker *string
 
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -215,8 +165,8 @@ type GetObjectAttributesOutput struct {
 	// The checksum or digest of the object.
 	Checksum *types.Checksum
 
-	// Specifies whether the object retrieved was (true) or was not (false) a delete
-	// marker. If false, this response header does not appear in the response.
+	// Specifies whether the object retrieved was ( true ) or was not ( false ) a
+	// delete marker. If false , this response header does not appear in the response.
 	DeleteMarker bool
 
 	// An ETag is an opaque identifier assigned by a web server to a specific version
@@ -238,8 +188,8 @@ type GetObjectAttributesOutput struct {
 
 	// Provides the storage class information of the object. Amazon S3 returns this
 	// header for all objects except for S3 Standard storage class objects. For more
-	// information, see Storage Classes
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html).
+	// information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+	// .
 	StorageClass types.StorageClass
 
 	// The version ID of the object.
@@ -308,6 +258,9 @@ func (c *Client) addOperationGetObjectAttributesMiddlewares(stack *middleware.St
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetObjectAttributesUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLegalHold.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLegalHold.go
index a2446ac32..ecb72bba5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLegalHold.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLegalHold.go
@@ -13,12 +13,10 @@ import (
 )
 
 // Gets an object's current legal hold status. For more information, see Locking
-// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). This
-// action is not supported by Amazon S3 on Outposts. The following action is
-// related to GetObjectLegalHold:
-//
-// * GetObjectAttributes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .
+// This action is not supported by Amazon S3 on Outposts. The following action is
+// related to GetObjectLegalHold :
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
 func (c *Client) GetObjectLegalHold(ctx context.Context, params *GetObjectLegalHoldInput, optFns ...func(*Options)) (*GetObjectLegalHoldOutput, error) {
 	if params == nil {
 		params = &GetObjectLegalHoldInput{}
@@ -42,8 +40,7 @@ type GetObjectLegalHoldInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
@@ -62,8 +59,7 @@ type GetObjectLegalHoldInput struct {
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -141,6 +137,9 @@ func (c *Client) addOperationGetObjectLegalHoldMiddlewares(stack *middleware.Sta
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetObjectLegalHoldUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLockConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLockConfiguration.go
index 91793c133..95710a1ee 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLockConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLockConfiguration.go
@@ -14,13 +14,9 @@ import (
 
 // Gets the Object Lock configuration for a bucket. The rule specified in the
 // Object Lock configuration will be applied by default to every new object placed
-// in the specified bucket. For more information, see Locking Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). The
-// following action is related to GetObjectLockConfiguration:
-//
-// *
-// GetObjectAttributes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+// in the specified bucket. For more information, see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html)
+// . The following action is related to GetObjectLockConfiguration :
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
 func (c *Client) GetObjectLockConfiguration(ctx context.Context, params *GetObjectLockConfigurationInput, optFns ...func(*Options)) (*GetObjectLockConfigurationOutput, error) {
 	if params == nil {
 		params = &GetObjectLockConfigurationInput{}
@@ -38,14 +34,13 @@ func (c *Client) GetObjectLockConfiguration(ctx context.Context, params *GetObje
 
 type GetObjectLockConfigurationInput struct {
 
-	// The bucket whose Object Lock configuration you want to retrieve. When using this
-	// action with an access point, you must direct requests to the access point
+	// The bucket whose Object Lock configuration you want to retrieve. When using
+	// this action with an access point, you must direct requests to the access point
 	// hostname. The access point hostname takes the form
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
@@ -127,6 +122,9 @@ func (c *Client) addOperationGetObjectLockConfigurationMiddlewares(stack *middle
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetObjectLockConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -154,9 +152,9 @@ func newServiceMetadataMiddleware_opGetObjectLockConfiguration(region string) *a
 	}
 }
 
-// getGetObjectLockConfigurationBucketMember returns a pointer to string denoting a
-// provided bucket member valueand a boolean indicating if the input has a modeled
-// bucket name,
+// getGetObjectLockConfigurationBucketMember returns a pointer to string denoting
+// a provided bucket member valueand a boolean indicating if the input has a
+// modeled bucket name,
 func getGetObjectLockConfigurationBucketMember(input interface{}) (*string, bool) {
 	in := input.(*GetObjectLockConfigurationInput)
 	if in.Bucket == nil {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectRetention.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectRetention.go
index 33fc04897..6c5f2bdcf 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectRetention.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectRetention.go
@@ -13,12 +13,10 @@ import (
 )
 
 // Retrieves an object's retention settings. For more information, see Locking
-// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). This
-// action is not supported by Amazon S3 on Outposts. The following action is
-// related to GetObjectRetention:
-//
-// * GetObjectAttributes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) .
+// This action is not supported by Amazon S3 on Outposts. The following action is
+// related to GetObjectRetention :
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
 func (c *Client) GetObjectRetention(ctx context.Context, params *GetObjectRetentionInput, optFns ...func(*Options)) (*GetObjectRetentionOutput, error) {
 	if params == nil {
 		params = &GetObjectRetentionInput{}
@@ -42,8 +40,7 @@ type GetObjectRetentionInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
@@ -62,8 +59,7 @@ type GetObjectRetentionInput struct {
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -141,6 +137,9 @@ func (c *Client) addOperationGetObjectRetentionMiddlewares(stack *middleware.Sta
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetObjectRetentionUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTagging.go
index 7786affd2..529fd8e3b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTagging.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTagging.go
@@ -14,26 +14,17 @@ import (
 
 // Returns the tag-set of an object. You send the GET request against the tagging
 // subresource associated with the object. To use this operation, you must have
-// permission to perform the s3:GetObjectTagging action. By default, the GET action
-// returns information about current version of an object. For a versioned bucket,
-// you can have multiple versions of an object in your bucket. To retrieve tags of
-// any other version, use the versionId query parameter. You also need permission
-// for the s3:GetObjectVersionTagging action. By default, the bucket owner has this
-// permission and can grant this permission to others. For information about the
-// Amazon S3 object tagging feature, see Object Tagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). The
-// following actions are related to GetObjectTagging:
-//
-// * DeleteObjectTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html)
-//
-// *
-// GetObjectAttributes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
-//
-// *
-// PutObjectTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html)
+// permission to perform the s3:GetObjectTagging action. By default, the GET
+// action returns information about current version of an object. For a versioned
+// bucket, you can have multiple versions of an object in your bucket. To retrieve
+// tags of any other version, use the versionId query parameter. You also need
+// permission for the s3:GetObjectVersionTagging action. By default, the bucket
+// owner has this permission and can grant this permission to others. For
+// information about the Amazon S3 object tagging feature, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html)
+// . The following actions are related to GetObjectTagging :
+//   - DeleteObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html)
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+//   - PutObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html)
 func (c *Client) GetObjectTagging(ctx context.Context, params *GetObjectTaggingInput, optFns ...func(*Options)) (*GetObjectTaggingOutput, error) {
 	if params == nil {
 		params = &GetObjectTaggingInput{}
@@ -57,17 +48,15 @@ type GetObjectTaggingInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -85,8 +74,7 @@ type GetObjectTaggingInput struct {
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -169,6 +157,9 @@ func (c *Client) addOperationGetObjectTaggingMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetObjectTaggingUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTorrent.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTorrent.go
index a63f46065..1073f6e34 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTorrent.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTorrent.go
@@ -18,10 +18,8 @@ import (
 // less than 5 GB in size, and that are not encrypted using server-side encryption
 // with a customer-provided encryption key. To use GET, you must have READ access
 // to the object. This action is not supported by Amazon S3 on Outposts. The
-// following action is related to GetObjectTorrent:
-//
-// * GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+// following action is related to GetObjectTorrent :
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
 func (c *Client) GetObjectTorrent(ctx context.Context, params *GetObjectTorrentInput, optFns ...func(*Options)) (*GetObjectTorrentOutput, error) {
 	if params == nil {
 		params = &GetObjectTorrentInput{}
@@ -57,8 +55,7 @@ type GetObjectTorrentInput struct {
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -134,6 +131,9 @@ func (c *Client) addOperationGetObjectTorrentMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetObjectTorrentUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetPublicAccessBlock.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetPublicAccessBlock.go
index eb42c7d27..016e705d0 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetPublicAccessBlock.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetPublicAccessBlock.go
@@ -15,33 +15,19 @@ import (
 // Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket. To use
 // this operation, you must have the s3:GetBucketPublicAccessBlock permission. For
 // more information about Amazon S3 permissions, see Specifying Permissions in a
-// Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
-// When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or an
-// object, it checks the PublicAccessBlock configuration for both the bucket (or
-// the bucket that contains the object) and the bucket owner's account. If the
+// Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// . When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or
+// an object, it checks the PublicAccessBlock configuration for both the bucket
+// (or the bucket that contains the object) and the bucket owner's account. If the
 // PublicAccessBlock settings are different between the bucket and the account,
 // Amazon S3 uses the most restrictive combination of the bucket-level and
 // account-level settings. For more information about when Amazon S3 considers a
-// bucket or an object public, see The Meaning of "Public"
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status).
-// The following operations are related to GetPublicAccessBlock:
-//
-// * Using Amazon S3
-// Block Public Access
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
-//
-// *
-// PutPublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html)
-//
-// *
-// GetPublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
-//
-// *
-// DeletePublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
+// bucket or an object public, see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
+// . The following operations are related to GetPublicAccessBlock :
+//   - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
+//   - PutPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html)
+//   - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
+//   - DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
 func (c *Client) GetPublicAccessBlock(ctx context.Context, params *GetPublicAccessBlockInput, optFns ...func(*Options)) (*GetPublicAccessBlockOutput, error) {
 	if params == nil {
 		params = &GetPublicAccessBlockInput{}
@@ -142,6 +128,9 @@ func (c *Client) addOperationGetPublicAccessBlockMiddlewares(stack *middleware.S
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addGetPublicAccessBlockUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go
index 9214bb873..b99fd8ba0 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go
@@ -17,27 +17,30 @@ import (
 	"time"
 )
 
-// This action is useful to determine if a bucket exists and you have permission to
-// access it. The action returns a 200 OK if the bucket exists and you have
+// This action is useful to determine if a bucket exists and you have permission
+// to access it. The action returns a 200 OK if the bucket exists and you have
 // permission to access it. If the bucket does not exist or you do not have
-// permission to access it, the HEAD request returns a generic 400 Bad Request, 403
-// Forbidden or 404 Not Found code. A message body is not included, so you cannot
-// determine the exception beyond these error codes. To use this operation, you
-// must have permissions to perform the s3:ListBucket action. The bucket owner has
-// this permission by default and can grant this permission to others. For more
+// permission to access it, the HEAD request returns a generic 400 Bad Request ,
+// 403 Forbidden or 404 Not Found code. A message body is not included, so you
+// cannot determine the exception beyond these error codes. To use this operation,
+// you must have permissions to perform the s3:ListBucket action. The bucket owner
+// has this permission by default and can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// To use this API against an access point, you must provide the alias of the
-// access point in place of the bucket name or specify the access point ARN. When
-// using the access point ARN, you must direct requests to the access point
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . To use this API operation against an access point, you must provide the alias
+// of the access point in place of the bucket name or specify the access point ARN.
+// When using the access point ARN, you must direct requests to the access point
 // hostname. The access point hostname takes the form
 // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using the
 // Amazon Web Services SDKs, you provide the ARN in place of the bucket name. For
-// more information see, Using access points
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html).
+// more information, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+// . To use this API operation against an Object Lambda access point, provide the
+// alias of the Object Lambda access point in place of the bucket name. If the
+// Object Lambda access point alias in a request is not valid, the error code
+// InvalidAccessPointAliasError is returned. For more information about
+// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+// .
 func (c *Client) HeadBucket(ctx context.Context, params *HeadBucketInput, optFns ...func(*Options)) (*HeadBucketOutput, error) {
 	if params == nil {
 		params = &HeadBucketInput{}
@@ -60,17 +63,19 @@ type HeadBucketInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
-	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
-	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
-	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// in the Amazon S3 User Guide. When you use this action with an Object Lambda
+	// access point, provide the alias of the Object Lambda access point in place of
+	// the bucket name. If the Object Lambda access point alias in a request is not
+	// valid, the error code InvalidAccessPointAliasError is returned. For more
+	// information about InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList)
+	// . When you use this action with Amazon S3 on Outposts, you must direct requests
+	// to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -147,6 +152,9 @@ func (c *Client) addOperationHeadBucketMiddlewares(stack *middleware.Stack, opti
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addHeadBucketUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -185,9 +193,9 @@ type BucketExistsWaiterOptions struct {
 	// MinDelay must resolve to a value lesser than or equal to the MaxDelay.
 	MinDelay time.Duration
 
-	// MaxDelay is the maximum amount of time to delay between retries. If unset or set
-	// to zero, BucketExistsWaiter will use default max delay of 120 seconds. Note that
-	// MaxDelay must resolve to value greater than or equal to the MinDelay.
+	// MaxDelay is the maximum amount of time to delay between retries. If unset or
+	// set to zero, BucketExistsWaiter will use default max delay of 120 seconds. Note
+	// that MaxDelay must resolve to value greater than or equal to the MinDelay.
 	MaxDelay time.Duration
 
 	// LogWaitAttempts is used to enable logging for waiter retry attempts
@@ -338,9 +346,9 @@ type BucketNotExistsWaiterOptions struct {
 	// MinDelay must resolve to a value lesser than or equal to the MaxDelay.
 	MinDelay time.Duration
 
-	// MaxDelay is the maximum amount of time to delay between retries. If unset or set
-	// to zero, BucketNotExistsWaiter will use default max delay of 120 seconds. Note
-	// that MaxDelay must resolve to value greater than or equal to the MinDelay.
+	// MaxDelay is the maximum amount of time to delay between retries. If unset or
+	// set to zero, BucketNotExistsWaiter will use default max delay of 120 seconds.
+	// Note that MaxDelay must resolve to value greater than or equal to the MinDelay.
 	MaxDelay time.Duration
 
 	// LogWaitAttempts is used to enable logging for waiter retry attempts
@@ -380,9 +388,9 @@ func NewBucketNotExistsWaiter(client HeadBucketAPIClient, optFns ...func(*Bucket
 	}
 }
 
-// Wait calls the waiter function for BucketNotExists waiter. The maxWaitDur is the
-// maximum wait duration the waiter will wait. The maxWaitDur is required and must
-// be greater than zero.
+// Wait calls the waiter function for BucketNotExists waiter. The maxWaitDur is
+// the maximum wait duration the waiter will wait. The maxWaitDur is required and
+// must be greater than zero.
 func (w *BucketNotExistsWaiter) Wait(ctx context.Context, params *HeadBucketInput, maxWaitDur time.Duration, optFns ...func(*BucketNotExistsWaiterOptions)) error {
 	_, err := w.WaitForOutput(ctx, params, maxWaitDur, optFns...)
 	return err
@@ -484,8 +492,9 @@ func newServiceMetadataMiddleware_opHeadBucket(region string) *awsmiddleware.Reg
 	}
 }
 
-// getHeadBucketBucketMember returns a pointer to string denoting a provided bucket
-// member valueand a boolean indicating if the input has a modeled bucket name,
+// getHeadBucketBucketMember returns a pointer to string denoting a provided
+// bucket member valueand a boolean indicating if the input has a modeled bucket
+// name,
 func getHeadBucketBucketMember(input interface{}) (*string, bool) {
 	in := input.(*HeadBucketInput)
 	if in.Bucket == nil {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadObject.go
index a9dd06b8e..0ac66893b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadObject.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadObject.go
@@ -23,88 +23,54 @@ import (
 // To use HEAD, you must have READ access to the object. A HEAD request has the
 // same options as a GET action on an object. The response is identical to the GET
 // response except that there is no response body. Because of this, if the HEAD
-// request generates an error, it returns a generic 400 Bad Request, 403 Forbidden
-// or 404 Not Found code. It is not possible to retrieve the exact exception beyond
-// these error codes. If you encrypt an object by using server-side encryption with
-// customer-provided encryption keys (SSE-C) when you store the object in Amazon
-// S3, then when you retrieve the metadata from the object, you must use the
-// following headers:
+// request generates an error, it returns a generic 400 Bad Request , 403 Forbidden
+// or 404 Not Found code. It is not possible to retrieve the exact exception
+// beyond these error codes. If you encrypt an object by using server-side
+// encryption with customer-provided encryption keys (SSE-C) when you store the
+// object in Amazon S3, then when you retrieve the metadata from the object, you
+// must use the following headers:
+//   - x-amz-server-side-encryption-customer-algorithm
+//   - x-amz-server-side-encryption-customer-key
+//   - x-amz-server-side-encryption-customer-key-MD5
 //
-// * x-amz-server-side-encryption-customer-algorithm
+// For more information about SSE-C, see Server-Side Encryption (Using
+// Customer-Provided Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+// .
+//   - Encryption request headers, like x-amz-server-side-encryption , should not
+//     be sent for GET requests if your object uses server-side encryption with KMS
+//     keys (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys
+//     (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400
+//     BadRequest error.
+//   - The last modified property in this case is the creation date of the object.
 //
-// *
-// x-amz-server-side-encryption-customer-key
+// Request headers are limited to 8 KB in size. For more information, see Common
+// Request Headers (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html)
+// . Consider the following when using request headers:
+//   - Consideration 1 – If both of the If-Match and If-Unmodified-Since headers
+//     are present in the request as follows:
+//   - If-Match condition evaluates to true , and;
+//   - If-Unmodified-Since condition evaluates to false ; Then Amazon S3 returns
+//     200 OK and the data requested.
+//   - Consideration 2 – If both of the If-None-Match and If-Modified-Since headers
+//     are present in the request as follows:
+//   - If-None-Match condition evaluates to false , and;
+//   - If-Modified-Since condition evaluates to true ; Then Amazon S3 returns the
+//     304 Not Modified response code.
 //
-// *
-// x-amz-server-side-encryption-customer-key-MD5
-//
-// For more information about SSE-C,
-// see Server-Side Encryption (Using Customer-Provided Encryption Keys)
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
-//
-// *
-// Encryption request headers, like x-amz-server-side-encryption, should not be
-// sent for GET requests if your object uses server-side encryption with KMS keys
-// (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys
-// (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400
-// BadRequest error.
-//
-// * The last modified property in this case is the creation
-// date of the object.
-//
-// Request headers are limited to 8 KB in size. For more
-// information, see Common Request Headers
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html).
-// Consider the following when using request headers:
-//
-// * Consideration 1 – If both
-// of the If-Match and If-Unmodified-Since headers are present in the request as
-// follows:
-//
-// * If-Match condition evaluates to true, and;
-//
-// * If-Unmodified-Since
-// condition evaluates to false;
-//
-// Then Amazon S3 returns 200 OK and the data
-// requested.
-//
-// * Consideration 2 – If both of the If-None-Match and
-// If-Modified-Since headers are present in the request as follows:
-//
-// *
-// If-None-Match condition evaluates to false, and;
-//
-// * If-Modified-Since condition
-// evaluates to true;
-//
-// Then Amazon S3 returns the 304 Not Modified response
-// code.
-//
-// For more information about conditional requests, see RFC 7232
-// (https://tools.ietf.org/html/rfc7232). Permissions You need the relevant read
-// object (or version) permission for this operation. For more information, see
-// Specifying Permissions in a Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). If
-// the object you request does not exist, the error Amazon S3 returns depends on
+// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232)
+// . Permissions You need the relevant read object (or version) permission for this
+// operation. For more information, see Actions, resources, and condition keys for
+// Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html) .
+// If the object you request does not exist, the error Amazon S3 returns depends on
 // whether you also have the s3:ListBucket permission.
+//   - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an
+//     HTTP status code 404 ("no such key") error.
+//   - If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP
+//     status code 403 ("access denied") error.
 //
-// * If you have the
-// s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code
-// 404 ("no such key") error.
-//
-// * If you don’t have the s3:ListBucket permission,
-// Amazon S3 returns an HTTP status code 403 ("access denied") error.
-//
-// The
-// following actions are related to HeadObject:
-//
-// * GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// *
-// GetObjectAttributes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+// The following actions are related to HeadObject :
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
 func (c *Client) HeadObject(ctx context.Context, params *HeadObjectInput, optFns ...func(*Options)) (*HeadObjectOutput, error) {
 	if params == nil {
 		params = &HeadObjectInput{}
@@ -128,17 +94,15 @@ type HeadObjectInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -181,16 +145,15 @@ type HeadObjectInput struct {
 	// object.
 	PartNumber int32
 
-	// HeadObject returns only the metadata for an object. If the Range is satisfiable,
-	// only the ContentLength is affected in the response. If the Range is not
-	// satisfiable, S3 returns a 416 - Requested Range Not Satisfiable error.
+	// HeadObject returns only the metadata for an object. If the Range is
+	// satisfiable, only the ContentLength is affected in the response. If the Range
+	// is not satisfiable, S3 returns a 416 - Requested Range Not Satisfiable error.
 	Range *string
 
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -234,32 +197,28 @@ type HeadObjectOutput struct {
 	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -311,17 +270,17 @@ type HeadObjectOutput struct {
 	// can create metadata whose values are not legal HTTP headers.
 	MissingMeta int32
 
-	// Specifies whether a legal hold is in effect for this object. This header is only
-	// returned if the requester has the s3:GetObjectLegalHold permission. This header
-	// is not returned if the specified version of this object has never had a legal
-	// hold applied. For more information about S3 Object Lock, see Object Lock
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
+	// Specifies whether a legal hold is in effect for this object. This header is
+	// only returned if the requester has the s3:GetObjectLegalHold permission. This
+	// header is not returned if the specified version of this object has never had a
+	// legal hold applied. For more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html)
+	// .
 	ObjectLockLegalHoldStatus types.ObjectLockLegalHoldStatus
 
 	// The Object Lock mode, if any, that's in effect for this object. This header is
 	// only returned if the requester has the s3:GetObjectRetention permission. For
-	// more information about S3 Object Lock, see Object Lock
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
+	// more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html)
+	// .
 	ObjectLockMode types.ObjectLockMode
 
 	// The date and time when the Object Lock retention period expires. This header is
@@ -335,36 +294,30 @@ type HeadObjectOutput struct {
 	// Amazon S3 can return this header if your request involves a bucket that is
 	// either a source or a destination in a replication rule. In replication, you have
 	// a source bucket on which you configure replication and destination bucket or
-	// buckets where Amazon S3 stores object replicas. When you request an object
-	// (GetObject) or object metadata (HeadObject) from these buckets, Amazon S3 will
+	// buckets where Amazon S3 stores object replicas. When you request an object (
+	// GetObject ) or object metadata ( HeadObject ) from these buckets, Amazon S3 will
 	// return the x-amz-replication-status header in the response as follows:
-	//
-	// * If
-	// requesting an object from the source bucket, Amazon S3 will return the
-	// x-amz-replication-status header if the object in your request is eligible for
-	// replication. For example, suppose that in your replication configuration, you
-	// specify object prefix TaxDocs requesting Amazon S3 to replicate objects with key
-	// prefix TaxDocs. Any objects you upload with this key name prefix, for example
-	// TaxDocs/document1.pdf, are eligible for replication. For any object request with
-	// this key name prefix, Amazon S3 will return the x-amz-replication-status header
-	// with value PENDING, COMPLETED or FAILED indicating object replication status.
-	//
-	// *
-	// If requesting an object from a destination bucket, Amazon S3 will return the
-	// x-amz-replication-status header with value REPLICA if the object in your request
-	// is a replica that Amazon S3 created and there is no replica modification
-	// replication in progress.
-	//
-	// * When replicating objects to multiple destination
-	// buckets, the x-amz-replication-status header acts differently. The header of the
-	// source object will only return a value of COMPLETED when replication is
-	// successful to all destinations. The header will remain at value PENDING until
-	// replication has completed for all destinations. If one or more destinations
-	// fails replication the header will return FAILED.
-	//
-	// For more information, see
-	// Replication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).
+	//   - If requesting an object from the source bucket, Amazon S3 will return the
+	//   x-amz-replication-status header if the object in your request is eligible for
+	//   replication. For example, suppose that in your replication configuration, you
+	//   specify object prefix TaxDocs requesting Amazon S3 to replicate objects with
+	//   key prefix TaxDocs . Any objects you upload with this key name prefix, for
+	//   example TaxDocs/document1.pdf , are eligible for replication. For any object
+	//   request with this key name prefix, Amazon S3 will return the
+	//   x-amz-replication-status header with value PENDING, COMPLETED or FAILED
+	//   indicating object replication status.
+	//   - If requesting an object from a destination bucket, Amazon S3 will return
+	//   the x-amz-replication-status header with value REPLICA if the object in your
+	//   request is a replica that Amazon S3 created and there is no replica modification
+	//   replication in progress.
+	//   - When replicating objects to multiple destination buckets, the
+	//   x-amz-replication-status header acts differently. The header of the source
+	//   object will only return a value of COMPLETED when replication is successful to
+	//   all destinations. The header will remain at value PENDING until replication has
+	//   completed for all destinations. If one or more destinations fails replication
+	//   the header will return FAILED.
+	// For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+	// .
 	ReplicationStatus types.ReplicationStatus
 
 	// If present, indicates that the requester was successfully charged for the
@@ -373,24 +326,24 @@ type HeadObjectOutput struct {
 
 	// If the object is an archived object (an object whose storage class is GLACIER),
 	// the response includes this header if either the archive restoration is in
-	// progress (see RestoreObject
-	// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) or an
-	// archive copy is already restored. If an archive copy is already restored, the
-	// header value indicates when Amazon S3 is scheduled to delete the object copy.
-	// For example: x-amz-restore: ongoing-request="false", expiry-date="Fri, 21 Dec
-	// 2012 00:00:00 GMT" If the object restoration is in progress, the header returns
-	// the value ongoing-request="true". For more information about archiving objects,
-	// see Transitioning Objects: General Considerations
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations).
+	// progress (see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html)
+	// or an archive copy is already restored. If an archive copy is already restored,
+	// the header value indicates when Amazon S3 is scheduled to delete the object
+	// copy. For example: x-amz-restore: ongoing-request="false", expiry-date="Fri, 21
+	// Dec 2012 00:00:00 GMT" If the object restoration is in progress, the header
+	// returns the value ongoing-request="true" . For more information about archiving
+	// objects, see Transitioning Objects: General Considerations (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations)
+	// .
 	Restore *string
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm used.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header confirming the encryption
+	// algorithm used.
 	SSECustomerAlgorithm *string
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header to provide round-trip message
+	// integrity verification of the customer-provided encryption key.
 	SSECustomerKeyMD5 *string
 
 	// If present, specifies the ID of the Amazon Web Services Key Management Service
@@ -399,13 +352,13 @@ type HeadObjectOutput struct {
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256, aws:kms ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// Provides storage class information of the object. Amazon S3 returns this header
 	// for all objects except for S3 Standard storage class objects. For more
-	// information, see Storage Classes
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html).
+	// information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+	// .
 	StorageClass types.StorageClass
 
 	// Version of the object.
@@ -479,6 +432,9 @@ func (c *Client) addOperationHeadObjectMiddlewares(stack *middleware.Stack, opti
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addHeadObjectUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
@@ -517,9 +473,9 @@ type ObjectExistsWaiterOptions struct {
 	// MinDelay must resolve to a value lesser than or equal to the MaxDelay.
 	MinDelay time.Duration
 
-	// MaxDelay is the maximum amount of time to delay between retries. If unset or set
-	// to zero, ObjectExistsWaiter will use default max delay of 120 seconds. Note that
-	// MaxDelay must resolve to value greater than or equal to the MinDelay.
+	// MaxDelay is the maximum amount of time to delay between retries. If unset or
+	// set to zero, ObjectExistsWaiter will use default max delay of 120 seconds. Note
+	// that MaxDelay must resolve to value greater than or equal to the MinDelay.
 	MaxDelay time.Duration
 
 	// LogWaitAttempts is used to enable logging for waiter retry attempts
@@ -675,9 +631,9 @@ type ObjectNotExistsWaiterOptions struct {
 	// MinDelay must resolve to a value lesser than or equal to the MaxDelay.
 	MinDelay time.Duration
 
-	// MaxDelay is the maximum amount of time to delay between retries. If unset or set
-	// to zero, ObjectNotExistsWaiter will use default max delay of 120 seconds. Note
-	// that MaxDelay must resolve to value greater than or equal to the MinDelay.
+	// MaxDelay is the maximum amount of time to delay between retries. If unset or
+	// set to zero, ObjectNotExistsWaiter will use default max delay of 120 seconds.
+	// Note that MaxDelay must resolve to value greater than or equal to the MinDelay.
 	MaxDelay time.Duration
 
 	// LogWaitAttempts is used to enable logging for waiter retry attempts
@@ -717,9 +673,9 @@ func NewObjectNotExistsWaiter(client HeadObjectAPIClient, optFns ...func(*Object
 	}
 }
 
-// Wait calls the waiter function for ObjectNotExists waiter. The maxWaitDur is the
-// maximum wait duration the waiter will wait. The maxWaitDur is required and must
-// be greater than zero.
+// Wait calls the waiter function for ObjectNotExists waiter. The maxWaitDur is
+// the maximum wait duration the waiter will wait. The maxWaitDur is required and
+// must be greater than zero.
 func (w *ObjectNotExistsWaiter) Wait(ctx context.Context, params *HeadObjectInput, maxWaitDur time.Duration, optFns ...func(*ObjectNotExistsWaiterOptions)) error {
 	_, err := w.WaitForOutput(ctx, params, maxWaitDur, optFns...)
 	return err
@@ -826,8 +782,9 @@ func newServiceMetadataMiddleware_opHeadObject(region string) *awsmiddleware.Reg
 	}
 }
 
-// getHeadObjectBucketMember returns a pointer to string denoting a provided bucket
-// member valueand a boolean indicating if the input has a modeled bucket name,
+// getHeadObjectBucketMember returns a pointer to string denoting a provided
+// bucket member valueand a boolean indicating if the input has a modeled bucket
+// name,
 func getHeadObjectBucketMember(input interface{}) (*string, bool) {
 	in := input.(*HeadObjectInput)
 	if in.Bucket == nil {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketAnalyticsConfigurations.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketAnalyticsConfigurations.go
index 0a0373f29..53fa5f05f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketAnalyticsConfigurations.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketAnalyticsConfigurations.go
@@ -17,33 +17,21 @@ import (
 // does not return more than 100 configurations at a time. You should always check
 // the IsTruncated element in the response. If there are no more configurations to
 // list, IsTruncated is set to false. If there are more configurations to list,
-// IsTruncated is set to true, and there will be a value in NextContinuationToken.
+// IsTruncated is set to true, and there will be a value in NextContinuationToken .
 // You use the NextContinuationToken value to continue the pagination of the list
 // by passing the value in continuation-token in the request to GET the next page.
 // To use this operation, you must have permissions to perform the
 // s3:GetAnalyticsConfiguration action. The bucket owner has this permission by
 // default. The bucket owner can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// For information about Amazon S3 analytics feature, see Amazon S3 Analytics –
-// Storage Class Analysis
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html).
-// The following operations are related to ListBucketAnalyticsConfigurations:
-//
-// *
-// GetBucketAnalyticsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html)
-//
-// *
-// DeleteBucketAnalyticsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html)
-//
-// *
-// PutBucketAnalyticsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html)
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . For information about Amazon S3 analytics feature, see Amazon S3 Analytics –
+// Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html)
+// . The following operations are related to ListBucketAnalyticsConfigurations :
+//   - GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html)
+//   - DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html)
+//   - PutBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html)
 func (c *Client) ListBucketAnalyticsConfigurations(ctx context.Context, params *ListBucketAnalyticsConfigurationsInput, optFns ...func(*Options)) (*ListBucketAnalyticsConfigurationsOutput, error) {
 	if params == nil {
 		params = &ListBucketAnalyticsConfigurationsInput{}
@@ -94,7 +82,7 @@ type ListBucketAnalyticsConfigurationsOutput struct {
 
 	// NextContinuationToken is sent when isTruncated is true, which indicates that
 	// there are more analytics configurations to list. The next request must include
-	// this NextContinuationToken. The token is obfuscated and is not a usable value.
+	// this NextContinuationToken . The token is obfuscated and is not a usable value.
 	NextContinuationToken *string
 
 	// Metadata pertaining to the operation's result.
@@ -160,6 +148,9 @@ func (c *Client) addOperationListBucketAnalyticsConfigurationsMiddlewares(stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListBucketAnalyticsConfigurationsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketIntelligentTieringConfigurations.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketIntelligentTieringConfigurations.go
index 972a69c99..86f4ac6a7 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketIntelligentTieringConfigurations.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketIntelligentTieringConfigurations.go
@@ -12,8 +12,8 @@ import (
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Lists the S3 Intelligent-Tiering configuration from the specified bucket. The S3
-// Intelligent-Tiering storage class is designed to optimize storage costs by
+// Lists the S3 Intelligent-Tiering configuration from the specified bucket. The
+// S3 Intelligent-Tiering storage class is designed to optimize storage costs by
 // automatically moving data to the most cost-effective storage access tier,
 // without performance impact or operational overhead. S3 Intelligent-Tiering
 // delivers automatic cost savings in three low latency and high throughput access
@@ -25,21 +25,11 @@ import (
 // monitored and not eligible for auto-tiering. Smaller objects can be stored, but
 // they are always charged at the Frequent Access tier rates in the S3
 // Intelligent-Tiering storage class. For more information, see Storage class for
-// automatically optimizing frequently and infrequently accessed objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
-// Operations related to ListBucketIntelligentTieringConfigurations include:
-//
-// *
-// DeleteBucketIntelligentTieringConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html)
-//
-// *
-// PutBucketIntelligentTieringConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html)
-//
-// *
-// GetBucketIntelligentTieringConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html)
+// automatically optimizing frequently and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access)
+// . Operations related to ListBucketIntelligentTieringConfigurations include:
+//   - DeleteBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html)
+//   - PutBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html)
+//   - GetBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html)
 func (c *Client) ListBucketIntelligentTieringConfigurations(ctx context.Context, params *ListBucketIntelligentTieringConfigurationsInput, optFns ...func(*Options)) (*ListBucketIntelligentTieringConfigurationsOutput, error) {
 	if params == nil {
 		params = &ListBucketIntelligentTieringConfigurationsInput{}
@@ -152,6 +142,9 @@ func (c *Client) addOperationListBucketIntelligentTieringConfigurationsMiddlewar
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListBucketIntelligentTieringConfigurationsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketInventoryConfigurations.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketInventoryConfigurations.go
index e6c8c79a8..bff0383ca 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketInventoryConfigurations.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketInventoryConfigurations.go
@@ -17,32 +17,20 @@ import (
 // and does not return more than 100 configurations at a time. Always check the
 // IsTruncated element in the response. If there are no more configurations to
 // list, IsTruncated is set to false. If there are more configurations to list,
-// IsTruncated is set to true, and there is a value in NextContinuationToken. You
+// IsTruncated is set to true, and there is a value in NextContinuationToken . You
 // use the NextContinuationToken value to continue the pagination of the list by
 // passing the value in continuation-token in the request to GET the next page. To
 // use this operation, you must have permissions to perform the
 // s3:GetInventoryConfiguration action. The bucket owner has this permission by
 // default. The bucket owner can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// For information about the Amazon S3 inventory feature, see Amazon S3 Inventory
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html) The
-// following operations are related to ListBucketInventoryConfigurations:
-//
-// *
-// GetBucketInventoryConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html)
-//
-// *
-// DeleteBucketInventoryConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html)
-//
-// *
-// PutBucketInventoryConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html)
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . For information about the Amazon S3 inventory feature, see Amazon S3 Inventory (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html)
+// The following operations are related to ListBucketInventoryConfigurations :
+//   - GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html)
+//   - DeleteBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html)
+//   - PutBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html)
 func (c *Client) ListBucketInventoryConfigurations(ctx context.Context, params *ListBucketInventoryConfigurationsInput, optFns ...func(*Options)) (*ListBucketInventoryConfigurationsOutput, error) {
 	if params == nil {
 		params = &ListBucketInventoryConfigurationsInput{}
@@ -88,9 +76,9 @@ type ListBucketInventoryConfigurationsOutput struct {
 	// The list of inventory configurations for a bucket.
 	InventoryConfigurationList []types.InventoryConfiguration
 
-	// Tells whether the returned list of inventory configurations is complete. A value
-	// of true indicates that the list is not complete and the NextContinuationToken is
-	// provided for a subsequent request.
+	// Tells whether the returned list of inventory configurations is complete. A
+	// value of true indicates that the list is not complete and the
+	// NextContinuationToken is provided for a subsequent request.
 	IsTruncated bool
 
 	// The marker used to continue this inventory configuration listing. Use the
@@ -161,6 +149,9 @@ func (c *Client) addOperationListBucketInventoryConfigurationsMiddlewares(stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListBucketInventoryConfigurationsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketMetricsConfigurations.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketMetricsConfigurations.go
index 50b207af6..37bdf0f82 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketMetricsConfigurations.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketMetricsConfigurations.go
@@ -16,35 +16,23 @@ import (
 // only for the request metrics of the bucket and do not provide information on
 // daily storage metrics. You can have up to 1,000 configurations per bucket. This
 // action supports list pagination and does not return more than 100 configurations
-// at a time. Always check the IsTruncated element in the response. If there are no
-// more configurations to list, IsTruncated is set to false. If there are more
+// at a time. Always check the IsTruncated element in the response. If there are
+// no more configurations to list, IsTruncated is set to false. If there are more
 // configurations to list, IsTruncated is set to true, and there is a value in
-// NextContinuationToken. You use the NextContinuationToken value to continue the
-// pagination of the list by passing the value in continuation-token in the request
-// to GET the next page. To use this operation, you must have permissions to
-// perform the s3:GetMetricsConfiguration action. The bucket owner has this
+// NextContinuationToken . You use the NextContinuationToken value to continue the
+// pagination of the list by passing the value in continuation-token in the
+// request to GET the next page. To use this operation, you must have permissions
+// to perform the s3:GetMetricsConfiguration action. The bucket owner has this
 // permission by default. The bucket owner can grant this permission to others. For
 // more information about permissions, see Permissions Related to Bucket
-// Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// For more information about metrics configurations and CloudWatch request
-// metrics, see Monitoring Metrics with Amazon CloudWatch
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
-// The following operations are related to ListBucketMetricsConfigurations:
-//
-// *
-// PutBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
-//
-// *
-// GetBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html)
-//
-// *
-// DeleteBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html)
+// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . For more information about metrics configurations and CloudWatch request
+// metrics, see Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
+// . The following operations are related to ListBucketMetricsConfigurations :
+//   - PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
+//   - GetBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html)
+//   - DeleteBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html)
 func (c *Client) ListBucketMetricsConfigurations(ctx context.Context, params *ListBucketMetricsConfigurationsInput, optFns ...func(*Options)) (*ListBucketMetricsConfigurationsOutput, error) {
 	if params == nil {
 		params = &ListBucketMetricsConfigurationsInput{}
@@ -164,6 +152,9 @@ func (c *Client) addOperationListBucketMetricsConfigurationsMiddlewares(stack *m
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListBucketMetricsConfigurationsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go
index 2c90f4e38..ca67afc1f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go
@@ -14,9 +14,9 @@ import (
 
 // Returns a list of all buckets owned by the authenticated sender of the request.
 // To use this operation, you must have the s3:ListAllMyBuckets permission. For
-// information about Amazon S3 buckets, see Creating, configuring, and working with
-// Amazon S3 buckets
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html).
+// information about Amazon S3 buckets, see Creating, configuring, and working
+// with Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html)
+// .
 func (c *Client) ListBuckets(ctx context.Context, params *ListBucketsInput, optFns ...func(*Options)) (*ListBucketsOutput, error) {
 	if params == nil {
 		params = &ListBucketsInput{}
@@ -104,6 +104,9 @@ func (c *Client) addOperationListBucketsMiddlewares(stack *middleware.Stack, opt
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListBucketsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListMultipartUploads.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListMultipartUploads.go
index 31f97fdc1..af273ddca 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListMultipartUploads.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListMultipartUploads.go
@@ -12,46 +12,29 @@ import (
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// This action lists in-progress multipart uploads. An in-progress multipart upload
-// is a multipart upload that has been initiated using the Initiate Multipart
-// Upload request, but has not yet been completed or aborted. This action returns
-// at most 1,000 multipart uploads in the response. 1,000 multipart uploads is the
-// maximum number of uploads a response can include, which is also the default
-// value. You can further limit the number of uploads in a response by specifying
-// the max-uploads parameter in the response. If additional multipart uploads
-// satisfy the list criteria, the response will contain an IsTruncated element with
-// the value true. To list the additional multipart uploads, use the key-marker and
-// upload-id-marker request parameters. In the response, the uploads are sorted by
-// key. If your application has initiated more than one multipart upload using the
-// same object key, then uploads in the response are first sorted by key.
-// Additionally, uploads are sorted in ascending order within each key by the
-// upload initiation time. For more information on multipart uploads, see Uploading
-// Objects Using Multipart Upload
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). For
-// information on permissions required to use the multipart upload API, see
-// Multipart Upload and Permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). The
-// following operations are related to ListMultipartUploads:
-//
-// *
-// CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-// *
-// UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-// *
-// CompleteMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-// *
-// ListParts
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-// *
-// AbortMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+// This action lists in-progress multipart uploads. An in-progress multipart
+// upload is a multipart upload that has been initiated using the Initiate
+// Multipart Upload request, but has not yet been completed or aborted. This action
+// returns at most 1,000 multipart uploads in the response. 1,000 multipart uploads
+// is the maximum number of uploads a response can include, which is also the
+// default value. You can further limit the number of uploads in a response by
+// specifying the max-uploads parameter in the response. If additional multipart
+// uploads satisfy the list criteria, the response will contain an IsTruncated
+// element with the value true. To list the additional multipart uploads, use the
+// key-marker and upload-id-marker request parameters. In the response, the
+// uploads are sorted by key. If your application has initiated more than one
+// multipart upload using the same object key, then uploads in the response are
+// first sorted by key. Additionally, uploads are sorted in ascending order within
+// each key by the upload initiation time. For more information on multipart
+// uploads, see Uploading Objects Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html)
+// . For information on permissions required to use the multipart upload API, see
+// Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
+// . The following operations are related to ListMultipartUploads :
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
 func (c *Client) ListMultipartUploads(ctx context.Context, params *ListMultipartUploadsInput, optFns ...func(*Options)) (*ListMultipartUploadsOutput, error) {
 	if params == nil {
 		params = &ListMultipartUploadsInput{}
@@ -75,24 +58,22 @@ type ListMultipartUploadsInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
 
 	// Character you use to group keys. All keys that contain the same string between
 	// the prefix, if specified, and the first occurrence of the delimiter after the
-	// prefix are grouped under a single result element, CommonPrefixes. If you don't
+	// prefix are grouped under a single result element, CommonPrefixes . If you don't
 	// specify the prefix parameter, then the substring starts at the beginning of the
 	// key. The keys that are grouped under CommonPrefixes result element are not
 	// returned elsewhere in the response.
@@ -112,11 +93,12 @@ type ListMultipartUploadsInput struct {
 	ExpectedBucketOwner *string
 
 	// Together with upload-id-marker, this parameter specifies the multipart upload
-	// after which listing should begin. If upload-id-marker is not specified, only the
-	// keys lexicographically greater than the specified key-marker will be included in
-	// the list. If upload-id-marker is specified, any multipart uploads for a key
-	// equal to the key-marker might also be included, provided those multipart uploads
-	// have upload IDs lexicographically greater than the specified upload-id-marker.
+	// after which listing should begin. If upload-id-marker is not specified, only
+	// the keys lexicographically greater than the specified key-marker will be
+	// included in the list. If upload-id-marker is specified, any multipart uploads
+	// for a key equal to the key-marker might also be included, provided those
+	// multipart uploads have upload IDs lexicographically greater than the specified
+	// upload-id-marker .
 	KeyMarker *string
 
 	// Sets the maximum number of multipart uploads, from 1 to 1,000, to return in the
@@ -134,7 +116,7 @@ type ListMultipartUploadsInput struct {
 	// should begin. If key-marker is not specified, the upload-id-marker parameter is
 	// ignored. Otherwise, any multipart uploads for a key equal to the key-marker
 	// might be included in the list only if they have an upload ID lexicographically
-	// greater than the specified upload-id-marker.
+	// greater than the specified upload-id-marker .
 	UploadIdMarker *string
 
 	noSmithyDocumentSerde
@@ -146,9 +128,9 @@ type ListMultipartUploadsOutput struct {
 	// return the access point ARN or access point alias if used.
 	Bucket *string
 
-	// If you specify a delimiter in the request, then the result returns each distinct
-	// key prefix containing the delimiter in a CommonPrefixes element. The distinct
-	// key prefixes are returned in the Prefix child element.
+	// If you specify a delimiter in the request, then the result returns each
+	// distinct key prefix containing the delimiter in a CommonPrefixes element. The
+	// distinct key prefixes are returned in the Prefix child element.
 	CommonPrefixes []types.CommonPrefix
 
 	// Contains the delimiter you specified in the request. If you don't specify a
@@ -158,7 +140,7 @@ type ListMultipartUploadsOutput struct {
 	// Encoding type used by Amazon S3 to encode object keys in the response. If you
 	// specify encoding-type request parameter, Amazon S3 includes this element in the
 	// response, and returns encoded key name values in the following response
-	// elements: Delimiter, KeyMarker, Prefix, NextKeyMarker, Key.
+	// elements: Delimiter , KeyMarker , Prefix , NextKeyMarker , Key .
 	EncodingType types.EncodingType
 
 	// Indicates whether the returned list of multipart uploads is truncated. A value
@@ -256,6 +238,9 @@ func (c *Client) addOperationListMultipartUploadsMiddlewares(stack *middleware.S
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListMultipartUploadsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectVersions.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectVersions.go
index f2d2b9fa9..1e42e2aa2 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectVersions.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectVersions.go
@@ -12,30 +12,19 @@ import (
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Returns metadata about all versions of the objects in a bucket. You can also use
-// request parameters as selection criteria to return metadata about a subset of
-// all the object versions. To use this operation, you must have permissions to
-// perform the s3:ListBucketVersions action. Be aware of the name difference. A 200
-// OK response can contain valid or invalid XML. Make sure to design your
+// Returns metadata about all versions of the objects in a bucket. You can also
+// use request parameters as selection criteria to return metadata about a subset
+// of all the object versions. To use this operation, you must have permissions to
+// perform the s3:ListBucketVersions action. Be aware of the name difference. A
+// 200 OK response can contain valid or invalid XML. Make sure to design your
 // application to parse the contents of the response and handle it appropriately.
 // To use this operation, you must have READ access to the bucket. This action is
 // not supported by Amazon S3 on Outposts. The following operations are related to
-// ListObjectVersions:
-//
-// * ListObjectsV2
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html)
-//
-// *
-// GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// *
-// PutObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-// *
-// DeleteObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
+// ListObjectVersions :
+//   - ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html)
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
 func (c *Client) ListObjectVersions(ctx context.Context, params *ListObjectVersionsInput, optFns ...func(*Options)) (*ListObjectVersionsOutput, error) {
 	if params == nil {
 		params = &ListObjectVersionsInput{}
@@ -58,11 +47,11 @@ type ListObjectVersionsInput struct {
 	// This member is required.
 	Bucket *string
 
-	// A delimiter is a character that you specify to group keys. All keys that contain
-	// the same string between the prefix and the first occurrence of the delimiter are
-	// grouped under a single result element in CommonPrefixes. These groups are
-	// counted as one result against the max-keys limitation. These keys are not
-	// returned elsewhere in the response.
+	// A delimiter is a character that you specify to group keys. All keys that
+	// contain the same string between the prefix and the first occurrence of the
+	// delimiter are grouped under a single result element in CommonPrefixes. These
+	// groups are counted as one result against the max-keys limitation. These keys are
+	// not returned elsewhere in the response.
 	Delimiter *string
 
 	// Requests Amazon S3 to encode the object keys in the response and specifies the
@@ -113,14 +102,14 @@ type ListObjectVersionsOutput struct {
 	// The delimiter grouping the included keys. A delimiter is a character that you
 	// specify to group keys. All keys that contain the same string between the prefix
 	// and the first occurrence of the delimiter are grouped under a single result
-	// element in CommonPrefixes. These groups are counted as one result against the
+	// element in CommonPrefixes . These groups are counted as one result against the
 	// max-keys limitation. These keys are not returned elsewhere in the response.
 	Delimiter *string
 
 	// Encoding type used by Amazon S3 to encode object key names in the XML response.
 	// If you specify encoding-type request parameter, Amazon S3 includes this element
 	// in the response, and returns encoded key name values in the following response
-	// elements: KeyMarker, NextKeyMarker, Prefix, Key, and Delimiter.
+	// elements: KeyMarker, NextKeyMarker, Prefix, Key , and Delimiter .
 	EncodingType types.EncodingType
 
 	// A flag that indicates whether Amazon S3 returned all of the results that
@@ -139,12 +128,12 @@ type ListObjectVersionsOutput struct {
 	// The bucket name.
 	Name *string
 
-	// When the number of responses exceeds the value of MaxKeys, NextKeyMarker
+	// When the number of responses exceeds the value of MaxKeys , NextKeyMarker
 	// specifies the first key not returned that satisfies the search criteria. Use
 	// this value for the key-marker request parameter in a subsequent request.
 	NextKeyMarker *string
 
-	// When the number of responses exceeds the value of MaxKeys, NextVersionIdMarker
+	// When the number of responses exceeds the value of MaxKeys , NextVersionIdMarker
 	// specifies the first object version not returned that satisfies the search
 	// criteria. Use this value for the version-id-marker request parameter in a
 	// subsequent request.
@@ -222,6 +211,9 @@ func (c *Client) addOperationListObjectVersionsMiddlewares(stack *middleware.Sta
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListObjectVersionsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjects.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjects.go
index 7fadd42d4..01efbbd8a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjects.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjects.go
@@ -17,30 +17,14 @@ import (
 // bucket. A 200 OK response can contain valid or invalid XML. Be sure to design
 // your application to parse the contents of the response and handle it
 // appropriately. This action has been revised. We recommend that you use the newer
-// version, ListObjectsV2
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html), when
-// developing applications. For backward compatibility, Amazon S3 continues to
-// support ListObjects. The following operations are related to ListObjects:
-//
-// *
-// ListObjectsV2
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html)
-//
-// *
-// GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// *
-// PutObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-// *
-// CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// *
-// ListBuckets
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html)
+// version, ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html)
+// , when developing applications. For backward compatibility, Amazon S3 continues
+// to support ListObjects . The following operations are related to ListObjects :
+//   - ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html)
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//   - ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html)
 func (c *Client) ListObjects(ctx context.Context, params *ListObjectsInput, optFns ...func(*Options)) (*ListObjectsOutput, error) {
 	if params == nil {
 		params = &ListObjectsInput{}
@@ -64,17 +48,15 @@ type ListObjectsInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -145,8 +127,8 @@ type ListObjectsOutput struct {
 	// satisfied the search criteria.
 	IsTruncated bool
 
-	// Indicates where in the bucket listing begins. Marker is included in the response
-	// if it was sent with the request.
+	// Indicates where in the bucket listing begins. Marker is included in the
+	// response if it was sent with the request.
 	Marker *string
 
 	// The maximum number of keys returned in the response body.
@@ -230,6 +212,9 @@ func (c *Client) addOperationListObjectsMiddlewares(stack *middleware.Stack, opt
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListObjectsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectsV2.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectsV2.go
index 3a9bc1b6c..cd6c75e35 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectsV2.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectsV2.go
@@ -19,35 +19,23 @@ import (
 // Make sure to design your application to parse the contents of the response and
 // handle it appropriately. Objects are returned sorted in an ascending order of
 // the respective key names in the list. For more information about listing
-// objects, see Listing object keys programmatically
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html)
+// objects, see Listing object keys programmatically (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html)
 // To use this operation, you must have READ access to the bucket. To use this
 // action in an Identity and Access Management (IAM) policy, you must have
 // permissions to perform the s3:ListBucket action. The bucket owner has this
 // permission by default and can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// This section describes the latest revision of this action. We recommend that you
-// use this revised API for application development. For backward compatibility,
-// Amazon S3 continues to support the prior version of this API, ListObjects
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html). To get a
-// list of your buckets, see ListBuckets
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html). The
-// following operations are related to ListObjectsV2:
-//
-// * GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// *
-// PutObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-// *
-// CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . This section describes the latest revision of this action. We recommend that
+// you use this revised API for application development. For backward
+// compatibility, Amazon S3 continues to support the prior version of this API,
+// ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html)
+// . To get a list of your buckets, see ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html)
+// . The following operations are related to ListObjectsV2 :
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
 func (c *Client) ListObjectsV2(ctx context.Context, params *ListObjectsV2Input, optFns ...func(*Options)) (*ListObjectsV2Output, error) {
 	if params == nil {
 		params = &ListObjectsV2Input{}
@@ -70,17 +58,15 @@ type ListObjectsV2Input struct {
 	// the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When
 	// using this action with an access point through the Amazon Web Services SDKs, you
 	// provide the access point ARN in place of the bucket name. For more information
-	// about access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -100,8 +86,8 @@ type ListObjectsV2Input struct {
 	// (access denied).
 	ExpectedBucketOwner *string
 
-	// The owner field is not present in listV2 by default, if you want to return owner
-	// field with each key in the result then set the fetch owner field to true.
+	// The owner field is not present in listV2 by default, if you want to return
+	// owner field with each key in the result then set the fetch owner field to true.
 	FetchOwner bool
 
 	// Sets the maximum number of keys returned in the response. By default the action
@@ -130,11 +116,11 @@ type ListObjectsV2Output struct {
 	// return when calculating the number of returns. A response can contain
 	// CommonPrefixes only if you specify a delimiter. CommonPrefixes contains all (if
 	// there are any) keys between Prefix and the next occurrence of the string
-	// specified by a delimiter. CommonPrefixes lists keys that act like subdirectories
-	// in the directory specified by Prefix. For example, if the prefix is notes/ and
-	// the delimiter is a slash (/) as in notes/summer/july, the common prefix is
-	// notes/summer/. All of the keys that roll up into a common prefix count as a
-	// single return when calculating the number of returns.
+	// specified by a delimiter. CommonPrefixes lists keys that act like
+	// subdirectories in the directory specified by Prefix . For example, if the prefix
+	// is notes/ and the delimiter is a slash ( / ) as in notes/summer/july , the
+	// common prefix is notes/summer/ . All of the keys that roll up into a common
+	// prefix count as a single return when calculating the number of returns.
 	CommonPrefixes []types.CommonPrefix
 
 	// Metadata about each object returned.
@@ -153,7 +139,7 @@ type ListObjectsV2Output struct {
 	// Encoding type used by Amazon S3 to encode object key names in the XML response.
 	// If you specify the encoding-type request parameter, Amazon S3 includes this
 	// element in the response, and returns encoded key name values in the following
-	// response elements: Delimiter, Prefix, Key, and StartAfter.
+	// response elements: Delimiter, Prefix, Key, and StartAfter .
 	EncodingType types.EncodingType
 
 	// Set to false if all of the results were returned. Set to true if more keys are
@@ -162,8 +148,8 @@ type ListObjectsV2Output struct {
 	IsTruncated bool
 
 	// KeyCount is the number of keys returned with this request. KeyCount will always
-	// be less than or equal to the MaxKeys field. Say you ask for 50 keys, your result
-	// will include 50 keys or fewer.
+	// be less than or equal to the MaxKeys field. Say you ask for 50 keys, your
+	// result will include 50 keys or fewer.
 	KeyCount int32
 
 	// Sets the maximum number of keys returned in the response. By default the action
@@ -176,22 +162,20 @@ type ListObjectsV2Output struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	Name *string
 
 	// NextContinuationToken is sent when isTruncated is true, which means there are
 	// more keys in the bucket that can be listed. The next list requests to Amazon S3
-	// can be continued with this NextContinuationToken. NextContinuationToken is
+	// can be continued with this NextContinuationToken . NextContinuationToken is
 	// obfuscated and is not a real key
 	NextContinuationToken *string
 
@@ -264,6 +248,9 @@ func (c *Client) addOperationListObjectsV2Middlewares(stack *middleware.Stack, o
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListObjectsV2UpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListParts.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListParts.go
index 90ac36510..88c0e650e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListParts.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListParts.go
@@ -16,46 +16,26 @@ import (
 
 // Lists the parts that have been uploaded for a specific multipart upload. This
 // operation must include the upload ID, which you obtain by sending the initiate
-// multipart upload request (see CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)).
-// This request returns a maximum of 1,000 uploaded parts. The default number of
+// multipart upload request (see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+// ). This request returns a maximum of 1,000 uploaded parts. The default number of
 // parts returned is 1,000 parts. You can restrict the number of parts returned by
-// specifying the max-parts request parameter. If your multipart upload consists of
-// more than 1,000 parts, the response returns an IsTruncated field with the value
-// of true, and a NextPartNumberMarker element. In subsequent ListParts requests
-// you can include the part-number-marker query string parameter and set its value
-// to the NextPartNumberMarker field value from the previous response. If the
-// upload was created using a checksum algorithm, you will need to have permission
-// to the kms:Decrypt action for the request to succeed. For more information on
-// multipart uploads, see Uploading Objects Using Multipart Upload
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). For
-// information on permissions required to use the multipart upload API, see
-// Multipart Upload and Permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). The
-// following operations are related to ListParts:
-//
-// * CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-// *
-// UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-// *
-// CompleteMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-// *
-// AbortMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
-//
-// *
-// GetObjectAttributes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
-//
-// *
-// ListMultipartUploads
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
+// specifying the max-parts request parameter. If your multipart upload consists
+// of more than 1,000 parts, the response returns an IsTruncated field with the
+// value of true, and a NextPartNumberMarker element. In subsequent ListParts
+// requests you can include the part-number-marker query string parameter and set
+// its value to the NextPartNumberMarker field value from the previous response.
+// If the upload was created using a checksum algorithm, you will need to have
+// permission to the kms:Decrypt action for the request to succeed. For more
+// information on multipart uploads, see Uploading Objects Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html)
+// . For information on permissions required to use the multipart upload API, see
+// Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
+// . The following operations are related to ListParts :
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+//   - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html)
+//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
 func (c *Client) ListParts(ctx context.Context, params *ListPartsInput, optFns ...func(*Options)) (*ListPartsOutput, error) {
 	if params == nil {
 		params = &ListPartsInput{}
@@ -79,17 +59,15 @@ type ListPartsInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -112,36 +90,32 @@ type ListPartsInput struct {
 	// Sets the maximum number of parts to return.
 	MaxParts int32
 
-	// Specifies the part after which listing should begin. Only parts with higher part
-	// numbers will be listed.
+	// Specifies the part after which listing should begin. Only parts with higher
+	// part numbers will be listed.
 	PartNumberMarker *string
 
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
 	// The server-side encryption (SSE) algorithm used to encrypt the object. This
 	// parameter is needed only when the object was created using a checksum algorithm.
-	// For more information, see Protecting data using SSE-C keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 	// in the Amazon S3 User Guide.
 	SSECustomerAlgorithm *string
 
 	// The server-side encryption (SSE) customer managed key. This parameter is needed
 	// only when the object was created using a checksum algorithm. For more
-	// information, see Protecting data using SSE-C keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 	// in the Amazon S3 User Guide.
 	SSECustomerKey *string
 
 	// The MD5 server-side encryption (SSE) customer managed key. This parameter is
 	// needed only when the object was created using a checksum algorithm. For more
-	// information, see Protecting data using SSE-C keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 	// in the Amazon S3 User Guide.
 	SSECustomerKeyMD5 *string
 
@@ -150,15 +124,14 @@ type ListPartsInput struct {
 
 type ListPartsOutput struct {
 
-	// If the bucket has a lifecycle rule configured with an action to abort incomplete
-	// multipart uploads and the prefix in the lifecycle rule matches the object name
-	// in the request, then the response includes this header indicating when the
-	// initiated multipart upload will become eligible for abort operation. For more
-	// information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle
-	// Policy
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config).
-	// The response will also include the x-amz-abort-rule-id header that will provide
-	// the ID of the lifecycle configuration rule that defines this action.
+	// If the bucket has a lifecycle rule configured with an action to abort
+	// incomplete multipart uploads and the prefix in the lifecycle rule matches the
+	// object name in the request, then the response includes this header indicating
+	// when the initiated multipart upload will become eligible for abort operation.
+	// For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
+	// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
+	// . The response will also include the x-amz-abort-rule-id header that will
+	// provide the ID of the lifecycle configuration rule that defines this action.
 	AbortDate *time.Time
 
 	// This header is returned along with the x-amz-abort-date header. It identifies
@@ -195,9 +168,9 @@ type ListPartsOutput struct {
 	// subsequent request.
 	NextPartNumberMarker *string
 
-	// Container element that identifies the object owner, after the object is created.
-	// If multipart upload is initiated by an IAM user, this element provides the
-	// parent account ID and display name.
+	// Container element that identifies the object owner, after the object is
+	// created. If multipart upload is initiated by an IAM user, this element provides
+	// the parent account ID and display name.
 	Owner *types.Owner
 
 	// When a list is truncated, this element specifies the last part in the list, as
@@ -205,8 +178,8 @@ type ListPartsOutput struct {
 	// subsequent request.
 	PartNumberMarker *string
 
-	// Container for elements related to a particular part. A response can contain zero
-	// or more Part elements.
+	// Container for elements related to a particular part. A response can contain
+	// zero or more Part elements.
 	Parts []types.Part
 
 	// If present, indicates that the requester was successfully charged for the
@@ -283,6 +256,9 @@ func (c *Client) addOperationListPartsMiddlewares(stack *middleware.Stack, optio
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addListPartsUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAccelerateConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAccelerateConfiguration.go
index 7875798f2..2efd8617f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAccelerateConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAccelerateConfiguration.go
@@ -19,37 +19,23 @@ import (
 // perform the s3:PutAccelerateConfiguration action. The bucket owner has this
 // permission by default. The bucket owner can grant this permission to others. For
 // more information about permissions, see Permissions Related to Bucket
-// Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// The Transfer Acceleration state of a bucket can be set to one of the following
+// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . The Transfer Acceleration state of a bucket can be set to one of the following
 // two values:
+//   - Enabled – Enables accelerated data transfers to the bucket.
+//   - Suspended – Disables accelerated data transfers to the bucket.
 //
-// * Enabled – Enables accelerated data transfers to the bucket.
-//
-// *
-// Suspended – Disables accelerated data transfers to the bucket.
-//
-// The
-// GetBucketAccelerateConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html)
+// The GetBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html)
 // action returns the transfer acceleration state of a bucket. After setting the
 // Transfer Acceleration state of a bucket to Enabled, it might take up to thirty
 // minutes before the data transfer rates to the bucket increase. The name of the
 // bucket used for Transfer Acceleration must be DNS-compliant and must not contain
 // periods ("."). For more information about transfer acceleration, see Transfer
-// Acceleration
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html).
-// The following operations are related to PutBucketAccelerateConfiguration:
-//
-// *
-// GetBucketAccelerateConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html)
-//
-// *
-// CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+// Acceleration (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html)
+// . The following operations are related to PutBucketAccelerateConfiguration :
+//   - GetBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html)
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
 func (c *Client) PutBucketAccelerateConfiguration(ctx context.Context, params *PutBucketAccelerateConfigurationInput, optFns ...func(*Options)) (*PutBucketAccelerateConfigurationOutput, error) {
 	if params == nil {
 		params = &PutBucketAccelerateConfigurationInput{}
@@ -81,9 +67,8 @@ type PutBucketAccelerateConfigurationInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -160,6 +145,9 @@ func (c *Client) addOperationPutBucketAccelerateConfigurationMiddlewares(stack *
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketAccelerateConfigurationInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAcl.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAcl.go
index 4cd032d34..87aed1330 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAcl.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAcl.go
@@ -13,147 +13,88 @@ import (
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Sets the permissions on an existing bucket using access control lists (ACL). For
-// more information, see Using ACLs
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). To set
-// the ACL of a bucket, you must have WRITE_ACP permission. You can use one of the
-// following two ways to set a bucket's permissions:
+// Sets the permissions on an existing bucket using access control lists (ACL).
+// For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html)
+// . To set the ACL of a bucket, you must have WRITE_ACP permission. You can use
+// one of the following two ways to set a bucket's permissions:
+//   - Specify the ACL in the request body
+//   - Specify permissions using request headers
 //
-// * Specify the ACL in the
-// request body
+// You cannot specify access permission using both the body and the request
+// headers. Depending on your application needs, you may choose to set the ACL on a
+// bucket using either the request body or the headers. For example, if you have an
+// existing application that updates a bucket ACL using the request body, then you
+// can continue to use that approach. If your bucket uses the bucket owner enforced
+// setting for S3 Object Ownership, ACLs are disabled and no longer affect
+// permissions. You must use policies to grant access to your bucket and the
+// objects in it. Requests to set ACLs or update ACLs fail and return the
+// AccessControlListNotSupported error code. Requests to read ACLs are still
+// supported. For more information, see Controlling object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// in the Amazon S3 User Guide. Permissions You can set access permissions using
+// one of the following methods:
+//   - Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports a
+//     set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined
+//     set of grantees and permissions. Specify the canned ACL name as the value of
+//     x-amz-acl . If you use this header, you cannot use other access
+//     control-specific headers in your request. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL)
+//     .
+//   - Specify access permissions explicitly with the x-amz-grant-read ,
+//     x-amz-grant-read-acp , x-amz-grant-write-acp , and x-amz-grant-full-control
+//     headers. When using these headers, you specify explicit access permissions and
+//     grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the
+//     permission. If you use these ACL-specific headers, you cannot use the
+//     x-amz-acl header to set a canned ACL. These parameters map to the set of
+//     permissions that Amazon S3 supports in an ACL. For more information, see
+//     Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+//     . You specify each grantee as a type=value pair, where the type is one of the
+//     following:
+//   - id – if the value specified is the canonical user ID of an Amazon Web
+//     Services account
+//   - uri – if you are granting permissions to a predefined group
+//   - emailAddress – if the value specified is the email address of an Amazon Web
+//     Services account Using email addresses to specify a grantee is only supported in
+//     the following Amazon Web Services Regions:
+//   - US East (N. Virginia)
+//   - US West (N. California)
+//   - US West (Oregon)
+//   - Asia Pacific (Singapore)
+//   - Asia Pacific (Sydney)
+//   - Asia Pacific (Tokyo)
+//   - Europe (Ireland)
+//   - South America (São Paulo) For a list of all the Amazon S3 supported Regions
+//     and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+//     in the Amazon Web Services General Reference. For example, the following
+//     x-amz-grant-write header grants create, overwrite, and delete objects
+//     permission to LogDelivery group predefined by Amazon S3 and two Amazon Web
+//     Services accounts identified by their email addresses. x-amz-grant-write:
+//     uri="http://acs.amazonaws.com/groups/s3/LogDelivery", id="111122223333",
+//     id="555566667777"
 //
-// * Specify permissions using request headers
+// You can use either a canned ACL or specify access permissions explicitly. You
+// cannot do both. Grantee Values You can specify the person (grantee) to whom
+// you're assigning access rights (using request elements) in the following ways:
+//   - By the person's ID: <>ID<><>GranteesEmail<> DisplayName is optional and
+//     ignored in the request
+//   - By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>
+//   - By Email address: <>Grantees@email.com<>& The grantee is resolved to the
+//     CanonicalUser and, in a response to a GET Object acl request, appears as the
+//     CanonicalUser. Using email addresses to specify a grantee is only supported in
+//     the following Amazon Web Services Regions:
+//   - US East (N. Virginia)
+//   - US West (N. California)
+//   - US West (Oregon)
+//   - Asia Pacific (Singapore)
+//   - Asia Pacific (Sydney)
+//   - Asia Pacific (Tokyo)
+//   - Europe (Ireland)
+//   - South America (São Paulo) For a list of all the Amazon S3 supported Regions
+//     and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+//     in the Amazon Web Services General Reference.
 //
-// You cannot specify
-// access permission using both the body and the request headers. Depending on your
-// application needs, you may choose to set the ACL on a bucket using either the
-// request body or the headers. For example, if you have an existing application
-// that updates a bucket ACL using the request body, then you can continue to use
-// that approach. If your bucket uses the bucket owner enforced setting for S3
-// Object Ownership, ACLs are disabled and no longer affect permissions. You must
-// use policies to grant access to your bucket and the objects in it. Requests to
-// set ACLs or update ACLs fail and return the AccessControlListNotSupported error
-// code. Requests to read ACLs are still supported. For more information, see
-// Controlling object ownership
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
-// in the Amazon S3 User Guide. Access Permissions You can set access permissions
-// using one of the following methods:
-//
-// * Specify a canned ACL with the x-amz-acl
-// request header. Amazon S3 supports a set of predefined ACLs, known as canned
-// ACLs. Each canned ACL has a predefined set of grantees and permissions. Specify
-// the canned ACL name as the value of x-amz-acl. If you use this header, you
-// cannot use other access control-specific headers in your request. For more
-// information, see Canned ACL
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
-//
-// *
-// Specify access permissions explicitly with the x-amz-grant-read,
-// x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control
-// headers. When using these headers, you specify explicit access permissions and
-// grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the
-// permission. If you use these ACL-specific headers, you cannot use the x-amz-acl
-// header to set a canned ACL. These parameters map to the set of permissions that
-// Amazon S3 supports in an ACL. For more information, see Access Control List
-// (ACL) Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). You specify
-// each grantee as a type=value pair, where the type is one of the following:
-//
-// * id
-// – if the value specified is the canonical user ID of an Amazon Web Services
-// account
-//
-// * uri – if you are granting permissions to a predefined group
-//
-// *
-// emailAddress – if the value specified is the email address of an Amazon Web
-// Services account Using email addresses to specify a grantee is only supported in
-// the following Amazon Web Services Regions:
-//
-// * US East (N. Virginia)
-//
-// * US West
-// (N. California)
-//
-// * US West (Oregon)
-//
-// * Asia Pacific (Singapore)
-//
-// * Asia Pacific
-// (Sydney)
-//
-// * Asia Pacific (Tokyo)
-//
-// * Europe (Ireland)
-//
-// * South America (São
-// Paulo)
-//
-// For a list of all the Amazon S3 supported Regions and endpoints, see
-// Regions and Endpoints
-// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the
-// Amazon Web Services General Reference.
-//
-// For example, the following
-// x-amz-grant-write header grants create, overwrite, and delete objects permission
-// to LogDelivery group predefined by Amazon S3 and two Amazon Web Services
-// accounts identified by their email addresses. x-amz-grant-write:
-// uri="http://acs.amazonaws.com/groups/s3/LogDelivery", id="111122223333",
-// id="555566667777"
-//
-// You can use either a canned ACL or specify access permissions
-// explicitly. You cannot do both. Grantee Values You can specify the person
-// (grantee) to whom you're assigning access rights (using request elements) in the
-// following ways:
-//
-// * By the person's ID: <>ID<><>GranteesEmail<>  DisplayName is
-// optional and ignored in the request
-//
-// * By URI:
-// <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>
-//
-// * By Email
-// address: <>Grantees@email.com<>& The grantee is resolved to the CanonicalUser
-// and, in a response to a GET Object acl request, appears as the CanonicalUser.
-// Using email addresses to specify a grantee is only supported in the following
-// Amazon Web Services Regions:
-//
-// * US East (N. Virginia)
-//
-// * US West (N.
-// California)
-//
-// * US West (Oregon)
-//
-// * Asia Pacific (Singapore)
-//
-// * Asia Pacific
-// (Sydney)
-//
-// * Asia Pacific (Tokyo)
-//
-// * Europe (Ireland)
-//
-// * South America (São
-// Paulo)
-//
-// For a list of all the Amazon S3 supported Regions and endpoints, see
-// Regions and Endpoints
-// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the
-// Amazon Web Services General Reference.
-//
-// # Related Resources
-//
-// * CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// *
-// DeleteBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
-//
-// *
-// GetObjectAcl
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
+// The following operations are related to PutBucketAcl :
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
+//   - GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
 func (c *Client) PutBucketAcl(ctx context.Context, params *PutBucketAclInput, optFns ...func(*Options)) (*PutBucketAclOutput, error) {
 	if params == nil {
 		params = &PutBucketAclInput{}
@@ -186,19 +127,17 @@ type PutBucketAclInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
-	// The base64-encoded 128-bit MD5 digest of the data. This header must be used as a
-	// message integrity check to verify that the request body was not corrupted in
-	// transit. For more information, go to RFC 1864.
-	// (http://www.ietf.org/rfc/rfc1864.txt) For requests made using the Amazon Web
-	// Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is
-	// calculated automatically.
+	// The base64-encoded 128-bit MD5 digest of the data. This header must be used as
+	// a message integrity check to verify that the request body was not corrupted in
+	// transit. For more information, go to RFC 1864. (http://www.ietf.org/rfc/rfc1864.txt)
+	// For requests made using the Amazon Web Services Command Line Interface (CLI) or
+	// Amazon Web Services SDKs, this field is calculated automatically.
 	ContentMD5 *string
 
 	// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -291,6 +230,9 @@ func (c *Client) addOperationPutBucketAclMiddlewares(stack *middleware.Stack, op
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketAclInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAnalyticsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAnalyticsConfiguration.go
index da70d547e..abad4d0cf 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAnalyticsConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAnalyticsConfiguration.go
@@ -22,60 +22,35 @@ import (
 // to a destination bucket in a different account. However, the destination bucket
 // must be in the same Region as the bucket that you are making the PUT analytics
 // configuration to. For more information, see Amazon S3 Analytics – Storage Class
-// Analysis
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html).
-// You must create a bucket policy on the destination bucket where the exported
+// Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html)
+// . You must create a bucket policy on the destination bucket where the exported
 // file is written to grant permissions to Amazon S3 to write objects to the
 // bucket. For an example policy, see Granting Permissions for Amazon S3 Inventory
-// and Storage Class Analysis
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9).
-// To use this operation, you must have permissions to perform the
+// and Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9)
+// . To use this operation, you must have permissions to perform the
 // s3:PutAnalyticsConfiguration action. The bucket owner has this permission by
 // default. The bucket owner can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// Special Errors
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . PutBucketAnalyticsConfiguration has the following special errors:
+//   - HTTP Error: HTTP 400 Bad Request
+//   - Code: InvalidArgument
+//   - Cause: Invalid argument.
+//   - HTTP Error: HTTP 400 Bad Request
+//   - Code: TooManyConfigurations
+//   - Cause: You are attempting to create a new configuration but have already
+//     reached the 1,000-configuration limit.
+//   - HTTP Error: HTTP 403 Forbidden
+//   - Code: AccessDenied
+//   - Cause: You are not the owner of the specified bucket, or you do not have
+//     the s3:PutAnalyticsConfiguration bucket permission to set the configuration on
+//     the bucket.
 //
-// * HTTP Error: HTTP 400 Bad Request
-//
-// * Code: InvalidArgument
-//
-// *
-// Cause: Invalid argument.
-//
-// * HTTP Error: HTTP 400 Bad Request
-//
-// * Code:
-// TooManyConfigurations
-//
-// * Cause: You are attempting to create a new configuration
-// but have already reached the 1,000-configuration limit.
-//
-// * HTTP Error: HTTP 403
-// Forbidden
-//
-// * Code: AccessDenied
-//
-// * Cause: You are not the owner of the specified
-// bucket, or you do not have the s3:PutAnalyticsConfiguration bucket permission to
-// set the configuration on the bucket.
-//
-// # Related Resources
-//
-// *
-// GetBucketAnalyticsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html)
-//
-// *
-// DeleteBucketAnalyticsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html)
-//
-// *
-// ListBucketAnalyticsConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html)
+// The following operations are related to PutBucketAnalyticsConfiguration :
+//   - GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html)
+//   - DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html)
+//   - ListBucketAnalyticsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html)
 func (c *Client) PutBucketAnalyticsConfiguration(ctx context.Context, params *PutBucketAnalyticsConfigurationInput, optFns ...func(*Options)) (*PutBucketAnalyticsConfigurationOutput, error) {
 	if params == nil {
 		params = &PutBucketAnalyticsConfigurationInput{}
@@ -180,6 +155,9 @@ func (c *Client) addOperationPutBucketAnalyticsConfigurationMiddlewares(stack *m
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketAnalyticsConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketCors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketCors.go
index 55a67f188..fd392a49e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketCors.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketCors.go
@@ -13,48 +13,34 @@ import (
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Sets the cors configuration for your bucket. If the configuration exists, Amazon
-// S3 replaces it. To use this operation, you must be allowed to perform the
+// Sets the cors configuration for your bucket. If the configuration exists,
+// Amazon S3 replaces it. To use this operation, you must be allowed to perform the
 // s3:PutBucketCORS action. By default, the bucket owner has this permission and
 // can grant it to others. You set this configuration on a bucket so that the
 // bucket can service cross-origin requests. For example, you might want to enable
-// a request whose origin is http://www.example.com to access your Amazon S3 bucket
-// at my.example.bucket.com by using the browser's XMLHttpRequest capability. To
-// enable cross-origin resource sharing (CORS) on a bucket, you add the cors
-// subresource to the bucket. The cors subresource is an XML document in which you
-// configure rules that identify origins and the HTTP methods that can be executed
-// on your bucket. The document is limited to 64 KB in size. When Amazon S3
-// receives a cross-origin request (or a pre-flight OPTIONS request) against a
+// a request whose origin is http://www.example.com to access your Amazon S3
+// bucket at my.example.bucket.com by using the browser's XMLHttpRequest
+// capability. To enable cross-origin resource sharing (CORS) on a bucket, you add
+// the cors subresource to the bucket. The cors subresource is an XML document in
+// which you configure rules that identify origins and the HTTP methods that can be
+// executed on your bucket. The document is limited to 64 KB in size. When Amazon
+// S3 receives a cross-origin request (or a pre-flight OPTIONS request) against a
 // bucket, it evaluates the cors configuration on the bucket and uses the first
 // CORSRule rule that matches the incoming browser request to enable a cross-origin
 // request. For a rule to match, the following conditions must be met:
+//   - The request's Origin header must match AllowedOrigin elements.
+//   - The request method (for example, GET, PUT, HEAD, and so on) or the
+//     Access-Control-Request-Method header in case of a pre-flight OPTIONS request
+//     must be one of the AllowedMethod elements.
+//   - Every header specified in the Access-Control-Request-Headers request header
+//     of a pre-flight request must match an AllowedHeader element.
 //
-// * The
-// request's Origin header must match AllowedOrigin elements.
-//
-// * The request method
-// (for example, GET, PUT, HEAD, and so on) or the Access-Control-Request-Method
-// header in case of a pre-flight OPTIONS request must be one of the AllowedMethod
-// elements.
-//
-// * Every header specified in the Access-Control-Request-Headers
-// request header of a pre-flight request must match an AllowedHeader element.
-//
-// For
-// more information about CORS, go to Enabling Cross-Origin Resource Sharing
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon S3
-// User Guide. Related Resources
-//
-// * GetBucketCors
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketCors.html)
-//
-// *
-// DeleteBucketCors
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html)
-//
-// *
-// RESTOPTIONSobject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html)
+// For more information about CORS, go to Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html)
+// in the Amazon S3 User Guide. The following operations are related to
+// PutBucketCors :
+//   - GetBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketCors.html)
+//   - DeleteBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html)
+//   - RESTOPTIONSobject (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html)
 func (c *Client) PutBucketCors(ctx context.Context, params *PutBucketCorsInput, optFns ...func(*Options)) (*PutBucketCorsOutput, error) {
 	if params == nil {
 		params = &PutBucketCorsInput{}
@@ -72,15 +58,14 @@ func (c *Client) PutBucketCors(ctx context.Context, params *PutBucketCorsInput,
 
 type PutBucketCorsInput struct {
 
-	// Specifies the bucket impacted by the corsconfiguration.
+	// Specifies the bucket impacted by the cors configuration.
 	//
 	// This member is required.
 	Bucket *string
 
 	// Describes the cross-origin access configuration for objects in an Amazon S3
-	// bucket. For more information, see Enabling Cross-Origin Resource Sharing
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon S3
-	// User Guide.
+	// bucket. For more information, see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	CORSConfiguration *types.CORSConfiguration
@@ -89,19 +74,17 @@ type PutBucketCorsInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
-	// The base64-encoded 128-bit MD5 digest of the data. This header must be used as a
-	// message integrity check to verify that the request body was not corrupted in
-	// transit. For more information, go to RFC 1864.
-	// (http://www.ietf.org/rfc/rfc1864.txt) For requests made using the Amazon Web
-	// Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is
-	// calculated automatically.
+	// The base64-encoded 128-bit MD5 digest of the data. This header must be used as
+	// a message integrity check to verify that the request body was not corrupted in
+	// transit. For more information, go to RFC 1864. (http://www.ietf.org/rfc/rfc1864.txt)
+	// For requests made using the Amazon Web Services Command Line Interface (CLI) or
+	// Amazon Web Services SDKs, this field is calculated automatically.
 	ContentMD5 *string
 
 	// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -176,6 +159,9 @@ func (c *Client) addOperationPutBucketCorsMiddlewares(stack *middleware.Stack, o
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketCorsInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -206,8 +192,8 @@ func newServiceMetadataMiddleware_opPutBucketCors(region string) *awsmiddleware.
 	}
 }
 
-// getPutBucketCorsRequestAlgorithmMember gets the request checksum algorithm value
-// provided as input.
+// getPutBucketCorsRequestAlgorithmMember gets the request checksum algorithm
+// value provided as input.
 func getPutBucketCorsRequestAlgorithmMember(input interface{}) (string, bool) {
 	in := input.(*PutBucketCorsInput)
 	if len(in.ChecksumAlgorithm) == 0 {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go
index 02c6f8e27..26aa8eabc 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go
@@ -20,30 +20,22 @@ import (
 // bucket by using server-side encryption with an Amazon Web Services KMS key
 // (SSE-KMS) or a customer-provided key (SSE-C). If you specify default encryption
 // by using SSE-KMS, you can also configure Amazon S3 Bucket Keys. For information
-// about bucket default encryption, see Amazon S3 bucket default encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the
-// Amazon S3 User Guide. For more information about S3 Bucket Keys, see Amazon S3
-// Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in
-// the Amazon S3 User Guide. This action requires Amazon Web Services Signature
-// Version 4. For more information, see  Authenticating Requests (Amazon Web
-// Services Signature Version 4)
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html).
-// To use this operation, you must have permissions to perform the
+// about bucket default encryption, see Amazon S3 bucket default encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
+// in the Amazon S3 User Guide. For more information about S3 Bucket Keys, see
+// Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html)
+// in the Amazon S3 User Guide. This action requires Amazon Web Services Signature
+// Version 4. For more information, see Authenticating Requests (Amazon Web
+// Services Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html)
+// . To use this operation, you must have permissions to perform the
 // s3:PutEncryptionConfiguration action. The bucket owner has this permission by
 // default. The bucket owner can grant this permission to others. For more
 // information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
-// in the Amazon S3 User Guide. Related Resources
-//
-// * GetBucketEncryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html)
-//
-// *
-// DeleteBucketEncryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html)
+// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// in the Amazon S3 User Guide. The following operations are related to
+// PutBucketEncryption :
+//   - GetBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html)
+//   - DeleteBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html)
 func (c *Client) PutBucketEncryption(ctx context.Context, params *PutBucketEncryptionInput, optFns ...func(*Options)) (*PutBucketEncryptionOutput, error) {
 	if params == nil {
 		params = &PutBucketEncryptionInput{}
@@ -67,9 +59,8 @@ type PutBucketEncryptionInput struct {
 	// (SSE-S3). You can optionally configure default encryption for a bucket by using
 	// server-side encryption with an Amazon Web Services KMS key (SSE-KMS) or a
 	// customer-provided key (SSE-C). For information about the bucket default
-	// encryption feature, see Amazon S3 Bucket Default Encryption
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the
-	// Amazon S3 User Guide.
+	// encryption feature, see Amazon S3 Bucket Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -83,9 +74,8 @@ type PutBucketEncryptionInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -168,6 +158,9 @@ func (c *Client) addOperationPutBucketEncryptionMiddlewares(stack *middleware.St
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketEncryptionInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -198,8 +191,8 @@ func newServiceMetadataMiddleware_opPutBucketEncryption(region string) *awsmiddl
 	}
 }
 
-// getPutBucketEncryptionRequestAlgorithmMember gets the request checksum algorithm
-// value provided as input.
+// getPutBucketEncryptionRequestAlgorithmMember gets the request checksum
+// algorithm value provided as input.
 func getPutBucketEncryptionRequestAlgorithmMember(input interface{}) (string, bool) {
 	in := input.(*PutBucketEncryptionInput)
 	if len(in.ChecksumAlgorithm) == 0 {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketIntelligentTieringConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketIntelligentTieringConfiguration.go
index edf5d178b..ffa76a7e2 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketIntelligentTieringConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketIntelligentTieringConfiguration.go
@@ -26,51 +26,22 @@ import (
 // monitored and not eligible for auto-tiering. Smaller objects can be stored, but
 // they are always charged at the Frequent Access tier rates in the S3
 // Intelligent-Tiering storage class. For more information, see Storage class for
-// automatically optimizing frequently and infrequently accessed objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
-// Operations related to PutBucketIntelligentTieringConfiguration include:
+// automatically optimizing frequently and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access)
+// . Operations related to PutBucketIntelligentTieringConfiguration include:
+//   - DeleteBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html)
+//   - GetBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html)
+//   - ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
 //
-// *
-// DeleteBucketIntelligentTieringConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html)
-//
-// *
-// GetBucketIntelligentTieringConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html)
-//
-// *
-// ListBucketIntelligentTieringConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html)
-//
-// You
-// only need S3 Intelligent-Tiering enabled on a bucket if you want to
+// You only need S3 Intelligent-Tiering enabled on a bucket if you want to
 // automatically move objects stored in the S3 Intelligent-Tiering storage class to
-// the Archive Access or Deep Archive Access tier. Special Errors
-//
-// * HTTP 400 Bad
-// Request Error
-//
-// * Code: InvalidArgument
-//
-// * Cause: Invalid Argument
-//
-// * HTTP 400
-// Bad Request Error
-//
-// * Code: TooManyConfigurations
-//
-// * Cause: You are attempting to
-// create a new configuration but have already reached the 1,000-configuration
-// limit.
-//
-// * HTTP 403 Forbidden Error
-//
-// * Code: AccessDenied
-//
-// * Cause: You are not
-// the owner of the specified bucket, or you do not have the
-// s3:PutIntelligentTieringConfiguration bucket permission to set the configuration
-// on the bucket.
+// the Archive Access or Deep Archive Access tier.
+// PutBucketIntelligentTieringConfiguration has the following special errors: HTTP
+// 400 Bad Request Error Code: InvalidArgument Cause: Invalid Argument HTTP 400 Bad
+// Request Error Code: TooManyConfigurations Cause: You are attempting to create a
+// new configuration but have already reached the 1,000-configuration limit. HTTP
+// 403 Forbidden Error Cause: You are not the owner of the specified bucket, or you
+// do not have the s3:PutIntelligentTieringConfiguration bucket permission to set
+// the configuration on the bucket.
 func (c *Client) PutBucketIntelligentTieringConfiguration(ctx context.Context, params *PutBucketIntelligentTieringConfigurationInput, optFns ...func(*Options)) (*PutBucketIntelligentTieringConfigurationOutput, error) {
 	if params == nil {
 		params = &PutBucketIntelligentTieringConfigurationInput{}
@@ -171,6 +142,9 @@ func (c *Client) addOperationPutBucketIntelligentTieringConfigurationMiddlewares
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketIntelligentTieringConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketInventoryConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketInventoryConfiguration.go
index 11fe26d50..77bf46f12 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketInventoryConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketInventoryConfiguration.go
@@ -24,71 +24,36 @@ import (
 // to be stored, and whether to generate the inventory daily or weekly. You can
 // also configure what object metadata to include and whether to inventory all
 // object versions or only current versions. For more information, see Amazon S3
-// Inventory
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html) in the
-// Amazon S3 User Guide. You must create a bucket policy on the destination bucket
-// to grant permissions to Amazon S3 to write objects to the bucket in the defined
-// location. For an example policy, see  Granting Permissions for Amazon S3
-// Inventory and Storage Class Analysis
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9).
-// Permissions To use this operation, you must have permission to perform the
+// Inventory (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html)
+// in the Amazon S3 User Guide. You must create a bucket policy on the destination
+// bucket to grant permissions to Amazon S3 to write objects to the bucket in the
+// defined location. For an example policy, see Granting Permissions for Amazon S3
+// Inventory and Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9)
+// . Permissions To use this operation, you must have permission to perform the
 // s3:PutInventoryConfiguration action. The bucket owner has this permission by
 // default and can grant this permission to others. The
-// s3:PutInventoryConfiguration permission allows a user to create an S3 Inventory
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html)
+// s3:PutInventoryConfiguration permission allows a user to create an S3 Inventory (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html)
 // report that includes all object metadata fields available and to specify the
 // destination bucket to store the inventory. A user with read access to objects in
 // the destination bucket can also access all object metadata fields that are
 // available in the inventory report. To restrict access to an inventory report,
-// see Restricting access to an Amazon S3 Inventory report
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-use-case-10)
+// see Restricting access to an Amazon S3 Inventory report (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-use-case-10)
 // in the Amazon S3 User Guide. For more information about the metadata fields
-// available in S3 Inventory, see Amazon S3 Inventory lists
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html#storage-inventory-contents)
+// available in S3 Inventory, see Amazon S3 Inventory lists (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html#storage-inventory-contents)
 // in the Amazon S3 User Guide. For more information about permissions, see
-// Permissions related to bucket subresource operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Identity and access management in Amazon S3
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
-// in the Amazon S3 User Guide. Special Errors
-//
-// * HTTP 400 Bad Request Error
-//
-// *
-// Code: InvalidArgument
-//
-// * Cause: Invalid Argument
-//
-// * HTTP 400 Bad Request
-// Error
-//
-// * Code: TooManyConfigurations
-//
-// * Cause: You are attempting to create a
-// new configuration but have already reached the 1,000-configuration limit.
-//
-// *
-// HTTP 403 Forbidden Error
-//
-// * Code: AccessDenied
-//
-// * Cause: You are not the owner
+// Permissions related to bucket subresource operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Identity and access management in Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// in the Amazon S3 User Guide. PutBucketInventoryConfiguration has the following
+// special errors: HTTP 400 Bad Request Error Code: InvalidArgument Cause: Invalid
+// Argument HTTP 400 Bad Request Error Code: TooManyConfigurations Cause: You are
+// attempting to create a new configuration but have already reached the
+// 1,000-configuration limit. HTTP 403 Forbidden Error Cause: You are not the owner
 // of the specified bucket, or you do not have the s3:PutInventoryConfiguration
-// bucket permission to set the configuration on the bucket.
-//
-// # Related Resources
-//
-// *
-// GetBucketInventoryConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html)
-//
-// *
-// DeleteBucketInventoryConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html)
-//
-// *
-// ListBucketInventoryConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html)
+// bucket permission to set the configuration on the bucket. The following
+// operations are related to PutBucketInventoryConfiguration :
+//   - GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html)
+//   - DeleteBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html)
+//   - ListBucketInventoryConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html)
 func (c *Client) PutBucketInventoryConfiguration(ctx context.Context, params *PutBucketInventoryConfigurationInput, optFns ...func(*Options)) (*PutBucketInventoryConfigurationOutput, error) {
 	if params == nil {
 		params = &PutBucketInventoryConfigurationInput{}
@@ -193,6 +158,9 @@ func (c *Client) addOperationPutBucketInventoryConfigurationMiddlewares(stack *m
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketInventoryConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLifecycleConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLifecycleConfiguration.go
index ca79b24e9..cb4bbeb7a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLifecycleConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLifecycleConfiguration.go
@@ -17,73 +17,52 @@ import (
 // lifecycle configuration. Keep in mind that this will overwrite an existing
 // lifecycle configuration, so if you want to retain any configuration details,
 // they must be included in the new lifecycle configuration. For information about
-// lifecycle configuration, see Managing your storage lifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html).
-// Bucket lifecycle configuration now supports specifying a lifecycle rule using an
-// object key name prefix, one or more object tags, or a combination of both.
+// lifecycle configuration, see Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
+// . Bucket lifecycle configuration now supports specifying a lifecycle rule using
+// an object key name prefix, one or more object tags, or a combination of both.
 // Accordingly, this section describes the latest API. The previous version of the
 // API supported filtering based only on an object key name prefix, which is
 // supported for backward compatibility. For the related API description, see
-// PutBucketLifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html).
-// Rules You specify the lifecycle configuration in your request body. The
+// PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)
+// . Rules You specify the lifecycle configuration in your request body. The
 // lifecycle configuration is specified as XML consisting of one or more rules. An
 // Amazon S3 Lifecycle configuration can have up to 1,000 rules. This limit is not
 // adjustable. Each rule consists of the following:
 //
-// * Filter identifying a subset
-// of objects to which the rule applies. The filter can be based on a key name
-// prefix, object tags, or a combination of both.
+//   - Filter identifying a subset of objects to which the rule applies. The
+//     filter can be based on a key name prefix, object tags, or a combination of both.
 //
-// * Status whether the rule is in
-// effect.
+//   - Status whether the rule is in effect.
 //
-// * One or more lifecycle transition and expiration actions that you want
-// Amazon S3 to perform on the objects identified by the filter. If the state of
-// your bucket is versioning-enabled or versioning-suspended, you can have many
-// versions of the same object (one current version and zero or more noncurrent
-// versions). Amazon S3 provides predefined actions that you can specify for
-// current and noncurrent object versions.
+//   - One or more lifecycle transition and expiration actions that you want
+//     Amazon S3 to perform on the objects identified by the filter. If the state of
+//     your bucket is versioning-enabled or versioning-suspended, you can have many
+//     versions of the same object (one current version and zero or more noncurrent
+//     versions). Amazon S3 provides predefined actions that you can specify for
+//     current and noncurrent object versions.
 //
-// For more information, see Object
-// Lifecycle Management
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) and
-// Lifecycle Configuration Elements
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html).
-// Permissions By default, all Amazon S3 resources are private, including buckets,
-// objects, and related subresources (for example, lifecycle configuration and
-// website configuration). Only the resource owner (that is, the Amazon Web
+// For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
+// and Lifecycle Configuration Elements (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html)
+// . Permissions By default, all Amazon S3 resources are private, including
+// buckets, objects, and related subresources (for example, lifecycle configuration
+// and website configuration). Only the resource owner (that is, the Amazon Web
 // Services account that created it) can access the resource. The resource owner
 // can optionally grant access permissions to others by writing an access policy.
-// For this operation, a user must get the s3:PutLifecycleConfiguration permission.
-// You can also explicitly deny permissions. Explicit deny also supersedes any
-// other permissions. If you want to block users or accounts from removing or
-// deleting objects from your bucket, you must deny them permissions for the
-// following actions:
+// For this operation, a user must get the s3:PutLifecycleConfiguration
+// permission. You can also explicitly deny permissions. Explicit deny also
+// supersedes any other permissions. If you want to block users or accounts from
+// removing or deleting objects from your bucket, you must deny them permissions
+// for the following actions:
+//   - s3:DeleteObject
+//   - s3:DeleteObjectVersion
+//   - s3:PutLifecycleConfiguration
 //
-// * s3:DeleteObject
-//
-// * s3:DeleteObjectVersion
-//
-// *
-// s3:PutLifecycleConfiguration
-//
-// For more information about permissions, see
-// Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// The following are related to PutBucketLifecycleConfiguration:
-//
-// * Examples of
-// Lifecycle Configuration
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-configuration-examples.html)
-//
-// *
-// GetBucketLifecycleConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
-//
-// *
-// DeleteBucketLifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html)
+// For more information about permissions, see Managing Access Permissions to Your
+// Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . The following operations are related to PutBucketLifecycleConfiguration :
+//   - Examples of Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-configuration-examples.html)
+//   - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
+//   - DeleteBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html)
 func (c *Client) PutBucketLifecycleConfiguration(ctx context.Context, params *PutBucketLifecycleConfigurationInput, optFns ...func(*Options)) (*PutBucketLifecycleConfigurationOutput, error) {
 	if params == nil {
 		params = &PutBucketLifecycleConfigurationInput{}
@@ -110,9 +89,8 @@ type PutBucketLifecycleConfigurationInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -192,6 +170,9 @@ func (c *Client) addOperationPutBucketLifecycleConfigurationMiddlewares(stack *m
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketLifecycleConfigurationInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLogging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLogging.go
index 0f3ea6d33..be2b2b4a7 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLogging.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLogging.go
@@ -23,49 +23,29 @@ import (
 // the bucket owner enforced setting for S3 Object Ownership, you can't use the
 // Grantee request element to grant access to others. Permissions can only be
 // granted using policies. For more information, see Permissions for server access
-// log delivery
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
+// log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
 // in the Amazon S3 User Guide. Grantee Values You can specify the person (grantee)
 // to whom you're assigning access rights (using request elements) in the following
 // ways:
+//   - By the person's ID: <>ID<><>GranteesEmail<> DisplayName is optional and
+//     ignored in the request.
+//   - By Email address: <>Grantees@email.com<> The grantee is resolved to the
+//     CanonicalUser and, in a response to a GET Object acl request, appears as the
+//     CanonicalUser.
+//   - By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>
 //
-// * By the person's ID: <>ID<><>GranteesEmail<>  DisplayName is optional
-// and ignored in the request.
-//
-// * By Email address:  <>Grantees@email.com<> The
-// grantee is resolved to the CanonicalUser and, in a response to a GET Object acl
-// request, appears as the CanonicalUser.
-//
-// * By URI:
-// <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>
-//
-// To enable
-// logging, you use LoggingEnabled and its children request elements. To disable
-// logging, you use an empty BucketLoggingStatus request element:  For more
-// information about server access logging, see Server Access Logging
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html) in the
-// Amazon S3 User Guide. For more information about creating a bucket, see
-// CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html). For
-// more information about returning the logging status of a bucket, see
-// GetBucketLogging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html). The
-// following operations are related to PutBucketLogging:
-//
-// * PutObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
-//
-// *
-// DeleteBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
-//
-// *
-// CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// *
-// GetBucketLogging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html)
+// To enable logging, you use LoggingEnabled and its children request elements. To
+// disable logging, you use an empty BucketLoggingStatus request element: For more
+// information about server access logging, see Server Access Logging (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html)
+// in the Amazon S3 User Guide. For more information about creating a bucket, see
+// CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+// . For more information about returning the logging status of a bucket, see
+// GetBucketLogging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html)
+// . The following operations are related to PutBucketLogging :
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//   - GetBucketLogging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html)
 func (c *Client) PutBucketLogging(ctx context.Context, params *PutBucketLoggingInput, optFns ...func(*Options)) (*PutBucketLoggingOutput, error) {
 	if params == nil {
 		params = &PutBucketLoggingInput{}
@@ -97,9 +77,8 @@ type PutBucketLoggingInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -181,6 +160,9 @@ func (c *Client) addOperationPutBucketLoggingMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketLoggingInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketMetricsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketMetricsConfiguration.go
index 4b989185a..aec2ed9de 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketMetricsConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketMetricsConfiguration.go
@@ -12,45 +12,28 @@ import (
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Sets a metrics configuration (specified by the metrics configuration ID) for the
-// bucket. You can have up to 1,000 metrics configurations per bucket. If you're
-// updating an existing metrics configuration, note that this is a full replacement
-// of the existing metrics configuration. If you don't include the elements you
-// want to keep, they are erased. To use this operation, you must have permissions
-// to perform the s3:PutMetricsConfiguration action. The bucket owner has this
-// permission by default. The bucket owner can grant this permission to others. For
-// more information about permissions, see Permissions Related to Bucket
-// Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// For information about CloudWatch request metrics for Amazon S3, see Monitoring
-// Metrics with Amazon CloudWatch
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
-// The following operations are related to PutBucketMetricsConfiguration:
+// Sets a metrics configuration (specified by the metrics configuration ID) for
+// the bucket. You can have up to 1,000 metrics configurations per bucket. If
+// you're updating an existing metrics configuration, note that this is a full
+// replacement of the existing metrics configuration. If you don't include the
+// elements you want to keep, they are erased. To use this operation, you must have
+// permissions to perform the s3:PutMetricsConfiguration action. The bucket owner
+// has this permission by default. The bucket owner can grant this permission to
+// others. For more information about permissions, see Permissions Related to
+// Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . For information about CloudWatch request metrics for Amazon S3, see
+// Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
+// . The following operations are related to PutBucketMetricsConfiguration :
+//   - DeleteBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html)
+//   - GetBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html)
+//   - ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html)
 //
-// *
-// DeleteBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html)
-//
-// *
-// GetBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html)
-//
-// *
-// ListBucketMetricsConfigurations
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html)
-//
-// GetBucketLifecycle
-// has the following special error:
-//
-// * Error code: TooManyConfigurations
-//
-// *
-// Description: You are attempting to create a new configuration but have already
-// reached the 1,000-configuration limit.
-//
-// * HTTP Status Code: HTTP 400 Bad Request
+// GetBucketLifecycle has the following special error:
+//   - Error code: TooManyConfigurations
+//   - Description: You are attempting to create a new configuration but have
+//     already reached the 1,000-configuration limit.
+//   - HTTP Status Code: HTTP 400 Bad Request
 func (c *Client) PutBucketMetricsConfiguration(ctx context.Context, params *PutBucketMetricsConfigurationInput, optFns ...func(*Options)) (*PutBucketMetricsConfigurationOutput, error) {
 	if params == nil {
 		params = &PutBucketMetricsConfigurationInput{}
@@ -156,6 +139,9 @@ func (c *Client) addOperationPutBucketMetricsConfigurationMiddlewares(stack *mid
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketMetricsConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketNotificationConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketNotificationConfiguration.go
index 8e771d6bc..632c276af 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketNotificationConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketNotificationConfiguration.go
@@ -13,44 +13,39 @@ import (
 )
 
 // Enables notifications of specified events for a bucket. For more information
-// about event notifications, see Configuring Event Notifications
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). Using
-// this API, you can replace an existing notification configuration. The
+// about event notifications, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+// . Using this API, you can replace an existing notification configuration. The
 // configuration is an XML file that defines the event types that you want Amazon
 // S3 to publish and the destination where you want Amazon S3 to publish an event
 // notification when it detects an event of the specified type. By default, your
 // bucket has no event notifications configured. That is, the notification
-// configuration will be an empty NotificationConfiguration.  This action replaces
-// the existing notification configuration with the configuration you include in
-// the request body. After Amazon S3 receives this request, it first verifies that
-// any Amazon Simple Notification Service (Amazon SNS) or Amazon Simple Queue
-// Service (Amazon SQS) destination exists, and that the bucket owner has
-// permission to publish to it by sending a test notification. In the case of
+// configuration will be an empty NotificationConfiguration .  This action
+// replaces the existing notification configuration with the configuration you
+// include in the request body. After Amazon S3 receives this request, it first
+// verifies that any Amazon Simple Notification Service (Amazon SNS) or Amazon
+// Simple Queue Service (Amazon SQS) destination exists, and that the bucket owner
+// has permission to publish to it by sending a test notification. In the case of
 // Lambda destinations, Amazon S3 verifies that the Lambda function permissions
 // grant Amazon S3 permission to invoke the function from the Amazon S3 bucket. For
-// more information, see Configuring Notifications for Amazon S3 Events
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). You
-// can disable notifications by adding the empty NotificationConfiguration element.
-// For more information about the number of event notification configurations that
-// you can create per bucket, see Amazon S3 service quotas
-// (https://docs.aws.amazon.com/general/latest/gr/s3.html#limits_s3) in Amazon Web
-// Services General Reference. By default, only the bucket owner can configure
-// notifications on a bucket. However, bucket owners can use a bucket policy to
-// grant permission to other users to set this configuration with
+// more information, see Configuring Notifications for Amazon S3 Events (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+// . You can disable notifications by adding the empty NotificationConfiguration
+// element. For more information about the number of event notification
+// configurations that you can create per bucket, see Amazon S3 service quotas (https://docs.aws.amazon.com/general/latest/gr/s3.html#limits_s3)
+// in Amazon Web Services General Reference. By default, only the bucket owner can
+// configure notifications on a bucket. However, bucket owners can use a bucket
+// policy to grant permission to other users to set this configuration with
 // s3:PutBucketNotification permission. The PUT notification is an atomic
 // operation. For example, suppose your notification configuration includes SNS
 // topic, SQS queue, and Lambda function configurations. When you send a PUT
 // request with this configuration, Amazon S3 sends test messages to your SNS
 // topic. If the message fails, the entire PUT action will fail, and Amazon S3 will
-// not add the configuration to your bucket. Responses If the configuration in the
-// request body includes only one TopicConfiguration specifying only the
+// not add the configuration to your bucket. If the configuration in the request
+// body includes only one TopicConfiguration specifying only the
 // s3:ReducedRedundancyLostObject event type, the response will also include the
 // x-amz-sns-test-message-id header containing the message ID of the test
 // notification sent to the topic. The following action is related to
-// PutBucketNotificationConfiguration:
-//
-// * GetBucketNotificationConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html)
+// PutBucketNotificationConfiguration :
+//   - GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html)
 func (c *Client) PutBucketNotificationConfiguration(ctx context.Context, params *PutBucketNotificationConfigurationInput, optFns ...func(*Options)) (*PutBucketNotificationConfigurationOutput, error) {
 	if params == nil {
 		params = &PutBucketNotificationConfigurationInput{}
@@ -73,8 +68,8 @@ type PutBucketNotificationConfigurationInput struct {
 	// This member is required.
 	Bucket *string
 
-	// A container for specifying the notification configuration of the bucket. If this
-	// element is empty, notifications are turned off for the bucket.
+	// A container for specifying the notification configuration of the bucket. If
+	// this element is empty, notifications are turned off for the bucket.
 	//
 	// This member is required.
 	NotificationConfiguration *types.NotificationConfiguration
@@ -155,6 +150,9 @@ func (c *Client) addOperationPutBucketNotificationConfigurationMiddlewares(stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketNotificationConfigurationUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketOwnershipControls.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketOwnershipControls.go
index 83210cac4..a26f9edb9 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketOwnershipControls.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketOwnershipControls.go
@@ -15,16 +15,11 @@ import (
 
 // Creates or modifies OwnershipControls for an Amazon S3 bucket. To use this
 // operation, you must have the s3:PutBucketOwnershipControls permission. For more
-// information about Amazon S3 permissions, see Specifying permissions in a policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/user-guide/using-with-s3-actions.html).
-// For information about Amazon S3 Object Ownership, see Using object ownership
-// (https://docs.aws.amazon.com/AmazonS3/latest/user-guide/about-object-ownership.html).
-// The following operations are related to PutBucketOwnershipControls:
-//
-// *
-// GetBucketOwnershipControls
-//
-// * DeleteBucketOwnershipControls
+// information about Amazon S3 permissions, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/user-guide/using-with-s3-actions.html)
+// . For information about Amazon S3 Object Ownership, see Using object ownership (https://docs.aws.amazon.com/AmazonS3/latest/user-guide/about-object-ownership.html)
+// . The following operations are related to PutBucketOwnershipControls :
+//   - GetBucketOwnershipControls
+//   - DeleteBucketOwnershipControls
 func (c *Client) PutBucketOwnershipControls(ctx context.Context, params *PutBucketOwnershipControlsInput, optFns ...func(*Options)) (*PutBucketOwnershipControlsOutput, error) {
 	if params == nil {
 		params = &PutBucketOwnershipControlsInput{}
@@ -130,6 +125,9 @@ func (c *Client) addOperationPutBucketOwnershipControlsMiddlewares(stack *middle
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketOwnershipControlsInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -170,9 +168,9 @@ func addPutBucketOwnershipControlsInputChecksumMiddlewares(stack *middleware.Sta
 	})
 }
 
-// getPutBucketOwnershipControlsBucketMember returns a pointer to string denoting a
-// provided bucket member valueand a boolean indicating if the input has a modeled
-// bucket name,
+// getPutBucketOwnershipControlsBucketMember returns a pointer to string denoting
+// a provided bucket member valueand a boolean indicating if the input has a
+// modeled bucket name,
 func getPutBucketOwnershipControlsBucketMember(input interface{}) (*string, bool) {
 	in := input.(*PutBucketOwnershipControlsInput)
 	if in.Bucket == nil {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketPolicy.go
index 8860d3b56..4ef087e8a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketPolicy.go
@@ -17,22 +17,20 @@ import (
 // identity other than the root user of the Amazon Web Services account that owns
 // the bucket, the calling identity must have the PutBucketPolicy permissions on
 // the specified bucket and belong to the bucket owner's account in order to use
-// this operation. If you don't have PutBucketPolicy permissions, Amazon S3 returns
-// a 403 Access Denied error. If you have the correct permissions, but you're not
-// using an identity that belongs to the bucket owner's account, Amazon S3 returns
-// a 405 Method Not Allowed error. As a security precaution, the root user of the
-// Amazon Web Services account that owns a bucket can always use this operation,
-// even if the policy explicitly denies the root user the ability to perform this
-// action. For more information, see Bucket policy examples
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html).
-// The following operations are related to PutBucketPolicy:
-//
-// * CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// *
-// DeleteBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
+// this operation. If you don't have PutBucketPolicy permissions, Amazon S3
+// returns a 403 Access Denied error. If you have the correct permissions, but
+// you're not using an identity that belongs to the bucket owner's account, Amazon
+// S3 returns a 405 Method Not Allowed error. To ensure that bucket owners don't
+// inadvertently lock themselves out of their own buckets, the root principal in a
+// bucket owner's Amazon Web Services account can perform the GetBucketPolicy ,
+// PutBucketPolicy , and DeleteBucketPolicy API actions, even if their bucket
+// policy explicitly denies the root principal's access. Bucket owner root
+// principals can only be blocked from performing these API actions by VPC endpoint
+// policies and Amazon Web Services Organizations policies. For more information,
+// see Bucket policy examples (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html)
+// . The following operations are related to PutBucketPolicy :
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
 func (c *Client) PutBucketPolicy(ctx context.Context, params *PutBucketPolicyInput, optFns ...func(*Options)) (*PutBucketPolicyOutput, error) {
 	if params == nil {
 		params = &PutBucketPolicyInput{}
@@ -64,9 +62,8 @@ type PutBucketPolicyInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -152,6 +149,9 @@ func (c *Client) addOperationPutBucketPolicyMiddlewares(stack *middleware.Stack,
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketPolicyInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketReplication.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketReplication.go
index 2213373f3..53e3c11ce 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketReplication.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketReplication.go
@@ -14,57 +14,44 @@ import (
 )
 
 // Creates a replication configuration or replaces an existing one. For more
-// information, see Replication
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) in the Amazon
-// S3 User Guide. Specify the replication configuration in the request body. In the
-// replication configuration, you provide the name of the destination bucket or
-// buckets where you want Amazon S3 to replicate objects, the IAM role that Amazon
-// S3 can assume to replicate objects on your behalf, and other relevant
-// information. A replication configuration must include at least one rule, and can
-// contain a maximum of 1,000. Each rule identifies a subset of objects to
-// replicate by filtering the objects in the source bucket. To choose additional
-// subsets of objects to replicate, add a rule for each subset. To specify a subset
-// of the objects in the source bucket to apply a replication rule to, add the
-// Filter element as a child of the Rule element. You can filter objects based on
-// an object key prefix, one or more object tags, or both. When you add the Filter
-// element in the configuration, you must also add the following elements:
-// DeleteMarkerReplication, Status, and Priority. If you are using an earlier
-// version of the replication configuration, Amazon S3 handles replication of
-// delete markers differently. For more information, see Backward Compatibility
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations).
-// For information about enabling versioning on a bucket, see Using Versioning
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html). Handling
-// Replication of Encrypted Objects By default, Amazon S3 doesn't replicate objects
-// that are stored at rest using server-side encryption with KMS keys. To replicate
-// Amazon Web Services KMS-encrypted objects, add the following:
-// SourceSelectionCriteria, SseKmsEncryptedObjects, Status,
-// EncryptionConfiguration, and ReplicaKmsKeyID. For information about replication
-// configuration, see Replicating Objects Created with SSE Using KMS keys
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html).
-// For information on PutBucketReplication errors, see List of replication-related
-// error codes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList)
+// information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
+// in the Amazon S3 User Guide. Specify the replication configuration in the
+// request body. In the replication configuration, you provide the name of the
+// destination bucket or buckets where you want Amazon S3 to replicate objects, the
+// IAM role that Amazon S3 can assume to replicate objects on your behalf, and
+// other relevant information. A replication configuration must include at least
+// one rule, and can contain a maximum of 1,000. Each rule identifies a subset of
+// objects to replicate by filtering the objects in the source bucket. To choose
+// additional subsets of objects to replicate, add a rule for each subset. To
+// specify a subset of the objects in the source bucket to apply a replication rule
+// to, add the Filter element as a child of the Rule element. You can filter
+// objects based on an object key prefix, one or more object tags, or both. When
+// you add the Filter element in the configuration, you must also add the following
+// elements: DeleteMarkerReplication , Status , and Priority . If you are using an
+// earlier version of the replication configuration, Amazon S3 handles replication
+// of delete markers differently. For more information, see Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations)
+// . For information about enabling versioning on a bucket, see Using Versioning (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html)
+// . Handling Replication of Encrypted Objects By default, Amazon S3 doesn't
+// replicate objects that are stored at rest using server-side encryption with KMS
+// keys. To replicate Amazon Web Services KMS-encrypted objects, add the following:
+// SourceSelectionCriteria , SseKmsEncryptedObjects , Status ,
+// EncryptionConfiguration , and ReplicaKmsKeyID . For information about
+// replication configuration, see Replicating Objects Created with SSE Using KMS
+// keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html)
+// . For information on PutBucketReplication errors, see List of
+// replication-related error codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList)
 // Permissions To create a PutBucketReplication request, you must have
 // s3:PutReplicationConfiguration permissions for the bucket. By default, a
 // resource owner, in this case the Amazon Web Services account that created the
 // bucket, can perform this operation. The resource owner can also grant others
 // permissions to perform the operation. For more information about permissions,
-// see Specifying Permissions in a Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) and
-// Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// To perform this operation, the user or role performing the action must have the
-// iam:PassRole
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html)
-// permission. The following operations are related to PutBucketReplication:
-//
-// *
-// GetBucketReplication
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html)
-//
-// *
-// DeleteBucketReplication
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html)
+// see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . To perform this operation, the user or role performing the action must have
+// the iam:PassRole (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html)
+// permission. The following operations are related to PutBucketReplication :
+//   - GetBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html)
+//   - DeleteBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html)
 func (c *Client) PutBucketReplication(ctx context.Context, params *PutBucketReplicationInput, optFns ...func(*Options)) (*PutBucketReplicationOutput, error) {
 	if params == nil {
 		params = &PutBucketReplicationInput{}
@@ -97,19 +84,17 @@ type PutBucketReplicationInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
-	// The base64-encoded 128-bit MD5 digest of the data. You must use this header as a
-	// message integrity check to verify that the request body was not corrupted in
-	// transit. For more information, see RFC 1864
-	// (http://www.ietf.org/rfc/rfc1864.txt). For requests made using the Amazon Web
-	// Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is
-	// calculated automatically.
+	// The base64-encoded 128-bit MD5 digest of the data. You must use this header as
+	// a message integrity check to verify that the request body was not corrupted in
+	// transit. For more information, see RFC 1864 (http://www.ietf.org/rfc/rfc1864.txt)
+	// . For requests made using the Amazon Web Services Command Line Interface (CLI)
+	// or Amazon Web Services SDKs, this field is calculated automatically.
 	ContentMD5 *string
 
 	// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -187,6 +172,9 @@ func (c *Client) addOperationPutBucketReplicationMiddlewares(stack *middleware.S
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketReplicationInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketRequestPayment.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketRequestPayment.go
index c89d97bec..368c0738a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketRequestPayment.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketRequestPayment.go
@@ -16,16 +16,10 @@ import (
 // Sets the request payment configuration for a bucket. By default, the bucket
 // owner pays for downloads from the bucket. This configuration parameter enables
 // the bucket owner (only) to specify that the person requesting the download will
-// be charged for the download. For more information, see Requester Pays Buckets
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html). The
-// following operations are related to PutBucketRequestPayment:
-//
-// * CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// *
-// GetBucketRequestPayment
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketRequestPayment.html)
+// be charged for the download. For more information, see Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html)
+// . The following operations are related to PutBucketRequestPayment :
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//   - GetBucketRequestPayment (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketRequestPayment.html)
 func (c *Client) PutBucketRequestPayment(ctx context.Context, params *PutBucketRequestPaymentInput, optFns ...func(*Options)) (*PutBucketRequestPaymentOutput, error) {
 	if params == nil {
 		params = &PutBucketRequestPaymentInput{}
@@ -57,19 +51,17 @@ type PutBucketRequestPaymentInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
-	// The base64-encoded 128-bit MD5 digest of the data. You must use this header as a
-	// message integrity check to verify that the request body was not corrupted in
-	// transit. For more information, see RFC 1864
-	// (http://www.ietf.org/rfc/rfc1864.txt). For requests made using the Amazon Web
-	// Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is
-	// calculated automatically.
+	// The base64-encoded 128-bit MD5 digest of the data. You must use this header as
+	// a message integrity check to verify that the request body was not corrupted in
+	// transit. For more information, see RFC 1864 (http://www.ietf.org/rfc/rfc1864.txt)
+	// . For requests made using the Amazon Web Services Command Line Interface (CLI)
+	// or Amazon Web Services SDKs, this field is calculated automatically.
 	ContentMD5 *string
 
 	// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -144,6 +136,9 @@ func (c *Client) addOperationPutBucketRequestPaymentMiddlewares(stack *middlewar
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketRequestPaymentInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketTagging.go
index f41010773..ea124a088 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketTagging.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketTagging.go
@@ -20,57 +20,34 @@ import (
 // with the same tag key values. For example, you can tag several resources with a
 // specific application name, and then organize your billing information to see the
 // total cost of that application across several services. For more information,
-// see Cost Allocation and Tagging
-// (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html)
-// and Using Cost Allocation in Amazon S3 Bucket Tags
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/CostAllocTagging.html). When
-// this operation sets the tags for a bucket, it will overwrite any current tags
-// the bucket already has. You cannot use this operation to add tags to an existing
-// list of tags. To use this operation, you must have permissions to perform the
-// s3:PutBucketTagging action. The bucket owner has this permission by default and
-// can grant this permission to others. For more information about permissions, see
-// Permissions Related to Bucket Subresource Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html).
-// PutBucketTagging has the following special errors:
+// see Cost Allocation and Tagging (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html)
+// and Using Cost Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/dev/CostAllocTagging.html)
+// . When this operation sets the tags for a bucket, it will overwrite any current
+// tags the bucket already has. You cannot use this operation to add tags to an
+// existing list of tags. To use this operation, you must have permissions to
+// perform the s3:PutBucketTagging action. The bucket owner has this permission by
+// default and can grant this permission to others. For more information about
+// permissions, see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// . PutBucketTagging has the following special errors:
+//   - Error code: InvalidTagError
+//   - Description: The tag provided was not a valid tag. This error can occur if
+//     the tag did not pass input validation. For information about tag restrictions,
+//     see User-Defined Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html)
+//     and Amazon Web Services-Generated Cost Allocation Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/aws-tag-restrictions.html)
+//     .
+//   - Error code: MalformedXMLError
+//   - Description: The XML provided does not match the schema.
+//   - Error code: OperationAbortedError
+//   - Description: A conflicting conditional action is currently in progress
+//     against this resource. Please try again.
+//   - Error code: InternalError
+//   - Description: The service was unable to apply the provided tag to the
+//     bucket.
 //
-// * Error code:
-// InvalidTagError
-//
-// * Description: The tag provided was not a valid tag. This error
-// can occur if the tag did not pass input validation. For information about tag
-// restrictions, see User-Defined Tag Restrictions
-// (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html)
-// and Amazon Web Services-Generated Cost Allocation Tag Restrictions
-// (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/aws-tag-restrictions.html).
-//
-// *
-// Error code: MalformedXMLError
-//
-// * Description: The XML provided does not match
-// the schema.
-//
-// * Error code: OperationAbortedError
-//
-// * Description: A conflicting
-// conditional action is currently in progress against this resource. Please try
-// again.
-//
-// * Error code: InternalError
-//
-// * Description: The service was unable to
-// apply the provided tag to the bucket.
-//
-// The following operations are related to
-// PutBucketTagging:
-//
-// * GetBucketTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html)
-//
-// *
-// DeleteBucketTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html)
+// The following operations are related to PutBucketTagging :
+//   - GetBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html)
+//   - DeleteBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html)
 func (c *Client) PutBucketTagging(ctx context.Context, params *PutBucketTaggingInput, optFns ...func(*Options)) (*PutBucketTaggingOutput, error) {
 	if params == nil {
 		params = &PutBucketTaggingInput{}
@@ -102,19 +79,17 @@ type PutBucketTaggingInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
-	// The base64-encoded 128-bit MD5 digest of the data. You must use this header as a
-	// message integrity check to verify that the request body was not corrupted in
-	// transit. For more information, see RFC 1864
-	// (http://www.ietf.org/rfc/rfc1864.txt). For requests made using the Amazon Web
-	// Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is
-	// calculated automatically.
+	// The base64-encoded 128-bit MD5 digest of the data. You must use this header as
+	// a message integrity check to verify that the request body was not corrupted in
+	// transit. For more information, see RFC 1864 (http://www.ietf.org/rfc/rfc1864.txt)
+	// . For requests made using the Amazon Web Services Command Line Interface (CLI)
+	// or Amazon Web Services SDKs, this field is calculated automatically.
 	ContentMD5 *string
 
 	// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -189,6 +164,9 @@ func (c *Client) addOperationPutBucketTaggingMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketTaggingInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketVersioning.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketVersioning.go
index 6d7943e6f..121b3effb 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketVersioning.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketVersioning.go
@@ -18,32 +18,22 @@ import (
 // objects in the bucket. All objects added to the bucket receive a unique version
 // ID. Suspended—Disables versioning for the objects in the bucket. All objects
 // added to the bucket receive the version ID null. If the versioning state has
-// never been set on a bucket, it has no versioning state; a GetBucketVersioning
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html)
+// never been set on a bucket, it has no versioning state; a GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html)
 // request does not return a versioning state value. In order to enable MFA Delete,
 // you must be the bucket owner. If you are the bucket owner and want to enable MFA
 // Delete in the bucket versioning configuration, you must include the x-amz-mfa
-// request header and the Status and the MfaDelete request elements in a request to
-// set the versioning state of the bucket. If you have an object expiration
-// lifecycle policy in your non-versioned bucket and you want to maintain the same
-// permanent delete behavior when you enable versioning, you must add a noncurrent
-// expiration policy. The noncurrent expiration lifecycle policy will manage the
-// deletes of the noncurrent object versions in the version-enabled bucket. (A
-// version-enabled bucket maintains one current and zero or more noncurrent object
-// versions.) For more information, see Lifecycle and Versioning
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-and-other-bucket-config).
-// Related Resources
-//
-// * CreateBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
-//
-// *
-// DeleteBucket
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
-//
-// *
-// GetBucketVersioning
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html)
+// request header and the Status and the MfaDelete request elements in a request
+// to set the versioning state of the bucket. If you have an object expiration
+// lifecycle configuration in your non-versioned bucket and you want to maintain
+// the same permanent delete behavior when you enable versioning, you must add a
+// noncurrent expiration policy. The noncurrent expiration lifecycle configuration
+// will manage the deletes of the noncurrent object versions in the version-enabled
+// bucket. (A version-enabled bucket maintains one current and zero or more
+// noncurrent object versions.) For more information, see Lifecycle and Versioning (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-and-other-bucket-config)
+// . The following operations are related to PutBucketVersioning :
+//   - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+//   - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
+//   - GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html)
 func (c *Client) PutBucketVersioning(ctx context.Context, params *PutBucketVersioningInput, optFns ...func(*Options)) (*PutBucketVersioningOutput, error) {
 	if params == nil {
 		params = &PutBucketVersioningInput{}
@@ -75,19 +65,17 @@ type PutBucketVersioningInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
 	// >The base64-encoded 128-bit MD5 digest of the data. You must use this header as
 	// a message integrity check to verify that the request body was not corrupted in
-	// transit. For more information, see RFC 1864
-	// (http://www.ietf.org/rfc/rfc1864.txt). For requests made using the Amazon Web
-	// Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is
-	// calculated automatically.
+	// transit. For more information, see RFC 1864 (http://www.ietf.org/rfc/rfc1864.txt)
+	// . For requests made using the Amazon Web Services Command Line Interface (CLI)
+	// or Amazon Web Services SDKs, this field is calculated automatically.
 	ContentMD5 *string
 
 	// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -95,8 +83,8 @@ type PutBucketVersioningInput struct {
 	// (access denied).
 	ExpectedBucketOwner *string
 
-	// The concatenation of the authentication device's serial number, a space, and the
-	// value that is displayed on your authentication device.
+	// The concatenation of the authentication device's serial number, a space, and
+	// the value that is displayed on your authentication device.
 	MFA *string
 
 	noSmithyDocumentSerde
@@ -166,6 +154,9 @@ func (c *Client) addOperationPutBucketVersioningMiddlewares(stack *middleware.St
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketVersioningInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -196,8 +187,8 @@ func newServiceMetadataMiddleware_opPutBucketVersioning(region string) *awsmiddl
 	}
 }
 
-// getPutBucketVersioningRequestAlgorithmMember gets the request checksum algorithm
-// value provided as input.
+// getPutBucketVersioningRequestAlgorithmMember gets the request checksum
+// algorithm value provided as input.
 func getPutBucketVersioningRequestAlgorithmMember(input interface{}) (string, bool) {
 	in := input.(*PutBucketVersioningInput)
 	if len(in.ChecksumAlgorithm) == 0 {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketWebsite.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketWebsite.go
index 11cb4a355..3511bf7a7 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketWebsite.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketWebsite.go
@@ -17,73 +17,45 @@ import (
 // subresource. To configure a bucket as a website, you can add this subresource on
 // the bucket with website configuration information such as the file name of the
 // index document and any redirect rules. For more information, see Hosting
-// Websites on Amazon S3
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). This PUT
-// action requires the S3:PutBucketWebsite permission. By default, only the bucket
-// owner can configure the website attached to a bucket; however, bucket owners can
-// allow other users to set the website configuration by writing a bucket policy
-// that grants them the S3:PutBucketWebsite permission. To redirect all website
-// requests sent to the bucket's website endpoint, you add a website configuration
-// with the following elements. Because all requests are sent to another website,
-// you don't need to provide index document name for the bucket.
+// Websites on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html)
+// . This PUT action requires the S3:PutBucketWebsite permission. By default, only
+// the bucket owner can configure the website attached to a bucket; however, bucket
+// owners can allow other users to set the website configuration by writing a
+// bucket policy that grants them the S3:PutBucketWebsite permission. To redirect
+// all website requests sent to the bucket's website endpoint, you add a website
+// configuration with the following elements. Because all requests are sent to
+// another website, you don't need to provide index document name for the bucket.
+//   - WebsiteConfiguration
+//   - RedirectAllRequestsTo
+//   - HostName
+//   - Protocol
 //
-// *
-// WebsiteConfiguration
+// If you want granular control over redirects, you can use the following elements
+// to add routing rules that describe conditions for redirecting requests and
+// information about the redirect destination. In this case, the website
+// configuration must provide an index document for the bucket, because some
+// requests might not be redirected.
+//   - WebsiteConfiguration
+//   - IndexDocument
+//   - Suffix
+//   - ErrorDocument
+//   - Key
+//   - RoutingRules
+//   - RoutingRule
+//   - Condition
+//   - HttpErrorCodeReturnedEquals
+//   - KeyPrefixEquals
+//   - Redirect
+//   - Protocol
+//   - HostName
+//   - ReplaceKeyPrefixWith
+//   - ReplaceKeyWith
+//   - HttpRedirectCode
 //
-// * RedirectAllRequestsTo
-//
-// * HostName
-//
-// * Protocol
-//
-// If you
-// want granular control over redirects, you can use the following elements to add
-// routing rules that describe conditions for redirecting requests and information
-// about the redirect destination. In this case, the website configuration must
-// provide an index document for the bucket, because some requests might not be
-// redirected.
-//
-// * WebsiteConfiguration
-//
-// * IndexDocument
-//
-// * Suffix
-//
-// *
-// ErrorDocument
-//
-// * Key
-//
-// * RoutingRules
-//
-// * RoutingRule
-//
-// * Condition
-//
-// *
-// HttpErrorCodeReturnedEquals
-//
-// * KeyPrefixEquals
-//
-// * Redirect
-//
-// * Protocol
-//
-// *
-// HostName
-//
-// * ReplaceKeyPrefixWith
-//
-// * ReplaceKeyWith
-//
-// * HttpRedirectCode
-//
-// Amazon
-// S3 has a limitation of 50 routing rules per website configuration. If you
-// require more than 50 routing rules, you can use object redirect. For more
-// information, see Configuring an Object Redirect
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html) in
-// the Amazon S3 User Guide.
+// Amazon S3 has a limitation of 50 routing rules per website configuration. If
+// you require more than 50 routing rules, you can use object redirect. For more
+// information, see Configuring an Object Redirect (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html)
+// in the Amazon S3 User Guide.
 func (c *Client) PutBucketWebsite(ctx context.Context, params *PutBucketWebsiteInput, optFns ...func(*Options)) (*PutBucketWebsiteOutput, error) {
 	if params == nil {
 		params = &PutBucketWebsiteInput{}
@@ -115,19 +87,17 @@ type PutBucketWebsiteInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
-	// The base64-encoded 128-bit MD5 digest of the data. You must use this header as a
-	// message integrity check to verify that the request body was not corrupted in
-	// transit. For more information, see RFC 1864
-	// (http://www.ietf.org/rfc/rfc1864.txt). For requests made using the Amazon Web
-	// Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is
-	// calculated automatically.
+	// The base64-encoded 128-bit MD5 digest of the data. You must use this header as
+	// a message integrity check to verify that the request body was not corrupted in
+	// transit. For more information, see RFC 1864 (http://www.ietf.org/rfc/rfc1864.txt)
+	// . For requests made using the Amazon Web Services Command Line Interface (CLI)
+	// or Amazon Web Services SDKs, this field is calculated automatically.
 	ContentMD5 *string
 
 	// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -202,6 +172,9 @@ func (c *Client) addOperationPutBucketWebsiteMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutBucketWebsiteInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go
index ff037df75..afa810f13 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go
@@ -24,86 +24,64 @@ import (
 // values. Amazon S3 is a distributed system. If it receives multiple write
 // requests for the same object simultaneously, it overwrites all but the last
 // object written. To prevent objects from being deleted or overwritten, you can
-// use Amazon S3 Object Lock
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html). To
-// ensure that data is not corrupted traversing the network, use the Content-MD5
-// header. When you use this header, Amazon S3 checks the object against the
-// provided MD5 value and, if they do not match, returns an error. Additionally,
-// you can calculate the MD5 while putting an object to Amazon S3 and compare the
-// returned ETag to the calculated MD5 value.
+// use Amazon S3 Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html)
+// . To ensure that data is not corrupted traversing the network, use the
+// Content-MD5 header. When you use this header, Amazon S3 checks the object
+// against the provided MD5 value and, if they do not match, returns an error.
+// Additionally, you can calculate the MD5 while putting an object to Amazon S3 and
+// compare the returned ETag to the calculated MD5 value.
+//   - To successfully complete the PutObject request, you must have the
+//     s3:PutObject in your IAM permissions.
+//   - To successfully change the objects acl of your PutObject request, you must
+//     have the s3:PutObjectAcl in your IAM permissions.
+//   - To successfully set the tag-set with your PutObject request, you must have
+//     the s3:PutObjectTagging in your IAM permissions.
+//   - The Content-MD5 header is required for any request to upload an object with
+//     a retention period configured using Amazon S3 Object Lock. For more information
+//     about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html)
+//     in the Amazon S3 User Guide.
 //
-// * To successfully complete the
-// PutObject request, you must have the s3:PutObject in your IAM permissions.
-//
-// * To
-// successfully change the objects acl of your PutObject request, you must have the
-// s3:PutObjectAcl in your IAM permissions.
-//
-// * To successfully set the tag-set with
-// your PutObject request, you must have the s3:PutObjectTagging in your IAM
-// permissions.
-//
-// * The Content-MD5 header is required for any request to upload an
-// object with a retention period configured using Amazon S3 Object Lock. For more
-// information about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html) in
-// the Amazon S3 User Guide.
-//
-// You have three mutually exclusive options to protect
-// data using server-side encryption in Amazon S3, depending on how you choose to
-// manage the encryption keys. Specifically, the encryption key options are Amazon
-// S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), and
-// customer-provided keys (SSE-C). Amazon S3 encrypts data with server-side
-// encryption by using Amazon S3 managed keys (SSE-S3) by default. You can
-// optionally tell Amazon S3 to encrypt data at by rest using server-side
-// encryption with other key options. For more information, see Using Server-Side
-// Encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html).
-// When adding a new object, you can use headers to grant ACL-based permissions to
-// individual Amazon Web Services accounts or to predefined groups defined by
+// You have three mutually exclusive options to protect data using server-side
+// encryption in Amazon S3, depending on how you choose to manage the encryption
+// keys. Specifically, the encryption key options are Amazon S3 managed keys
+// (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), and customer-provided keys
+// (SSE-C). Amazon S3 encrypts data with server-side encryption by using Amazon S3
+// managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to encrypt
+// data at by rest using server-side encryption with other key options. For more
+// information, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
+// . When adding a new object, you can use headers to grant ACL-based permissions
+// to individual Amazon Web Services accounts or to predefined groups defined by
 // Amazon S3. These permissions are then added to the ACL on the object. By
 // default, all objects are private. Only the owner has full access control. For
-// more information, see Access Control List (ACL) Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) and Managing
-// ACLs Using the REST API
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html). If
-// the bucket that you're uploading objects to uses the bucket owner enforced
+// more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html)
+// . If the bucket that you're uploading objects to uses the bucket owner enforced
 // setting for S3 Object Ownership, ACLs are disabled and no longer affect
 // permissions. Buckets that use this setting only accept PUT requests that don't
 // specify an ACL or PUT requests that specify bucket owner full control ACLs, such
 // as the bucket-owner-full-control canned ACL or an equivalent form of this ACL
 // expressed in the XML format. PUT requests that contain other ACLs (for example,
 // custom grants to certain Amazon Web Services accounts) fail and return a 400
-// error with the error code AccessControlListNotSupported. For more information,
-// see  Controlling ownership of objects and disabling ACLs
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// error with the error code AccessControlListNotSupported . For more information,
+// see Controlling ownership of objects and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
 // in the Amazon S3 User Guide. If your bucket uses the bucket owner enforced
 // setting for Object Ownership, all objects written to the bucket by any account
 // will be owned by the bucket owner. By default, Amazon S3 uses the STANDARD
 // Storage Class to store newly created objects. The STANDARD storage class
 // provides high durability and high availability. Depending on performance needs,
 // you can specify a different Storage Class. Amazon S3 on Outposts only uses the
-// OUTPOSTS Storage Class. For more information, see Storage Classes
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) in
-// the Amazon S3 User Guide. If you enable versioning for a bucket, Amazon S3
+// OUTPOSTS Storage Class. For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+// in the Amazon S3 User Guide. If you enable versioning for a bucket, Amazon S3
 // automatically generates a unique version ID for the object being stored. Amazon
 // S3 returns this ID in the response. When you enable versioning for a bucket, if
 // Amazon S3 receives multiple write requests for the same object simultaneously,
 // it stores all of the objects. For more information about versioning, see Adding
-// Objects to Versioning Enabled Buckets
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html).
-// For information about returning the versioning state of a bucket, see
-// GetBucketVersioning
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html).
-// For more information about related Amazon S3 APIs, see the following:
-//
-// *
-// CopyObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
-//
-// *
-// DeleteObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
+// Objects to Versioning-Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html)
+// . For information about returning the versioning state of a bucket, see
+// GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html)
+// . For more information about related Amazon S3 APIs, see the following:
+//   - CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
+//   - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html)
 func (c *Client) PutObject(ctx context.Context, params *PutObjectInput, optFns ...func(*Options)) (*PutObjectOutput, error) {
 	if params == nil {
 		params = &PutObjectInput{}
@@ -127,17 +105,15 @@ type PutObjectInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -147,9 +123,8 @@ type PutObjectInput struct {
 	// This member is required.
 	Key *string
 
-	// The canned ACL to apply to the object. For more information, see Canned ACL
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
-	// This action is not supported by Amazon S3 on Outposts.
+	// The canned ACL to apply to the object. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL)
+	// . This action is not supported by Amazon S3 on Outposts.
 	ACL types.ObjectCannedACL
 
 	// Object data.
@@ -163,17 +138,16 @@ type PutObjectInput struct {
 	BucketKeyEnabled bool
 
 	// Can be used to specify caching behavior along the request/reply chain. For more
-	// information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
-	// (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9).
+	// information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9)
+	// .
 	CacheControl *string
 
 	// Indicates the algorithm used to create the checksum for the object when using
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -181,45 +155,41 @@ type PutObjectInput struct {
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 32-bit CRC32 checksum of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 32-bit CRC32C checksum of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 160-bit SHA-1 digest of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 256-bit SHA-256 digest of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
 	// Specifies presentational information for the object. For more information, see
-	// https://www.rfc-editor.org/rfc/rfc6266#section-4
-	// (https://www.rfc-editor.org/rfc/rfc6266#section-4).
+	// https://www.rfc-editor.org/rfc/rfc6266#section-4 (https://www.rfc-editor.org/rfc/rfc6266#section-4)
+	// .
 	ContentDisposition *string
 
 	// Specifies what content encodings have been applied to the object and thus what
 	// decoding mechanisms must be applied to obtain the media-type referenced by the
 	// Content-Type header field. For more information, see
-	// https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding
-	// (https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding).
+	// https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding (https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding)
+	// .
 	ContentEncoding *string
 
 	// The language the content is in.
@@ -227,8 +197,8 @@ type PutObjectInput struct {
 
 	// Size of the body in bytes. This parameter is useful when the size of the body
 	// cannot be determined automatically. For more information, see
-	// https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length
-	// (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length).
+	// https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length)
+	// .
 	ContentLength int64
 
 	// The base64-encoded 128-bit MD5 digest of the message (without the headers)
@@ -236,13 +206,13 @@ type PutObjectInput struct {
 	// verify that the data is the same data that was originally sent. Although it is
 	// optional, we recommend using the Content-MD5 mechanism as an end-to-end
 	// integrity check. For more information about REST request authentication, see
-	// REST Authentication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html).
+	// REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html)
+	// .
 	ContentMD5 *string
 
 	// A standard MIME type describing the format of the contents. For more
-	// information, see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type
-	// (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type).
+	// information, see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type)
+	// .
 	ContentType *string
 
 	// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -251,8 +221,8 @@ type PutObjectInput struct {
 	ExpectedBucketOwner *string
 
 	// The date and time at which the object is no longer cacheable. For more
-	// information, see https://www.rfc-editor.org/rfc/rfc7234#section-5.3
-	// (https://www.rfc-editor.org/rfc/rfc7234#section-5.3).
+	// information, see https://www.rfc-editor.org/rfc/rfc7234#section-5.3 (https://www.rfc-editor.org/rfc/rfc7234#section-5.3)
+	// .
 	Expires *time.Time
 
 	// Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. This
@@ -263,8 +233,8 @@ type PutObjectInput struct {
 	// supported by Amazon S3 on Outposts.
 	GrantRead *string
 
-	// Allows grantee to read the object ACL. This action is not supported by Amazon S3
-	// on Outposts.
+	// Allows grantee to read the object ACL. This action is not supported by Amazon
+	// S3 on Outposts.
 	GrantReadACP *string
 
 	// Allows grantee to write the ACL for the applicable object. This action is not
@@ -275,8 +245,8 @@ type PutObjectInput struct {
 	Metadata map[string]string
 
 	// Specifies whether a legal hold will be applied to this object. For more
-	// information about S3 Object Lock, see Object Lock
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
+	// information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html)
+	// .
 	ObjectLockLegalHoldStatus types.ObjectLockLegalHoldStatus
 
 	// The Object Lock mode that you want to apply to this object.
@@ -289,8 +259,7 @@ type PutObjectInput struct {
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -317,46 +286,43 @@ type PutObjectInput struct {
 	// GetObject or CopyObject operations on this object.
 	SSEKMSEncryptionContext *string
 
-	// If x-amz-server-side-encryption has a valid value of aws:kms, this header
+	// If x-amz-server-side-encryption has a valid value of aws:kms , this header
 	// specifies the ID of the Amazon Web Services Key Management Service (Amazon Web
 	// Services KMS) symmetric encryption customer managed key that was used for the
-	// object. If you specify x-amz-server-side-encryption:aws:kms, but do not provide
-	// x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web
+	// object. If you specify x-amz-server-side-encryption:aws:kms , but do not provide
+	// x-amz-server-side-encryption-aws-kms-key-id , Amazon S3 uses the Amazon Web
 	// Services managed key to protect the data. If the KMS key does not exist in the
 	// same account issuing the command, you must use the full ARN and not just the ID.
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256, aws:kms ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// By default, Amazon S3 uses the STANDARD Storage Class to store newly created
 	// objects. The STANDARD storage class provides high durability and high
 	// availability. Depending on performance needs, you can specify a different
 	// Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For
-	// more information, see Storage Classes
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) in
-	// the Amazon S3 User Guide.
+	// more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+	// in the Amazon S3 User Guide.
 	StorageClass types.StorageClass
 
-	// The tag-set for the object. The tag-set must be encoded as URL Query parameters.
-	// (For example, "Key1=Value1")
+	// The tag-set for the object. The tag-set must be encoded as URL Query
+	// parameters. (For example, "Key1=Value1")
 	Tagging *string
 
 	// If the bucket is configured as a website, redirects requests for this object to
 	// another object in the same bucket or to an external URL. Amazon S3 stores the
 	// value of this header in the object metadata. For information about object
-	// metadata, see Object Key and Metadata
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html). In the
-	// following example, the request header sets the redirect to an object
+	// metadata, see Object Key and Metadata (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html)
+	// . In the following example, the request header sets the redirect to an object
 	// (anotherPage.html) in the same bucket: x-amz-website-redirect-location:
 	// /anotherPage.html In the following example, the request header sets the object
 	// redirect to another website: x-amz-website-redirect-location:
 	// http://www.example.com/ For more information about website hosting in Amazon S3,
-	// see Hosting Websites on Amazon S3
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) and How to
-	// Configure Website Page Redirects
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html).
+	// see Hosting Websites on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html)
+	// and How to Configure Website Page Redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html)
+	// .
 	WebsiteRedirectLocation *string
 
 	noSmithyDocumentSerde
@@ -371,32 +337,28 @@ type PutObjectOutput struct {
 	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -404,9 +366,8 @@ type PutObjectOutput struct {
 	ETag *string
 
 	// If the expiration is configured for the object (see
-	// PutBucketLifecycleConfiguration
-	// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)),
-	// the response includes this header. It includes the expiry-date and rule-id
+	// PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
+	// ), the response includes this header. It includes the expiry-date and rule-id
 	// key-value pairs that provide information about object expiration. The value of
 	// the rule-id is URL-encoded.
 	Expiration *string
@@ -415,13 +376,14 @@ type PutObjectOutput struct {
 	// request.
 	RequestCharged types.RequestCharged
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm used.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header confirming the encryption
+	// algorithm used.
 	SSECustomerAlgorithm *string
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header to provide round-trip message
+	// integrity verification of the customer-provided encryption key.
 	SSECustomerKeyMD5 *string
 
 	// If present, specifies the Amazon Web Services KMS Encryption Context to use for
@@ -431,14 +393,14 @@ type PutObjectOutput struct {
 	// for future GetObject or CopyObject operations on this object.
 	SSEKMSEncryptionContext *string
 
-	// If x-amz-server-side-encryption is has a valid value of aws:kms, this header
+	// If x-amz-server-side-encryption is has a valid value of aws:kms , this header
 	// specifies the ID of the Amazon Web Services Key Management Service (Amazon Web
 	// Services KMS) symmetric encryption customer managed key that was used for the
 	// object.
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256, aws:kms ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// Version of the object.
@@ -510,6 +472,9 @@ func (c *Client) addOperationPutObjectMiddlewares(stack *middleware.Stack, optio
 	if err = add100Continue(stack, options); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutObjectInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectAcl.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectAcl.go
index e93a34f63..f32ac453e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectAcl.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectAcl.go
@@ -16,137 +16,84 @@ import (
 // Uses the acl subresource to set the access control list (ACL) permissions for a
 // new or existing object in an S3 bucket. You must have WRITE_ACP permission to
 // set the ACL of an object. For more information, see What permissions can I
-// grant?
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions)
+// grant? (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions)
 // in the Amazon S3 User Guide. This action is not supported by Amazon S3 on
 // Outposts. Depending on your application needs, you can choose to set the ACL on
 // an object using either the request body or the headers. For example, if you have
 // an existing application that updates a bucket ACL using the request body, you
-// can continue to use that approach. For more information, see Access Control List
-// (ACL) Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) in the
-// Amazon S3 User Guide. If your bucket uses the bucket owner enforced setting for
-// S3 Object Ownership, ACLs are disabled and no longer affect permissions. You
-// must use policies to grant access to your bucket and the objects in it. Requests
-// to set ACLs or update ACLs fail and return the AccessControlListNotSupported
-// error code. Requests to read ACLs are still supported. For more information, see
-// Controlling object ownership
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
-// in the Amazon S3 User Guide. Access Permissions You can set access permissions
-// using one of the following methods:
+// can continue to use that approach. For more information, see Access Control
+// List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+// in the Amazon S3 User Guide. If your bucket uses the bucket owner enforced
+// setting for S3 Object Ownership, ACLs are disabled and no longer affect
+// permissions. You must use policies to grant access to your bucket and the
+// objects in it. Requests to set ACLs or update ACLs fail and return the
+// AccessControlListNotSupported error code. Requests to read ACLs are still
+// supported. For more information, see Controlling object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// in the Amazon S3 User Guide. Permissions You can set access permissions using
+// one of the following methods:
+//   - Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports a
+//     set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined
+//     set of grantees and permissions. Specify the canned ACL name as the value of
+//     x-amz-ac l. If you use this header, you cannot use other access
+//     control-specific headers in your request. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL)
+//     .
+//   - Specify access permissions explicitly with the x-amz-grant-read ,
+//     x-amz-grant-read-acp , x-amz-grant-write-acp , and x-amz-grant-full-control
+//     headers. When using these headers, you specify explicit access permissions and
+//     grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the
+//     permission. If you use these ACL-specific headers, you cannot use x-amz-acl
+//     header to set a canned ACL. These parameters map to the set of permissions that
+//     Amazon S3 supports in an ACL. For more information, see Access Control List
+//     (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+//     . You specify each grantee as a type=value pair, where the type is one of the
+//     following:
+//   - id – if the value specified is the canonical user ID of an Amazon Web
+//     Services account
+//   - uri – if you are granting permissions to a predefined group
+//   - emailAddress – if the value specified is the email address of an Amazon Web
+//     Services account Using email addresses to specify a grantee is only supported in
+//     the following Amazon Web Services Regions:
+//   - US East (N. Virginia)
+//   - US West (N. California)
+//   - US West (Oregon)
+//   - Asia Pacific (Singapore)
+//   - Asia Pacific (Sydney)
+//   - Asia Pacific (Tokyo)
+//   - Europe (Ireland)
+//   - South America (São Paulo) For a list of all the Amazon S3 supported Regions
+//     and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+//     in the Amazon Web Services General Reference. For example, the following
+//     x-amz-grant-read header grants list objects permission to the two Amazon Web
+//     Services accounts identified by their email addresses. x-amz-grant-read:
+//     emailAddress="xyz@amazon.com", emailAddress="abc@amazon.com"
 //
-// * Specify a canned ACL with the x-amz-acl
-// request header. Amazon S3 supports a set of predefined ACLs, known as canned
-// ACLs. Each canned ACL has a predefined set of grantees and permissions. Specify
-// the canned ACL name as the value of x-amz-acl. If you use this header, you
-// cannot use other access control-specific headers in your request. For more
-// information, see Canned ACL
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
+// You can use either a canned ACL or specify access permissions explicitly. You
+// cannot do both. Grantee Values You can specify the person (grantee) to whom
+// you're assigning access rights (using request elements) in the following ways:
+//   - By the person's ID: <>ID<><>GranteesEmail<> DisplayName is optional and
+//     ignored in the request.
+//   - By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>
+//   - By Email address: <>Grantees@email.com<>lt;/Grantee> The grantee is resolved
+//     to the CanonicalUser and, in a response to a GET Object acl request, appears as
+//     the CanonicalUser. Using email addresses to specify a grantee is only supported
+//     in the following Amazon Web Services Regions:
+//   - US East (N. Virginia)
+//   - US West (N. California)
+//   - US West (Oregon)
+//   - Asia Pacific (Singapore)
+//   - Asia Pacific (Sydney)
+//   - Asia Pacific (Tokyo)
+//   - Europe (Ireland)
+//   - South America (São Paulo) For a list of all the Amazon S3 supported Regions
+//     and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+//     in the Amazon Web Services General Reference.
 //
-// *
-// Specify access permissions explicitly with the x-amz-grant-read,
-// x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control
-// headers. When using these headers, you specify explicit access permissions and
-// grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the
-// permission. If you use these ACL-specific headers, you cannot use x-amz-acl
-// header to set a canned ACL. These parameters map to the set of permissions that
-// Amazon S3 supports in an ACL. For more information, see Access Control List
-// (ACL) Overview
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). You specify
-// each grantee as a type=value pair, where the type is one of the following:
-//
-// * id
-// – if the value specified is the canonical user ID of an Amazon Web Services
-// account
-//
-// * uri – if you are granting permissions to a predefined group
-//
-// *
-// emailAddress – if the value specified is the email address of an Amazon Web
-// Services account Using email addresses to specify a grantee is only supported in
-// the following Amazon Web Services Regions:
-//
-// * US East (N. Virginia)
-//
-// * US West
-// (N. California)
-//
-// * US West (Oregon)
-//
-// * Asia Pacific (Singapore)
-//
-// * Asia Pacific
-// (Sydney)
-//
-// * Asia Pacific (Tokyo)
-//
-// * Europe (Ireland)
-//
-// * South America (São
-// Paulo)
-//
-// For a list of all the Amazon S3 supported Regions and endpoints, see
-// Regions and Endpoints
-// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the
-// Amazon Web Services General Reference.
-//
-// For example, the following
-// x-amz-grant-read header grants list objects permission to the two Amazon Web
-// Services accounts identified by their email addresses. x-amz-grant-read:
-// emailAddress="xyz@amazon.com", emailAddress="abc@amazon.com"
-//
-// You can use either
-// a canned ACL or specify access permissions explicitly. You cannot do both.
-// Grantee Values You can specify the person (grantee) to whom you're assigning
-// access rights (using request elements) in the following ways:
-//
-// * By the person's
-// ID: <>ID<><>GranteesEmail<>  DisplayName is optional and ignored in the
-// request.
-//
-// * By URI:
-// <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>
-//
-// * By Email
-// address: <>Grantees@email.com<>lt;/Grantee> The grantee is resolved to the
-// CanonicalUser and, in a response to a GET Object acl request, appears as the
-// CanonicalUser. Using email addresses to specify a grantee is only supported in
-// the following Amazon Web Services Regions:
-//
-// * US East (N. Virginia)
-//
-// * US West
-// (N. California)
-//
-// * US West (Oregon)
-//
-// * Asia Pacific (Singapore)
-//
-// * Asia Pacific
-// (Sydney)
-//
-// * Asia Pacific (Tokyo)
-//
-// * Europe (Ireland)
-//
-// * South America (São
-// Paulo)
-//
-// For a list of all the Amazon S3 supported Regions and endpoints, see
-// Regions and Endpoints
-// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the
-// Amazon Web Services General Reference.
-//
-// Versioning The ACL of an object is set
-// at the object version level. By default, PUT sets the ACL of the current version
-// of an object. To set the ACL of a different version, use the versionId
-// subresource. Related Resources
-//
-// * CopyObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
-//
-// *
-// GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+// Versioning The ACL of an object is set at the object version level. By default,
+// PUT sets the ACL of the current version of an object. To set the ACL of a
+// different version, use the versionId subresource. The following operations are
+// related to PutObjectAcl :
+//   - CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
 func (c *Client) PutObjectAcl(ctx context.Context, params *PutObjectAclInput, optFns ...func(*Options)) (*PutObjectAclOutput, error) {
 	if params == nil {
 		params = &PutObjectAclInput{}
@@ -170,8 +117,7 @@ type PutObjectAclInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
@@ -183,23 +129,21 @@ type PutObjectAclInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Key *string
 
-	// The canned ACL to apply to the object. For more information, see Canned ACL
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
+	// The canned ACL to apply to the object. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL)
+	// .
 	ACL types.ObjectCannedACL
 
 	// Contains the elements that set the ACL permissions for an object per grantee.
@@ -209,19 +153,17 @@ type PutObjectAclInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
 
-	// The base64-encoded 128-bit MD5 digest of the data. This header must be used as a
-	// message integrity check to verify that the request body was not corrupted in
-	// transit. For more information, go to RFC 1864.>
-	// (http://www.ietf.org/rfc/rfc1864.txt) For requests made using the Amazon Web
-	// Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is
-	// calculated automatically.
+	// The base64-encoded 128-bit MD5 digest of the data. This header must be used as
+	// a message integrity check to verify that the request body was not corrupted in
+	// transit. For more information, go to RFC 1864.> (http://www.ietf.org/rfc/rfc1864.txt)
+	// For requests made using the Amazon Web Services Command Line Interface (CLI) or
+	// Amazon Web Services SDKs, this field is calculated automatically.
 	ContentMD5 *string
 
 	// The account ID of the expected bucket owner. If the bucket is owned by a
@@ -237,8 +179,8 @@ type PutObjectAclInput struct {
 	// by Amazon S3 on Outposts.
 	GrantRead *string
 
-	// Allows grantee to read the bucket ACL. This action is not supported by Amazon S3
-	// on Outposts.
+	// Allows grantee to read the bucket ACL. This action is not supported by Amazon
+	// S3 on Outposts.
 	GrantReadACP *string
 
 	// Allows grantee to create new objects in the bucket. For the bucket and object
@@ -253,8 +195,7 @@ type PutObjectAclInput struct {
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -333,6 +274,9 @@ func (c *Client) addOperationPutObjectAclMiddlewares(stack *middleware.Stack, op
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutObjectAclInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLegalHold.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLegalHold.go
index b8004b598..3375a6e29 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLegalHold.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLegalHold.go
@@ -14,9 +14,8 @@ import (
 )
 
 // Applies a legal hold configuration to the specified object. For more
-// information, see Locking Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). This action
-// is not supported by Amazon S3 on Outposts.
+// information, see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html)
+// . This action is not supported by Amazon S3 on Outposts.
 func (c *Client) PutObjectLegalHold(ctx context.Context, params *PutObjectLegalHoldInput, optFns ...func(*Options)) (*PutObjectLegalHoldOutput, error) {
 	if params == nil {
 		params = &PutObjectLegalHoldInput{}
@@ -40,8 +39,7 @@ type PutObjectLegalHoldInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
@@ -56,9 +54,8 @@ type PutObjectLegalHoldInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -80,8 +77,7 @@ type PutObjectLegalHoldInput struct {
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -160,6 +156,9 @@ func (c *Client) addOperationPutObjectLegalHoldMiddlewares(stack *middleware.Sta
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutObjectLegalHoldInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLockConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLockConfiguration.go
index 9740967a7..6047c1580 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLockConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLockConfiguration.go
@@ -15,19 +15,13 @@ import (
 
 // Places an Object Lock configuration on the specified bucket. The rule specified
 // in the Object Lock configuration will be applied by default to every new object
-// placed in the specified bucket. For more information, see Locking Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
-//
-// * The
-// DefaultRetention settings require both a mode and a period.
-//
-// * The
-// DefaultRetention period can be either Days or Years but you must select one. You
-// cannot specify Days and Years at the same time.
-//
-// * You can only enable Object
-// Lock for new buckets. If you want to turn on Object Lock for an existing bucket,
-// contact Amazon Web Services Support.
+// placed in the specified bucket. For more information, see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html)
+// .
+//   - The DefaultRetention settings require both a mode and a period.
+//   - The DefaultRetention period can be either Days or Years but you must select
+//     one. You cannot specify Days and Years at the same time.
+//   - You can only enable Object Lock for new buckets. If you want to turn on
+//     Object Lock for an existing bucket, contact Amazon Web Services Support.
 func (c *Client) PutObjectLockConfiguration(ctx context.Context, params *PutObjectLockConfigurationInput, optFns ...func(*Options)) (*PutObjectLockConfigurationOutput, error) {
 	if params == nil {
 		params = &PutObjectLockConfigurationInput{}
@@ -54,9 +48,8 @@ type PutObjectLockConfigurationInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -77,8 +70,7 @@ type PutObjectLockConfigurationInput struct {
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -157,6 +149,9 @@ func (c *Client) addOperationPutObjectLockConfigurationMiddlewares(stack *middle
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutObjectLockConfigurationInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -207,9 +202,9 @@ func addPutObjectLockConfigurationInputChecksumMiddlewares(stack *middleware.Sta
 	})
 }
 
-// getPutObjectLockConfigurationBucketMember returns a pointer to string denoting a
-// provided bucket member valueand a boolean indicating if the input has a modeled
-// bucket name,
+// getPutObjectLockConfigurationBucketMember returns a pointer to string denoting
+// a provided bucket member valueand a boolean indicating if the input has a
+// modeled bucket name,
 func getPutObjectLockConfigurationBucketMember(input interface{}) (*string, bool) {
 	in := input.(*PutObjectLockConfigurationInput)
 	if in.Bucket == nil {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectRetention.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectRetention.go
index c4918f3cb..ad09f8156 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectRetention.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectRetention.go
@@ -13,13 +13,12 @@ import (
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Places an Object Retention configuration on an object. For more information, see
-// Locking Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). Users or
-// accounts require the s3:PutObjectRetention permission in order to place an
-// Object Retention configuration on objects. Bypassing a Governance Retention
-// configuration requires the s3:BypassGovernanceRetention permission. This action
-// is not supported by Amazon S3 on Outposts.
+// Places an Object Retention configuration on an object. For more information,
+// see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html)
+// . Users or accounts require the s3:PutObjectRetention permission in order to
+// place an Object Retention configuration on objects. Bypassing a Governance
+// Retention configuration requires the s3:BypassGovernanceRetention permission.
+// This action is not supported by Amazon S3 on Outposts.
 func (c *Client) PutObjectRetention(ctx context.Context, params *PutObjectRetentionInput, optFns ...func(*Options)) (*PutObjectRetentionOutput, error) {
 	if params == nil {
 		params = &PutObjectRetentionInput{}
@@ -37,14 +36,13 @@ func (c *Client) PutObjectRetention(ctx context.Context, params *PutObjectRetent
 
 type PutObjectRetentionInput struct {
 
-	// The bucket name that contains the object you want to apply this Object Retention
-	// configuration to. When using this action with an access point, you must direct
-	// requests to the access point hostname. The access point hostname takes the form
-	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
-	// action with an access point through the Amazon Web Services SDKs, you provide
-	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// The bucket name that contains the object you want to apply this Object
+	// Retention configuration to. When using this action with an access point, you
+	// must direct requests to the access point hostname. The access point hostname
+	// takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+	// When using this action with an access point through the Amazon Web Services
+	// SDKs, you provide the access point ARN in place of the bucket name. For more
+	// information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
@@ -63,9 +61,8 @@ type PutObjectRetentionInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -83,8 +80,7 @@ type PutObjectRetentionInput struct {
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -167,6 +163,9 @@ func (c *Client) addOperationPutObjectRetentionMiddlewares(stack *middleware.Sta
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutObjectRetentionInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectTagging.go
index 6a638e676..85387309c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectTagging.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectTagging.go
@@ -13,56 +13,36 @@ import (
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Sets the supplied tag-set to an object that already exists in a bucket. A tag is
-// a key-value pair. You can associate tags with an object by sending a PUT request
-// against the tagging subresource that is associated with the object. You can
-// retrieve tags by sending a GET request. For more information, see
-// GetObjectTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html). For
-// tagging-related restrictions related to characters and encodings, see Tag
-// Restrictions
-// (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html).
-// Note that Amazon S3 limits the maximum number of tags to 10 tags per object. To
-// use this operation, you must have permission to perform the s3:PutObjectTagging
-// action. By default, the bucket owner has this permission and can grant this
-// permission to others. To put tags of any other version, use the versionId query
-// parameter. You also need permission for the s3:PutObjectVersionTagging action.
-// For information about the Amazon S3 object tagging feature, see Object Tagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). Special
-// Errors
+// Sets the supplied tag-set to an object that already exists in a bucket. A tag
+// is a key-value pair. You can associate tags with an object by sending a PUT
+// request against the tagging subresource that is associated with the object. You
+// can retrieve tags by sending a GET request. For more information, see
+// GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
+// . For tagging-related restrictions related to characters and encodings, see Tag
+// Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html)
+// . Note that Amazon S3 limits the maximum number of tags to 10 tags per object.
+// To use this operation, you must have permission to perform the
+// s3:PutObjectTagging action. By default, the bucket owner has this permission and
+// can grant this permission to others. To put tags of any other version, use the
+// versionId query parameter. You also need permission for the
+// s3:PutObjectVersionTagging action. For information about the Amazon S3 object
+// tagging feature, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html)
+// . PutObjectTagging has the following special errors:
+//   - Code: InvalidTagError
+//   - Cause: The tag provided was not a valid tag. This error can occur if the
+//     tag did not pass input validation. For more information, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html)
+//     .
+//   - Code: MalformedXMLError
+//   - Cause: The XML provided does not match the schema.
+//   - Code: OperationAbortedError
+//   - Cause: A conflicting conditional action is currently in progress against
+//     this resource. Please try again.
+//   - Code: InternalError
+//   - Cause: The service was unable to apply the provided tag to the object.
 //
-// * Code: InvalidTagError
-//
-// * Cause: The tag provided was not a valid tag.
-// This error can occur if the tag did not pass input validation. For more
-// information, see Object Tagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html).
-//
-// * Code:
-// MalformedXMLError
-//
-// * Cause: The XML provided does not match the schema.
-//
-// * Code:
-// OperationAbortedError
-//
-// * Cause: A conflicting conditional action is currently in
-// progress against this resource. Please try again.
-//
-// * Code: InternalError
-//
-// *
-// Cause: The service was unable to apply the provided tag to the object.
-//
-// Related
-// Resources
-//
-// * GetObjectTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
-//
-// *
-// DeleteObjectTagging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html)
+// The following operations are related to PutObjectTagging :
+//   - GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html)
+//   - DeleteObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html)
 func (c *Client) PutObjectTagging(ctx context.Context, params *PutObjectTaggingInput, optFns ...func(*Options)) (*PutObjectTaggingOutput, error) {
 	if params == nil {
 		params = &PutObjectTaggingInput{}
@@ -86,17 +66,15 @@ type PutObjectTaggingInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -115,9 +93,8 @@ type PutObjectTaggingInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -135,8 +112,7 @@ type PutObjectTaggingInput struct {
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -214,6 +190,9 @@ func (c *Client) addOperationPutObjectTaggingMiddlewares(stack *middleware.Stack
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutObjectTaggingInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutPublicAccessBlock.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutPublicAccessBlock.go
index 922102b58..e133a894b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutPublicAccessBlock.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutPublicAccessBlock.go
@@ -13,35 +13,22 @@ import (
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Creates or modifies the PublicAccessBlock configuration for an Amazon S3 bucket.
-// To use this operation, you must have the s3:PutBucketPublicAccessBlock
+// Creates or modifies the PublicAccessBlock configuration for an Amazon S3
+// bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock
 // permission. For more information about Amazon S3 permissions, see Specifying
-// Permissions in a Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
-// When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or an
-// object, it checks the PublicAccessBlock configuration for both the bucket (or
-// the bucket that contains the object) and the bucket owner's account. If the
+// Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// . When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or
+// an object, it checks the PublicAccessBlock configuration for both the bucket
+// (or the bucket that contains the object) and the bucket owner's account. If the
 // PublicAccessBlock configurations are different between the bucket and the
 // account, Amazon S3 uses the most restrictive combination of the bucket-level and
 // account-level settings. For more information about when Amazon S3 considers a
-// bucket or an object public, see The Meaning of "Public"
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status).
-// Related Resources
-//
-// * GetPublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
-//
-// *
-// DeletePublicAccessBlock
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
-//
-// *
-// GetBucketPolicyStatus
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html)
-//
-// *
-// Using Amazon S3 Block Public Access
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
+// bucket or an object public, see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
+// . The following operations are related to PutPublicAccessBlock :
+//   - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html)
+//   - DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html)
+//   - GetBucketPolicyStatus (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html)
+//   - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
 func (c *Client) PutPublicAccessBlock(ctx context.Context, params *PutPublicAccessBlockInput, optFns ...func(*Options)) (*PutPublicAccessBlockOutput, error) {
 	if params == nil {
 		params = &PutPublicAccessBlockInput{}
@@ -68,8 +55,7 @@ type PutPublicAccessBlockInput struct {
 	// The PublicAccessBlock configuration that you want to apply to this Amazon S3
 	// bucket. You can enable the configuration options in any combination. For more
 	// information about when Amazon S3 considers a bucket or object public, see The
-	// Meaning of "Public"
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
+	// Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
 	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
@@ -79,9 +65,8 @@ type PutPublicAccessBlockInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -163,6 +148,9 @@ func (c *Client) addOperationPutPublicAccessBlockMiddlewares(stack *middleware.S
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addPutPublicAccessBlockInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go
index 0ad916d03..01ad5420c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go
@@ -16,197 +16,150 @@ import (
 // Restores an archived copy of an object back into Amazon S3 This action is not
 // supported by Amazon S3 on Outposts. This action performs the following types of
 // requests:
+//   - select - Perform a select query on an archived object
+//   - restore an archive - Restore an archived object
 //
-// * select - Perform a select query on an archived object
+// For more information about the S3 structure in the request body, see the
+// following:
+//   - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+//   - Managing Access with ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html)
+//     in the Amazon S3 User Guide
+//   - Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)
+//     in the Amazon S3 User Guide
 //
-// * restore an
-// archive - Restore an archived object
+// Define the SQL expression for the SELECT type of restoration for your query in
+// the request body's SelectParameters structure. You can use expressions like the
+// following examples.
+//   - The following expression returns all records from the specified object.
+//     SELECT * FROM Object
+//   - Assuming that you are not using any headers for data stored in the object,
+//     you can specify columns with positional headers. SELECT s._1, s._2 FROM
+//     Object s WHERE s._3 > 100
+//   - If you have headers and you set the fileHeaderInfo in the CSV structure in
+//     the request body to USE , you can specify headers in the query. (If you set
+//     the fileHeaderInfo field to IGNORE , the first row is skipped for the query.)
+//     You cannot mix ordinal positions with header column names. SELECT s.Id,
+//     s.FirstName, s.SSN FROM S3Object s
 //
-// To use this operation, you must have
-// permissions to perform the s3:RestoreObject action. The bucket owner has this
-// permission by default and can grant this permission to others. For more
-// information about permissions, see Permissions Related to Bucket Subresource
-// Operations
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
-// and Managing Access Permissions to Your Amazon S3 Resources
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
-// in the Amazon S3 User Guide. For more information about the S3 structure in the
-// request body, see the following:
+// When making a select request, you can also do the following:
+//   - To expedite your queries, specify the Expedited tier. For more information
+//     about tiers, see "Restoring Archives," later in this topic.
+//   - Specify details about the data serialization format of both the input
+//     object that is being queried and the serialization of the CSV-encoded query
+//     results.
 //
-// * PutObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
+// The following are additional important facts about the select feature:
+//   - The output results are new Amazon S3 objects. Unlike archive retrievals,
+//     they are stored until explicitly deleted-manually or through a lifecycle
+//     configuration.
+//   - You can issue more than one select request on the same Amazon S3 object.
+//     Amazon S3 doesn't duplicate requests, so avoid issuing duplicate requests.
+//   - Amazon S3 accepts a select request even if the object has already been
+//     restored. A select request doesn’t return error response 409 .
 //
-// * Managing
-// Access with ACLs
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html) in the
-// Amazon S3 User Guide
+// Permissions To use this operation, you must have permissions to perform the
+// s3:RestoreObject action. The bucket owner has this permission by default and can
+// grant this permission to others. For more information about permissions, see
+// Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
+// in the Amazon S3 User Guide. Restoring objects Objects that you archive to the
+// S3 Glacier Flexible Retrieval or S3 Glacier Deep Archive storage class, and S3
+// Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers, are
+// not accessible in real time. For objects in the S3 Glacier Flexible Retrieval or
+// S3 Glacier Deep Archive storage classes, you must first initiate a restore
+// request, and then wait until a temporary copy of the object is available. If you
+// want a permanent copy of the object, create a copy of it in the Amazon S3
+// Standard storage class in your S3 bucket. To access an archived object, you must
+// restore the object for the duration (number of days) that you specify. For
+// objects in the Archive Access or Deep Archive Access tiers of S3
+// Intelligent-Tiering, you must first initiate a restore request, and then wait
+// until the object is moved into the Frequent Access tier. To restore a specific
+// object version, you can provide a version ID. If you don't provide a version ID,
+// Amazon S3 restores the current version. When restoring an archived object, you
+// can specify one of the following data access tier options in the Tier element
+// of the request body:
+//   - Expedited - Expedited retrievals allow you to quickly access your data
+//     stored in the S3 Glacier Flexible Retrieval storage class or S3
+//     Intelligent-Tiering Archive tier when occasional urgent requests for restoring
+//     archives are required. For all but the largest archived objects (250 MB+), data
+//     accessed using Expedited retrievals is typically made available within 1–5
+//     minutes. Provisioned capacity ensures that retrieval capacity for Expedited
+//     retrievals is available when you need it. Expedited retrievals and provisioned
+//     capacity are not available for objects stored in the S3 Glacier Deep Archive
+//     storage class or S3 Intelligent-Tiering Deep Archive tier.
+//   - Standard - Standard retrievals allow you to access any of your archived
+//     objects within several hours. This is the default option for retrieval requests
+//     that do not specify the retrieval option. Standard retrievals typically finish
+//     within 3–5 hours for objects stored in the S3 Glacier Flexible Retrieval storage
+//     class or S3 Intelligent-Tiering Archive tier. They typically finish within 12
+//     hours for objects stored in the S3 Glacier Deep Archive storage class or S3
+//     Intelligent-Tiering Deep Archive tier. Standard retrievals are free for objects
+//     stored in S3 Intelligent-Tiering.
+//   - Bulk - Bulk retrievals free for objects stored in the S3 Glacier Flexible
+//     Retrieval and S3 Intelligent-Tiering storage classes, enabling you to retrieve
+//     large amounts, even petabytes, of data at no cost. Bulk retrievals typically
+//     finish within 5–12 hours for objects stored in the S3 Glacier Flexible Retrieval
+//     storage class or S3 Intelligent-Tiering Archive tier. Bulk retrievals are also
+//     the lowest-cost retrieval option when restoring objects from S3 Glacier Deep
+//     Archive. They typically finish within 48 hours for objects stored in the S3
+//     Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier.
 //
-// * Protecting Data Using Server-Side Encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) in
-// the Amazon S3 User Guide
-//
-// * Define the SQL expression for the SELECT type of
-// restoration for your query in the request body's SelectParameters structure. You
-// can use expressions like the following examples.
-//
-// * The following expression
-// returns all records from the specified object. SELECT * FROM Object
-//
-// * Assuming
-// that you are not using any headers for data stored in the object, you can
-// specify columns with positional headers. SELECT s._1, s._2 FROM Object s WHERE
-// s._3 > 100
-//
-// * If you have headers and you set the fileHeaderInfo in the CSV
-// structure in the request body to USE, you can specify headers in the query. (If
-// you set the fileHeaderInfo field to IGNORE, the first row is skipped for the
-// query.) You cannot mix ordinal positions with header column names. SELECT s.Id,
-// s.FirstName, s.SSN FROM S3Object s
-//
-// When making a select request, you can also
-// do the following:
-//
-// * To expedite your queries, specify the Expedited tier. For
-// more information about tiers, see "Restoring Archives," later in this topic.
-//
-// *
-// Specify details about the data serialization format of both the input object
-// that is being queried and the serialization of the CSV-encoded query
-// results.
-//
-// The following are additional important facts about the select
-// feature:
-//
-// * The output results are new Amazon S3 objects. Unlike archive
-// retrievals, they are stored until explicitly deleted-manually or through a
-// lifecycle policy.
-//
-// * You can issue more than one select request on the same
-// Amazon S3 object. Amazon S3 doesn't duplicate requests, so avoid issuing
-// duplicate requests.
-//
-// * Amazon S3 accepts a select request even if the object has
-// already been restored. A select request doesn’t return error response
-// 409.
-//
-// Restoring objects Objects that you archive to the S3 Glacier Flexible
-// Retrieval or S3 Glacier Deep Archive storage class, and S3 Intelligent-Tiering
-// Archive or S3 Intelligent-Tiering Deep Archive tiers, are not accessible in real
-// time. For objects in the S3 Glacier Flexible Retrieval or S3 Glacier Deep
-// Archive storage classes, you must first initiate a restore request, and then
-// wait until a temporary copy of the object is available. If you want a permanent
-// copy of the object, create a copy of it in the Amazon S3 Standard storage class
-// in your S3 bucket. To access an archived object, you must restore the object for
-// the duration (number of days) that you specify. For objects in the Archive
-// Access or Deep Archive Access tiers of S3 Intelligent-Tiering, you must first
-// initiate a restore request, and then wait until the object is moved into the
-// Frequent Access tier. To restore a specific object version, you can provide a
-// version ID. If you don't provide a version ID, Amazon S3 restores the current
-// version. When restoring an archived object, you can specify one of the following
-// data access tier options in the Tier element of the request body:
-//
-// * Expedited -
-// Expedited retrievals allow you to quickly access your data stored in the S3
-// Glacier Flexible Retrieval storage class or S3 Intelligent-Tiering Archive tier
-// when occasional urgent requests for a subset of archives are required. For all
-// but the largest archived objects (250 MB+), data accessed using Expedited
-// retrievals is typically made available within 1–5 minutes. Provisioned capacity
-// ensures that retrieval capacity for Expedited retrievals is available when you
-// need it. Expedited retrievals and provisioned capacity are not available for
-// objects stored in the S3 Glacier Deep Archive storage class or S3
-// Intelligent-Tiering Deep Archive tier.
-//
-// * Standard - Standard retrievals allow
-// you to access any of your archived objects within several hours. This is the
-// default option for retrieval requests that do not specify the retrieval option.
-// Standard retrievals typically finish within 3–5 hours for objects stored in the
-// S3 Glacier Flexible Retrieval storage class or S3 Intelligent-Tiering Archive
-// tier. They typically finish within 12 hours for objects stored in the S3 Glacier
-// Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier. Standard
-// retrievals are free for objects stored in S3 Intelligent-Tiering.
-//
-// * Bulk - Bulk
-// retrievals free for objects stored in the S3 Glacier Flexible Retrieval and S3
-// Intelligent-Tiering storage classes, enabling you to retrieve large amounts,
-// even petabytes, of data at no cost. Bulk retrievals typically finish within 5–12
-// hours for objects stored in the S3 Glacier Flexible Retrieval storage class or
-// S3 Intelligent-Tiering Archive tier. Bulk retrievals are also the lowest-cost
-// retrieval option when restoring objects from S3 Glacier Deep Archive. They
-// typically finish within 48 hours for objects stored in the S3 Glacier Deep
-// Archive storage class or S3 Intelligent-Tiering Deep Archive tier.
-//
-// For more
-// information about archive retrieval options and provisioned capacity for
-// Expedited data access, see Restoring Archived Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) in the
-// Amazon S3 User Guide. You can use Amazon S3 restore speed upgrade to change the
-// restore speed to a faster speed while it is in progress. For more information,
-// see  Upgrading the speed of an in-progress restore
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html#restoring-objects-upgrade-tier.title.html)
+// For more information about archive retrieval options and provisioned capacity
+// for Expedited data access, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html)
+// in the Amazon S3 User Guide. You can use Amazon S3 restore speed upgrade to
+// change the restore speed to a faster speed while it is in progress. For more
+// information, see Upgrading the speed of an in-progress restore (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html#restoring-objects-upgrade-tier.title.html)
 // in the Amazon S3 User Guide. To get the status of object restoration, you can
 // send a HEAD request. Operations return the x-amz-restore header, which provides
 // information about the restoration status, in the response. You can use Amazon S3
 // event notifications to notify you when a restore is initiated or completed. For
-// more information, see Configuring Amazon S3 Event Notifications
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the
-// Amazon S3 User Guide. After restoring an archived object, you can update the
-// restoration period by reissuing the request with a new period. Amazon S3 updates
-// the restoration period relative to the current time and charges only for the
-// request-there are no data transfer charges. You cannot update the restoration
-// period when Amazon S3 is actively processing your current restore request for
-// the object. If your bucket has a lifecycle configuration with a rule that
-// includes an expiration action, the object expiration overrides the life span
-// that you specify in a restore request. For example, if you restore an object
-// copy for 10 days, but the object is scheduled to expire in 3 days, Amazon S3
-// deletes the object in 3 days. For more information about lifecycle
-// configuration, see PutBucketLifecycleConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
-// and Object Lifecycle Management
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in
-// Amazon S3 User Guide. Responses A successful action returns either the 200 OK or
-// 202 Accepted status code.
+// more information, see Configuring Amazon S3 Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+// in the Amazon S3 User Guide. After restoring an archived object, you can update
+// the restoration period by reissuing the request with a new period. Amazon S3
+// updates the restoration period relative to the current time and charges only for
+// the request-there are no data transfer charges. You cannot update the
+// restoration period when Amazon S3 is actively processing your current restore
+// request for the object. If your bucket has a lifecycle configuration with a rule
+// that includes an expiration action, the object expiration overrides the life
+// span that you specify in a restore request. For example, if you restore an
+// object copy for 10 days, but the object is scheduled to expire in 3 days, Amazon
+// S3 deletes the object in 3 days. For more information about lifecycle
+// configuration, see PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
+// and Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
+// in Amazon S3 User Guide. Responses A successful action returns either the 200 OK
+// or 202 Accepted status code.
 //
-// * If the object is not previously restored, then
-// Amazon S3 returns 202 Accepted in the response.
+//   - If the object is not previously restored, then Amazon S3 returns 202
+//     Accepted in the response.
 //
-// * If the object is previously
-// restored, Amazon S3 returns 200 OK in the response.
+//   - If the object is previously restored, Amazon S3 returns 200 OK in the
+//     response.
 //
-// # Special Errors
+//   - Special errors:
 //
-// * Code:
-// RestoreAlreadyInProgress
+//   - Code: RestoreAlreadyInProgress
 //
-// * Cause: Object restore is already in progress. (This
-// error does not apply to SELECT type requests.)
+//   - Cause: Object restore is already in progress. (This error does not apply to
+//     SELECT type requests.)
 //
-// * HTTP Status Code: 409
-// Conflict
+//   - HTTP Status Code: 409 Conflict
 //
-// * SOAP Fault Code Prefix: Client
+//   - SOAP Fault Code Prefix: Client
 //
-// * Code:
-// GlacierExpeditedRetrievalNotAvailable
+//   - Code: GlacierExpeditedRetrievalNotAvailable
 //
-// * Cause: expedited retrievals are
-// currently not available. Try again later. (Returned if there is insufficient
-// capacity to process the Expedited request. This error applies only to Expedited
-// retrievals and not to S3 Standard or Bulk retrievals.)
+//   - Cause: expedited retrievals are currently not available. Try again later.
+//     (Returned if there is insufficient capacity to process the Expedited request.
+//     This error applies only to Expedited retrievals and not to S3 Standard or Bulk
+//     retrievals.)
 //
-// * HTTP Status Code:
-// 503
+//   - HTTP Status Code: 503
 //
-// * SOAP Fault Code Prefix: N/A
+//   - SOAP Fault Code Prefix: N/A
 //
-// # Related Resources
-//
-// *
-// PutBucketLifecycleConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
-//
-// *
-// GetBucketNotificationConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html)
+// The following operations are related to RestoreObject :
+//   - PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
+//   - GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html)
 func (c *Client) RestoreObject(ctx context.Context, params *RestoreObjectInput, optFns ...func(*Options)) (*RestoreObjectOutput, error) {
 	if params == nil {
 		params = &RestoreObjectInput{}
@@ -224,23 +177,21 @@ func (c *Client) RestoreObject(ctx context.Context, params *RestoreObjectInput,
 
 type RestoreObjectInput struct {
 
-	// The bucket name containing the object to restore. When using this action with an
-	// access point, you must direct requests to the access point hostname. The access
-	// point hostname takes the form
+	// The bucket name containing the object to restore. When using this action with
+	// an access point, you must direct requests to the access point hostname. The
+	// access point hostname takes the form
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -254,9 +205,8 @@ type RestoreObjectInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter.
 	ChecksumAlgorithm types.ChecksumAlgorithm
@@ -269,8 +219,7 @@ type RestoreObjectInput struct {
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -356,6 +305,9 @@ func (c *Client) addOperationRestoreObjectMiddlewares(stack *middleware.Stack, o
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRestoreObjectInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -386,8 +338,8 @@ func newServiceMetadataMiddleware_opRestoreObject(region string) *awsmiddleware.
 	}
 }
 
-// getRestoreObjectRequestAlgorithmMember gets the request checksum algorithm value
-// provided as input.
+// getRestoreObjectRequestAlgorithmMember gets the request checksum algorithm
+// value provided as input.
 func getRestoreObjectRequestAlgorithmMember(input interface{}) (string, bool) {
 	in := input.(*RestoreObjectInput)
 	if len(in.ChecksumAlgorithm) == 0 {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go
index 0ed1ba263..01220796d 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go
@@ -21,83 +21,55 @@ import (
 // into records, and returns only records that match the specified SQL expression.
 // You must also specify the data serialization format for the response. This
 // action is not supported by Amazon S3 on Outposts. For more information about
-// Amazon S3 Select, see Selecting Content from Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/selecting-content-from-objects.html)
-// and SELECT Command
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-glacier-select-sql-reference-select.html)
+// Amazon S3 Select, see Selecting Content from Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/selecting-content-from-objects.html)
+// and SELECT Command (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-glacier-select-sql-reference-select.html)
 // in the Amazon S3 User Guide. Permissions You must have s3:GetObject permission
 // for this operation. Amazon S3 Select does not support anonymous access. For more
-// information about permissions, see Specifying Permissions in a Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) in
-// the Amazon S3 User Guide. Object Data Formats You can use Amazon S3 Select to
+// information about permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// in the Amazon S3 User Guide. Object Data Formats You can use Amazon S3 Select to
 // query objects that have the following format properties:
+//   - CSV, JSON, and Parquet - Objects must be in CSV, JSON, or Parquet format.
+//   - UTF-8 - UTF-8 is the only encoding type Amazon S3 Select supports.
+//   - GZIP or BZIP2 - CSV and JSON files can be compressed using GZIP or BZIP2.
+//     GZIP and BZIP2 are the only compression formats that Amazon S3 Select supports
+//     for CSV and JSON files. Amazon S3 Select supports columnar compression for
+//     Parquet using GZIP or Snappy. Amazon S3 Select does not support whole-object
+//     compression for Parquet objects.
+//   - Server-side encryption - Amazon S3 Select supports querying objects that
+//     are protected with server-side encryption. For objects that are encrypted with
+//     customer-provided encryption keys (SSE-C), you must use HTTPS, and you must use
+//     the headers that are documented in the GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//     . For more information about SSE-C, see Server-Side Encryption (Using
+//     Customer-Provided Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+//     in the Amazon S3 User Guide. For objects that are encrypted with Amazon S3
+//     managed keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS), server-side
+//     encryption is handled transparently, so you don't need to specify anything. For
+//     more information about server-side encryption, including SSE-S3 and SSE-KMS, see
+//     Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)
+//     in the Amazon S3 User Guide.
 //
-// * CSV, JSON, and
-// Parquet - Objects must be in CSV, JSON, or Parquet format.
+// Working with the Response Body Given the response size is unknown, Amazon S3
+// Select streams the response as a series of messages and includes a
+// Transfer-Encoding header with chunked as its value in the response. For more
+// information, see Appendix: SelectObjectContent Response (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTSelectObjectAppendix.html)
+// . GetObject Support The SelectObjectContent action does not support the
+// following GetObject functionality. For more information, see GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+// .
+//   - Range : Although you can specify a scan range for an Amazon S3 Select
+//     request (see SelectObjectContentRequest - ScanRange (https://docs.aws.amazon.com/AmazonS3/latest/API/API_SelectObjectContent.html#AmazonS3-SelectObjectContent-request-ScanRange)
+//     in the request parameters), you cannot specify the range of bytes of an object
+//     to return.
+//   - GLACIER, DEEP_ARCHIVE and REDUCED_REDUNDANCY storage classes: You cannot
+//     specify the GLACIER, DEEP_ARCHIVE, or REDUCED_REDUNDANCY storage classes. For
+//     more information, about storage classes see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#storage-class-intro)
+//     in the Amazon S3 User Guide.
 //
-// * UTF-8 - UTF-8 is
-// the only encoding type Amazon S3 Select supports.
-//
-// * GZIP or BZIP2 - CSV and
-// JSON files can be compressed using GZIP or BZIP2. GZIP and BZIP2 are the only
-// compression formats that Amazon S3 Select supports for CSV and JSON files.
-// Amazon S3 Select supports columnar compression for Parquet using GZIP or Snappy.
-// Amazon S3 Select does not support whole-object compression for Parquet
-// objects.
-//
-// * Server-side encryption - Amazon S3 Select supports querying objects
-// that are protected with server-side encryption. For objects that are encrypted
-// with customer-provided encryption keys (SSE-C), you must use HTTPS, and you must
-// use the headers that are documented in the GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html). For more
-// information about SSE-C, see Server-Side Encryption (Using Customer-Provided
-// Encryption Keys)
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
-// in the Amazon S3 User Guide. For objects that are encrypted with Amazon S3
-// managed keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS), server-side
-// encryption is handled transparently, so you don't need to specify anything. For
-// more information about server-side encryption, including SSE-S3 and SSE-KMS, see
-// Protecting Data Using Server-Side Encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) in
-// the Amazon S3 User Guide.
-//
-// Working with the Response Body Given the response
-// size is unknown, Amazon S3 Select streams the response as a series of messages
-// and includes a Transfer-Encoding header with chunked as its value in the
-// response. For more information, see Appendix: SelectObjectContent Response
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTSelectObjectAppendix.html).
-// GetObject Support The SelectObjectContent action does not support the following
-// GetObject functionality. For more information, see GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html).
-//
-// * Range:
-// Although you can specify a scan range for an Amazon S3 Select request (see
-// SelectObjectContentRequest - ScanRange
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_SelectObjectContent.html#AmazonS3-SelectObjectContent-request-ScanRange)
-// in the request parameters), you cannot specify the range of bytes of an object
-// to return.
-//
-// * GLACIER, DEEP_ARCHIVE and REDUCED_REDUNDANCY storage classes: You
-// cannot specify the GLACIER, DEEP_ARCHIVE, or REDUCED_REDUNDANCY storage classes.
-// For more information, about storage classes see Storage Classes
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#storage-class-intro)
-// in the Amazon S3 User Guide.
-//
-// Special Errors For a list of special errors for
-// this operation, see List of SELECT Object Content Error Codes
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#SelectObjectContentErrorCodeList)
-// Related Resources
-//
-// * GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
-//
-// *
-// GetBucketLifecycleConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
-//
-// *
-// PutBucketLifecycleConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
+// Special Errors For a list of special errors for this operation, see List of
+// SELECT Object Content Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#SelectObjectContentErrorCodeList)
+// The following operations are related to SelectObjectContent :
+//   - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+//   - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html)
+//   - PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)
 func (c *Client) SelectObjectContent(ctx context.Context, params *SelectObjectContentInput, optFns ...func(*Options)) (*SelectObjectContentOutput, error) {
 	if params == nil {
 		params = &SelectObjectContentInput{}
@@ -119,8 +91,8 @@ func (c *Client) SelectObjectContent(ctx context.Context, params *SelectObjectCo
 // object. Amazon S3 uses this to parse object data into records. It returns only
 // records that match the specified SQL expression. You must also specify the data
 // serialization format for the response. For more information, see S3Select API
-// Documentation
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectSELECTContent.html).
+// Documentation (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectSELECTContent.html)
+// .
 type SelectObjectContentInput struct {
 
 	// The S3 bucket.
@@ -163,39 +135,31 @@ type SelectObjectContentInput struct {
 
 	// The server-side encryption (SSE) algorithm used to encrypt the object. This
 	// parameter is needed only when the object was created using a checksum algorithm.
-	// For more information, see Protecting data using SSE-C keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 	// in the Amazon S3 User Guide.
 	SSECustomerAlgorithm *string
 
 	// The server-side encryption (SSE) customer managed key. This parameter is needed
 	// only when the object was created using a checksum algorithm. For more
-	// information, see Protecting data using SSE-C keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 	// in the Amazon S3 User Guide.
 	SSECustomerKey *string
 
 	// The MD5 server-side encryption (SSE) customer managed key. This parameter is
 	// needed only when the object was created using a checksum algorithm. For more
-	// information, see Protecting data using SSE-C keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+	// information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
 	// in the Amazon S3 User Guide.
 	SSECustomerKeyMD5 *string
 
 	// Specifies the byte range of the object to get the records from. A record is
 	// processed when its first byte is contained by the range. This parameter is
 	// optional, but when specified, it must not be empty. See RFC 2616, Section
-	// 14.35.1 about how to specify the start and end of the range. ScanRangemay be
+	// 14.35.1 about how to specify the start and end of the range. ScanRange may be
 	// used in the following ways:
-	//
-	// * 50100 - process only the records starting between
-	// the bytes 50 and 100 (inclusive, counting from zero)
-	//
-	// * 50 - process only the
-	// records starting after the byte 50
-	//
-	// * 50 - process only the records within the
-	// last 50 bytes of the file.
+	//   - 50100 - process only the records starting between the bytes 50 and 100
+	//   (inclusive, counting from zero)
+	//   - 50 - process only the records starting after the byte 50
+	//   - 50 - process only the records within the last 50 bytes of the file.
 	ScanRange *types.ScanRange
 
 	noSmithyDocumentSerde
@@ -269,6 +233,9 @@ func (c *Client) addOperationSelectObjectContentMiddlewares(stack *middleware.St
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addSelectObjectContentUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPart.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPart.go
index 801bab8d1..5f317e242 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPart.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPart.go
@@ -18,40 +18,35 @@ import (
 // Uploads a part in a multipart upload. In this operation, you provide part data
 // in your request. However, you have an option to specify your existing Amazon S3
 // object as a data source for the part you are uploading. To upload a part from an
-// existing object, you use the UploadPartCopy
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)
-// operation. You must initiate a multipart upload (see CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html))
-// before you can upload any part. In response to your initiate request, Amazon S3
-// returns an upload ID, a unique identifier, that you must include in your upload
-// part request. Part numbers can be any number from 1 to 10,000, inclusive. A part
-// number uniquely identifies a part and also defines its position within the
-// object being created. If you upload a new part using the same part number that
-// was used with a previous part, the previously uploaded part is overwritten. For
-// information about maximum and minimum part sizes and other multipart upload
-// specifications, see Multipart upload limits
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html) in the
-// Amazon S3 User Guide. To ensure that data is not corrupted when traversing the
-// network, specify the Content-MD5 header in the upload part request. Amazon S3
-// checks the part data against the provided MD5 value. If they do not match,
-// Amazon S3 returns an error. If the upload request is signed with Signature
-// Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256 header as a
-// checksum instead of Content-MD5. For more information see Authenticating
-// Requests: Using the Authorization Header (Amazon Web Services Signature Version
-// 4)
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html).
-// Note: After you initiate multipart upload and upload one or more parts, you must
-// either complete or abort multipart upload in order to stop getting charged for
-// storage of the uploaded parts. Only after you either complete or abort multipart
-// upload, Amazon S3 frees up the parts storage and stops charging you for the
-// parts storage. For more information on multipart uploads, go to Multipart Upload
-// Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in
-// the Amazon S3 User Guide . For information on the permissions required to use
-// the multipart upload API, go to Multipart Upload and Permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) in the
-// Amazon S3 User Guide. Server-side encryption is for data encryption at rest.
-// Amazon S3 encrypts your data as it writes it to disks in its data centers and
-// decrypts it when you access it. You have three mutually exclusive options to
+// existing object, you use the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)
+// operation. You must initiate a multipart upload (see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+// ) before you can upload any part. In response to your initiate request, Amazon
+// S3 returns an upload ID, a unique identifier, that you must include in your
+// upload part request. Part numbers can be any number from 1 to 10,000, inclusive.
+// A part number uniquely identifies a part and also defines its position within
+// the object being created. If you upload a new part using the same part number
+// that was used with a previous part, the previously uploaded part is overwritten.
+// For information about maximum and minimum part sizes and other multipart upload
+// specifications, see Multipart upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html)
+// in the Amazon S3 User Guide. To ensure that data is not corrupted when
+// traversing the network, specify the Content-MD5 header in the upload part
+// request. Amazon S3 checks the part data against the provided MD5 value. If they
+// do not match, Amazon S3 returns an error. If the upload request is signed with
+// Signature Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256
+// header as a checksum instead of Content-MD5 . For more information see
+// Authenticating Requests: Using the Authorization Header (Amazon Web Services
+// Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html)
+// . Note: After you initiate multipart upload and upload one or more parts, you
+// must either complete or abort multipart upload in order to stop getting charged
+// for storage of the uploaded parts. Only after you either complete or abort
+// multipart upload, Amazon S3 frees up the parts storage and stops charging you
+// for the parts storage. For more information on multipart uploads, go to
+// Multipart Upload Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html)
+// in the Amazon S3 User Guide . For information on the permissions required to use
+// the multipart upload API, go to Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
+// in the Amazon S3 User Guide. Server-side encryption is for data encryption at
+// rest. Amazon S3 encrypts your data as it writes it to disks in its data centers
+// and decrypts it when you access it. You have three mutually exclusive options to
 // protect data using server-side encryption in Amazon S3, depending on how you
 // choose to manage the encryption keys. Specifically, the encryption key options
 // are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), and
@@ -62,64 +57,35 @@ import (
 // (SSE-KMS) or provide your own encryption key (SSE-C). If you choose to provide
 // your own encryption key, the request headers you provide in the request must
 // match the headers you used in the request to initiate the upload by using
-// CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html).
-// For more information, go to Using Server-Side Encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
+// CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+// . For more information, go to Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
 // in the Amazon S3 User Guide. Server-side encryption is supported by the S3
 // Multipart Upload actions. Unless you are using a customer-provided encryption
 // key (SSE-C), you don't need to specify the encryption parameters in each
 // UploadPart request. Instead, you only need to specify the server-side encryption
 // parameters in the initial Initiate Multipart request. For more information, see
-// CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html).
-// If you requested server-side encryption using a customer-provided encryption key
-// (SSE-C) in your initiate multipart upload request, you must provide identical
-// encryption information in each part upload using the following headers.
+// CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+// . If you requested server-side encryption using a customer-provided encryption
+// key (SSE-C) in your initiate multipart upload request, you must provide
+// identical encryption information in each part upload using the following
+// headers.
+//   - x-amz-server-side-encryption-customer-algorithm
+//   - x-amz-server-side-encryption-customer-key
+//   - x-amz-server-side-encryption-customer-key-MD5
 //
-// *
-// x-amz-server-side-encryption-customer-algorithm
+// UploadPart has the following special errors:
+//   - Code: NoSuchUpload
+//   - Cause: The specified multipart upload does not exist. The upload ID might
+//     be invalid, or the multipart upload might have been aborted or completed.
+//   - HTTP Status Code: 404 Not Found
+//   - SOAP Fault Code Prefix: Client
 //
-// *
-// x-amz-server-side-encryption-customer-key
-//
-// *
-// x-amz-server-side-encryption-customer-key-MD5
-//
-// # Special Errors
-//
-// * Code:
-// NoSuchUpload
-//
-// * Cause: The specified multipart upload does not exist. The upload
-// ID might be invalid, or the multipart upload might have been aborted or
-// completed.
-//
-// * HTTP Status Code: 404 Not Found
-//
-// * SOAP Fault Code Prefix:
-// Client
-//
-// # Related Resources
-//
-// * CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-// *
-// CompleteMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-// *
-// AbortMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
-//
-// *
-// ListParts
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-// *
-// ListMultipartUploads
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
+// The following operations are related to UploadPart :
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
 func (c *Client) UploadPart(ctx context.Context, params *UploadPartInput, optFns ...func(*Options)) (*UploadPartOutput, error) {
 	if params == nil {
 		params = &UploadPartInput{}
@@ -143,17 +109,15 @@ type UploadPartInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
@@ -181,9 +145,8 @@ type UploadPartInput struct {
 	// the SDK. This header will not provide any additional functionality if not using
 	// the SDK. When sending this header, there must be a corresponding x-amz-checksum
 	// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
-	// HTTP status code 400 Bad Request. For more information, see Checking object
-	// integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// HTTP status code 400 Bad Request . For more information, see Checking object
+	// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
 	// ignores any provided ChecksumAlgorithm parameter. This checksum algorithm must
 	// be the same for all parts and it match the checksum value supplied in the
@@ -193,32 +156,28 @@ type UploadPartInput struct {
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 32-bit CRC32 checksum of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 32-bit CRC32C checksum of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 160-bit SHA-1 digest of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 256-bit SHA-256 digest of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -239,8 +198,7 @@ type UploadPartInput struct {
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -252,7 +210,7 @@ type UploadPartInput struct {
 	// encrypting data. This value is used to store the object and then it is
 	// discarded; Amazon S3 does not store the encryption key. The key must be
 	// appropriate for use with the algorithm specified in the
-	// x-amz-server-side-encryption-customer-algorithm header. This must be the same
+	// x-amz-server-side-encryption-customer-algorithm header . This must be the same
 	// encryption key specified in the initiate multipart upload request.
 	SSECustomerKey *string
 
@@ -273,32 +231,28 @@ type UploadPartOutput struct {
 	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -309,13 +263,14 @@ type UploadPartOutput struct {
 	// request.
 	RequestCharged types.RequestCharged
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm used.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header confirming the encryption
+	// algorithm used.
 	SSECustomerAlgorithm *string
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header to provide round-trip message
+	// integrity verification of the customer-provided encryption key.
 	SSECustomerKeyMD5 *string
 
 	// If present, specifies the ID of the Amazon Web Services Key Management Service
@@ -324,7 +279,7 @@ type UploadPartOutput struct {
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256, aws:kms ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// Metadata pertaining to the operation's result.
@@ -393,6 +348,9 @@ func (c *Client) addOperationUploadPartMiddlewares(stack *middleware.Stack, opti
 	if err = add100Continue(stack, options); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addUploadPartInputChecksumMiddlewares(stack, options); err != nil {
 		return err
 	}
@@ -446,8 +404,9 @@ func addUploadPartInputChecksumMiddlewares(stack *middleware.Stack, options Opti
 	})
 }
 
-// getUploadPartBucketMember returns a pointer to string denoting a provided bucket
-// member valueand a boolean indicating if the input has a modeled bucket name,
+// getUploadPartBucketMember returns a pointer to string denoting a provided
+// bucket member valueand a boolean indicating if the input has a modeled bucket
+// name,
 func getUploadPartBucketMember(input interface{}) (*string, bool) {
 	in := input.(*UploadPartInput)
 	if in.Bucket == nil {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go
index 85c3da20c..afa41fdbc 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go
@@ -15,112 +15,72 @@ import (
 
 // Uploads a part by copying data from an existing object as data source. You
 // specify the data source by adding the request header x-amz-copy-source in your
-// request and a byte range by adding the request header x-amz-copy-source-range in
-// your request. For information about maximum and minimum part sizes and other
-// multipart upload specifications, see Multipart upload limits
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html) in the
-// Amazon S3 User Guide. Instead of using an existing object as part data, you
-// might use the UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) action and
-// provide data in your request. You must initiate a multipart upload before you
-// can upload any part. In response to your initiate request. Amazon S3 returns a
-// unique identifier, the upload ID, that you must include in your upload part
-// request. For more information about using the UploadPartCopy operation, see the
-// following:
+// request and a byte range by adding the request header x-amz-copy-source-range
+// in your request. For information about maximum and minimum part sizes and other
+// multipart upload specifications, see Multipart upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html)
+// in the Amazon S3 User Guide. Instead of using an existing object as part data,
+// you might use the UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+// action and provide data in your request. You must initiate a multipart upload
+// before you can upload any part. In response to your initiate request. Amazon S3
+// returns a unique identifier, the upload ID, that you must include in your upload
+// part request. For more information about using the UploadPartCopy operation,
+// see the following:
+//   - For conceptual information about multipart uploads, see Uploading Objects
+//     Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html)
+//     in the Amazon S3 User Guide.
+//   - For information about permissions required to use the multipart upload API,
+//     see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
+//     in the Amazon S3 User Guide.
+//   - For information about copying objects using a single atomic action vs. a
+//     multipart upload, see Operations on Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html)
+//     in the Amazon S3 User Guide.
+//   - For information about using server-side encryption with customer-provided
+//     encryption keys with the UploadPartCopy operation, see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
+//     and UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//     .
 //
-// * For conceptual information about multipart uploads, see Uploading
-// Objects Using Multipart Upload
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) in the
-// Amazon S3 User Guide.
+// Note the following additional considerations about the request headers
+// x-amz-copy-source-if-match , x-amz-copy-source-if-none-match ,
+// x-amz-copy-source-if-unmodified-since , and x-amz-copy-source-if-modified-since
+// :
+//   - Consideration 1 - If both of the x-amz-copy-source-if-match and
+//     x-amz-copy-source-if-unmodified-since headers are present in the request as
+//     follows: x-amz-copy-source-if-match condition evaluates to true , and;
+//     x-amz-copy-source-if-unmodified-since condition evaluates to false ; Amazon S3
+//     returns 200 OK and copies the data.
+//   - Consideration 2 - If both of the x-amz-copy-source-if-none-match and
+//     x-amz-copy-source-if-modified-since headers are present in the request as
+//     follows: x-amz-copy-source-if-none-match condition evaluates to false , and;
+//     x-amz-copy-source-if-modified-since condition evaluates to true ; Amazon S3
+//     returns 412 Precondition Failed response code.
 //
-// * For information about permissions required to use the
-// multipart upload API, see Multipart Upload and Permissions
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) in the
-// Amazon S3 User Guide.
+// Versioning If your bucket has versioning enabled, you could have multiple
+// versions of the same object. By default, x-amz-copy-source identifies the
+// current version of the object to copy. If the current version is a delete marker
+// and you don't specify a versionId in the x-amz-copy-source , Amazon S3 returns a
+// 404 error, because the object does not exist. If you specify versionId in the
+// x-amz-copy-source and the versionId is a delete marker, Amazon S3 returns an
+// HTTP 400 error, because you are not allowed to specify a delete marker as a
+// version for the x-amz-copy-source . You can optionally specify a specific
+// version of the source object to copy by adding the versionId subresource as
+// shown in the following example: x-amz-copy-source:
+// /bucket/object?versionId=version id Special errors
+//   - Code: NoSuchUpload
+//   - Cause: The specified multipart upload does not exist. The upload ID might
+//     be invalid, or the multipart upload might have been aborted or completed.
+//   - HTTP Status Code: 404 Not Found
+//   - Code: InvalidRequest
+//   - Cause: The specified copy source is not supported as a byte-range copy
+//     source.
+//   - HTTP Status Code: 400 Bad Request
 //
-// * For information about copying objects using a single
-// atomic action vs. a multipart upload, see Operations on Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html) in the
-// Amazon S3 User Guide.
-//
-// * For information about using server-side encryption with
-// customer-provided encryption keys with the UploadPartCopy operation, see
-// CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html)
-// and UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html).
-//
-// Note the
-// following additional considerations about the request headers
-// x-amz-copy-source-if-match, x-amz-copy-source-if-none-match,
-// x-amz-copy-source-if-unmodified-since, and
-// x-amz-copy-source-if-modified-since:
-//
-// * Consideration 1 - If both of the
-// x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since headers are
-// present in the request as follows: x-amz-copy-source-if-match condition
-// evaluates to true, and; x-amz-copy-source-if-unmodified-since condition
-// evaluates to false; Amazon S3 returns 200 OK and copies the data.
-//
-// *
-// Consideration 2 - If both of the x-amz-copy-source-if-none-match and
-// x-amz-copy-source-if-modified-since headers are present in the request as
-// follows: x-amz-copy-source-if-none-match condition evaluates to false, and;
-// x-amz-copy-source-if-modified-since condition evaluates to true; Amazon S3
-// returns 412 Precondition Failed response code.
-//
-// Versioning If your bucket has
-// versioning enabled, you could have multiple versions of the same object. By
-// default, x-amz-copy-source identifies the current version of the object to copy.
-// If the current version is a delete marker and you don't specify a versionId in
-// the x-amz-copy-source, Amazon S3 returns a 404 error, because the object does
-// not exist. If you specify versionId in the x-amz-copy-source and the versionId
-// is a delete marker, Amazon S3 returns an HTTP 400 error, because you are not
-// allowed to specify a delete marker as a version for the x-amz-copy-source. You
-// can optionally specify a specific version of the source object to copy by adding
-// the versionId subresource as shown in the following example: x-amz-copy-source:
-// /bucket/object?versionId=version id Special Errors
-//
-// * Code: NoSuchUpload
-//
-// *
-// Cause: The specified multipart upload does not exist. The upload ID might be
-// invalid, or the multipart upload might have been aborted or completed.
-//
-// * HTTP
-// Status Code: 404 Not Found
-//
-// * Code: InvalidRequest
-//
-// * Cause: The specified copy
-// source is not supported as a byte-range copy source.
-//
-// * HTTP Status Code: 400
-// Bad Request
-//
-// # Related Resources
-//
-// * CreateMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
-//
-// *
-// UploadPart
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
-//
-// *
-// CompleteMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
-//
-// *
-// AbortMultipartUpload
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
-//
-// *
-// ListParts
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
-//
-// *
-// ListMultipartUploads
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
+// The following operations are related to UploadPartCopy :
+//   - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)
+//   - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)
+//   - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html)
+//   - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html)
+//   - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
+//   - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
 func (c *Client) UploadPartCopy(ctx context.Context, params *UploadPartCopyInput, optFns ...func(*Options)) (*UploadPartCopyOutput, error) {
 	if params == nil {
 		params = &UploadPartCopyInput{}
@@ -143,53 +103,47 @@ type UploadPartCopyInput struct {
 	// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this
 	// action with an access point through the Amazon Web Services SDKs, you provide
 	// the access point ARN in place of the bucket name. For more information about
-	// access point ARNs, see Using access points
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
+	// access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html)
 	// in the Amazon S3 User Guide. When you use this action with Amazon S3 on
 	// Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on
 	// Outposts hostname takes the form
-	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you
+	// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
 	// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
 	// provide the Outposts access point ARN in place of the bucket name. For more
-	// information about S3 on Outposts ARNs, see What is S3 on Outposts
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
-	// Amazon S3 User Guide.
+	// information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Bucket *string
 
-	// Specifies the source object for the copy operation. You specify the value in one
-	// of two formats, depending on whether you want to access the source object
-	// through an access point
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html):
-	//
-	// *
-	// For objects not accessed through an access point, specify the name of the source
-	// bucket and key of the source object, separated by a slash (/). For example, to
-	// copy the object reports/january.pdf from the bucket awsexamplebucket, use
-	// awsexamplebucket/reports/january.pdf. The value must be URL-encoded.
-	//
-	// * For
-	// objects accessed through access points, specify the Amazon Resource Name (ARN)
-	// of the object as accessed through the access point, in the format
-	// arn:aws:s3:::accesspoint//object/. For example, to copy the object
-	// reports/january.pdf through access point my-access-point owned by account
-	// 123456789012 in Region us-west-2, use the URL encoding of
-	// arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf.
-	// The value must be URL encoded. Amazon S3 supports copy operations using access
-	// points only when the source and destination buckets are in the same Amazon Web
-	// Services Region. Alternatively, for objects accessed through Amazon S3 on
-	// Outposts, specify the ARN of the object as accessed in the format
-	// arn:aws:s3-outposts:::outpost//object/. For example, to copy the object
-	// reports/january.pdf through outpost my-outpost owned by account 123456789012 in
-	// Region us-west-2, use the URL encoding of
-	// arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf.
-	// The value must be URL-encoded.
-	//
-	// To copy a specific version of an object, append
-	// ?versionId= to the value (for example,
-	// awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893).
-	// If you don't specify a version ID, Amazon S3 copies the latest version of the
+	// Specifies the source object for the copy operation. You specify the value in
+	// one of two formats, depending on whether you want to access the source object
+	// through an access point (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html)
+	// :
+	//   - For objects not accessed through an access point, specify the name of the
+	//   source bucket and key of the source object, separated by a slash (/). For
+	//   example, to copy the object reports/january.pdf from the bucket
+	//   awsexamplebucket , use awsexamplebucket/reports/january.pdf . The value must
+	//   be URL-encoded.
+	//   - For objects accessed through access points, specify the Amazon Resource
+	//   Name (ARN) of the object as accessed through the access point, in the format
+	//   arn:aws:s3:::accesspoint//object/ . For example, to copy the object
+	//   reports/january.pdf through access point my-access-point owned by account
+	//   123456789012 in Region us-west-2 , use the URL encoding of
+	//   arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf
+	//   . The value must be URL encoded. Amazon S3 supports copy operations using access
+	//   points only when the source and destination buckets are in the same Amazon Web
+	//   Services Region. Alternatively, for objects accessed through Amazon S3 on
+	//   Outposts, specify the ARN of the object as accessed in the format
+	//   arn:aws:s3-outposts:::outpost//object/ . For example, to copy the object
+	//   reports/january.pdf through outpost my-outpost owned by account 123456789012
+	//   in Region us-west-2 , use the URL encoding of
+	//   arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf
+	//   . The value must be URL-encoded.
+	// To copy a specific version of an object, append ?versionId= to the value (for
+	// example,
+	// awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893
+	// ). If you don't specify a version ID, Amazon S3 copies the latest version of the
 	// source object.
 	//
 	// This member is required.
@@ -257,8 +211,7 @@ type UploadPartCopyInput struct {
 	// Confirms that the requester knows that they will be charged for the request.
 	// Bucket owners need not specify this parameter in their requests. For information
 	// about downloading objects from Requester Pays buckets, see Downloading Objects
-	// in Requester Pays Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+	// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
 	// in the Amazon S3 User Guide.
 	RequestPayer types.RequestPayer
 
@@ -291,21 +244,22 @@ type UploadPartCopyOutput struct {
 	// Container for all response elements.
 	CopyPartResult *types.CopyPartResult
 
-	// The version of the source object that was copied, if you have enabled versioning
-	// on the source bucket.
+	// The version of the source object that was copied, if you have enabled
+	// versioning on the source bucket.
 	CopySourceVersionId *string
 
 	// If present, indicates that the requester was successfully charged for the
 	// request.
 	RequestCharged types.RequestCharged
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header confirming the encryption algorithm used.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header confirming the encryption
+	// algorithm used.
 	SSECustomerAlgorithm *string
 
-	// If server-side encryption with a customer-provided encryption key was requested,
-	// the response will include this header to provide round-trip message integrity
-	// verification of the customer-provided encryption key.
+	// If server-side encryption with a customer-provided encryption key was
+	// requested, the response will include this header to provide round-trip message
+	// integrity verification of the customer-provided encryption key.
 	SSECustomerKeyMD5 *string
 
 	// If present, specifies the ID of the Amazon Web Services Key Management Service
@@ -314,7 +268,7 @@ type UploadPartCopyOutput struct {
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing this object in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256, aws:kms ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// Metadata pertaining to the operation's result.
@@ -380,6 +334,9 @@ func (c *Client) addOperationUploadPartCopyMiddlewares(stack *middleware.Stack,
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addUploadPartCopyUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_WriteGetObjectResponse.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_WriteGetObjectResponse.go
index 6d3e9225d..a60cbae88 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_WriteGetObjectResponse.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_WriteGetObjectResponse.go
@@ -19,20 +19,18 @@ import (
 
 // Passes transformed objects to a GetObject operation when using Object Lambda
 // access points. For information about Object Lambda access points, see
-// Transforming objects with Object Lambda access points
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/transforming-objects.html)
+// Transforming objects with Object Lambda access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/transforming-objects.html)
 // in the Amazon S3 User Guide. This operation supports metadata that can be
-// returned by GetObject
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html), in
-// addition to RequestRoute, RequestToken, StatusCode, ErrorCode, and ErrorMessage.
-// The GetObject response metadata is supported so that the WriteGetObjectResponse
-// caller, typically an Lambda function, can provide the same metadata when it
-// internally invokes GetObject. When WriteGetObjectResponse is called by a
-// customer-owned Lambda function, the metadata returned to the end user GetObject
-// call might differ from what Amazon S3 would normally return. You can include any
-// number of metadata headers. When including a metadata header, it should be
-// prefaced with x-amz-meta. For example, x-amz-meta-my-custom-header:
-// MyCustomValue. The primary use case for this is to forward GetObject metadata.
+// returned by GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html)
+// , in addition to RequestRoute , RequestToken , StatusCode , ErrorCode , and
+// ErrorMessage . The GetObject response metadata is supported so that the
+// WriteGetObjectResponse caller, typically an Lambda function, can provide the
+// same metadata when it internally invokes GetObject . When WriteGetObjectResponse
+// is called by a customer-owned Lambda function, the metadata returned to the end
+// user GetObject call might differ from what Amazon S3 would normally return. You
+// can include any number of metadata headers. When including a metadata header, it
+// should be prefaced with x-amz-meta . For example, x-amz-meta-my-custom-header:
+// MyCustomValue . The primary use case for this is to forward GetObject metadata.
 // Amazon Web Services provides some prebuilt Lambda functions that you can use
 // with S3 Object Lambda to detect and redact personally identifiable information
 // (PII) and decompress S3 objects. These Lambda functions are available in the
@@ -52,9 +50,8 @@ import (
 // equipped to decompress objects stored in S3 in one of six compressed file
 // formats including bzip2, gzip, snappy, zlib, zstandard and ZIP. For information
 // on how to view and use these functions, see Using Amazon Web Services built
-// Lambda functions
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-examples.html) in
-// the Amazon S3 User Guide.
+// Lambda functions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-examples.html)
+// in the Amazon S3 User Guide.
 func (c *Client) WriteGetObjectResponse(ctx context.Context, params *WriteGetObjectResponseInput, optFns ...func(*Options)) (*WriteGetObjectResponseOutput, error) {
 	if params == nil {
 		params = &WriteGetObjectResponseInput{}
@@ -102,8 +99,7 @@ type WriteGetObjectResponseInput struct {
 	// Lambda function. This may not match the checksum for the object stored in Amazon
 	// S3. Amazon S3 will perform validation of the checksum values only when the
 	// original GetObject request required checksum validation. For more information
-	// about checksums, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// about checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. Only one checksum header can be specified at a
 	// time. If you supply multiple checksum headers, this request will fail.
 	ChecksumCRC32 *string
@@ -114,8 +110,7 @@ type WriteGetObjectResponseInput struct {
 	// Lambda function. This may not match the checksum for the object stored in Amazon
 	// S3. Amazon S3 will perform validation of the checksum values only when the
 	// original GetObject request required checksum validation. For more information
-	// about checksums, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// about checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. Only one checksum header can be specified at a
 	// time. If you supply multiple checksum headers, this request will fail.
 	ChecksumCRC32C *string
@@ -126,8 +121,7 @@ type WriteGetObjectResponseInput struct {
 	// function. This may not match the checksum for the object stored in Amazon S3.
 	// Amazon S3 will perform validation of the checksum values only when the original
 	// GetObject request required checksum validation. For more information about
-	// checksums, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. Only one checksum header can be specified at a
 	// time. If you supply multiple checksum headers, this request will fail.
 	ChecksumSHA1 *string
@@ -138,8 +132,7 @@ type WriteGetObjectResponseInput struct {
 	// Lambda function. This may not match the checksum for the object stored in Amazon
 	// S3. Amazon S3 will perform validation of the checksum values only when the
 	// original GetObject request required checksum validation. For more information
-	// about checksums, see Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// about checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide. Only one checksum header can be specified at a
 	// time. If you supply multiple checksum headers, this request will fail.
 	ChecksumSHA256 *string
@@ -164,8 +157,8 @@ type WriteGetObjectResponseInput struct {
 	// A standard MIME type describing the format of the object data.
 	ContentType *string
 
-	// Specifies whether an object stored in Amazon S3 is (true) or is not (false) a
-	// delete marker.
+	// Specifies whether an object stored in Amazon S3 is ( true ) or is not ( false )
+	// a delete marker.
 	DeleteMarker bool
 
 	// An opaque identifier assigned by a web server to a specific version of a
@@ -173,15 +166,16 @@ type WriteGetObjectResponseInput struct {
 	ETag *string
 
 	// A string that uniquely identifies an error condition. Returned in the  tag of
-	// the error XML response for a corresponding GetObject call. Cannot be used with a
-	// successful StatusCode header or when the transformed object is provided in the
-	// body. All error codes from S3 are sentence-cased. The regular expression (regex)
-	// value is "^[A-Z][a-zA-Z]+$".
+	// the error XML response for a corresponding GetObject call. Cannot be used with
+	// a successful StatusCode header or when the transformed object is provided in
+	// the body. All error codes from S3 are sentence-cased. The regular expression
+	// (regex) value is "^[A-Z][a-zA-Z]+$" .
 	ErrorCode *string
 
 	// Contains a generic description of the error condition. Returned in the tag of
-	// the error XML response for a corresponding GetObject call. Cannot be used with a
-	// successful StatusCode header or when the transformed object is provided in body.
+	// the error XML response for a corresponding GetObject call. Cannot be used with
+	// a successful StatusCode header or when the transformed object is provided in
+	// body.
 	ErrorMessage *string
 
 	// If the object expiration is configured (see PUT Bucket lifecycle), the response
@@ -209,8 +203,8 @@ type WriteGetObjectResponseInput struct {
 	ObjectLockLegalHoldStatus types.ObjectLockLegalHoldStatus
 
 	// Indicates whether an object stored in Amazon S3 has Object Lock enabled. For
-	// more information about S3 Object Lock, see Object Lock
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html).
+	// more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html)
+	// .
 	ObjectLockMode types.ObjectLockMode
 
 	// The date and time when Object Lock is configured to expire.
@@ -219,9 +213,9 @@ type WriteGetObjectResponseInput struct {
 	// The count of parts this object has.
 	PartsCount int32
 
-	// Indicates if request involves bucket that is either a source or destination in a
-	// Replication rule. For more information about S3 Replication, see Replication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html).
+	// Indicates if request involves bucket that is either a source or destination in
+	// a Replication rule. For more information about S3 Replication, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html)
+	// .
 	ReplicationStatus types.ReplicationStatus
 
 	// If present, indicates that the requester was successfully charged for the
@@ -238,8 +232,8 @@ type WriteGetObjectResponseInput struct {
 
 	// 128-bit MD5 digest of customer-provided encryption key used in Amazon S3 to
 	// encrypt data stored in S3. For more information, see Protecting data using
-	// server-side encryption with customer-provided encryption keys (SSE-C)
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html).
+	// server-side encryption with customer-provided encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html)
+	// .
 	SSECustomerKeyMD5 *string
 
 	// If present, specifies the ID of the Amazon Web Services Key Management Service
@@ -248,49 +242,31 @@ type WriteGetObjectResponseInput struct {
 	SSEKMSKeyId *string
 
 	// The server-side encryption algorithm used when storing requested object in
-	// Amazon S3 (for example, AES256, aws:kms).
+	// Amazon S3 (for example, AES256, aws:kms ).
 	ServerSideEncryption types.ServerSideEncryption
 
 	// The integer status code for an HTTP response of a corresponding GetObject
-	// request. Status Codes
-	//
-	// * 200 - OK
-	//
-	// * 206 - Partial Content
-	//
-	// * 304 - Not
-	// Modified
-	//
-	// * 400 - Bad Request
-	//
-	// * 401 - Unauthorized
-	//
-	// * 403 - Forbidden
-	//
-	// * 404 -
-	// Not Found
-	//
-	// * 405 - Method Not Allowed
-	//
-	// * 409 - Conflict
-	//
-	// * 411 - Length
-	// Required
-	//
-	// * 412 - Precondition Failed
-	//
-	// * 416 - Range Not Satisfiable
-	//
-	// * 500 -
-	// Internal Server Error
-	//
-	// * 503 - Service Unavailable
+	// request. The following is a list of status codes.
+	//   - 200 - OK
+	//   - 206 - Partial Content
+	//   - 304 - Not Modified
+	//   - 400 - Bad Request
+	//   - 401 - Unauthorized
+	//   - 403 - Forbidden
+	//   - 404 - Not Found
+	//   - 405 - Method Not Allowed
+	//   - 409 - Conflict
+	//   - 411 - Length Required
+	//   - 412 - Precondition Failed
+	//   - 416 - Range Not Satisfiable
+	//   - 500 - Internal Server Error
+	//   - 503 - Service Unavailable
 	StatusCode int32
 
 	// Provides storage class information of the object. Amazon S3 returns this header
 	// for all objects except for S3 Standard storage class objects. For more
-	// information, see Storage Classes
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html).
+	// information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+	// .
 	StorageClass types.StorageClass
 
 	// The number of tags, if any, on the object.
@@ -372,6 +348,9 @@ func (c *Client) addOperationWriteGetObjectResponseMiddlewares(stack *middleware
 	if err = addMetadataRetrieverMiddleware(stack); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addWriteGetObjectResponseUpdateEndpoint(stack, options); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go
index 105a2fe03..42a7499e8 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go
@@ -3,4 +3,4 @@
 package s3
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.31.1"
+const goModuleVersion = "1.33.1"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/handwritten_paginators.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/handwritten_paginators.go
new file mode 100644
index 000000000..3d0b25100
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/handwritten_paginators.go
@@ -0,0 +1,204 @@
+package s3
+
+import (
+	"context"
+	"fmt"
+)
+
+// ListObjectVersionsAPIClient is a client that implements the ListObjectVersions
+// operation
+type ListObjectVersionsAPIClient interface {
+	ListObjectVersions(context.Context, *ListObjectVersionsInput, ...func(*Options)) (*ListObjectVersionsOutput, error)
+}
+
+var _ ListObjectVersionsAPIClient = (*Client)(nil)
+
+// ListObjectVersionsPaginatorOptions is the paginator options for ListObjectVersions
+type ListObjectVersionsPaginatorOptions struct {
+	// (Optional) The maximum number of Object Versions that you want Amazon S3 to
+	// return.
+	Limit int32
+
+	// Set to true if pagination should stop if the service returns a pagination token
+	// that matches the most recent token provided to the service.
+	StopOnDuplicateToken bool
+}
+
+// ListObjectVersionsPaginator is a paginator for ListObjectVersions
+type ListObjectVersionsPaginator struct {
+	options         ListObjectVersionsPaginatorOptions
+	client          ListObjectVersionsAPIClient
+	params          *ListObjectVersionsInput
+	firstPage       bool
+	keyMarker       *string
+	versionIDMarker *string
+	isTruncated     bool
+}
+
+// NewListObjectVersionsPaginator returns a new ListObjectVersionsPaginator
+func NewListObjectVersionsPaginator(client ListObjectVersionsAPIClient, params *ListObjectVersionsInput, optFns ...func(*ListObjectVersionsPaginatorOptions)) *ListObjectVersionsPaginator {
+	if params == nil {
+		params = &ListObjectVersionsInput{}
+	}
+
+	options := ListObjectVersionsPaginatorOptions{}
+	options.Limit = params.MaxKeys
+
+	for _, fn := range optFns {
+		fn(&options)
+	}
+
+	return &ListObjectVersionsPaginator{
+		options:         options,
+		client:          client,
+		params:          params,
+		firstPage:       true,
+		keyMarker:       params.KeyMarker,
+		versionIDMarker: params.VersionIdMarker,
+	}
+}
+
+// HasMorePages returns a boolean indicating whether more pages are available
+func (p *ListObjectVersionsPaginator) HasMorePages() bool {
+	return p.firstPage || p.isTruncated
+}
+
+// NextPage retrieves the next ListObjectVersions page.
+func (p *ListObjectVersionsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListObjectVersionsOutput, error) {
+	if !p.HasMorePages() {
+		return nil, fmt.Errorf("no more pages available")
+	}
+
+	params := *p.params
+	params.KeyMarker = p.keyMarker
+	params.VersionIdMarker = p.versionIDMarker
+
+	var limit int32
+	if p.options.Limit > 0 {
+		limit = p.options.Limit
+	}
+	params.MaxKeys = limit
+
+	result, err := p.client.ListObjectVersions(ctx, &params, optFns...)
+	if err != nil {
+		return nil, err
+	}
+	p.firstPage = false
+
+	prevToken := p.keyMarker
+	p.isTruncated = result.IsTruncated
+	p.keyMarker = nil
+	p.versionIDMarker = nil
+	if result.IsTruncated {
+		p.keyMarker = result.NextKeyMarker
+		p.versionIDMarker = result.NextVersionIdMarker
+	}
+
+	if p.options.StopOnDuplicateToken &&
+		prevToken != nil &&
+		p.keyMarker != nil &&
+		*prevToken == *p.keyMarker {
+		p.isTruncated = false
+	}
+
+	return result, nil
+}
+
+// ListMultipartUploadsAPIClient is a client that implements the ListMultipartUploads
+// operation
+type ListMultipartUploadsAPIClient interface {
+	ListMultipartUploads(context.Context, *ListMultipartUploadsInput, ...func(*Options)) (*ListMultipartUploadsOutput, error)
+}
+
+var _ ListMultipartUploadsAPIClient = (*Client)(nil)
+
+// ListMultipartUploadsPaginatorOptions is the paginator options for ListMultipartUploads
+type ListMultipartUploadsPaginatorOptions struct {
+	// (Optional) The maximum number of Multipart Uploads that you want Amazon S3 to
+	// return.
+	Limit int32
+
+	// Set to true if pagination should stop if the service returns a pagination token
+	// that matches the most recent token provided to the service.
+	StopOnDuplicateToken bool
+}
+
+// ListMultipartUploadsPaginator is a paginator for ListMultipartUploads
+type ListMultipartUploadsPaginator struct {
+	options        ListMultipartUploadsPaginatorOptions
+	client         ListMultipartUploadsAPIClient
+	params         *ListMultipartUploadsInput
+	firstPage      bool
+	keyMarker      *string
+	uploadIDMarker *string
+	isTruncated    bool
+}
+
+// NewListMultipartUploadsPaginator returns a new ListMultipartUploadsPaginator
+func NewListMultipartUploadsPaginator(client ListMultipartUploadsAPIClient, params *ListMultipartUploadsInput, optFns ...func(*ListMultipartUploadsPaginatorOptions)) *ListMultipartUploadsPaginator {
+	if params == nil {
+		params = &ListMultipartUploadsInput{}
+	}
+
+	options := ListMultipartUploadsPaginatorOptions{}
+	options.Limit = params.MaxUploads
+
+	for _, fn := range optFns {
+		fn(&options)
+	}
+
+	return &ListMultipartUploadsPaginator{
+		options:        options,
+		client:         client,
+		params:         params,
+		firstPage:      true,
+		keyMarker:      params.KeyMarker,
+		uploadIDMarker: params.UploadIdMarker,
+	}
+}
+
+// HasMorePages returns a boolean indicating whether more pages are available
+func (p *ListMultipartUploadsPaginator) HasMorePages() bool {
+	return p.firstPage || p.isTruncated
+}
+
+// NextPage retrieves the next ListMultipartUploads page.
+func (p *ListMultipartUploadsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListMultipartUploadsOutput, error) {
+	if !p.HasMorePages() {
+		return nil, fmt.Errorf("no more pages available")
+	}
+
+	params := *p.params
+	params.KeyMarker = p.keyMarker
+	params.UploadIdMarker = p.uploadIDMarker
+
+	var limit int32
+	if p.options.Limit > 0 {
+		limit = p.options.Limit
+	}
+	params.MaxUploads = limit
+
+	result, err := p.client.ListMultipartUploads(ctx, &params, optFns...)
+	if err != nil {
+		return nil, err
+	}
+	p.firstPage = false
+
+	prevToken := p.keyMarker
+	p.isTruncated = result.IsTruncated
+	p.keyMarker = nil
+	p.uploadIDMarker = nil
+	if result.IsTruncated {
+		p.keyMarker = result.NextKeyMarker
+		p.uploadIDMarker = result.NextUploadIdMarker
+	}
+
+	if p.options.StopOnDuplicateToken &&
+		prevToken != nil &&
+		p.keyMarker != nil &&
+		*prevToken == *p.keyMarker {
+		p.isTruncated = false
+	}
+
+	return result, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/endpoints/endpoints.go
index dc0215c99..1def65592 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/endpoints/endpoints.go
@@ -91,6 +91,7 @@ var partitionRegexp = struct {
 	AwsCn    *regexp.Regexp
 	AwsIso   *regexp.Regexp
 	AwsIsoB  *regexp.Regexp
+	AwsIsoE  *regexp.Regexp
 	AwsUsGov *regexp.Regexp
 }{
 
@@ -98,6 +99,7 @@ var partitionRegexp = struct {
 	AwsCn:    regexp.MustCompile("^cn\\-\\w+\\-\\d+$"),
 	AwsIso:   regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"),
 	AwsIsoB:  regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"),
+	AwsIsoE:  regexp.MustCompile("^eu\\-isoe\\-\\w+\\-\\d+$"),
 	AwsUsGov: regexp.MustCompile("^us\\-gov\\-\\w+\\-\\d+$"),
 }
 
@@ -656,6 +658,27 @@ var defaultPartitions = endpoints.Partitions{
 			}: endpoints.Endpoint{},
 		},
 	},
+	{
+		ID: "aws-iso-e",
+		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
+			{
+				Variant: endpoints.FIPSVariant,
+			}: {
+				Hostname:          "s3-fips.{region}.cloud.adc-e.uk",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+			{
+				Variant: 0,
+			}: {
+				Hostname:          "s3.{region}.cloud.adc-e.uk",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+		},
+		RegionRegex:    partitionRegexp.AwsIsoE,
+		IsRegionalized: true,
+	},
 	{
 		ID: "aws-us-gov",
 		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
@@ -821,6 +844,19 @@ func GetDNSSuffix(id string, options Options) (string, error) {
 
 		}
 
+	case strings.EqualFold(id, "aws-iso-e"):
+		switch variant {
+		case endpoints.FIPSVariant:
+			return "cloud.adc-e.uk", nil
+
+		case 0:
+			return "cloud.adc-e.uk", nil
+
+		default:
+			return "", fmt.Errorf("unsupported endpoint variant %v, in partition %s", variant, id)
+
+		}
+
 	case strings.EqualFold(id, "aws-us-gov"):
 		switch variant {
 		case endpoints.DualStackVariant:
@@ -862,6 +898,9 @@ func GetDNSSuffixFromRegion(region string, options Options) (string, error) {
 	case partitionRegexp.AwsIsoB.MatchString(region):
 		return GetDNSSuffix("aws-iso-b", options)
 
+	case partitionRegexp.AwsIsoE.MatchString(region):
+		return GetDNSSuffix("aws-iso-e", options)
+
 	case partitionRegexp.AwsUsGov.MatchString(region):
 		return GetDNSSuffix("aws-us-gov", options)
 
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go
index 456565f30..e28e6b7cb 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go
@@ -108,9 +108,9 @@ const (
 	BucketLocationConstraintUsWest2      BucketLocationConstraint = "us-west-2"
 )
 
-// Values returns all known values for BucketLocationConstraint. Note that this can
-// be expanded in the future, and so it is only as up to date as the client. The
-// ordering of this slice is not guaranteed to be stable across updates.
+// Values returns all known values for BucketLocationConstraint. Note that this
+// can be expanded in the future, and so it is only as up to date as the client.
+// The ordering of this slice is not guaranteed to be stable across updates.
 func (BucketLocationConstraint) Values() []BucketLocationConstraint {
 	return []BucketLocationConstraint{
 		"af-south-1",
@@ -209,9 +209,9 @@ const (
 	ChecksumModeEnabled ChecksumMode = "ENABLED"
 )
 
-// Values returns all known values for ChecksumMode. Note that this can be expanded
-// in the future, and so it is only as up to date as the client. The ordering of
-// this slice is not guaranteed to be stable across updates.
+// Values returns all known values for ChecksumMode. Note that this can be
+// expanded in the future, and so it is only as up to date as the client. The
+// ordering of this slice is not guaranteed to be stable across updates.
 func (ChecksumMode) Values() []ChecksumMode {
 	return []ChecksumMode{
 		"ENABLED",
@@ -264,9 +264,9 @@ const (
 	EncodingTypeUrl EncodingType = "url"
 )
 
-// Values returns all known values for EncodingType. Note that this can be expanded
-// in the future, and so it is only as up to date as the client. The ordering of
-// this slice is not guaranteed to be stable across updates.
+// Values returns all known values for EncodingType. Note that this can be
+// expanded in the future, and so it is only as up to date as the client. The
+// ordering of this slice is not guaranteed to be stable across updates.
 func (EncodingType) Values() []EncodingType {
 	return []EncodingType{
 		"url",
@@ -306,8 +306,8 @@ const (
 	EventS3ObjectTaggingDelete                          Event = "s3:ObjectTagging:Delete"
 )
 
-// Values returns all known values for Event. Note that this can be expanded in the
-// future, and so it is only as up to date as the client. The ordering of this
+// Values returns all known values for Event. Note that this can be expanded in
+// the future, and so it is only as up to date as the client. The ordering of this
 // slice is not guaranteed to be stable across updates.
 func (Event) Values() []Event {
 	return []Event{
@@ -440,9 +440,10 @@ const (
 	IntelligentTieringAccessTierDeepArchiveAccess IntelligentTieringAccessTier = "DEEP_ARCHIVE_ACCESS"
 )
 
-// Values returns all known values for IntelligentTieringAccessTier. Note that this
-// can be expanded in the future, and so it is only as up to date as the client.
-// The ordering of this slice is not guaranteed to be stable across updates.
+// Values returns all known values for IntelligentTieringAccessTier. Note that
+// this can be expanded in the future, and so it is only as up to date as the
+// client. The ordering of this slice is not guaranteed to be stable across
+// updates.
 func (IntelligentTieringAccessTier) Values() []IntelligentTieringAccessTier {
 	return []IntelligentTieringAccessTier{
 		"ARCHIVE_ACCESS",
@@ -458,9 +459,9 @@ const (
 	IntelligentTieringStatusDisabled IntelligentTieringStatus = "Disabled"
 )
 
-// Values returns all known values for IntelligentTieringStatus. Note that this can
-// be expanded in the future, and so it is only as up to date as the client. The
-// ordering of this slice is not guaranteed to be stable across updates.
+// Values returns all known values for IntelligentTieringStatus. Note that this
+// can be expanded in the future, and so it is only as up to date as the client.
+// The ordering of this slice is not guaranteed to be stable across updates.
 func (IntelligentTieringStatus) Values() []IntelligentTieringStatus {
 	return []IntelligentTieringStatus{
 		"Enabled",
@@ -627,9 +628,9 @@ const (
 	MFADeleteDisabled MFADelete = "Disabled"
 )
 
-// Values returns all known values for MFADelete. Note that this can be expanded in
-// the future, and so it is only as up to date as the client. The ordering of this
-// slice is not guaranteed to be stable across updates.
+// Values returns all known values for MFADelete. Note that this can be expanded
+// in the future, and so it is only as up to date as the client. The ordering of
+// this slice is not guaranteed to be stable across updates.
 func (MFADelete) Values() []MFADelete {
 	return []MFADelete{
 		"Enabled",
@@ -810,6 +811,7 @@ const (
 	ObjectStorageClassDeepArchive        ObjectStorageClass = "DEEP_ARCHIVE"
 	ObjectStorageClassOutposts           ObjectStorageClass = "OUTPOSTS"
 	ObjectStorageClassGlacierIr          ObjectStorageClass = "GLACIER_IR"
+	ObjectStorageClassSnow               ObjectStorageClass = "SNOW"
 )
 
 // Values returns all known values for ObjectStorageClass. Note that this can be
@@ -826,6 +828,7 @@ func (ObjectStorageClass) Values() []ObjectStorageClass {
 		"DEEP_ARCHIVE",
 		"OUTPOSTS",
 		"GLACIER_IR",
+		"SNOW",
 	}
 }
 
@@ -869,8 +872,8 @@ const (
 	PayerBucketOwner Payer = "BucketOwner"
 )
 
-// Values returns all known values for Payer. Note that this can be expanded in the
-// future, and so it is only as up to date as the client. The ordering of this
+// Values returns all known values for Payer. Note that this can be expanded in
+// the future, and so it is only as up to date as the client. The ordering of this
 // slice is not guaranteed to be stable across updates.
 func (Payer) Values() []Payer {
 	return []Payer{
@@ -965,8 +968,8 @@ const (
 	ReplicationRuleStatusDisabled ReplicationRuleStatus = "Disabled"
 )
 
-// Values returns all known values for ReplicationRuleStatus. Note that this can be
-// expanded in the future, and so it is only as up to date as the client. The
+// Values returns all known values for ReplicationRuleStatus. Note that this can
+// be expanded in the future, and so it is only as up to date as the client. The
 // ordering of this slice is not guaranteed to be stable across updates.
 func (ReplicationRuleStatus) Values() []ReplicationRuleStatus {
 	return []ReplicationRuleStatus{
@@ -1005,8 +1008,8 @@ const (
 	ReplicationTimeStatusDisabled ReplicationTimeStatus = "Disabled"
 )
 
-// Values returns all known values for ReplicationTimeStatus. Note that this can be
-// expanded in the future, and so it is only as up to date as the client. The
+// Values returns all known values for ReplicationTimeStatus. Note that this can
+// be expanded in the future, and so it is only as up to date as the client. The
 // ordering of this slice is not guaranteed to be stable across updates.
 func (ReplicationTimeStatus) Values() []ReplicationTimeStatus {
 	return []ReplicationTimeStatus{
@@ -1038,9 +1041,9 @@ const (
 	RequestPayerRequester RequestPayer = "requester"
 )
 
-// Values returns all known values for RequestPayer. Note that this can be expanded
-// in the future, and so it is only as up to date as the client. The ordering of
-// this slice is not guaranteed to be stable across updates.
+// Values returns all known values for RequestPayer. Note that this can be
+// expanded in the future, and so it is only as up to date as the client. The
+// ordering of this slice is not guaranteed to be stable across updates.
 func (RequestPayer) Values() []RequestPayer {
 	return []RequestPayer{
 		"requester",
@@ -1089,9 +1092,10 @@ const (
 	SseKmsEncryptedObjectsStatusDisabled SseKmsEncryptedObjectsStatus = "Disabled"
 )
 
-// Values returns all known values for SseKmsEncryptedObjectsStatus. Note that this
-// can be expanded in the future, and so it is only as up to date as the client.
-// The ordering of this slice is not guaranteed to be stable across updates.
+// Values returns all known values for SseKmsEncryptedObjectsStatus. Note that
+// this can be expanded in the future, and so it is only as up to date as the
+// client. The ordering of this slice is not guaranteed to be stable across
+// updates.
 func (SseKmsEncryptedObjectsStatus) Values() []SseKmsEncryptedObjectsStatus {
 	return []SseKmsEncryptedObjectsStatus{
 		"Enabled",
@@ -1112,11 +1116,12 @@ const (
 	StorageClassDeepArchive        StorageClass = "DEEP_ARCHIVE"
 	StorageClassOutposts           StorageClass = "OUTPOSTS"
 	StorageClassGlacierIr          StorageClass = "GLACIER_IR"
+	StorageClassSnow               StorageClass = "SNOW"
 )
 
-// Values returns all known values for StorageClass. Note that this can be expanded
-// in the future, and so it is only as up to date as the client. The ordering of
-// this slice is not guaranteed to be stable across updates.
+// Values returns all known values for StorageClass. Note that this can be
+// expanded in the future, and so it is only as up to date as the client. The
+// ordering of this slice is not guaranteed to be stable across updates.
 func (StorageClass) Values() []StorageClass {
 	return []StorageClass{
 		"STANDARD",
@@ -1128,6 +1133,7 @@ func (StorageClass) Values() []StorageClass {
 		"DEEP_ARCHIVE",
 		"OUTPOSTS",
 		"GLACIER_IR",
+		"SNOW",
 	}
 }
 
@@ -1138,8 +1144,8 @@ const (
 	StorageClassAnalysisSchemaVersionV1 StorageClassAnalysisSchemaVersion = "V_1"
 )
 
-// Values returns all known values for StorageClassAnalysisSchemaVersion. Note that
-// this can be expanded in the future, and so it is only as up to date as the
+// Values returns all known values for StorageClassAnalysisSchemaVersion. Note
+// that this can be expanded in the future, and so it is only as up to date as the
 // client. The ordering of this slice is not guaranteed to be stable across
 // updates.
 func (StorageClassAnalysisSchemaVersion) Values() []StorageClassAnalysisSchemaVersion {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/errors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/errors.go
index 18134c52d..f3837866d 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/errors.go
@@ -34,11 +34,11 @@ func (e *BucketAlreadyExists) ErrorCode() string {
 }
 func (e *BucketAlreadyExists) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// The bucket you tried to create already exists, and you own it. Amazon S3 returns
-// this error in all Amazon Web Services Regions except in the North Virginia
-// Region. For legacy compatibility, if you re-create an existing bucket that you
-// already own in the North Virginia Region, Amazon S3 returns 200 OK and resets
-// the bucket access control lists (ACLs).
+// The bucket you tried to create already exists, and you own it. Amazon S3
+// returns this error in all Amazon Web Services Regions except in the North
+// Virginia Region. For legacy compatibility, if you re-create an existing bucket
+// that you already own in the North Virginia Region, Amazon S3 returns 200 OK and
+// resets the bucket access control lists (ACLs).
 type BucketAlreadyOwnedByYou struct {
 	Message *string
 
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go
index eaa10d91a..16d30099d 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go
@@ -9,9 +9,8 @@ import (
 
 // Specifies the days since the initiation of an incomplete multipart upload that
 // Amazon S3 will wait before permanently removing all parts of the upload. For
-// more information, see  Aborting Incomplete Multipart Uploads Using a Bucket
-// Lifecycle Policy
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
+// more information, see Aborting Incomplete Multipart Uploads Using a Bucket
+// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
 // in the Amazon S3 User Guide.
 type AbortIncompleteMultipartUpload struct {
 
@@ -23,9 +22,8 @@ type AbortIncompleteMultipartUpload struct {
 }
 
 // Configures the transfer acceleration state for an Amazon S3 bucket. For more
-// information, see Amazon S3 Transfer Acceleration
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in
-// the Amazon S3 User Guide.
+// information, see Amazon S3 Transfer Acceleration (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html)
+// in the Amazon S3 User Guide.
 type AccelerateConfiguration struct {
 
 	// Specifies the transfer acceleration status of the bucket.
@@ -50,8 +48,7 @@ type AccessControlPolicy struct {
 type AccessControlTranslation struct {
 
 	// Specifies the replica ownership. For default and valid values, see PUT bucket
-	// replication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html)
+	// replication (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html)
 	// in the Amazon S3 API Reference.
 	//
 	// This member is required.
@@ -60,9 +57,10 @@ type AccessControlTranslation struct {
 	noSmithyDocumentSerde
 }
 
-// A conjunction (logical AND) of predicates, which is used in evaluating a metrics
-// filter. The operator must have at least two predicates in any combination, and
-// an object must match all of the predicates for the filter to apply.
+// A conjunction (logical AND) of predicates, which is used in evaluating a
+// metrics filter. The operator must have at least two predicates in any
+// combination, and an object must match all of the predicates for the filter to
+// apply.
 type AnalyticsAndOperator struct {
 
 	// The prefix to use when evaluating an AND predicate: The prefix that an object
@@ -191,9 +189,8 @@ type Bucket struct {
 }
 
 // Specifies the lifecycle configuration for objects in an Amazon S3 bucket. For
-// more information, see Object Lifecycle Management
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) in
-// the Amazon S3 User Guide.
+// more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
+// in the Amazon S3 User Guide.
 type BucketLifecycleConfiguration struct {
 
 	// A lifecycle rule for individual objects in an Amazon S3 bucket.
@@ -207,10 +204,9 @@ type BucketLifecycleConfiguration struct {
 // Container for logging status information.
 type BucketLoggingStatus struct {
 
-	// Describes where logs are stored and the prefix that Amazon S3 assigns to all log
-	// object keys for a bucket. For more information, see PUT Bucket logging
-	// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) in
-	// the Amazon S3 API Reference.
+	// Describes where logs are stored and the prefix that Amazon S3 assigns to all
+	// log object keys for a bucket. For more information, see PUT Bucket logging (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html)
+	// in the Amazon S3 API Reference.
 	LoggingEnabled *LoggingEnabled
 
 	noSmithyDocumentSerde
@@ -222,43 +218,39 @@ type Checksum struct {
 	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
 	noSmithyDocumentSerde
 }
 
-// Container for all (if there are any) keys between Prefix and the next occurrence
-// of the string specified by a delimiter. CommonPrefixes lists keys that act like
-// subdirectories in the directory specified by Prefix. For example, if the prefix
-// is notes/ and the delimiter is a slash (/) as in notes/summer/july, the common
-// prefix is notes/summer/.
+// Container for all (if there are any) keys between Prefix and the next
+// occurrence of the string specified by a delimiter. CommonPrefixes lists keys
+// that act like subdirectories in the directory specified by Prefix. For example,
+// if the prefix is notes/ and the delimiter is a slash (/) as in
+// notes/summer/july, the common prefix is notes/summer/.
 type CommonPrefix struct {
 
 	// Container for the specified common prefix.
@@ -283,32 +275,28 @@ type CompletedPart struct {
 	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -336,15 +324,15 @@ type Condition struct {
 	HttpErrorCodeReturnedEquals *string
 
 	// The object key name prefix when the redirect is applied. For example, to
-	// redirect requests for ExamplePage.html, the key prefix will be ExamplePage.html.
-	// To redirect request for all pages with the prefix docs/, the key prefix will be
-	// /docs, which identifies all objects in the docs/ folder. Required when the
-	// parent element Condition is specified and sibling HttpErrorCodeReturnedEquals is
-	// not specified. If both conditions are specified, both must be true for the
+	// redirect requests for ExamplePage.html , the key prefix will be ExamplePage.html
+	// . To redirect request for all pages with the prefix docs/ , the key prefix will
+	// be /docs , which identifies all objects in the docs/ folder. Required when the
+	// parent element Condition is specified and sibling HttpErrorCodeReturnedEquals
+	// is not specified. If both conditions are specified, both must be true for the
 	// redirect to be applied. Replacement must be made for object keys containing
 	// special characters (such as carriage returns) when using XML requests. For more
-	// information, see  XML related object key constraints
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	// information, see XML related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+	// .
 	KeyPrefixEquals *string
 
 	noSmithyDocumentSerde
@@ -360,32 +348,28 @@ type CopyObjectResult struct {
 	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -405,32 +389,28 @@ type CopyPartResult struct {
 	// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -444,9 +424,8 @@ type CopyPartResult struct {
 }
 
 // Describes the cross-origin access configuration for objects in an Amazon S3
-// bucket. For more information, see Enabling Cross-Origin Resource Sharing
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon S3
-// User Guide.
+// bucket. For more information, see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html)
+// in the Amazon S3 User Guide.
 type CORSConfiguration struct {
 
 	// A set of origins and methods (cross-origin access that you want to allow). You
@@ -461,8 +440,8 @@ type CORSConfiguration struct {
 // Specifies a cross-origin access rule for an Amazon S3 bucket.
 type CORSRule struct {
 
-	// An HTTP method that you allow the origin to execute. Valid values are GET, PUT,
-	// HEAD, POST, and DELETE.
+	// An HTTP method that you allow the origin to execute. Valid values are GET , PUT
+	// , HEAD , POST , and DELETE .
 	//
 	// This member is required.
 	AllowedMethods []string
@@ -477,15 +456,16 @@ type CORSRule struct {
 	// OPTIONS request, Amazon S3 returns any requested headers that are allowed.
 	AllowedHeaders []string
 
-	// One or more headers in the response that you want customers to be able to access
-	// from their applications (for example, from a JavaScript XMLHttpRequest object).
+	// One or more headers in the response that you want customers to be able to
+	// access from their applications (for example, from a JavaScript XMLHttpRequest
+	// object).
 	ExposeHeaders []string
 
 	// Unique identifier for the rule. The value cannot be longer than 255 characters.
 	ID *string
 
-	// The time in seconds that your browser is to cache the preflight response for the
-	// specified resource.
+	// The time in seconds that your browser is to cache the preflight response for
+	// the specified resource.
 	MaxAgeSeconds int32
 
 	noSmithyDocumentSerde
@@ -512,7 +492,7 @@ type CSVInput struct {
 
 	// A single character used to indicate that a row should be ignored when the
 	// character is present at the start of that row. You can specify any character to
-	// indicate a comment line. The default character is #. Default: #
+	// indicate a comment line. The default character is # . Default: #
 	Comments *string
 
 	// A single character used to separate individual fields in a record. You can
@@ -520,27 +500,22 @@ type CSVInput struct {
 	FieldDelimiter *string
 
 	// Describes the first line of input. Valid values are:
-	//
-	// * NONE: First line is not
-	// a header.
-	//
-	// * IGNORE: First line is a header, but you can't use the header values
-	// to indicate the column in an expression. You can use column position (such as
-	// _1, _2, …) to indicate the column (SELECT s._1 FROM OBJECT s).
-	//
-	// * Use: First
-	// line is a header, and you can use the header value to identify a column in an
-	// expression (SELECT "name" FROM OBJECT).
+	//   - NONE : First line is not a header.
+	//   - IGNORE : First line is a header, but you can't use the header values to
+	//   indicate the column in an expression. You can use column position (such as _1,
+	//   _2, …) to indicate the column ( SELECT s._1 FROM OBJECT s ).
+	//   - Use : First line is a header, and you can use the header value to identify a
+	//   column in an expression ( SELECT "name" FROM OBJECT ).
 	FileHeaderInfo FileHeaderInfo
 
 	// A single character used for escaping when the field delimiter is part of the
-	// value. For example, if the value is a, b, Amazon S3 wraps this field value in
-	// quotation marks, as follows: " a , b ". Type: String Default: " Ancestors: CSV
+	// value. For example, if the value is a, b , Amazon S3 wraps this field value in
+	// quotation marks, as follows: " a , b " . Type: String Default: " Ancestors: CSV
 	QuoteCharacter *string
 
 	// A single character used for escaping the quotation mark character inside an
-	// already escaped value. For example, the value """ a , b """ is parsed as " a , b
-	// ".
+	// already escaped value. For example, the value """ a , b """ is parsed as " a ,
+	// b " .
 	QuoteEscapeCharacter *string
 
 	// A single character used to separate individual records in the input. Instead of
@@ -559,8 +534,8 @@ type CSVOutput struct {
 	FieldDelimiter *string
 
 	// A single character used for escaping when the field delimiter is part of the
-	// value. For example, if the value is a, b, Amazon S3 wraps this field value in
-	// quotation marks, as follows: " a , b ".
+	// value. For example, if the value is a, b , Amazon S3 wraps this field value in
+	// quotation marks, as follows: " a , b " .
 	QuoteCharacter *string
 
 	// The single character used for escaping the quote character inside an already
@@ -568,16 +543,12 @@ type CSVOutput struct {
 	QuoteEscapeCharacter *string
 
 	// Indicates whether to use quotation marks around output fields.
-	//
-	// * ALWAYS: Always
-	// use quotation marks for output fields.
-	//
-	// * ASNEEDED: Use quotation marks for
-	// output fields when needed.
+	//   - ALWAYS : Always use quotation marks for output fields.
+	//   - ASNEEDED : Use quotation marks for output fields when needed.
 	QuoteFields QuoteFields
 
-	// A single character used to separate individual records in the output. Instead of
-	// the default value, you can specify an arbitrary delimiter.
+	// A single character used to separate individual records in the output. Instead
+	// of the default value, you can specify an arbitrary delimiter.
 	RecordDelimiter *string
 
 	noSmithyDocumentSerde
@@ -585,25 +556,21 @@ type CSVOutput struct {
 
 // The container element for specifying the default Object Lock retention settings
 // for new objects placed in the specified bucket.
-//
-// * The DefaultRetention settings
-// require both a mode and a period.
-//
-// * The DefaultRetention period can be either
-// Days or Years but you must select one. You cannot specify Days and Years at the
-// same time.
+//   - The DefaultRetention settings require both a mode and a period.
+//   - The DefaultRetention period can be either Days or Years but you must select
+//     one. You cannot specify Days and Years at the same time.
 type DefaultRetention struct {
 
 	// The number of days that you want to specify for the default retention period.
-	// Must be used with Mode.
+	// Must be used with Mode .
 	Days int32
 
 	// The default Object Lock retention mode you want to apply to new objects placed
-	// in the specified bucket. Must be used with either Days or Years.
+	// in the specified bucket. Must be used with either Days or Years .
 	Mode ObjectLockRetentionMode
 
 	// The number of years that you want to specify for the default retention period.
-	// Must be used with Mode.
+	// Must be used with Mode .
 	Years int32
 
 	noSmithyDocumentSerde
@@ -632,9 +599,9 @@ type DeletedObject struct {
 	// whether (true) or not (false) a delete marker was created.
 	DeleteMarker bool
 
-	// The version ID of the delete marker created as a result of the DELETE operation.
-	// If you delete a specific object version, the value returned by this header is
-	// the version ID of the object version deleted.
+	// The version ID of the delete marker created as a result of the DELETE
+	// operation. If you delete a specific object version, the value returned by this
+	// header is the version ID of the object version deleted.
 	DeleteMarkerVersionId *string
 
 	// The name of the deleted object.
@@ -671,17 +638,15 @@ type DeleteMarkerEntry struct {
 // Specifies whether Amazon S3 replicates delete markers. If you specify a Filter
 // in your replication configuration, you must also include a
 // DeleteMarkerReplication element. If your Filter includes a Tag element, the
-// DeleteMarkerReplicationStatus must be set to Disabled, because Amazon S3 does
+// DeleteMarkerReplication Status must be set to Disabled, because Amazon S3 does
 // not support replicating delete markers for tag-based rules. For an example
-// configuration, see Basic Rule Configuration
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config).
-// For more information about delete marker replication, see Basic Rule
-// Configuration
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html).
-// If you are using an earlier version of the replication configuration, Amazon S3
-// handles replication of delete markers differently. For more information, see
-// Backward Compatibility
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations).
+// configuration, see Basic Rule Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config)
+// . For more information about delete marker replication, see Basic Rule
+// Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html)
+// . If you are using an earlier version of the replication configuration, Amazon
+// S3 handles replication of delete markers differently. For more information, see
+// Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations)
+// .
 type DeleteMarkerReplication struct {
 
 	// Indicates whether to replicate delete markers. Indicates whether to replicate
@@ -710,10 +675,10 @@ type Destination struct {
 
 	// Destination bucket owner account ID. In a cross-account scenario, if you direct
 	// Amazon S3 to change replica ownership to the Amazon Web Services account that
-	// owns the destination bucket by specifying the AccessControlTranslation property,
-	// this is the account ID of the destination bucket owner. For more information,
-	// see Replication Additional Configuration: Changing the Replica Owner
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-change-owner.html)
+	// owns the destination bucket by specifying the AccessControlTranslation
+	// property, this is the account ID of the destination bucket owner. For more
+	// information, see Replication Additional Configuration: Changing the Replica
+	// Owner (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-change-owner.html)
 	// in the Amazon S3 User Guide.
 	Account *string
 
@@ -721,8 +686,8 @@ type Destination struct {
 	// SourceSelectionCriteria is specified, you must specify this element.
 	EncryptionConfiguration *EncryptionConfiguration
 
-	// A container specifying replication metrics-related settings enabling replication
-	// metrics and events.
+	// A container specifying replication metrics-related settings enabling
+	// replication metrics and events.
 	Metrics *Metrics
 
 	// A container specifying S3 Replication Time Control (S3 RTC), including whether
@@ -733,8 +698,7 @@ type Destination struct {
 	// The storage class to use when replicating objects, such as S3 Standard or
 	// reduced redundancy. By default, Amazon S3 uses the storage class of the source
 	// object to create the object replica. For valid values, see the StorageClass
-	// element of the PUT Bucket replication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html)
+	// element of the PUT Bucket replication (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html)
 	// action in the Amazon S3 API Reference.
 	StorageClass StorageClass
 
@@ -745,20 +709,19 @@ type Destination struct {
 type Encryption struct {
 
 	// The server-side encryption algorithm used when storing job results in Amazon S3
-	// (for example, AES256, aws:kms).
+	// (for example, AES256, aws:kms ).
 	//
 	// This member is required.
 	EncryptionType ServerSideEncryption
 
-	// If the encryption type is aws:kms, this optional value can be used to specify
+	// If the encryption type is aws:kms , this optional value can be used to specify
 	// the encryption context for the restore results.
 	KMSContext *string
 
-	// If the encryption type is aws:kms, this optional value specifies the ID of the
+	// If the encryption type is aws:kms , this optional value specifies the ID of the
 	// symmetric encryption customer managed key to use for encryption of job results.
 	// Amazon S3 only supports symmetric encryption KMS keys. For more information, see
-	// Asymmetric keys in Amazon Web Services KMS
-	// (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
+	// Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
 	// in the Amazon Web Services Key Management Service Developer Guide.
 	KMSKeyId *string
 
@@ -773,8 +736,7 @@ type EncryptionConfiguration struct {
 	// Services KMS key stored in Amazon Web Services Key Management Service (KMS) for
 	// the destination bucket. Amazon S3 uses this key to encrypt replica objects.
 	// Amazon S3 only supports symmetric encryption KMS keys. For more information, see
-	// Asymmetric keys in Amazon Web Services KMS
-	// (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
+	// Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
 	// in the Amazon Web Services Key Management Service Developer Guide.
 	ReplicaKmsKeyID *string
 
@@ -783,7 +745,7 @@ type EncryptionConfiguration struct {
 
 // A message that indicates the request is complete and no more messages will be
 // sent. You should not assume that the request is complete until the client
-// receives an EndEvent.
+// receives an EndEvent .
 type EndEvent struct {
 	noSmithyDocumentSerde
 }
@@ -793,934 +755,415 @@ type Error struct {
 
 	// The error code is a string that uniquely identifies an error condition. It is
 	// meant to be read and understood by programs that detect and handle errors by
-	// type. Amazon S3 error codes
-	//
-	// * Code: AccessDenied
-	//
-	// * Description: Access
-	// Denied
-	//
-	// * HTTP Status Code: 403 Forbidden
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// *
-	// Code: AccountProblem
-	//
-	// * Description: There is a problem with your Amazon Web
-	// Services account that prevents the action from completing successfully. Contact
-	// Amazon Web Services Support for further assistance.
-	//
-	// * HTTP Status Code: 403
-	// Forbidden
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: AllAccessDisabled
-	//
-	// *
-	// Description: All access to this Amazon S3 resource has been disabled. Contact
-	// Amazon Web Services Support for further assistance.
-	//
-	// * HTTP Status Code: 403
-	// Forbidden
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// AmbiguousGrantByEmailAddress
-	//
-	// * Description: The email address you provided is
-	// associated with more than one account.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// *
-	// SOAP Fault Code Prefix: Client
-	//
-	// * Code: AuthorizationHeaderMalformed
-	//
-	// *
-	// Description: The authorization header you provided is invalid.
-	//
-	// * HTTP Status
-	// Code: 400 Bad Request
-	//
-	// * HTTP Status Code: N/A
-	//
-	// * Code: BadDigest
-	//
-	// *
-	// Description: The Content-MD5 you specified did not match what we received.
-	//
-	// *
-	// HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// BucketAlreadyExists
-	//
-	// * Description: The requested bucket name is not available.
-	// The bucket namespace is shared by all users of the system. Please select a
-	// different name and try again.
-	//
-	// * HTTP Status Code: 409 Conflict
-	//
-	// * SOAP Fault
-	// Code Prefix: Client
-	//
-	// * Code: BucketAlreadyOwnedByYou
-	//
-	// * Description: The bucket
-	// you tried to create already exists, and you own it. Amazon S3 returns this error
-	// in all Amazon Web Services Regions except in the North Virginia Region. For
-	// legacy compatibility, if you re-create an existing bucket that you already own
-	// in the North Virginia Region, Amazon S3 returns 200 OK and resets the bucket
-	// access control lists (ACLs).
-	//
-	// * Code: 409 Conflict (in all Regions except the
-	// North Virginia Region)
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// BucketNotEmpty
-	//
-	// * Description: The bucket you tried to delete is not empty.
-	//
-	// *
-	// HTTP Status Code: 409 Conflict
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// CredentialsNotSupported
-	//
-	// * Description: This request does not support
-	// credentials.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix:
-	// Client
-	//
-	// * Code: CrossLocationLoggingProhibited
-	//
-	// * Description: Cross-location
-	// logging not allowed. Buckets in one geographic location cannot log information
-	// to a bucket in another location.
-	//
-	// * HTTP Status Code: 403 Forbidden
-	//
-	// * SOAP
-	// Fault Code Prefix: Client
-	//
-	// * Code: EntityTooSmall
-	//
-	// * Description: Your proposed
-	// upload is smaller than the minimum allowed object size.
-	//
-	// * HTTP Status Code: 400
-	// Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: EntityTooLarge
-	//
-	// *
-	// Description: Your proposed upload exceeds the maximum allowed object size.
-	//
-	// *
-	// HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// ExpiredToken
-	//
-	// * Description: The provided token has expired.
-	//
-	// * HTTP Status
-	// Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// IllegalVersioningConfigurationException
-	//
-	// * Description: Indicates that the
-	// versioning configuration specified in the request is invalid.
-	//
-	// * HTTP Status
-	// Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// IncompleteBody
-	//
-	// * Description: You did not provide the number of bytes specified
-	// by the Content-Length HTTP header
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP
-	// Fault Code Prefix: Client
-	//
-	// * Code: IncorrectNumberOfFilesInPostRequest
-	//
-	// *
-	// Description: POST requires exactly one file upload per request.
-	//
-	// * HTTP Status
-	// Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// InlineDataTooLarge
-	//
-	// * Description: Inline data exceeds the maximum allowed
-	// size.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// *
-	// Code: InternalError
-	//
-	// * Description: We encountered an internal error. Please try
-	// again.
-	//
-	// * HTTP Status Code: 500 Internal Server Error
-	//
-	// * SOAP Fault Code Prefix:
-	// Server
-	//
-	// * Code: InvalidAccessKeyId
-	//
-	// * Description: The Amazon Web Services
-	// access key ID you provided does not exist in our records.
-	//
-	// * HTTP Status Code:
-	// 403 Forbidden
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// InvalidAddressingHeader
-	//
-	// * Description: You must specify the Anonymous role.
-	//
-	// *
-	// HTTP Status Code: N/A
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// InvalidArgument
-	//
-	// * Description: Invalid Argument
-	//
-	// * HTTP Status Code: 400 Bad
-	// Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: InvalidBucketName
-	//
-	// *
-	// Description: The specified bucket is not valid.
-	//
-	// * HTTP Status Code: 400 Bad
-	// Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: InvalidBucketState
-	//
-	// *
-	// Description: The request is not valid with the current state of the bucket.
-	//
-	// *
-	// HTTP Status Code: 409 Conflict
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// InvalidDigest
-	//
-	// * Description: The Content-MD5 you specified is not valid.
-	//
-	// *
-	// HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// InvalidEncryptionAlgorithmError
-	//
-	// * Description: The encryption request you
-	// specified is not valid. The valid value is AES256.
-	//
-	// * HTTP Status Code: 400 Bad
-	// Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: InvalidLocationConstraint
-	//
-	// *
-	// Description: The specified location constraint is not valid. For more
-	// information about Regions, see How to Select a Region for Your Buckets
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro).
-	//
-	// *
-	// HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// InvalidObjectState
-	//
-	// * Description: The action is not valid for the current state
-	// of the object.
-	//
-	// * HTTP Status Code: 403 Forbidden
-	//
-	// * SOAP Fault Code Prefix:
-	// Client
-	//
-	// * Code: InvalidPart
-	//
-	// * Description: One or more of the specified parts
-	// could not be found. The part might not have been uploaded, or the specified
-	// entity tag might not have matched the part's entity tag.
-	//
-	// * HTTP Status Code:
-	// 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: InvalidPartOrder
-	//
-	// *
-	// Description: The list of parts was not in ascending order. Parts list must be
-	// specified in order by part number.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP
-	// Fault Code Prefix: Client
-	//
-	// * Code: InvalidPayer
-	//
-	// * Description: All access to
-	// this object has been disabled. Please contact Amazon Web Services Support for
-	// further assistance.
-	//
-	// * HTTP Status Code: 403 Forbidden
-	//
-	// * SOAP Fault Code
-	// Prefix: Client
-	//
-	// * Code: InvalidPolicyDocument
-	//
-	// * Description: The content of the
-	// form does not meet the conditions specified in the policy document.
-	//
-	// * HTTP
-	// Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// InvalidRange
-	//
-	// * Description: The requested range cannot be satisfied.
-	//
-	// * HTTP
-	// Status Code: 416 Requested Range Not Satisfiable
-	//
-	// * SOAP Fault Code Prefix:
-	// Client
-	//
-	// * Code: InvalidRequest
-	//
-	// * Description: Please use AWS4-HMAC-SHA256.
-	//
-	// *
-	// HTTP Status Code: 400 Bad Request
-	//
-	// * Code: N/A
-	//
-	// * Code: InvalidRequest
-	//
-	// *
-	// Description: SOAP requests must be made over an HTTPS connection.
-	//
-	// * HTTP Status
-	// Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// InvalidRequest
-	//
-	// * Description: Amazon S3 Transfer Acceleration is not supported
-	// for buckets with non-DNS compliant names.
-	//
-	// * HTTP Status Code: 400 Bad
-	// Request
-	//
-	// * Code: N/A
-	//
-	// * Code: InvalidRequest
-	//
-	// * Description: Amazon S3 Transfer
-	// Acceleration is not supported for buckets with periods (.) in their names.
-	//
-	// *
-	// HTTP Status Code: 400 Bad Request
-	//
-	// * Code: N/A
-	//
-	// * Code: InvalidRequest
-	//
-	// *
-	// Description: Amazon S3 Transfer Accelerate endpoint only supports virtual style
-	// requests.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * Code: N/A
-	//
-	// * Code:
-	// InvalidRequest
-	//
-	// * Description: Amazon S3 Transfer Accelerate is not configured
-	// on this bucket.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * Code: N/A
-	//
-	// * Code:
-	// InvalidRequest
-	//
-	// * Description: Amazon S3 Transfer Accelerate is disabled on this
-	// bucket.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * Code: N/A
-	//
-	// * Code:
-	// InvalidRequest
-	//
-	// * Description: Amazon S3 Transfer Acceleration is not supported
-	// on this bucket. Contact Amazon Web Services Support for more information.
-	//
-	// *
-	// HTTP Status Code: 400 Bad Request
-	//
-	// * Code: N/A
-	//
-	// * Code: InvalidRequest
-	//
-	// *
-	// Description: Amazon S3 Transfer Acceleration cannot be enabled on this bucket.
-	// Contact Amazon Web Services Support for more information.
-	//
-	// * HTTP Status Code:
-	// 400 Bad Request
-	//
-	// * Code: N/A
-	//
-	// * Code: InvalidSecurity
-	//
-	// * Description: The
-	// provided security credentials are not valid.
-	//
-	// * HTTP Status Code: 403
-	// Forbidden
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: InvalidSOAPRequest
-	//
-	// *
-	// Description: The SOAP request body is invalid.
-	//
-	// * HTTP Status Code: 400 Bad
-	// Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: InvalidStorageClass
-	//
-	// *
-	// Description: The storage class you specified is not valid.
-	//
-	// * HTTP Status Code:
-	// 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// InvalidTargetBucketForLogging
-	//
-	// * Description: The target bucket for logging does
-	// not exist, is not owned by you, or does not have the appropriate grants for the
-	// log-delivery group.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code
-	// Prefix: Client
-	//
-	// * Code: InvalidToken
-	//
-	// * Description: The provided token is
-	// malformed or otherwise invalid.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP
-	// Fault Code Prefix: Client
-	//
-	// * Code: InvalidURI
-	//
-	// * Description: Couldn't parse the
-	// specified URI.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix:
-	// Client
-	//
-	// * Code: KeyTooLongError
-	//
-	// * Description: Your key is too long.
-	//
-	// * HTTP
-	// Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// MalformedACLError
-	//
-	// * Description: The XML you provided was not well-formed or
-	// did not validate against our published schema.
-	//
-	// * HTTP Status Code: 400 Bad
-	// Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: MalformedPOSTRequest
-	//
-	// *
-	// Description: The body of your POST request is not well-formed
-	// multipart/form-data.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code
-	// Prefix: Client
-	//
-	// * Code: MalformedXML
-	//
-	// * Description: This happens when the user
-	// sends malformed XML (XML that doesn't conform to the published XSD) for the
-	// configuration. The error message is, "The XML you provided was not well-formed
-	// or did not validate against our published schema."
-	//
-	// * HTTP Status Code: 400 Bad
-	// Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: MaxMessageLengthExceeded
-	//
-	// *
-	// Description: Your request was too big.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// *
-	// SOAP Fault Code Prefix: Client
-	//
-	// * Code: MaxPostPreDataLengthExceededError
-	//
-	// *
-	// Description: Your POST request fields preceding the upload file were too
-	// large.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// *
-	// Code: MetadataTooLarge
-	//
-	// * Description: Your metadata headers exceed the maximum
-	// allowed metadata size.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code
-	// Prefix: Client
-	//
-	// * Code: MethodNotAllowed
-	//
-	// * Description: The specified method is
-	// not allowed against this resource.
-	//
-	// * HTTP Status Code: 405 Method Not
-	// Allowed
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: MissingAttachment
-	//
-	// *
-	// Description: A SOAP attachment was expected, but none were found.
-	//
-	// * HTTP Status
-	// Code: N/A
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: MissingContentLength
-	//
-	// *
-	// Description: You must provide the Content-Length HTTP header.
-	//
-	// * HTTP Status
-	// Code: 411 Length Required
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// MissingRequestBodyError
-	//
-	// * Description: This happens when the user sends an
-	// empty XML document as a request. The error message is, "Request body is
-	// empty."
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix:
-	// Client
-	//
-	// * Code: MissingSecurityElement
-	//
-	// * Description: The SOAP 1.1 request is
-	// missing a security element.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault
-	// Code Prefix: Client
-	//
-	// * Code: MissingSecurityHeader
-	//
-	// * Description: Your request
-	// is missing a required header.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault
-	// Code Prefix: Client
-	//
-	// * Code: NoLoggingStatusForKey
-	//
-	// * Description: There is no
-	// such thing as a logging status subresource for a key.
-	//
-	// * HTTP Status Code: 400
-	// Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: NoSuchBucket
-	//
-	// *
-	// Description: The specified bucket does not exist.
-	//
-	// * HTTP Status Code: 404 Not
-	// Found
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: NoSuchBucketPolicy
-	//
-	// *
-	// Description: The specified bucket does not have a bucket policy.
-	//
-	// * HTTP Status
-	// Code: 404 Not Found
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: NoSuchKey
-	//
-	// *
-	// Description: The specified key does not exist.
-	//
-	// * HTTP Status Code: 404 Not
-	// Found
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: NoSuchLifecycleConfiguration
-	//
-	// *
-	// Description: The lifecycle configuration does not exist.
-	//
-	// * HTTP Status Code:
-	// 404 Not Found
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: NoSuchUpload
-	//
-	// *
-	// Description: The specified multipart upload does not exist. The upload ID might
-	// be invalid, or the multipart upload might have been aborted or completed.
-	//
-	// *
-	// HTTP Status Code: 404 Not Found
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// NoSuchVersion
-	//
-	// * Description: Indicates that the version ID specified in the
-	// request does not match an existing version.
-	//
-	// * HTTP Status Code: 404 Not
-	// Found
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: NotImplemented
-	//
-	// * Description:
-	// A header you provided implies functionality that is not implemented.
-	//
-	// * HTTP
-	// Status Code: 501 Not Implemented
-	//
-	// * SOAP Fault Code Prefix: Server
-	//
-	// * Code:
-	// NotSignedUp
-	//
-	// * Description: Your account is not signed up for the Amazon S3
-	// service. You must sign up before you can use Amazon S3. You can sign up at the
-	// following URL: Amazon S3 (http://aws.amazon.com/s3)
-	//
-	// * HTTP Status Code: 403
-	// Forbidden
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: OperationAborted
-	//
-	// *
-	// Description: A conflicting conditional action is currently in progress against
-	// this resource. Try again.
-	//
-	// * HTTP Status Code: 409 Conflict
-	//
-	// * SOAP Fault Code
-	// Prefix: Client
-	//
-	// * Code: PermanentRedirect
-	//
-	// * Description: The bucket you are
-	// attempting to access must be addressed using the specified endpoint. Send all
-	// future requests to this endpoint.
-	//
-	// * HTTP Status Code: 301 Moved Permanently
-	//
-	// *
-	// SOAP Fault Code Prefix: Client
-	//
-	// * Code: PreconditionFailed
-	//
-	// * Description: At
-	// least one of the preconditions you specified did not hold.
-	//
-	// * HTTP Status Code:
-	// 412 Precondition Failed
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: Redirect
-	//
-	// *
-	// Description: Temporary redirect.
-	//
-	// * HTTP Status Code: 307 Moved Temporarily
-	//
-	// *
-	// SOAP Fault Code Prefix: Client
-	//
-	// * Code: RestoreAlreadyInProgress
-	//
-	// * Description:
-	// Object restore is already in progress.
-	//
-	// * HTTP Status Code: 409 Conflict
-	//
-	// * SOAP
-	// Fault Code Prefix: Client
-	//
-	// * Code: RequestIsNotMultiPartContent
-	//
-	// * Description:
-	// Bucket POST must be of the enclosure-type multipart/form-data.
-	//
-	// * HTTP Status
-	// Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// RequestTimeout
-	//
-	// * Description: Your socket connection to the server was not read
-	// from or written to within the timeout period.
-	//
-	// * HTTP Status Code: 400 Bad
-	// Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: RequestTimeTooSkewed
-	//
-	// *
-	// Description: The difference between the request time and the server's time is
-	// too large.
-	//
-	// * HTTP Status Code: 403 Forbidden
-	//
-	// * SOAP Fault Code Prefix:
-	// Client
-	//
-	// * Code: RequestTorrentOfBucketError
-	//
-	// * Description: Requesting the
-	// torrent file of a bucket is not permitted.
-	//
-	// * HTTP Status Code: 400 Bad
-	// Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code: SignatureDoesNotMatch
-	//
-	// *
-	// Description: The request signature we calculated does not match the signature
-	// you provided. Check your Amazon Web Services secret access key and signing
-	// method. For more information, see REST Authentication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html) and
-	// SOAP Authentication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/SOAPAuthentication.html) for
-	// details.
-	//
-	// * HTTP Status Code: 403 Forbidden
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// *
-	// Code: ServiceUnavailable
-	//
-	// * Description: Service is unable to handle request.
-	//
-	// *
-	// HTTP Status Code: 503 Service Unavailable
-	//
-	// * SOAP Fault Code Prefix: Server
-	//
-	// *
-	// Code: SlowDown
-	//
-	// * Description: Reduce your request rate.
-	//
-	// * HTTP Status Code:
-	// 503 Slow Down
-	//
-	// * SOAP Fault Code Prefix: Server
-	//
-	// * Code: TemporaryRedirect
-	//
-	// *
-	// Description: You are being redirected to the bucket while DNS updates.
-	//
-	// * HTTP
-	// Status Code: 307 Moved Temporarily
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// TokenRefreshRequired
-	//
-	// * Description: The provided token must be refreshed.
-	//
-	// *
-	// HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// TooManyBuckets
-	//
-	// * Description: You have attempted to create more buckets than
-	// allowed.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix:
-	// Client
-	//
-	// * Code: UnexpectedContent
-	//
-	// * Description: This request does not support
-	// content.
-	//
-	// * HTTP Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix:
-	// Client
-	//
-	// * Code: UnresolvableGrantByEmailAddress
-	//
-	// * Description: The email
-	// address you provided does not match any account on record.
-	//
-	// * HTTP Status Code:
-	// 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
-	//
-	// * Code:
-	// UserKeyMustBeSpecified
-	//
-	// * Description: The bucket POST must contain the
-	// specified field name. If it is specified, check the order of the fields.
-	//
-	// * HTTP
-	// Status Code: 400 Bad Request
-	//
-	// * SOAP Fault Code Prefix: Client
+	// type. The following is a list of Amazon S3 error codes. For more information,
+	// see Error responses (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html)
+	// .
+	//   - Code: AccessDenied
+	//   - Description: Access Denied
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: AccountProblem
+	//   - Description: There is a problem with your Amazon Web Services account that
+	//   prevents the action from completing successfully. Contact Amazon Web Services
+	//   Support for further assistance.
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: AllAccessDisabled
+	//   - Description: All access to this Amazon S3 resource has been disabled.
+	//   Contact Amazon Web Services Support for further assistance.
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: AmbiguousGrantByEmailAddress
+	//   - Description: The email address you provided is associated with more than
+	//   one account.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: AuthorizationHeaderMalformed
+	//   - Description: The authorization header you provided is invalid.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - HTTP Status Code: N/A
+	//   - Code: BadDigest
+	//   - Description: The Content-MD5 you specified did not match what we received.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: BucketAlreadyExists
+	//   - Description: The requested bucket name is not available. The bucket
+	//   namespace is shared by all users of the system. Please select a different name
+	//   and try again.
+	//   - HTTP Status Code: 409 Conflict
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: BucketAlreadyOwnedByYou
+	//   - Description: The bucket you tried to create already exists, and you own it.
+	//   Amazon S3 returns this error in all Amazon Web Services Regions except in the
+	//   North Virginia Region. For legacy compatibility, if you re-create an existing
+	//   bucket that you already own in the North Virginia Region, Amazon S3 returns 200
+	//   OK and resets the bucket access control lists (ACLs).
+	//   - Code: 409 Conflict (in all Regions except the North Virginia Region)
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: BucketNotEmpty
+	//   - Description: The bucket you tried to delete is not empty.
+	//   - HTTP Status Code: 409 Conflict
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: CredentialsNotSupported
+	//   - Description: This request does not support credentials.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: CrossLocationLoggingProhibited
+	//   - Description: Cross-location logging not allowed. Buckets in one geographic
+	//   location cannot log information to a bucket in another location.
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: EntityTooSmall
+	//   - Description: Your proposed upload is smaller than the minimum allowed
+	//   object size.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: EntityTooLarge
+	//   - Description: Your proposed upload exceeds the maximum allowed object size.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: ExpiredToken
+	//   - Description: The provided token has expired.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: IllegalVersioningConfigurationException
+	//   - Description: Indicates that the versioning configuration specified in the
+	//   request is invalid.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: IncompleteBody
+	//   - Description: You did not provide the number of bytes specified by the
+	//   Content-Length HTTP header
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: IncorrectNumberOfFilesInPostRequest
+	//   - Description: POST requires exactly one file upload per request.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InlineDataTooLarge
+	//   - Description: Inline data exceeds the maximum allowed size.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InternalError
+	//   - Description: We encountered an internal error. Please try again.
+	//   - HTTP Status Code: 500 Internal Server Error
+	//   - SOAP Fault Code Prefix: Server
+	//   - Code: InvalidAccessKeyId
+	//   - Description: The Amazon Web Services access key ID you provided does not
+	//   exist in our records.
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidAddressingHeader
+	//   - Description: You must specify the Anonymous role.
+	//   - HTTP Status Code: N/A
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidArgument
+	//   - Description: Invalid Argument
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidBucketName
+	//   - Description: The specified bucket is not valid.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidBucketState
+	//   - Description: The request is not valid with the current state of the bucket.
+	//   - HTTP Status Code: 409 Conflict
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidDigest
+	//   - Description: The Content-MD5 you specified is not valid.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidEncryptionAlgorithmError
+	//   - Description: The encryption request you specified is not valid. The valid
+	//   value is AES256.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidLocationConstraint
+	//   - Description: The specified location constraint is not valid. For more
+	//   information about Regions, see How to Select a Region for Your Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro)
+	//   .
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidObjectState
+	//   - Description: The action is not valid for the current state of the object.
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidPart
+	//   - Description: One or more of the specified parts could not be found. The
+	//   part might not have been uploaded, or the specified entity tag might not have
+	//   matched the part's entity tag.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidPartOrder
+	//   - Description: The list of parts was not in ascending order. Parts list must
+	//   be specified in order by part number.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidPayer
+	//   - Description: All access to this object has been disabled. Please contact
+	//   Amazon Web Services Support for further assistance.
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidPolicyDocument
+	//   - Description: The content of the form does not meet the conditions specified
+	//   in the policy document.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidRange
+	//   - Description: The requested range cannot be satisfied.
+	//   - HTTP Status Code: 416 Requested Range Not Satisfiable
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidRequest
+	//   - Description: Please use AWS4-HMAC-SHA256 .
+	//   - HTTP Status Code: 400 Bad Request
+	//   - Code: N/A
+	//   - Code: InvalidRequest
+	//   - Description: SOAP requests must be made over an HTTPS connection.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidRequest
+	//   - Description: Amazon S3 Transfer Acceleration is not supported for buckets
+	//   with non-DNS compliant names.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - Code: N/A
+	//   - Code: InvalidRequest
+	//   - Description: Amazon S3 Transfer Acceleration is not supported for buckets
+	//   with periods (.) in their names.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - Code: N/A
+	//   - Code: InvalidRequest
+	//   - Description: Amazon S3 Transfer Accelerate endpoint only supports virtual
+	//   style requests.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - Code: N/A
+	//   - Code: InvalidRequest
+	//   - Description: Amazon S3 Transfer Accelerate is not configured on this
+	//   bucket.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - Code: N/A
+	//   - Code: InvalidRequest
+	//   - Description: Amazon S3 Transfer Accelerate is disabled on this bucket.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - Code: N/A
+	//   - Code: InvalidRequest
+	//   - Description: Amazon S3 Transfer Acceleration is not supported on this
+	//   bucket. Contact Amazon Web Services Support for more information.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - Code: N/A
+	//   - Code: InvalidRequest
+	//   - Description: Amazon S3 Transfer Acceleration cannot be enabled on this
+	//   bucket. Contact Amazon Web Services Support for more information.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - Code: N/A
+	//   - Code: InvalidSecurity
+	//   - Description: The provided security credentials are not valid.
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidSOAPRequest
+	//   - Description: The SOAP request body is invalid.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidStorageClass
+	//   - Description: The storage class you specified is not valid.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidTargetBucketForLogging
+	//   - Description: The target bucket for logging does not exist, is not owned by
+	//   you, or does not have the appropriate grants for the log-delivery group.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidToken
+	//   - Description: The provided token is malformed or otherwise invalid.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: InvalidURI
+	//   - Description: Couldn't parse the specified URI.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: KeyTooLongError
+	//   - Description: Your key is too long.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MalformedACLError
+	//   - Description: The XML you provided was not well-formed or did not validate
+	//   against our published schema.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MalformedPOSTRequest
+	//   - Description: The body of your POST request is not well-formed
+	//   multipart/form-data.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MalformedXML
+	//   - Description: This happens when the user sends malformed XML (XML that
+	//   doesn't conform to the published XSD) for the configuration. The error message
+	//   is, "The XML you provided was not well-formed or did not validate against our
+	//   published schema."
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MaxMessageLengthExceeded
+	//   - Description: Your request was too big.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MaxPostPreDataLengthExceededError
+	//   - Description: Your POST request fields preceding the upload file were too
+	//   large.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MetadataTooLarge
+	//   - Description: Your metadata headers exceed the maximum allowed metadata
+	//   size.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MethodNotAllowed
+	//   - Description: The specified method is not allowed against this resource.
+	//   - HTTP Status Code: 405 Method Not Allowed
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MissingAttachment
+	//   - Description: A SOAP attachment was expected, but none were found.
+	//   - HTTP Status Code: N/A
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MissingContentLength
+	//   - Description: You must provide the Content-Length HTTP header.
+	//   - HTTP Status Code: 411 Length Required
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MissingRequestBodyError
+	//   - Description: This happens when the user sends an empty XML document as a
+	//   request. The error message is, "Request body is empty."
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MissingSecurityElement
+	//   - Description: The SOAP 1.1 request is missing a security element.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: MissingSecurityHeader
+	//   - Description: Your request is missing a required header.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: NoLoggingStatusForKey
+	//   - Description: There is no such thing as a logging status subresource for a
+	//   key.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: NoSuchBucket
+	//   - Description: The specified bucket does not exist.
+	//   - HTTP Status Code: 404 Not Found
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: NoSuchBucketPolicy
+	//   - Description: The specified bucket does not have a bucket policy.
+	//   - HTTP Status Code: 404 Not Found
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: NoSuchKey
+	//   - Description: The specified key does not exist.
+	//   - HTTP Status Code: 404 Not Found
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: NoSuchLifecycleConfiguration
+	//   - Description: The lifecycle configuration does not exist.
+	//   - HTTP Status Code: 404 Not Found
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: NoSuchUpload
+	//   - Description: The specified multipart upload does not exist. The upload ID
+	//   might be invalid, or the multipart upload might have been aborted or completed.
+	//   - HTTP Status Code: 404 Not Found
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: NoSuchVersion
+	//   - Description: Indicates that the version ID specified in the request does
+	//   not match an existing version.
+	//   - HTTP Status Code: 404 Not Found
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: NotImplemented
+	//   - Description: A header you provided implies functionality that is not
+	//   implemented.
+	//   - HTTP Status Code: 501 Not Implemented
+	//   - SOAP Fault Code Prefix: Server
+	//   - Code: NotSignedUp
+	//   - Description: Your account is not signed up for the Amazon S3 service. You
+	//   must sign up before you can use Amazon S3. You can sign up at the following URL:
+	//   Amazon S3 (http://aws.amazon.com/s3)
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: OperationAborted
+	//   - Description: A conflicting conditional action is currently in progress
+	//   against this resource. Try again.
+	//   - HTTP Status Code: 409 Conflict
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: PermanentRedirect
+	//   - Description: The bucket you are attempting to access must be addressed
+	//   using the specified endpoint. Send all future requests to this endpoint.
+	//   - HTTP Status Code: 301 Moved Permanently
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: PreconditionFailed
+	//   - Description: At least one of the preconditions you specified did not hold.
+	//   - HTTP Status Code: 412 Precondition Failed
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: Redirect
+	//   - Description: Temporary redirect.
+	//   - HTTP Status Code: 307 Moved Temporarily
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: RestoreAlreadyInProgress
+	//   - Description: Object restore is already in progress.
+	//   - HTTP Status Code: 409 Conflict
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: RequestIsNotMultiPartContent
+	//   - Description: Bucket POST must be of the enclosure-type multipart/form-data.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: RequestTimeout
+	//   - Description: Your socket connection to the server was not read from or
+	//   written to within the timeout period.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: RequestTimeTooSkewed
+	//   - Description: The difference between the request time and the server's time
+	//   is too large.
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: RequestTorrentOfBucketError
+	//   - Description: Requesting the torrent file of a bucket is not permitted.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: SignatureDoesNotMatch
+	//   - Description: The request signature we calculated does not match the
+	//   signature you provided. Check your Amazon Web Services secret access key and
+	//   signing method. For more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html)
+	//   and SOAP Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/SOAPAuthentication.html)
+	//   for details.
+	//   - HTTP Status Code: 403 Forbidden
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: ServiceUnavailable
+	//   - Description: Service is unable to handle request.
+	//   - HTTP Status Code: 503 Service Unavailable
+	//   - SOAP Fault Code Prefix: Server
+	//   - Code: SlowDown
+	//   - Description: Reduce your request rate.
+	//   - HTTP Status Code: 503 Slow Down
+	//   - SOAP Fault Code Prefix: Server
+	//   - Code: TemporaryRedirect
+	//   - Description: You are being redirected to the bucket while DNS updates.
+	//   - HTTP Status Code: 307 Moved Temporarily
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: TokenRefreshRequired
+	//   - Description: The provided token must be refreshed.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: TooManyBuckets
+	//   - Description: You have attempted to create more buckets than allowed.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: UnexpectedContent
+	//   - Description: This request does not support content.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: UnresolvableGrantByEmailAddress
+	//   - Description: The email address you provided does not match any account on
+	//   record.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
+	//   - Code: UserKeyMustBeSpecified
+	//   - Description: The bucket POST must contain the specified field name. If it
+	//   is specified, check the order of the fields.
+	//   - HTTP Status Code: 400 Bad Request
+	//   - SOAP Fault Code Prefix: Client
 	Code *string
 
 	// The error key.
@@ -1745,9 +1188,9 @@ type ErrorDocument struct {
 
 	// The object key name to use when a 4XX class error occurs. Replacement must be
 	// made for object keys containing special characters (such as carriage returns)
-	// when using XML requests. For more information, see  XML related object key
-	// constraints
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	// when using XML requests. For more information, see XML related object key
+	// constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+	// .
 	//
 	// This member is required.
 	Key *string
@@ -1761,8 +1204,7 @@ type EventBridgeConfiguration struct {
 }
 
 // Optional configuration to replicate existing source bucket objects. For more
-// information, see Replicating Existing Objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication)
+// information, see Replicating Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication)
 // in the Amazon S3 User Guide.
 type ExistingObjectReplication struct {
 
@@ -1781,9 +1223,8 @@ type FilterRule struct {
 	// The object key name prefix or suffix identifying one or more objects to which
 	// the filtering rule applies. The maximum length is 1,024 characters. Overlapping
 	// prefixes and suffixes are not supported. For more information, see Configuring
-	// Event Notifications
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the
-	// Amazon S3 User Guide.
+	// Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+	// in the Amazon S3 User Guide.
 	Name FilterRuleName
 
 	// The value that the filter searches for in object key names.
@@ -1855,32 +1296,19 @@ type Grantee struct {
 	// Screen name of the grantee.
 	DisplayName *string
 
-	// Email address of the grantee. Using email addresses to specify a grantee is only
-	// supported in the following Amazon Web Services Regions:
-	//
-	// * US East (N.
-	// Virginia)
-	//
-	// * US West (N. California)
-	//
-	// * US West (Oregon)
-	//
-	// * Asia Pacific
-	// (Singapore)
-	//
-	// * Asia Pacific (Sydney)
-	//
-	// * Asia Pacific (Tokyo)
-	//
-	// * Europe
-	// (Ireland)
-	//
-	// * South America (São Paulo)
-	//
-	// For a list of all the Amazon S3
-	// supported Regions and endpoints, see Regions and Endpoints
-	// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the
-	// Amazon Web Services General Reference.
+	// Email address of the grantee. Using email addresses to specify a grantee is
+	// only supported in the following Amazon Web Services Regions:
+	//   - US East (N. Virginia)
+	//   - US West (N. California)
+	//   - US West (Oregon)
+	//   - Asia Pacific (Singapore)
+	//   - Asia Pacific (Sydney)
+	//   - Asia Pacific (Tokyo)
+	//   - Europe (Ireland)
+	//   - South America (São Paulo)
+	// For a list of all the Amazon S3 supported Regions and endpoints, see Regions
+	// and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+	// in the Amazon Web Services General Reference.
 	EmailAddress *string
 
 	// The canonical user ID of the grantee.
@@ -1901,8 +1329,8 @@ type IndexDocument struct {
 	// key name images/index.html) The suffix must not be empty and must not include a
 	// slash character. Replacement must be made for object keys containing special
 	// characters (such as carriage returns) when using XML requests. For more
-	// information, see  XML related object key constraints
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	// information, see XML related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+	// .
 	//
 	// This member is required.
 	Suffix *string
@@ -1942,8 +1370,8 @@ type InputSerialization struct {
 	noSmithyDocumentSerde
 }
 
-// A container for specifying S3 Intelligent-Tiering filters. The filters determine
-// the subset of objects to which the rule applies.
+// A container for specifying S3 Intelligent-Tiering filters. The filters
+// determine the subset of objects to which the rule applies.
 type IntelligentTieringAndOperator struct {
 
 	// An object key name prefix that identifies the subset of objects to which the
@@ -1959,8 +1387,8 @@ type IntelligentTieringAndOperator struct {
 
 // Specifies the S3 Intelligent-Tiering configuration for an Amazon S3 bucket. For
 // information about the S3 Intelligent-Tiering storage class, see Storage class
-// for automatically optimizing frequently and infrequently accessed objects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access).
+// for automatically optimizing frequently and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access)
+// .
 type IntelligentTieringConfiguration struct {
 
 	// The ID used to identify the S3 Intelligent-Tiering configuration.
@@ -1978,8 +1406,8 @@ type IntelligentTieringConfiguration struct {
 	// This member is required.
 	Tierings []Tiering
 
-	// Specifies a bucket filter. The configuration only includes objects that meet the
-	// filter's criteria.
+	// Specifies a bucket filter. The configuration only includes objects that meet
+	// the filter's criteria.
 	Filter *IntelligentTieringFilter
 
 	noSmithyDocumentSerde
@@ -1989,16 +1417,16 @@ type IntelligentTieringConfiguration struct {
 // configuration applies to.
 type IntelligentTieringFilter struct {
 
-	// A conjunction (logical AND) of predicates, which is used in evaluating a metrics
-	// filter. The operator must have at least two predicates, and an object must match
-	// all of the predicates in order for the filter to apply.
+	// A conjunction (logical AND) of predicates, which is used in evaluating a
+	// metrics filter. The operator must have at least two predicates, and an object
+	// must match all of the predicates in order for the filter to apply.
 	And *IntelligentTieringAndOperator
 
 	// An object key name prefix that identifies the subset of objects to which the
 	// rule applies. Replacement must be made for object keys containing special
 	// characters (such as carriage returns) when using XML requests. For more
-	// information, see  XML related object key constraints
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	// information, see XML related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+	// .
 	Prefix *string
 
 	// A container of a key value name pair.
@@ -2008,8 +1436,7 @@ type IntelligentTieringFilter struct {
 }
 
 // Specifies the inventory configuration for an Amazon S3 bucket. For more
-// information, see GET Bucket inventory
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html)
+// information, see GET Bucket inventory (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html)
 // in the Amazon S3 API Reference.
 type InventoryConfiguration struct {
 
@@ -2023,16 +1450,16 @@ type InventoryConfiguration struct {
 	// This member is required.
 	Id *string
 
-	// Object versions to include in the inventory list. If set to All, the list
+	// Object versions to include in the inventory list. If set to All , the list
 	// includes all the object versions, which adds the version-related fields
-	// VersionId, IsLatest, and DeleteMarker to the list. If set to Current, the list
-	// does not contain these version-related fields.
+	// VersionId , IsLatest , and DeleteMarker to the list. If set to Current , the
+	// list does not contain these version-related fields.
 	//
 	// This member is required.
 	IncludedObjectVersions InventoryIncludedObjectVersions
 
-	// Specifies whether the inventory is enabled or disabled. If set to True, an
-	// inventory list is generated. If set to False, no inventory list is generated.
+	// Specifies whether the inventory is enabled or disabled. If set to True , an
+	// inventory list is generated. If set to False , no inventory list is generated.
 	//
 	// This member is required.
 	IsEnabled bool
@@ -2042,8 +1469,8 @@ type InventoryConfiguration struct {
 	// This member is required.
 	Schedule *InventorySchedule
 
-	// Specifies an inventory filter. The inventory only includes objects that meet the
-	// filter's criteria.
+	// Specifies an inventory filter. The inventory only includes objects that meet
+	// the filter's criteria.
 	Filter *InventoryFilter
 
 	// Contains the optional fields that are included in the inventory results.
@@ -2077,8 +1504,8 @@ type InventoryEncryption struct {
 	noSmithyDocumentSerde
 }
 
-// Specifies an inventory filter. The inventory only includes objects that meet the
-// filter's criteria.
+// Specifies an inventory filter. The inventory only includes objects that meet
+// the filter's criteria.
 type InventoryFilter struct {
 
 	// The prefix that an object must have to be included in the inventory results.
@@ -2154,9 +1581,8 @@ type JSONOutput struct {
 type LambdaFunctionConfiguration struct {
 
 	// The Amazon S3 bucket event for which to invoke the Lambda function. For more
-	// information, see Supported Event Types
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the
-	// Amazon S3 User Guide.
+	// information, see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Events []Event
@@ -2168,9 +1594,8 @@ type LambdaFunctionConfiguration struct {
 	LambdaFunctionArn *string
 
 	// Specifies object key name filtering rules. For information about key name
-	// filtering, see Configuring Event Notifications
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the
-	// Amazon S3 User Guide.
+	// filtering, see Configuring event notifications using object key name filtering (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
+	// in the Amazon S3 User Guide.
 	Filter *NotificationConfigurationFilter
 
 	// An optional unique identifier for configurations in a notification
@@ -2181,13 +1606,12 @@ type LambdaFunctionConfiguration struct {
 }
 
 // Container for the expiration for the lifecycle of the object. For more
-// information see, Managing your storage lifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
+// information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
 // in the Amazon S3 User Guide.
 type LifecycleExpiration struct {
 
-	// Indicates at what date the object is to be moved or deleted. Should be in GMT
-	// ISO 8601 Format.
+	// Indicates at what date the object is to be moved or deleted. The date value
+	// must conform to the ISO 8601 format. The time is always midnight UTC.
 	Date *time.Time
 
 	// Indicates the lifetime, in days, of the objects that are subject to the rule.
@@ -2204,8 +1628,7 @@ type LifecycleExpiration struct {
 }
 
 // A lifecycle rule for individual objects in an Amazon S3 bucket. For more
-// information see, Managing your storage lifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
+// information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html)
 // in the Amazon S3 User Guide.
 type LifecycleRule struct {
 
@@ -2217,9 +1640,8 @@ type LifecycleRule struct {
 
 	// Specifies the days since the initiation of an incomplete multipart upload that
 	// Amazon S3 will wait before permanently removing all parts of the upload. For
-	// more information, see  Aborting Incomplete Multipart Uploads Using a Bucket
-	// Lifecycle Policy
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
+	// more information, see Aborting Incomplete Multipart Uploads Using a Bucket
+	// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
 	// in the Amazon S3 User Guide.
 	AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload
 
@@ -2228,7 +1650,7 @@ type LifecycleRule struct {
 	Expiration *LifecycleExpiration
 
 	// The Filter is used to identify objects that a Lifecycle Rule applies to. A
-	// Filter must have exactly one of Prefix, Tag, or And specified. Filter is
+	// Filter must have exactly one of Prefix , Tag , or And specified. Filter is
 	// required if the LifecycleRule does not contain a Prefix element.
 	Filter LifecycleRuleFilter
 
@@ -2252,8 +1674,8 @@ type LifecycleRule struct {
 	// Prefix identifying one or more objects to which the rule applies. This is no
 	// longer used; use Filter instead. Replacement must be made for object keys
 	// containing special characters (such as carriage returns) when using XML
-	// requests. For more information, see  XML related object key constraints
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	// requests. For more information, see XML related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+	// .
 	//
 	// Deprecated: This member has been deprecated.
 	Prefix *string
@@ -2286,7 +1708,7 @@ type LifecycleRuleAndOperator struct {
 }
 
 // The Filter is used to identify objects that a Lifecycle Rule applies to. A
-// Filter must have exactly one of Prefix, Tag, or And specified.
+// Filter must have exactly one of Prefix , Tag , or And specified.
 //
 // The following types satisfy this interface:
 //
@@ -2330,9 +1752,9 @@ func (*LifecycleRuleFilterMemberObjectSizeLessThan) isLifecycleRuleFilter() {}
 
 // Prefix identifying one or more objects to which the rule applies. Replacement
 // must be made for object keys containing special characters (such as carriage
-// returns) when using XML requests. For more information, see  XML related object
-// key constraints
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+// returns) when using XML requests. For more information, see XML related object
+// key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+// .
 type LifecycleRuleFilterMemberPrefix struct {
 	Value string
 
@@ -2350,10 +1772,9 @@ type LifecycleRuleFilterMemberTag struct {
 
 func (*LifecycleRuleFilterMemberTag) isLifecycleRuleFilter() {}
 
-// Describes where logs are stored and the prefix that Amazon S3 assigns to all log
-// object keys for a bucket. For more information, see PUT Bucket logging
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) in
-// the Amazon S3 API Reference.
+// Describes where logs are stored and the prefix that Amazon S3 assigns to all
+// log object keys for a bucket. For more information, see PUT Bucket logging (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html)
+// in the Amazon S3 API Reference.
 type LoggingEnabled struct {
 
 	// Specifies the bucket where you want Amazon S3 to store server access logs. You
@@ -2366,17 +1787,16 @@ type LoggingEnabled struct {
 	// This member is required.
 	TargetBucket *string
 
-	// A prefix for all log object keys. If you store log files from multiple Amazon S3
-	// buckets in a single bucket, you can use a prefix to distinguish which log files
-	// came from which bucket.
+	// A prefix for all log object keys. If you store log files from multiple Amazon
+	// S3 buckets in a single bucket, you can use a prefix to distinguish which log
+	// files came from which bucket.
 	//
 	// This member is required.
 	TargetPrefix *string
 
 	// Container for granting information. Buckets that use the bucket owner enforced
 	// setting for Object Ownership don't support target grants. For more information,
-	// see Permissions for server access log delivery
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
+	// see Permissions for server access log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
 	// in the Amazon S3 User Guide.
 	TargetGrants []TargetGrant
 
@@ -2395,8 +1815,8 @@ type MetadataEntry struct {
 	noSmithyDocumentSerde
 }
 
-// A container specifying replication metrics-related settings enabling replication
-// metrics and events.
+// A container specifying replication metrics-related settings enabling
+// replication metrics and events.
 type Metrics struct {
 
 	// Specifies whether the replication metrics are enabled.
@@ -2411,9 +1831,9 @@ type Metrics struct {
 	noSmithyDocumentSerde
 }
 
-// A conjunction (logical AND) of predicates, which is used in evaluating a metrics
-// filter. The operator must have at least two predicates, and an object must match
-// all of the predicates in order for the filter to apply.
+// A conjunction (logical AND) of predicates, which is used in evaluating a
+// metrics filter. The operator must have at least two predicates, and an object
+// must match all of the predicates in order for the filter to apply.
 type MetricsAndOperator struct {
 
 	// The access point ARN used when evaluating an AND predicate.
@@ -2432,8 +1852,8 @@ type MetricsAndOperator struct {
 // by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an
 // existing metrics configuration, note that this is a full replacement of the
 // existing metrics configuration. If you don't include the elements you want to
-// keep, they are erased. For more information, see PutBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html).
+// keep, they are erased. For more information, see PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html)
+// .
 type MetricsConfiguration struct {
 
 	// The ID used to identify the metrics configuration. The ID has a 64 character
@@ -2453,8 +1873,8 @@ type MetricsConfiguration struct {
 // Specifies a metrics configuration filter. The metrics configuration only
 // includes objects that meet the filter's criteria. A filter must be a prefix, an
 // object tag, an access point ARN, or a conjunction (MetricsAndOperator). For more
-// information, see PutBucketMetricsConfiguration
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html).
+// information, see PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html)
+// .
 //
 // The following types satisfy this interface:
 //
@@ -2475,9 +1895,9 @@ type MetricsFilterMemberAccessPointArn struct {
 
 func (*MetricsFilterMemberAccessPointArn) isMetricsFilter() {}
 
-// A conjunction (logical AND) of predicates, which is used in evaluating a metrics
-// filter. The operator must have at least two predicates, and an object must match
-// all of the predicates in order for the filter to apply.
+// A conjunction (logical AND) of predicates, which is used in evaluating a
+// metrics filter. The operator must have at least two predicates, and an object
+// must match all of the predicates in order for the filter to apply.
 type MetricsFilterMemberAnd struct {
 	Value MetricsAndOperator
 
@@ -2541,16 +1961,14 @@ type NoncurrentVersionExpiration struct {
 	// Specifies how many noncurrent versions Amazon S3 will retain. If there are this
 	// many more recent noncurrent versions, Amazon S3 will take the associated action.
 	// For more information about noncurrent versions, see Lifecycle configuration
-	// elements
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html)
+	// elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html)
 	// in the Amazon S3 User Guide.
 	NewerNoncurrentVersions int32
 
 	// Specifies the number of days an object is noncurrent before Amazon S3 can
 	// perform the associated action. The value must be a non-zero positive integer.
 	// For information about the noncurrent days calculations, see How Amazon S3
-	// Calculates When an Object Became Noncurrent
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations)
+	// Calculates When an Object Became Noncurrent (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations)
 	// in the Amazon S3 User Guide.
 	NoncurrentDays int32
 
@@ -2558,27 +1976,25 @@ type NoncurrentVersionExpiration struct {
 }
 
 // Container for the transition rule that describes when noncurrent objects
-// transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR,
-// GLACIER, or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled (or
-// versioning is suspended), you can set this action to request that Amazon S3
-// transition noncurrent object versions to the STANDARD_IA, ONEZONE_IA,
-// INTELLIGENT_TIERING, GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class at a
+// transition to the STANDARD_IA , ONEZONE_IA , INTELLIGENT_TIERING , GLACIER_IR ,
+// GLACIER , or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled
+// (or versioning is suspended), you can set this action to request that Amazon S3
+// transition noncurrent object versions to the STANDARD_IA , ONEZONE_IA ,
+// INTELLIGENT_TIERING , GLACIER_IR , GLACIER , or DEEP_ARCHIVE storage class at a
 // specific period in the object's lifetime.
 type NoncurrentVersionTransition struct {
 
 	// Specifies how many noncurrent versions Amazon S3 will retain. If there are this
 	// many more recent noncurrent versions, Amazon S3 will take the associated action.
 	// For more information about noncurrent versions, see Lifecycle configuration
-	// elements
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html)
+	// elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html)
 	// in the Amazon S3 User Guide.
 	NewerNoncurrentVersions int32
 
 	// Specifies the number of days an object is noncurrent before Amazon S3 can
 	// perform the associated action. For information about the noncurrent days
 	// calculations, see How Amazon S3 Calculates How Long an Object Has Been
-	// Noncurrent
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations)
+	// Noncurrent (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations)
 	// in the Amazon S3 User Guide.
 	NoncurrentDays int32
 
@@ -2588,8 +2004,8 @@ type NoncurrentVersionTransition struct {
 	noSmithyDocumentSerde
 }
 
-// A container for specifying the notification configuration of the bucket. If this
-// element is empty, notifications are turned off for the bucket.
+// A container for specifying the notification configuration of the bucket. If
+// this element is empty, notifications are turned off for the bucket.
 type NotificationConfiguration struct {
 
 	// Enables delivery of events to Amazon EventBridge.
@@ -2599,21 +2015,20 @@ type NotificationConfiguration struct {
 	// them.
 	LambdaFunctionConfigurations []LambdaFunctionConfiguration
 
-	// The Amazon Simple Queue Service queues to publish messages to and the events for
-	// which to publish messages.
+	// The Amazon Simple Queue Service queues to publish messages to and the events
+	// for which to publish messages.
 	QueueConfigurations []QueueConfiguration
 
-	// The topic to which notifications are sent and the events for which notifications
-	// are generated.
+	// The topic to which notifications are sent and the events for which
+	// notifications are generated.
 	TopicConfigurations []TopicConfiguration
 
 	noSmithyDocumentSerde
 }
 
 // Specifies object key name filtering rules. For information about key name
-// filtering, see Configuring Event Notifications
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the
-// Amazon S3 User Guide.
+// filtering, see Configuring event notifications using object key name filtering (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
+// in the Amazon S3 User Guide.
 type NotificationConfigurationFilter struct {
 
 	// A container for object key name prefix and suffix filtering rules.
@@ -2632,22 +2047,17 @@ type Object struct {
 	// contents of an object, not its metadata. The ETag may or may not be an MD5
 	// digest of the object data. Whether or not it is depends on how the object was
 	// created and how it is encrypted as described below:
-	//
-	// * Objects created by the
-	// PUT Object, POST Object, or Copy operation, or through the Amazon Web Services
-	// Management Console, and are encrypted by SSE-S3 or plaintext, have ETags that
-	// are an MD5 digest of their object data.
-	//
-	// * Objects created by the PUT Object,
-	// POST Object, or Copy operation, or through the Amazon Web Services Management
-	// Console, and are encrypted by SSE-C or SSE-KMS, have ETags that are not an MD5
-	// digest of their object data.
-	//
-	// * If an object is created by either the Multipart
-	// Upload or Part Copy operation, the ETag is not an MD5 digest, regardless of the
-	// method of encryption. If an object is larger than 16 MB, the Amazon Web Services
-	// Management Console will upload or copy that object as a Multipart Upload, and
-	// therefore the ETag will not be an MD5 digest.
+	//   - Objects created by the PUT Object, POST Object, or Copy operation, or
+	//   through the Amazon Web Services Management Console, and are encrypted by SSE-S3
+	//   or plaintext, have ETags that are an MD5 digest of their object data.
+	//   - Objects created by the PUT Object, POST Object, or Copy operation, or
+	//   through the Amazon Web Services Management Console, and are encrypted by SSE-C
+	//   or SSE-KMS, have ETags that are not an MD5 digest of their object data.
+	//   - If an object is created by either the Multipart Upload or Part Copy
+	//   operation, the ETag is not an MD5 digest, regardless of the method of
+	//   encryption. If an object is larger than 16 MB, the Amazon Web Services
+	//   Management Console will upload or copy that object as a Multipart Upload, and
+	//   therefore the ETag will not be an MD5 digest.
 	ETag *string
 
 	// The name that you assign to an object. You use the object key to retrieve the
@@ -2674,8 +2084,8 @@ type ObjectIdentifier struct {
 
 	// Key name of the object. Replacement must be made for object keys containing
 	// special characters (such as carriage returns) when using XML requests. For more
-	// information, see  XML related object key constraints
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	// information, see XML related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+	// .
 	//
 	// This member is required.
 	Key *string
@@ -2694,9 +2104,9 @@ type ObjectLockConfiguration struct {
 	ObjectLockEnabled ObjectLockEnabled
 
 	// Specifies the Object Lock rule for the specified object. Enable the this rule
-	// when you apply ObjectLockConfiguration to a bucket. Bucket settings require both
-	// a mode and a period. The period can be either Days or Years but you must select
-	// one. You cannot specify Days and Years at the same time.
+	// when you apply ObjectLockConfiguration to a bucket. Bucket settings require
+	// both a mode and a period. The period can be either Days or Years but you must
+	// select one. You cannot specify Days and Years at the same time.
 	Rule *ObjectLockRule
 
 	noSmithyDocumentSerde
@@ -2741,37 +2151,33 @@ type ObjectPart struct {
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 32-bit CRC32 checksum of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
-	// The part number identifying the part. This value is a positive integer between 1
-	// and 10,000.
+	// The part number identifying the part. This value is a positive integer between
+	// 1 and 10,000.
 	PartNumber int32
 
 	// The size of the uploaded part in bytes.
@@ -2838,27 +2244,16 @@ type OutputSerialization struct {
 // Container for the owner's display name and ID.
 type Owner struct {
 
-	// Container for the display name of the owner. This value is only supported in the
-	// following Amazon Web Services Regions:
-	//
-	// * US East (N. Virginia)
-	//
-	// * US West (N.
-	// California)
-	//
-	// * US West (Oregon)
-	//
-	// * Asia Pacific (Singapore)
-	//
-	// * Asia Pacific
-	// (Sydney)
-	//
-	// * Asia Pacific (Tokyo)
-	//
-	// * Europe (Ireland)
-	//
-	// * South America (São
-	// Paulo)
+	// Container for the display name of the owner. This value is only supported in
+	// the following Amazon Web Services Regions:
+	//   - US East (N. Virginia)
+	//   - US West (N. California)
+	//   - US West (Oregon)
+	//   - Asia Pacific (Singapore)
+	//   - Asia Pacific (Sydney)
+	//   - Asia Pacific (Tokyo)
+	//   - Europe (Ireland)
+	//   - South America (São Paulo)
 	DisplayName *string
 
 	// Container for the ID of the owner.
@@ -2910,32 +2305,28 @@ type Part struct {
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 32-bit CRC32 checksum of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32 *string
 
 	// The base64-encoded, 32-bit CRC32C checksum of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumCRC32C *string
 
 	// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
 	// present if it was uploaded with the object. With multipart uploads, this may not
 	// be a checksum value of the object. For more information about how checksums are
-	// calculated with multipart uploads, see  Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
+	// calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA1 *string
 
 	// This header can be used as a data integrity check to verify that the data
 	// received is the same data that was originally sent. This header specifies the
 	// base64-encoded, 256-bit SHA-256 digest of the object. For more information, see
-	// Checking object integrity
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
+	// Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
 	// in the Amazon S3 User Guide.
 	ChecksumSHA256 *string
 
@@ -2992,30 +2383,23 @@ type ProgressEvent struct {
 // The PublicAccessBlock configuration that you want to apply to this Amazon S3
 // bucket. You can enable the configuration options in any combination. For more
 // information about when Amazon S3 considers a bucket or object public, see The
-// Meaning of "Public"
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
+// Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
 // in the Amazon S3 User Guide.
 type PublicAccessBlockConfiguration struct {
 
 	// Specifies whether Amazon S3 should block public access control lists (ACLs) for
 	// this bucket and objects in this bucket. Setting this element to TRUE causes the
 	// following behavior:
-	//
-	// * PUT Bucket ACL and PUT Object ACL calls fail if the
-	// specified ACL is public.
-	//
-	// * PUT Object calls fail if the request includes a
-	// public ACL.
-	//
-	// * PUT Bucket calls fail if the request includes a public
-	// ACL.
-	//
+	//   - PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is
+	//   public.
+	//   - PUT Object calls fail if the request includes a public ACL.
+	//   - PUT Bucket calls fail if the request includes a public ACL.
 	// Enabling this setting doesn't affect existing policies or ACLs.
 	BlockPublicAcls bool
 
-	// Specifies whether Amazon S3 should block public bucket policies for this bucket.
-	// Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket
-	// policy if the specified bucket policy allows public access. Enabling this
+	// Specifies whether Amazon S3 should block public bucket policies for this
+	// bucket. Setting this element to TRUE causes Amazon S3 to reject calls to PUT
+	// Bucket policy if the specified bucket policy allows public access. Enabling this
 	// setting doesn't affect existing bucket policies.
 	BlockPublicPolicy bool
 
@@ -3054,9 +2438,8 @@ type QueueConfiguration struct {
 	QueueArn *string
 
 	// Specifies object key name filtering rules. For information about key name
-	// filtering, see Configuring Event Notifications
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the
-	// Amazon S3 User Guide.
+	// filtering, see Configuring event notifications using object key name filtering (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
+	// in the Amazon S3 User Guide.
 	Filter *NotificationConfigurationFilter
 
 	// An optional unique identifier for configurations in a notification
@@ -3075,8 +2458,8 @@ type RecordsEvent struct {
 	noSmithyDocumentSerde
 }
 
-// Specifies how requests are redirected. In the event of an error, you can specify
-// a different error code to return.
+// Specifies how requests are redirected. In the event of an error, you can
+// specify a different error code to return.
 type Redirect struct {
 
 	// The host name to use in the redirect request.
@@ -3092,22 +2475,21 @@ type Redirect struct {
 
 	// The object key prefix to use in the redirect request. For example, to redirect
 	// requests for all pages with prefix docs/ (objects in the docs/ folder) to
-	// documents/, you can set a condition block with KeyPrefixEquals set to docs/ and
-	// in the Redirect set ReplaceKeyPrefixWith to /documents. Not required if one of
-	// the siblings is present. Can be present only if ReplaceKeyWith is not provided.
-	// Replacement must be made for object keys containing special characters (such as
-	// carriage returns) when using XML requests. For more information, see  XML
-	// related object key constraints
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	// documents/ , you can set a condition block with KeyPrefixEquals set to docs/
+	// and in the Redirect set ReplaceKeyPrefixWith to /documents . Not required if one
+	// of the siblings is present. Can be present only if ReplaceKeyWith is not
+	// provided. Replacement must be made for object keys containing special characters
+	// (such as carriage returns) when using XML requests. For more information, see
+	// XML related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+	// .
 	ReplaceKeyPrefixWith *string
 
 	// The specific object key to use in the redirect request. For example, redirect
-	// request to error.html. Not required if one of the siblings is present. Can be
+	// request to error.html . Not required if one of the siblings is present. Can be
 	// present only if ReplaceKeyPrefixWith is not provided. Replacement must be made
 	// for object keys containing special characters (such as carriage returns) when
-	// using XML requests. For more information, see  XML related object key
-	// constraints
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	// using XML requests. For more information, see XML related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+	// .
 	ReplaceKeyWith *string
 
 	noSmithyDocumentSerde
@@ -3131,11 +2513,11 @@ type RedirectAllRequestsTo struct {
 
 // A filter that you can specify for selection for modifications on replicas.
 // Amazon S3 doesn't replicate replica modifications by default. In the latest
-// version of replication configuration (when Filter is specified), you can specify
-// this element and set the status to Enabled to replicate modifications on
-// replicas. If you don't specify the Filter element, Amazon S3 assumes that the
-// replication configuration is the earlier version, V1. In the earlier version,
-// this element is not allowed.
+// version of replication configuration (when Filter is specified), you can
+// specify this element and set the status to Enabled to replicate modifications
+// on replicas. If you don't specify the Filter element, Amazon S3 assumes that
+// the replication configuration is the earlier version, V1. In the earlier
+// version, this element is not allowed.
 type ReplicaModifications struct {
 
 	// Specifies whether Amazon S3 replicates modifications on replicas.
@@ -3152,9 +2534,8 @@ type ReplicationConfiguration struct {
 
 	// The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role
 	// that Amazon S3 assumes when replicating objects. For more information, see How
-	// to Set Up Replication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-how-setup.html) in
-	// the Amazon S3 User Guide.
+	// to Set Up Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-how-setup.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Role *string
@@ -3185,27 +2566,25 @@ type ReplicationRule struct {
 	// Specifies whether Amazon S3 replicates delete markers. If you specify a Filter
 	// in your replication configuration, you must also include a
 	// DeleteMarkerReplication element. If your Filter includes a Tag element, the
-	// DeleteMarkerReplicationStatus must be set to Disabled, because Amazon S3 does
+	// DeleteMarkerReplication Status must be set to Disabled, because Amazon S3 does
 	// not support replicating delete markers for tag-based rules. For an example
-	// configuration, see Basic Rule Configuration
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config).
-	// For more information about delete marker replication, see Basic Rule
-	// Configuration
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html).
-	// If you are using an earlier version of the replication configuration, Amazon S3
-	// handles replication of delete markers differently. For more information, see
-	// Backward Compatibility
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations).
+	// configuration, see Basic Rule Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config)
+	// . For more information about delete marker replication, see Basic Rule
+	// Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html)
+	// . If you are using an earlier version of the replication configuration, Amazon
+	// S3 handles replication of delete markers differently. For more information, see
+	// Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations)
+	// .
 	DeleteMarkerReplication *DeleteMarkerReplication
 
 	// Optional configuration to replicate existing source bucket objects. For more
-	// information, see Replicating Existing Objects
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication)
+	// information, see Replicating Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication)
 	// in the Amazon S3 User Guide.
 	ExistingObjectReplication *ExistingObjectReplication
 
 	// A filter that identifies the subset of objects to which the replication rule
-	// applies. A Filter must specify exactly one Prefix, Tag, or an And child element.
+	// applies. A Filter must specify exactly one Prefix , Tag , or an And child
+	// element.
 	Filter ReplicationRuleFilter
 
 	// A unique identifier for the rule. The maximum value is 255 characters.
@@ -3215,8 +2594,8 @@ type ReplicationRule struct {
 	// rule applies. The maximum prefix length is 1,024 characters. To include all
 	// objects in a bucket, specify an empty string. Replacement must be made for
 	// object keys containing special characters (such as carriage returns) when using
-	// XML requests. For more information, see  XML related object key constraints
-	// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+	// XML requests. For more information, see XML related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+	// .
 	//
 	// Deprecated: This member has been deprecated.
 	Prefix *string
@@ -3226,16 +2605,15 @@ type ReplicationRule struct {
 	// according to all replication rules. However, if there are two or more rules with
 	// the same destination bucket, then objects will be replicated according to the
 	// rule with the highest priority. The higher the number, the higher the priority.
-	// For more information, see Replication
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) in the Amazon
-	// S3 User Guide.
+	// For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
+	// in the Amazon S3 User Guide.
 	Priority int32
 
-	// A container that describes additional filters for identifying the source objects
-	// that you want to replicate. You can choose to enable or disable the replication
-	// of these objects. Currently, Amazon S3 supports only the filter that you can
-	// specify for objects created with server-side encryption using a customer managed
-	// key stored in Amazon Web Services Key Management Service (SSE-KMS).
+	// A container that describes additional filters for identifying the source
+	// objects that you want to replicate. You can choose to enable or disable the
+	// replication of these objects. Currently, Amazon S3 supports only the filter that
+	// you can specify for objects created with server-side encryption using a customer
+	// managed key stored in Amazon Web Services Key Management Service (SSE-KMS).
 	SourceSelectionCriteria *SourceSelectionCriteria
 
 	noSmithyDocumentSerde
@@ -3244,12 +2622,10 @@ type ReplicationRule struct {
 // A container for specifying rule filters. The filters determine the subset of
 // objects to which the rule applies. This element is required only if you specify
 // more than one filter. For example:
-//
-// * If you specify both a Prefix and a Tag
-// filter, wrap these filters in an And tag.
-//
-// * If you specify a filter based on
-// multiple tags, wrap the Tag elements in an And tag.
+//   - If you specify both a Prefix and a Tag filter, wrap these filters in an And
+//     tag.
+//   - If you specify a filter based on multiple tags, wrap the Tag elements in an
+//     And tag.
 type ReplicationRuleAndOperator struct {
 
 	// An object key name prefix that identifies the subset of objects to which the
@@ -3263,7 +2639,8 @@ type ReplicationRuleAndOperator struct {
 }
 
 // A filter that identifies the subset of objects to which the replication rule
-// applies. A Filter must specify exactly one Prefix, Tag, or an And child element.
+// applies. A Filter must specify exactly one Prefix , Tag , or an And child
+// element.
 //
 // The following types satisfy this interface:
 //
@@ -3277,12 +2654,10 @@ type ReplicationRuleFilter interface {
 // A container for specifying rule filters. The filters determine the subset of
 // objects to which the rule applies. This element is required only if you specify
 // more than one filter. For example:
-//
-// * If you specify both a Prefix and a Tag
-// filter, wrap these filters in an And tag.
-//
-// * If you specify a filter based on
-// multiple tags, wrap the Tag elements in an And tag.
+//   - If you specify both a Prefix and a Tag filter, wrap these filters in an And
+//     tag.
+//   - If you specify a filter based on multiple tags, wrap the Tag elements in an
+//     And tag.
 type ReplicationRuleFilterMemberAnd struct {
 	Value ReplicationRuleAndOperator
 
@@ -3294,8 +2669,8 @@ func (*ReplicationRuleFilterMemberAnd) isReplicationRuleFilter() {}
 // An object key name prefix that identifies the subset of objects to which the
 // rule applies. Replacement must be made for object keys containing special
 // characters (such as carriage returns) when using XML requests. For more
-// information, see  XML related object key constraints
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints).
+// information, see XML related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints)
+// .
 type ReplicationRuleFilterMemberPrefix struct {
 	Value string
 
@@ -3304,8 +2679,8 @@ type ReplicationRuleFilterMemberPrefix struct {
 
 func (*ReplicationRuleFilterMemberPrefix) isReplicationRuleFilter() {}
 
-// A container for specifying a tag key and value. The rule applies only to objects
-// that have the tag in their tag set.
+// A container for specifying a tag key and value. The rule applies only to
+// objects that have the tag in their tag set.
 type ReplicationRuleFilterMemberTag struct {
 	Value Tag
 
@@ -3314,9 +2689,10 @@ type ReplicationRuleFilterMemberTag struct {
 
 func (*ReplicationRuleFilterMemberTag) isReplicationRuleFilter() {}
 
-// A container specifying S3 Replication Time Control (S3 RTC) related information,
-// including whether S3 RTC is enabled and the time when all objects and operations
-// on objects must be replicated. Must be specified together with a Metrics block.
+// A container specifying S3 Replication Time Control (S3 RTC) related
+// information, including whether S3 RTC is enabled and the time when all objects
+// and operations on objects must be replicated. Must be specified together with a
+// Metrics block.
 type ReplicationTime struct {
 
 	// Specifies whether the replication time is enabled.
@@ -3334,7 +2710,7 @@ type ReplicationTime struct {
 }
 
 // A container specifying the time value for S3 Replication Time Control (S3 RTC)
-// and replication metrics EventThreshold.
+// and replication metrics EventThreshold .
 type ReplicationTimeValue struct {
 
 	// Contains an integer specifying time in minutes. Valid value: 15
@@ -3368,7 +2744,7 @@ type RequestProgress struct {
 type RestoreRequest struct {
 
 	// Lifetime of the active copy in days. Do not use with restores that specify
-	// OutputLocation. The Days element is required for regular restores, and must not
+	// OutputLocation . The Days element is required for regular restores, and must not
 	// be provided for select requests.
 	Days int32
 
@@ -3376,7 +2752,7 @@ type RestoreRequest struct {
 	Description *string
 
 	// S3 Glacier related parameters pertaining to this job. Do not use with restores
-	// that specify OutputLocation.
+	// that specify OutputLocation .
 	GlacierJobParameters *GlacierJobParameters
 
 	// Describes the location where the restore job's output is stored.
@@ -3395,8 +2771,7 @@ type RestoreRequest struct {
 }
 
 // Specifies the redirect behavior and when a redirect is applied. For more
-// information about routing rules, see Configuring advanced conditional redirects
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html#advanced-conditional-redirects)
+// information about routing rules, see Configuring advanced conditional redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html#advanced-conditional-redirects)
 // in the Amazon S3 User Guide.
 type RoutingRule struct {
 
@@ -3473,10 +2848,10 @@ type ScanRange struct {
 	// scan the last N bytes of the file. For example, 50 means scan the last 50 bytes.
 	End int64
 
-	// Specifies the start of the byte range. This parameter is optional. Valid values:
-	// non-negative integers. The default value is 0. If only start is supplied, it
-	// means scan from that point to the end of the file. For example, 50 means scan
-	// from byte 50 until the end of the file.
+	// Specifies the start of the byte range. This parameter is optional. Valid
+	// values: non-negative integers. The default value is 0. If only start is
+	// supplied, it means scan from that point to the end of the file. For example, 50
+	// means scan from byte 50 until the end of the file.
 	Start int64
 
 	noSmithyDocumentSerde
@@ -3572,8 +2947,7 @@ type SelectParameters struct {
 // at configuration, Amazon S3 automatically creates an Amazon Web Services KMS key
 // in your Amazon Web Services account the first time that you add an object
 // encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for
-// SSE-KMS. For more information, see PUT Bucket encryption
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html)
+// SSE-KMS. For more information, see PUT Bucket encryption (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html)
 // in the Amazon S3 API Reference.
 type ServerSideEncryptionByDefault struct {
 
@@ -3584,23 +2958,18 @@ type ServerSideEncryptionByDefault struct {
 
 	// Amazon Web Services Key Management Service (KMS) customer Amazon Web Services
 	// KMS key ID to use for the default encryption. This parameter is allowed if and
-	// only if SSEAlgorithm is set to aws:kms. You can specify the key ID or the Amazon
-	// Resource Name (ARN) of the KMS key. However, if you are using encryption with
-	// cross-account or Amazon Web Services service operations you must use a fully
-	// qualified KMS key ARN. For more information, see Using encryption for
-	// cross-account operations
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).
-	// For example:
-	//
-	// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
-	//
-	// * Key ARN:
-	// arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
-	//
-	// Amazon
-	// S3 only supports symmetric encryption KMS keys. For more information, see
-	// Asymmetric keys in Amazon Web Services KMS
-	// (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
+	// only if SSEAlgorithm is set to aws:kms . You can specify the key ID or the
+	// Amazon Resource Name (ARN) of the KMS key. If you use a key ID, you can run into
+	// a LogDestination undeliverable error when creating a VPC flow log. If you are
+	// using encryption with cross-account or Amazon Web Services service operations
+	// you must use a fully qualified KMS key ARN. For more information, see Using
+	// encryption for cross-account operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy)
+	// .
+	//   - Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
+	//   - Key ARN:
+	//   arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
+	// Amazon S3 only supports symmetric encryption KMS keys. For more information,
+	// see Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
 	// in the Amazon Web Services Key Management Service Developer Guide.
 	KMSMasterKeyID *string
 
@@ -3631,28 +3000,27 @@ type ServerSideEncryptionRule struct {
 	// encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects
 	// are not affected. Setting the BucketKeyEnabled element to true causes Amazon S3
 	// to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled. For more
-	// information, see Amazon S3 Bucket Keys
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the Amazon
-	// S3 User Guide.
+	// information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html)
+	// in the Amazon S3 User Guide.
 	BucketKeyEnabled bool
 
 	noSmithyDocumentSerde
 }
 
-// A container that describes additional filters for identifying the source objects
-// that you want to replicate. You can choose to enable or disable the replication
-// of these objects. Currently, Amazon S3 supports only the filter that you can
-// specify for objects created with server-side encryption using a customer managed
-// key stored in Amazon Web Services Key Management Service (SSE-KMS).
+// A container that describes additional filters for identifying the source
+// objects that you want to replicate. You can choose to enable or disable the
+// replication of these objects. Currently, Amazon S3 supports only the filter that
+// you can specify for objects created with server-side encryption using a customer
+// managed key stored in Amazon Web Services Key Management Service (SSE-KMS).
 type SourceSelectionCriteria struct {
 
 	// A filter that you can specify for selections for modifications on replicas.
 	// Amazon S3 doesn't replicate replica modifications by default. In the latest
-	// version of replication configuration (when Filter is specified), you can specify
-	// this element and set the status to Enabled to replicate modifications on
-	// replicas. If you don't specify the Filter element, Amazon S3 assumes that the
-	// replication configuration is the earlier version, V1. In the earlier version,
-	// this element is not allowed
+	// version of replication configuration (when Filter is specified), you can
+	// specify this element and set the status to Enabled to replicate modifications
+	// on replicas. If you don't specify the Filter element, Amazon S3 assumes that
+	// the replication configuration is the earlier version, V1. In the earlier
+	// version, this element is not allowed
 	ReplicaModifications *ReplicaModifications
 
 	// A container for filter information for the selection of Amazon S3 objects
@@ -3723,15 +3091,15 @@ type StatsEvent struct {
 // analyze the tradeoffs between different storage classes for an Amazon S3 bucket.
 type StorageClassAnalysis struct {
 
-	// Specifies how data related to the storage class analysis for an Amazon S3 bucket
-	// should be exported.
+	// Specifies how data related to the storage class analysis for an Amazon S3
+	// bucket should be exported.
 	DataExport *StorageClassAnalysisDataExport
 
 	noSmithyDocumentSerde
 }
 
-// Container for data related to the storage class analysis for an Amazon S3 bucket
-// for export.
+// Container for data related to the storage class analysis for an Amazon S3
+// bucket for export.
 type StorageClassAnalysisDataExport struct {
 
 	// The place to store the data for an analysis.
@@ -3739,7 +3107,7 @@ type StorageClassAnalysisDataExport struct {
 	// This member is required.
 	Destination *AnalyticsExportDestination
 
-	// The version of the output schema to use when exporting data. Must be V_1.
+	// The version of the output schema to use when exporting data. Must be V_1 .
 	//
 	// This member is required.
 	OutputSchemaVersion StorageClassAnalysisSchemaVersion
@@ -3776,8 +3144,7 @@ type Tagging struct {
 
 // Container for granting information. Buckets that use the bucket owner enforced
 // setting for Object Ownership don't support target grants. For more information,
-// see Permissions server access log delivery
-// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
+// see Permissions server access log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general)
 // in the Amazon S3 User Guide.
 type TargetGrant struct {
 
@@ -3796,8 +3163,7 @@ type TargetGrant struct {
 type Tiering struct {
 
 	// S3 Intelligent-Tiering access tier. See Storage class for automatically
-	// optimizing frequently and infrequently accessed objects
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access)
+	// optimizing frequently and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access)
 	// for a list of access tiers in the S3 Intelligent-Tiering storage class.
 	//
 	// This member is required.
@@ -3821,9 +3187,8 @@ type Tiering struct {
 type TopicConfiguration struct {
 
 	// The Amazon S3 bucket event about which to send notifications. For more
-	// information, see Supported Event Types
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the
-	// Amazon S3 User Guide.
+	// information, see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+	// in the Amazon S3 User Guide.
 	//
 	// This member is required.
 	Events []Event
@@ -3835,9 +3200,8 @@ type TopicConfiguration struct {
 	TopicArn *string
 
 	// Specifies object key name filtering rules. For information about key name
-	// filtering, see Configuring Event Notifications
-	// (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the
-	// Amazon S3 User Guide.
+	// filtering, see Configuring event notifications using object key name filtering (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html)
+	// in the Amazon S3 User Guide.
 	Filter *NotificationConfigurationFilter
 
 	// An optional unique identifier for configurations in a notification
@@ -3849,17 +3213,16 @@ type TopicConfiguration struct {
 
 // Specifies when an object transitions to a specified storage class. For more
 // information about Amazon S3 lifecycle configuration rules, see Transitioning
-// Objects Using Amazon S3 Lifecycle
-// (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html)
+// Objects Using Amazon S3 Lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html)
 // in the Amazon S3 User Guide.
 type Transition struct {
 
-	// Indicates when objects are transitioned to the specified storage class. The date
-	// value must be in ISO 8601 format. The time is always midnight UTC.
+	// Indicates when objects are transitioned to the specified storage class. The
+	// date value must be in ISO 8601 format. The time is always midnight UTC.
 	Date *time.Time
 
-	// Indicates the number of days after creation when objects are transitioned to the
-	// specified storage class. The value must be a positive integer.
+	// Indicates the number of days after creation when objects are transitioned to
+	// the specified storage class. The value must be a positive integer.
 	Days int32
 
 	// The storage class to which you want the object to transition.
@@ -3868,9 +3231,8 @@ type Transition struct {
 	noSmithyDocumentSerde
 }
 
-// Describes the versioning state of an Amazon S3 bucket. For more information, see
-// PUT Bucket versioning
-// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html)
+// Describes the versioning state of an Amazon S3 bucket. For more information,
+// see PUT Bucket versioning (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html)
 // in the Amazon S3 API Reference.
 type VersioningConfiguration struct {
 
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md
index 2b8f70d22..582523aa5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md
@@ -1,3 +1,19 @@
+# v1.12.10 (2023-05-04)
+
+* No change notes available for this release.
+
+# v1.12.9 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.8 (2023-04-10)
+
+* No change notes available for this release.
+
+# v1.12.7 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.12.6 (2023-03-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go
index 7bb069844..6f30ddc99 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go
@@ -114,7 +114,7 @@ type Options struct {
 	Retryer aws.Retryer
 
 	// The RuntimeEnvironment configuration, only populated if the DefaultsMode is set
-	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig. You
+	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You
 	// should not populate this structure programmatically, or rely on the values here
 	// within your applications.
 	RuntimeEnvironment aws.RuntimeEnvironment
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go
index 1c2b7499d..3825b9e44 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go
@@ -10,8 +10,8 @@ import (
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Returns the STS short-term credentials for a given role name that is assigned to
-// the user.
+// Returns the STS short-term credentials for a given role name that is assigned
+// to the user.
 func (c *Client) GetRoleCredentials(ctx context.Context, params *GetRoleCredentialsInput, optFns ...func(*Options)) (*GetRoleCredentialsOutput, error) {
 	if params == nil {
 		params = &GetRoleCredentialsInput{}
@@ -30,8 +30,7 @@ func (c *Client) GetRoleCredentials(ctx context.Context, params *GetRoleCredenti
 type GetRoleCredentialsInput struct {
 
 	// The token issued by the CreateToken API call. For more information, see
-	// CreateToken
-	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
+	// CreateToken (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
 	// in the IAM Identity Center OIDC API Reference Guide.
 	//
 	// This member is required.
@@ -106,6 +105,9 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetRoleCredentials(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go
index 4fffc77af..ef3592afc 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go
@@ -30,8 +30,7 @@ func (c *Client) ListAccountRoles(ctx context.Context, params *ListAccountRolesI
 type ListAccountRolesInput struct {
 
 	// The token issued by the CreateToken API call. For more information, see
-	// CreateToken
-	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
+	// CreateToken (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
 	// in the IAM Identity Center OIDC API Reference Guide.
 	//
 	// This member is required.
@@ -112,6 +111,9 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListAccountRoles(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go
index e717a426c..cfa8cdc97 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go
@@ -12,8 +12,7 @@ import (
 )
 
 // Lists all AWS accounts assigned to the user. These AWS accounts are assigned by
-// the administrator of the account. For more information, see Assign User Access
-// (https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers)
+// the administrator of the account. For more information, see Assign User Access (https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers)
 // in the IAM Identity Center User Guide. This operation returns a paginated
 // response.
 func (c *Client) ListAccounts(ctx context.Context, params *ListAccountsInput, optFns ...func(*Options)) (*ListAccountsOutput, error) {
@@ -34,8 +33,7 @@ func (c *Client) ListAccounts(ctx context.Context, params *ListAccountsInput, op
 type ListAccountsInput struct {
 
 	// The token issued by the CreateToken API call. For more information, see
-	// CreateToken
-	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
+	// CreateToken (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
 	// in the IAM Identity Center OIDC API Reference Guide.
 	//
 	// This member is required.
@@ -111,6 +109,9 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListAccounts(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go
index 8b9b44745..c13d73f5a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go
@@ -19,9 +19,8 @@ import (
 // temporary AWS credentials are returned to the client. After user logout, any
 // existing IAM role sessions that were created by using IAM Identity Center
 // permission sets continue based on the duration configured in the permission set.
-// For more information, see User authentications
-// (https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html) in
-// the IAM Identity Center User Guide.
+// For more information, see User authentications (https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html)
+// in the IAM Identity Center User Guide.
 func (c *Client) Logout(ctx context.Context, params *LogoutInput, optFns ...func(*Options)) (*LogoutOutput, error) {
 	if params == nil {
 		params = &LogoutInput{}
@@ -40,8 +39,7 @@ func (c *Client) Logout(ctx context.Context, params *LogoutInput, optFns ...func
 type LogoutInput struct {
 
 	// The token issued by the CreateToken API call. For more information, see
-	// CreateToken
-	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
+	// CreateToken (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
 	// in the IAM Identity Center OIDC API Reference Guide.
 	//
 	// This member is required.
@@ -102,6 +100,9 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opLogout(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/doc.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/doc.go
index f981b154f..59456d5dc 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/doc.go
@@ -9,14 +9,13 @@
 // and roles assigned to them and get federated into the application. Although AWS
 // Single Sign-On was renamed, the sso and identitystore API namespaces will
 // continue to retain their original name for backward compatibility purposes. For
-// more information, see IAM Identity Center rename
-// (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed).
-// This reference guide describes the IAM Identity Center Portal operations that
+// more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed)
+// . This reference guide describes the IAM Identity Center Portal operations that
 // you can call programatically and includes detailed information on data types and
 // errors. AWS provides SDKs that consist of libraries and sample code for various
 // programming languages and platforms, such as Java, Ruby, .Net, iOS, or Android.
 // The SDKs provide a convenient way to create programmatic access to IAM Identity
 // Center and other AWS services. For more information about the AWS SDKs,
-// including how to download and install them, see Tools for Amazon Web Services
-// (http://aws.amazon.com/tools/).
+// including how to download and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/)
+// .
 package sso
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go
index b27ef4d26..dc08ef0fc 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go
@@ -3,4 +3,4 @@
 package sso
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.12.6"
+const goModuleVersion = "1.12.10"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go
index 90e521373..355deee30 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go
@@ -89,6 +89,7 @@ var partitionRegexp = struct {
 	AwsCn    *regexp.Regexp
 	AwsIso   *regexp.Regexp
 	AwsIsoB  *regexp.Regexp
+	AwsIsoE  *regexp.Regexp
 	AwsUsGov *regexp.Regexp
 }{
 
@@ -96,6 +97,7 @@ var partitionRegexp = struct {
 	AwsCn:    regexp.MustCompile("^cn\\-\\w+\\-\\d+$"),
 	AwsIso:   regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"),
 	AwsIsoB:  regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"),
+	AwsIsoE:  regexp.MustCompile("^eu\\-isoe\\-\\w+\\-\\d+$"),
 	AwsUsGov: regexp.MustCompile("^us\\-gov\\-\\w+\\-\\d+$"),
 }
 
@@ -390,6 +392,27 @@ var defaultPartitions = endpoints.Partitions{
 		RegionRegex:    partitionRegexp.AwsIsoB,
 		IsRegionalized: true,
 	},
+	{
+		ID: "aws-iso-e",
+		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
+			{
+				Variant: endpoints.FIPSVariant,
+			}: {
+				Hostname:          "portal.sso-fips.{region}.cloud.adc-e.uk",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+			{
+				Variant: 0,
+			}: {
+				Hostname:          "portal.sso.{region}.cloud.adc-e.uk",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+		},
+		RegionRegex:    partitionRegexp.AwsIsoE,
+		IsRegionalized: true,
+	},
 	{
 		ID: "aws-us-gov",
 		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/types/types.go
index 051056b75..8dc02296b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/types/types.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/types/types.go
@@ -26,8 +26,7 @@ type RoleCredentials struct {
 
 	// The identifier used for the temporary security credentials. For more
 	// information, see Using Temporary Security Credentials to Request Access to AWS
-	// Resources
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
+	// Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
 	// in the AWS IAM User Guide.
 	AccessKeyId *string
 
@@ -35,14 +34,12 @@ type RoleCredentials struct {
 	Expiration int64
 
 	// The key that is used to sign the request. For more information, see Using
-	// Temporary Security Credentials to Request Access to AWS Resources
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
+	// Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
 	// in the AWS IAM User Guide.
 	SecretAccessKey *string
 
 	// The token used for temporary credentials. For more information, see Using
-	// Temporary Security Credentials to Request Access to AWS Resources
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
+	// Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
 	// in the AWS IAM User Guide.
 	SessionToken *string
 
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md
index 5bfc6e643..d79edc9cd 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md
@@ -1,3 +1,19 @@
+# v1.14.10 (2023-05-04)
+
+* No change notes available for this release.
+
+# v1.14.9 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.14.8 (2023-04-10)
+
+* No change notes available for this release.
+
+# v1.14.7 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.14.6 (2023-03-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go
index 5e0a85a2c..111f66d3b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go
@@ -114,7 +114,7 @@ type Options struct {
 	Retryer aws.Retryer
 
 	// The RuntimeEnvironment configuration, only populated if the DefaultsMode is set
-	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig. You
+	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You
 	// should not populate this structure programmatically, or rely on the values here
 	// within your applications.
 	RuntimeEnvironment aws.RuntimeEnvironment
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go
index cde97b4f3..5d7bd3c1f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go
@@ -43,7 +43,7 @@ type CreateTokenInput struct {
 
 	// Supports grant types for the authorization code, refresh token, and device code
 	// request. For device code requests, specify the following value:
-	// urn:ietf:params:oauth:grant-type:device_code  For information about how to
+	// urn:ietf:params:oauth:grant-type:device_code For information about how to
 	// obtain the device code, see the StartDeviceAuthorization topic.
 	//
 	// This member is required.
@@ -65,9 +65,8 @@ type CreateTokenInput struct {
 	// Currently, refreshToken is not yet implemented and is not supported. For more
 	// information about the features and limitations of the current IAM Identity
 	// Center OIDC implementation, see Considerations for Using this Guide in the IAM
-	// Identity Center OIDC API Reference
-	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
-	// The token used to obtain an access token in the event that the access token is
+	// Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)
+	// . The token used to obtain an access token in the event that the access token is
 	// invalid or expired.
 	RefreshToken *string
 
@@ -89,22 +88,20 @@ type CreateTokenOutput struct {
 	// Currently, idToken is not yet implemented and is not supported. For more
 	// information about the features and limitations of the current IAM Identity
 	// Center OIDC implementation, see Considerations for Using this Guide in the IAM
-	// Identity Center OIDC API Reference
-	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
-	// The identifier of the user that associated with the access token, if present.
+	// Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)
+	// . The identifier of the user that associated with the access token, if present.
 	IdToken *string
 
 	// Currently, refreshToken is not yet implemented and is not supported. For more
 	// information about the features and limitations of the current IAM Identity
 	// Center OIDC implementation, see Considerations for Using this Guide in the IAM
-	// Identity Center OIDC API Reference
-	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
-	// A token that, if present, can be used to refresh a previously issued access
+	// Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)
+	// . A token that, if present, can be used to refresh a previously issued access
 	// token that might have expired.
 	RefreshToken *string
 
 	// Used to notify the client that the returned token is an access token. The
-	// supported type is BearerToken.
+	// supported type is BearerToken .
 	TokenType *string
 
 	// Metadata pertaining to the operation's result.
@@ -158,6 +155,9 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateToken(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go
index 3ed8cc35f..1d83b226d 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go
@@ -40,8 +40,8 @@ type RegisterClientInput struct {
 	// This member is required.
 	ClientType *string
 
-	// The list of scopes that are defined by the client. Upon authorization, this list
-	// is used to restrict permissions when granting an access token.
+	// The list of scopes that are defined by the client. Upon authorization, this
+	// list is used to restrict permissions when granting an access token.
 	Scopes []string
 
 	noSmithyDocumentSerde
@@ -59,8 +59,8 @@ type RegisterClientOutput struct {
 	// Indicates the time at which the clientId and clientSecret were issued.
 	ClientIdIssuedAt int64
 
-	// A secret string generated for the client. The client will use this string to get
-	// authenticated by the service in subsequent calls.
+	// A secret string generated for the client. The client will use this string to
+	// get authenticated by the service in subsequent calls.
 	ClientSecret *string
 
 	// Indicates the time at which the clientId and clientSecret will become invalid.
@@ -120,6 +120,9 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack,
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opRegisterClient(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go
index 013ccbc93..70e60db14 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go
@@ -28,9 +28,9 @@ func (c *Client) StartDeviceAuthorization(ctx context.Context, params *StartDevi
 
 type StartDeviceAuthorizationInput struct {
 
-	// The unique identifier string for the client that is registered with IAM Identity
-	// Center. This value should come from the persisted result of the RegisterClient
-	// API operation.
+	// The unique identifier string for the client that is registered with IAM
+	// Identity Center. This value should come from the persisted result of the
+	// RegisterClient API operation.
 	//
 	// This member is required.
 	ClientId *string
@@ -42,8 +42,7 @@ type StartDeviceAuthorizationInput struct {
 	ClientSecret *string
 
 	// The URL for the AWS access portal. For more information, see Using the AWS
-	// access portal
-	// (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html)
+	// access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html)
 	// in the IAM Identity Center User Guide.
 	//
 	// This member is required.
@@ -73,9 +72,9 @@ type StartDeviceAuthorizationOutput struct {
 	// device.
 	VerificationUri *string
 
-	// An alternate URL that the client can use to automatically launch a browser. This
-	// process skips the manual step in which the user visits the verification page and
-	// enters their code.
+	// An alternate URL that the client can use to automatically launch a browser.
+	// This process skips the manual step in which the user visits the verification
+	// page and enters their code.
 	VerificationUriComplete *string
 
 	// Metadata pertaining to the operation's result.
@@ -129,6 +128,9 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opStartDeviceAuthorization(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/doc.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/doc.go
index a025f7327..2239427d8 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/doc.go
@@ -1,7 +1,7 @@
 // Code generated by smithy-go-codegen DO NOT EDIT.
 
-// Package ssooidc provides the API client, operations, and parameter types for AWS
-// SSO OIDC.
+// Package ssooidc provides the API client, operations, and parameter types for
+// AWS SSO OIDC.
 //
 // AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect (OIDC)
 // is a web service that enables a client (such as AWS CLI or a native application)
@@ -10,37 +10,27 @@
 // with IAM Identity Center. Although AWS Single Sign-On was renamed, the sso and
 // identitystore API namespaces will continue to retain their original name for
 // backward compatibility purposes. For more information, see IAM Identity Center
-// rename
-// (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed).
-// Considerations for Using This Guide Before you begin using this guide, we
+// rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed)
+// . Considerations for Using This Guide Before you begin using this guide, we
 // recommend that you first review the following important information about how
 // the IAM Identity Center OIDC service works.
+//   - The IAM Identity Center OIDC service currently implements only the portions
+//     of the OAuth 2.0 Device Authorization Grant standard (
+//     https://tools.ietf.org/html/rfc8628 (https://tools.ietf.org/html/rfc8628) )
+//     that are necessary to enable single sign-on authentication with the AWS CLI.
+//     Support for other OIDC flows frequently needed for native applications, such as
+//     Authorization Code Flow (+ PKCE), will be addressed in future releases.
+//   - The service emits only OIDC access tokens, such that obtaining a new token
+//     (For example, token refresh) requires explicit user re-authentication.
+//   - The access tokens provided by this service grant access to all AWS account
+//     entitlements assigned to an IAM Identity Center user, not just a particular
+//     application.
+//   - The documentation in this guide does not describe the mechanism to convert
+//     the access token into AWS Auth (“sigv4”) credentials for use with IAM-protected
+//     AWS service endpoints. For more information, see GetRoleCredentials (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html)
+//     in the IAM Identity Center Portal API Reference Guide.
 //
-// * The IAM Identity Center OIDC
-// service currently implements only the portions of the OAuth 2.0 Device
-// Authorization Grant standard (https://tools.ietf.org/html/rfc8628
-// (https://tools.ietf.org/html/rfc8628)) that are necessary to enable single
-// sign-on authentication with the AWS CLI. Support for other OIDC flows frequently
-// needed for native applications, such as Authorization Code Flow (+ PKCE), will
-// be addressed in future releases.
-//
-// * The service emits only OIDC access tokens,
-// such that obtaining a new token (For example, token refresh) requires explicit
-// user re-authentication.
-//
-// * The access tokens provided by this service grant
-// access to all AWS account entitlements assigned to an IAM Identity Center user,
-// not just a particular application.
-//
-// * The documentation in this guide does not
-// describe the mechanism to convert the access token into AWS Auth (“sigv4”)
-// credentials for use with IAM-protected AWS service endpoints. For more
-// information, see GetRoleCredentials
-// (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html)
-// in the IAM Identity Center Portal API Reference Guide.
-//
-// For general information
-// about IAM Identity Center, see What is IAM Identity Center?
-// (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html) in the
-// IAM Identity Center User Guide.
+// For general information about IAM Identity Center, see What is IAM Identity
+// Center? (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html)
+// in the IAM Identity Center User Guide.
 package ssooidc
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go
index cd747fdd5..73a615a83 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go
@@ -3,4 +3,4 @@
 package ssooidc
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.14.6"
+const goModuleVersion = "1.14.10"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go
index 2212db1c6..50c8df084 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go
@@ -89,6 +89,7 @@ var partitionRegexp = struct {
 	AwsCn    *regexp.Regexp
 	AwsIso   *regexp.Regexp
 	AwsIsoB  *regexp.Regexp
+	AwsIsoE  *regexp.Regexp
 	AwsUsGov *regexp.Regexp
 }{
 
@@ -96,6 +97,7 @@ var partitionRegexp = struct {
 	AwsCn:    regexp.MustCompile("^cn\\-\\w+\\-\\d+$"),
 	AwsIso:   regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"),
 	AwsIsoB:  regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"),
+	AwsIsoE:  regexp.MustCompile("^eu\\-isoe\\-\\w+\\-\\d+$"),
 	AwsUsGov: regexp.MustCompile("^us\\-gov\\-\\w+\\-\\d+$"),
 }
 
@@ -390,6 +392,27 @@ var defaultPartitions = endpoints.Partitions{
 		RegionRegex:    partitionRegexp.AwsIsoB,
 		IsRegionalized: true,
 	},
+	{
+		ID: "aws-iso-e",
+		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
+			{
+				Variant: endpoints.FIPSVariant,
+			}: {
+				Hostname:          "oidc-fips.{region}.cloud.adc-e.uk",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+			{
+				Variant: 0,
+			}: {
+				Hostname:          "oidc.{region}.cloud.adc-e.uk",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+		},
+		RegionRegex:    partitionRegexp.AwsIsoE,
+		IsRegionalized: true,
+	},
 	{
 		ID: "aws-us-gov",
 		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/errors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/errors.go
index 8814b27d1..115a51a9e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/errors.go
@@ -36,8 +36,8 @@ func (e *AccessDeniedException) ErrorCode() string {
 }
 func (e *AccessDeniedException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// Indicates that a request to authorize a client with an access user session token
-// is pending.
+// Indicates that a request to authorize a client with an access user session
+// token is pending.
 type AuthorizationPendingException struct {
 	Message *string
 
@@ -128,7 +128,7 @@ func (e *InternalServerException) ErrorFault() smithy.ErrorFault { return smithy
 
 // Indicates that the clientId or clientSecret in the request is invalid. For
 // example, this can occur when a client sends an incorrect clientId or an expired
-// clientSecret.
+// clientSecret .
 type InvalidClientException struct {
 	Message *string
 
@@ -157,8 +157,8 @@ func (e *InvalidClientException) ErrorCode() string {
 }
 func (e *InvalidClientException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// Indicates that the client information sent in the request during registration is
-// invalid.
+// Indicates that the client information sent in the request during registration
+// is invalid.
 type InvalidClientMetadataException struct {
 	Message *string
 
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
index 67b81cbff..60a7a050c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
@@ -1,3 +1,23 @@
+# v1.19.0 (2023-05-08)
+
+* **Feature**: Documentation updates for AWS Security Token Service.
+
+# v1.18.11 (2023-05-04)
+
+* No change notes available for this release.
+
+# v1.18.10 (2023-04-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.9 (2023-04-10)
+
+* No change notes available for this release.
+
+# v1.18.8 (2023-04-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.18.7 (2023-03-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go
index 3041fc467..78eb26702 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go
@@ -117,7 +117,7 @@ type Options struct {
 	Retryer aws.Retryer
 
 	// The RuntimeEnvironment configuration, only populated if the DefaultsMode is set
-	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig. You
+	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You
 	// should not populate this structure programmatically, or rely on the values here
 	// within your applications.
 	RuntimeEnvironment aws.RuntimeEnvironment
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go
index 4cbb046b6..db22efc0e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go
@@ -16,16 +16,13 @@ import (
 // key ID, a secret access key, and a security token. Typically, you use AssumeRole
 // within your account or for cross-account access. For a comparison of AssumeRole
 // with other API operations that produce temporary credentials, see Requesting
-// Temporary Security Credentials
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-// and Comparing the Amazon Web Services STS API operations
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
 // in the IAM User Guide. Permissions The temporary security credentials created by
-// AssumeRole can be used to make API calls to any Amazon Web Services service with
-// the following exception: You cannot call the Amazon Web Services STS
+// AssumeRole can be used to make API calls to any Amazon Web Services service
+// with the following exception: You cannot call the Amazon Web Services STS
 // GetFederationToken or GetSessionToken API operations. (Optional) You can pass
-// inline or managed session policies
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // to this operation. You can pass a single JSON policy document to use as an
 // inline session policy. You can also specify up to 10 managed policy Amazon
 // Resource Names (ARNs) to use as managed session policies. The plaintext that you
@@ -36,49 +33,39 @@ import (
 // credentials in subsequent Amazon Web Services API calls to access resources in
 // the account that owns the role. You cannot use session policies to grant more
 // permissions than those allowed by the identity-based policy of the role that is
-// being assumed. For more information, see Session Policies
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-// in the IAM User Guide. When you create a role, you create two policies: A role
-// trust policy that specifies who can assume the role and a permissions policy
+// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// in the IAM User Guide. When you create a role, you create two policies: a role
+// trust policy that specifies who can assume the role, and a permissions policy
 // that specifies what can be done with the role. You specify the trusted principal
-// who is allowed to assume the role in the role trust policy. To assume a role
+// that is allowed to assume the role in the role trust policy. To assume a role
 // from a different account, your Amazon Web Services account must be trusted by
 // the role. The trust relationship is defined in the role's trust policy when the
 // role is created. That trust policy states which accounts are allowed to delegate
 // that access to users in the account. A user who wants to access a role in a
-// different account must also have permissions that are delegated from the user
-// account administrator. The administrator must attach a policy that allows the
-// user to call AssumeRole for the ARN of the role in the other account. To allow a
-// user to assume a role in the same account, you can do either of the
-// following:
+// different account must also have permissions that are delegated from the account
+// administrator. The administrator must attach a policy that allows the user to
+// call AssumeRole for the ARN of the role in the other account. To allow a user
+// to assume a role in the same account, you can do either of the following:
+//   - Attach a policy to the user that allows the user to call AssumeRole (as long
+//     as the role's trust policy trusts the account).
+//   - Add the user as a principal directly in the role's trust policy.
 //
-// * Attach a policy to the user that allows the user to call
-// AssumeRole (as long as the role's trust policy trusts the account).
-//
-// * Add the
-// user as a principal directly in the role's trust policy.
-//
-// You can do either
-// because the role’s trust policy acts as an IAM resource-based policy. When a
-// resource-based policy grants access to a principal in the same account, no
-// additional identity-based policy is required. For more information about trust
-// policies and resource-based policies, see IAM Policies
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) in the
-// IAM User Guide. Tags (Optional) You can pass tag key-value pairs to your
+// You can do either because the role’s trust policy acts as an IAM resource-based
+// policy. When a resource-based policy grants access to a principal in the same
+// account, no additional identity-based policy is required. For more information
+// about trust policies and resource-based policies, see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
+// in the IAM User Guide. Tags (Optional) You can pass tag key-value pairs to your
 // session. These tags are called session tags. For more information about session
-// tags, see Passing Session Tags in STS
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
-// IAM User Guide. An administrator must grant you the permissions necessary to
-// pass session tags. The administrator can also create granular permissions to
+// tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide. An administrator must grant you the permissions necessary
+// to pass session tags. The administrator can also create granular permissions to
 // allow you to pass only specific session tags. For more information, see
-// Tutorial: Using Tags for Attribute-Based Access Control
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
 // in the IAM User Guide. You can set the session tags as transitive. Transitive
-// tags persist during role chaining. For more information, see Chaining Roles with
-// Session Tags
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+// tags persist during role chaining. For more information, see Chaining Roles
+// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
 // in the IAM User Guide. Using MFA with AssumeRole (Optional) You can include
-// multi-factor authentication (MFA) information when you call AssumeRole. This is
+// multi-factor authentication (MFA) information when you call AssumeRole . This is
 // useful for cross-account scenarios to ensure that the user that assumes the role
 // has been authenticated with an Amazon Web Services MFA device. In that scenario,
 // the trust policy of the role being assumed includes a condition that tests for
@@ -86,12 +73,11 @@ import (
 // request to assume the role is denied. The condition in a trust policy that tests
 // for MFA authentication might look like the following example. "Condition":
 // {"Bool": {"aws:MultiFactorAuthPresent": true}} For more information, see
-// Configuring MFA-Protected API Access
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html) in the
-// IAM User Guide guide. To use MFA with AssumeRole, you pass values for the
-// SerialNumber and TokenCode parameters. The SerialNumber value identifies the
-// user's hardware or virtual MFA device. The TokenCode is the time-based one-time
-// password (TOTP) that the MFA device produces.
+// Configuring MFA-Protected API Access (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html)
+// in the IAM User Guide guide. To use MFA with AssumeRole , you pass values for
+// the SerialNumber and TokenCode parameters. The SerialNumber value identifies
+// the user's hardware or virtual MFA device. The TokenCode is the time-based
+// one-time password (TOTP) that the MFA device produces.
 func (c *Client) AssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*Options)) (*AssumeRoleOutput, error) {
 	if params == nil {
 		params = &AssumeRoleInput{}
@@ -143,16 +129,14 @@ type AssumeRoleInput struct {
 	// maximum session duration setting for your role. However, if you assume a role
 	// using role chaining and provide a DurationSeconds parameter value greater than
 	// one hour, the operation fails. To learn how to view the maximum value for your
-	// role, see View the Maximum Session Duration Setting for a Role
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+	// role, see View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
 	// in the IAM User Guide. By default, the value is set to 3600 seconds. The
 	// DurationSeconds parameter is separate from the duration of a console session
 	// that you might request using the returned credentials. The request to the
 	// federation endpoint for a console sign-in token takes a SessionDuration
 	// parameter that specifies the maximum length of the console session. For more
 	// information, see Creating a URL that Enables Federated Users to Access the
-	// Amazon Web Services Management Console
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
+	// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
 	// in the IAM User Guide.
 	DurationSeconds *int32
 
@@ -165,8 +149,7 @@ type AssumeRoleInput struct {
 	// administrator of the trusted account. That way, only someone with the ID can
 	// assume the role, rather than everyone in the account. For more information about
 	// the external ID, see How to Use an External ID When Granting Access to Your
-	// Amazon Web Services Resources to a Third Party
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html)
+	// Amazon Web Services Resources to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html)
 	// in the IAM User Guide. The regex used to validate this parameter is a string of
 	// characters consisting of upper- and lower-case alphanumeric characters with no
 	// spaces. You can also include underscores or any of the following characters:
@@ -181,8 +164,7 @@ type AssumeRoleInput struct {
 	// access resources in the account that owns the role. You cannot use session
 	// policies to grant more permissions than those allowed by the identity-based
 	// policy of the role that is being assumed. For more information, see Session
-	// Policies
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// in the IAM User Guide. The plaintext that you use for both inline and managed
 	// session policies can't exceed 2,048 characters. The JSON policy characters can
 	// be any ASCII character from the space character to the end of the valid
@@ -200,9 +182,8 @@ type AssumeRoleInput struct {
 	// the role. This parameter is optional. You can provide up to 10 managed policy
 	// ARNs. However, the plaintext that you use for both inline and managed session
 	// policies can't exceed 2,048 characters. For more information about ARNs, see
-	// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
-	// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
-	// the Amazon Web Services General Reference. An Amazon Web Services conversion
+	// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+	// in the Amazon Web Services General Reference. An Amazon Web Services conversion
 	// compresses the passed inline session policy, managed policy ARNs, and session
 	// tags into a packed binary format that has a separate limit. Your request can
 	// fail for this limit even if your plaintext meets the other requirements. The
@@ -214,17 +195,16 @@ type AssumeRoleInput struct {
 	// Services API calls to access resources in the account that owns the role. You
 	// cannot use session policies to grant more permissions than those allowed by the
 	// identity-based policy of the role that is being assumed. For more information,
-	// see Session Policies
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// in the IAM User Guide.
 	PolicyArns []types.PolicyDescriptorType
 
-	// The identification number of the MFA device that is associated with the user who
-	// is making the AssumeRole call. Specify this value if the trust policy of the
-	// role being assumed includes a condition that requires MFA authentication. The
-	// value is either the serial number for a hardware device (such as GAHT12345678)
-	// or an Amazon Resource Name (ARN) for a virtual device (such as
-	// arn:aws:iam::123456789012:mfa/user). The regex used to validate this parameter
+	// The identification number of the MFA device that is associated with the user
+	// who is making the AssumeRole call. Specify this value if the trust policy of
+	// the role being assumed includes a condition that requires MFA authentication.
+	// The value is either the serial number for a hardware device (such as
+	// GAHT12345678 ) or an Amazon Resource Name (ARN) for a virtual device (such as
+	// arn:aws:iam::123456789012:mfa/user ). The regex used to validate this parameter
 	// is a string of characters consisting of upper- and lower-case alphanumeric
 	// characters with no spaces. You can also include underscores or any of the
 	// following characters: =,.@-
@@ -237,24 +217,21 @@ type AssumeRoleInput struct {
 	// who took actions with a role. You can use the aws:SourceIdentity condition key
 	// to further control access to Amazon Web Services resources based on the value of
 	// source identity. For more information about using source identity, see Monitor
-	// and control actions taken with assumed roles
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
+	// and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
 	// in the IAM User Guide. The regex used to validate this parameter is a string of
 	// characters consisting of upper- and lower-case alphanumeric characters with no
 	// spaces. You can also include underscores or any of the following characters:
-	// =,.@-. You cannot use a value that begins with the text aws:. This prefix is
+	// =,.@-. You cannot use a value that begins with the text aws: . This prefix is
 	// reserved for Amazon Web Services internal use.
 	SourceIdentity *string
 
-	// A list of session tags that you want to pass. Each session tag consists of a key
-	// name and an associated value. For more information about session tags, see
-	// Tagging Amazon Web Services STS Sessions
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
-	// IAM User Guide. This parameter is optional. You can pass up to 50 session tags.
-	// The plaintext session tag keys can’t exceed 128 characters, and the values can’t
-	// exceed 256 characters. For these and additional limits, see IAM and STS
-	// Character Limits
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+	// A list of session tags that you want to pass. Each session tag consists of a
+	// key name and an associated value. For more information about session tags, see
+	// Tagging Amazon Web Services STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+	// in the IAM User Guide. This parameter is optional. You can pass up to 50 session
+	// tags. The plaintext session tag keys can’t exceed 128 characters, and the values
+	// can’t exceed 256 characters. For these and additional limits, see IAM and STS
+	// Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
 	// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
 	// inline session policy, managed policy ARNs, and session tags into a packed
 	// binary format that has a separate limit. Your request can fail for this limit
@@ -264,16 +241,15 @@ type AssumeRoleInput struct {
 	// same key as a tag that is already attached to the role. When you do, session
 	// tags override a role tag with the same key. Tag key–value pairs are not case
 	// sensitive, but case is preserved. This means that you cannot have separate
-	// Department and department tag keys. Assume that the role has the
-	// Department=Marketing tag and you pass the department=engineering session tag.
-	// Department and department are not saved as separate tags, and the session tag
-	// passed in the request takes precedence over the role tag. Additionally, if you
-	// used temporary credentials to perform this operation, the new session inherits
-	// any transitive session tags from the calling session. If you pass a session tag
-	// with the same key as an inherited tag, the operation fails. To view the
-	// inherited tags for a session, see the CloudTrail logs. For more information, see
-	// Viewing Session Tags in CloudTrail
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs)
+	// Department and department tag keys. Assume that the role has the Department =
+	// Marketing tag and you pass the department = engineering session tag. Department
+	// and department are not saved as separate tags, and the session tag passed in
+	// the request takes precedence over the role tag. Additionally, if you used
+	// temporary credentials to perform this operation, the new session inherits any
+	// transitive session tags from the calling session. If you pass a session tag with
+	// the same key as an inherited tag, the operation fails. To view the inherited
+	// tags for a session, see the CloudTrail logs. For more information, see Viewing
+	// Session Tags in CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs)
 	// in the IAM User Guide.
 	Tags []types.Tag
 
@@ -285,11 +261,10 @@ type AssumeRoleInput struct {
 	// sequence of six numeric digits.
 	TokenCode *string
 
-	// A list of keys for session tags that you want to set as transitive. If you set a
-	// tag key as transitive, the corresponding key and value passes to subsequent
+	// A list of keys for session tags that you want to set as transitive. If you set
+	// a tag key as transitive, the corresponding key and value passes to subsequent
 	// sessions in a role chain. For more information, see Chaining Roles with Session
-	// Tags
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+	// Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
 	// in the IAM User Guide. This parameter is optional. When you set session tags as
 	// transitive, the session policy and session tags packed binary limit is not
 	// affected. If you choose not to specify a transitive tag key, then no tags are
@@ -308,7 +283,7 @@ type AssumeRoleOutput struct {
 	// that you can use to refer to the resulting temporary security credentials. For
 	// example, you can reference these credentials as a principal in a resource-based
 	// policy by using the ARN or assumed role ID. The ARN and ID include the
-	// RoleSessionName that you specified when you called AssumeRole.
+	// RoleSessionName that you specified when you called AssumeRole .
 	AssumedRoleUser *types.AssumedRoleUser
 
 	// The temporary security credentials, which include an access key ID, a secret
@@ -330,8 +305,7 @@ type AssumeRoleOutput struct {
 	// who took actions with a role. You can use the aws:SourceIdentity condition key
 	// to further control access to Amazon Web Services resources based on the value of
 	// source identity. For more information about using source identity, see Monitor
-	// and control actions taken with assumed roles
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
+	// and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
 	// in the IAM User Guide. The regex used to validate this parameter is a string of
 	// characters consisting of upper- and lower-case alphanumeric characters with no
 	// spaces. You can also include underscores or any of the following characters:
@@ -395,6 +369,9 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssumeRole(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go
index 4ed0f5d07..65dccc9ea 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go
@@ -15,10 +15,8 @@ import (
 // mechanism for tying an enterprise identity store or directory to role-based
 // Amazon Web Services access without user-specific credentials or configuration.
 // For a comparison of AssumeRoleWithSAML with the other API operations that
-// produce temporary credentials, see Requesting Temporary Security Credentials
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-// and Comparing the Amazon Web Services STS API operations
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// produce temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
 // in the IAM User Guide. The temporary security credentials returned by this
 // operation consist of an access key ID, a secret access key, and a security
 // token. Applications can use these temporary security credentials to sign calls
@@ -31,15 +29,12 @@ import (
 // DurationSeconds value from 900 seconds (15 minutes) up to the maximum session
 // duration setting for the role. This setting can have a value from 1 hour to 12
 // hours. To learn how to view the maximum value for your role, see View the
-// Maximum Session Duration Setting for a Role
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+// Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
 // in the IAM User Guide. The maximum session duration limit applies when you use
 // the AssumeRole* API operations or the assume-role* CLI commands. However the
 // limit does not apply when you use those operations to create a console URL. For
-// more information, see Using IAM Roles
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the IAM
-// User Guide. Role chaining
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining)
+// more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
+// in the IAM User Guide. Role chaining (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining)
 // limits your CLI or Amazon Web Services API role session to a maximum of one
 // hour. When you use the AssumeRole API operation to assume a role, you can
 // specify the duration of your role session with the DurationSeconds parameter.
@@ -50,8 +45,7 @@ import (
 // credentials created by AssumeRoleWithSAML can be used to make API calls to any
 // Amazon Web Services service with the following exception: you cannot call the
 // STS GetFederationToken or GetSessionToken API operations. (Optional) You can
-// pass inline or managed session policies
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // to this operation. You can pass a single JSON policy document to use as an
 // inline session policy. You can also specify up to 10 managed policy Amazon
 // Resource Names (ARNs) to use as managed session policies. The plaintext that you
@@ -62,8 +56,7 @@ import (
 // credentials in subsequent Amazon Web Services API calls to access resources in
 // the account that owns the role. You cannot use session policies to grant more
 // permissions than those allowed by the identity-based policy of the role that is
-// being assumed. For more information, see Session Policies
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // in the IAM User Guide. Calling AssumeRoleWithSAML does not require the use of
 // Amazon Web Services security credentials. The identity of the caller is
 // validated by using keys in the metadata document that is uploaded for the SAML
@@ -71,16 +64,14 @@ import (
 // result in an entry in your CloudTrail logs. The entry includes the value in the
 // NameID element of the SAML assertion. We recommend that you use a NameIDType
 // that is not associated with any personally identifiable information (PII). For
-// example, you could instead use the persistent identifier
-// (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent). Tags (Optional) You can
+// example, you could instead use the persistent identifier (
+// urn:oasis:names:tc:SAML:2.0:nameid-format:persistent ). Tags (Optional) You can
 // configure your IdP to pass attributes into your SAML assertion as session tags.
 // Each session tag consists of a key name and an associated value. For more
-// information about session tags, see Passing Session Tags in STS
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
-// IAM User Guide. You can pass up to 50 session tags. The plaintext session tag
-// keys can’t exceed 128 characters and the values can’t exceed 256 characters. For
-// these and additional limits, see IAM and STS Character Limits
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+// information about session tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide. You can pass up to 50 session tags. The plaintext session
+// tag keys can’t exceed 128 characters and the values can’t exceed 256 characters.
+// For these and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
 // in the IAM User Guide. An Amazon Web Services conversion compresses the passed
 // inline session policy, managed policy ARNs, and session tags into a packed
 // binary format that has a separate limit. Your request can fail for this limit
@@ -91,36 +82,25 @@ import (
 // override the role's tags with the same key. An administrator must grant you the
 // permissions necessary to pass session tags. The administrator can also create
 // granular permissions to allow you to pass only specific session tags. For more
-// information, see Tutorial: Using Tags for Attribute-Based Access Control
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// information, see Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
 // in the IAM User Guide. You can set the session tags as transitive. Transitive
-// tags persist during role chaining. For more information, see Chaining Roles with
-// Session Tags
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+// tags persist during role chaining. For more information, see Chaining Roles
+// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
 // in the IAM User Guide. SAML Configuration Before your application can call
-// AssumeRoleWithSAML, you must configure your SAML identity provider (IdP) to
+// AssumeRoleWithSAML , you must configure your SAML identity provider (IdP) to
 // issue the claims required by Amazon Web Services. Additionally, you must use
 // Identity and Access Management (IAM) to create a SAML provider entity in your
 // Amazon Web Services account that represents your identity provider. You must
 // also create an IAM role that specifies this SAML provider in its trust policy.
 // For more information, see the following resources:
-//
-// * About SAML 2.0-based
-// Federation
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
-// in the IAM User Guide.
-//
-// * Creating SAML Identity Providers
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
-// in the IAM User Guide.
-//
-// * Configuring a Relying Party and Claims
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
-// in the IAM User Guide.
-//
-// * Creating a Role for SAML 2.0 Federation
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
-// in the IAM User Guide.
+//   - About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
+//     in the IAM User Guide.
+//   - Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
+//     in the IAM User Guide.
+//   - Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
+//     in the IAM User Guide.
+//   - Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
+//     in the IAM User Guide.
 func (c *Client) AssumeRoleWithSAML(ctx context.Context, params *AssumeRoleWithSAMLInput, optFns ...func(*Options)) (*AssumeRoleWithSAMLOutput, error) {
 	if params == nil {
 		params = &AssumeRoleWithSAMLInput{}
@@ -150,8 +130,7 @@ type AssumeRoleWithSAMLInput struct {
 	RoleArn *string
 
 	// The base64 encoded SAML authentication response provided by the IdP. For more
-	// information, see Configuring a Relying Party and Adding Claims
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html)
+	// information, see Configuring a Relying Party and Adding Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html)
 	// in the IAM User Guide.
 	//
 	// This member is required.
@@ -166,16 +145,14 @@ type AssumeRoleWithSAMLInput struct {
 	// than this setting, the operation fails. For example, if you specify a session
 	// duration of 12 hours, but your administrator set the maximum session duration to
 	// 6 hours, your operation fails. To learn how to view the maximum value for your
-	// role, see View the Maximum Session Duration Setting for a Role
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+	// role, see View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
 	// in the IAM User Guide. By default, the value is set to 3600 seconds. The
 	// DurationSeconds parameter is separate from the duration of a console session
 	// that you might request using the returned credentials. The request to the
 	// federation endpoint for a console sign-in token takes a SessionDuration
 	// parameter that specifies the maximum length of the console session. For more
 	// information, see Creating a URL that Enables Federated Users to Access the
-	// Amazon Web Services Management Console
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
+	// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
 	// in the IAM User Guide.
 	DurationSeconds *int32
 
@@ -187,8 +164,7 @@ type AssumeRoleWithSAMLInput struct {
 	// access resources in the account that owns the role. You cannot use session
 	// policies to grant more permissions than those allowed by the identity-based
 	// policy of the role that is being assumed. For more information, see Session
-	// Policies
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// in the IAM User Guide. The plaintext that you use for both inline and managed
 	// session policies can't exceed 2,048 characters. The JSON policy characters can
 	// be any ASCII character from the space character to the end of the valid
@@ -206,9 +182,8 @@ type AssumeRoleWithSAMLInput struct {
 	// the role. This parameter is optional. You can provide up to 10 managed policy
 	// ARNs. However, the plaintext that you use for both inline and managed session
 	// policies can't exceed 2,048 characters. For more information about ARNs, see
-	// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
-	// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
-	// the Amazon Web Services General Reference. An Amazon Web Services conversion
+	// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+	// in the Amazon Web Services General Reference. An Amazon Web Services conversion
 	// compresses the passed inline session policy, managed policy ARNs, and session
 	// tags into a packed binary format that has a separate limit. Your request can
 	// fail for this limit even if your plaintext meets the other requirements. The
@@ -220,8 +195,7 @@ type AssumeRoleWithSAMLInput struct {
 	// Services API calls to access resources in the account that owns the role. You
 	// cannot use session policies to grant more permissions than those allowed by the
 	// identity-based policy of the role that is being assumed. For more information,
-	// see Session Policies
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// in the IAM User Guide.
 	PolicyArns []types.PolicyDescriptorType
 
@@ -251,19 +225,12 @@ type AssumeRoleWithSAMLOutput struct {
 	Issuer *string
 
 	// A hash value based on the concatenation of the following:
-	//
-	// * The Issuer response
-	// value.
-	//
-	// * The Amazon Web Services account ID.
-	//
-	// * The friendly name (the last
-	// part of the ARN) of the SAML provider in IAM.
-	//
-	// The combination of NameQualifier
-	// and Subject can be used to uniquely identify a federated user. The following
-	// pseudocode shows how the hash value is calculated: BASE64 ( SHA1 (
-	// "https://example.com/saml" + "123456789012" + "/MySAMLIdP" ) )
+	//   - The Issuer response value.
+	//   - The Amazon Web Services account ID.
+	//   - The friendly name (the last part of the ARN) of the SAML provider in IAM.
+	// The combination of NameQualifier and Subject can be used to uniquely identify a
+	// user. The following pseudocode shows how the hash value is calculated: BASE64 (
+	// SHA1 ( "https://example.com/saml" + "123456789012" + "/MySAMLIdP" ) )
 	NameQualifier *string
 
 	// A percentage value that indicates the packed size of the session policies and
@@ -272,20 +239,18 @@ type AssumeRoleWithSAMLOutput struct {
 	// allowed space.
 	PackedPolicySize *int32
 
-	// The value in the SourceIdentity attribute in the SAML assertion. You can require
-	// users to set a source identity value when they assume a role. You do this by
-	// using the sts:SourceIdentity condition key in a role trust policy. That way,
-	// actions that are taken with the role are associated with that user. After the
-	// source identity is set, the value cannot be changed. It is present in the
+	// The value in the SourceIdentity attribute in the SAML assertion. You can
+	// require users to set a source identity value when they assume a role. You do
+	// this by using the sts:SourceIdentity condition key in a role trust policy. That
+	// way, actions that are taken with the role are associated with that user. After
+	// the source identity is set, the value cannot be changed. It is present in the
 	// request for all actions that are taken by the role and persists across chained
-	// role
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
+	// role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
 	// sessions. You can configure your SAML identity provider to use an attribute
 	// associated with your users, like user name or email, as the source identity when
-	// calling AssumeRoleWithSAML. You do this by adding an attribute to the SAML
+	// calling AssumeRoleWithSAML . You do this by adding an attribute to the SAML
 	// assertion. For more information about using source identity, see Monitor and
-	// control actions taken with assumed roles
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
+	// control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
 	// in the IAM User Guide. The regex used to validate this parameter is a string of
 	// characters consisting of upper- and lower-case alphanumeric characters with no
 	// spaces. You can also include underscores or any of the following characters:
@@ -297,10 +262,10 @@ type AssumeRoleWithSAMLOutput struct {
 
 	// The format of the name ID, as defined by the Format attribute in the NameID
 	// element of the SAML assertion. Typical examples of the format are transient or
-	// persistent. If the format includes the prefix
-	// urn:oasis:names:tc:SAML:2.0:nameid-format, that prefix is removed. For example,
-	// urn:oasis:names:tc:SAML:2.0:nameid-format:transient is returned as transient. If
-	// the format includes any other prefix, the format is returned with no
+	// persistent . If the format includes the prefix
+	// urn:oasis:names:tc:SAML:2.0:nameid-format , that prefix is removed. For example,
+	// urn:oasis:names:tc:SAML:2.0:nameid-format:transient is returned as transient .
+	// If the format includes any other prefix, the format is returned with no
 	// modifications.
 	SubjectType *string
 
@@ -355,6 +320,9 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssumeRoleWithSAML(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go
index e2ff4ac62..f00f30763 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go
@@ -14,54 +14,44 @@ import (
 // authenticated in a mobile or web application with a web identity provider.
 // Example providers include the OAuth 2.0 providers Login with Amazon and
 // Facebook, or any OpenID Connect-compatible identity provider such as Google or
-// Amazon Cognito federated identities
-// (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html).
-// For mobile applications, we recommend that you use Amazon Cognito. You can use
-// Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide
-// (http://aws.amazon.com/sdkforios/) and the Amazon Web Services SDK for Android
-// Developer Guide (http://aws.amazon.com/sdkforandroid/) to uniquely identify a
-// user. You can also supply the user with a consistent identity throughout the
-// lifetime of an application. To learn more about Amazon Cognito, see Amazon
-// Cognito Overview
-// (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840)
-// in Amazon Web Services SDK for Android Developer Guide and Amazon Cognito
-// Overview
-// (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664)
-// in the Amazon Web Services SDK for iOS Developer Guide. Calling
-// AssumeRoleWithWebIdentity does not require the use of Amazon Web Services
-// security credentials. Therefore, you can distribute an application (for example,
-// on mobile devices) that requests temporary security credentials without
-// including long-term Amazon Web Services credentials in the application. You also
-// don't need to deploy server-based proxy services that use long-term Amazon Web
-// Services credentials. Instead, the identity of the caller is validated by using
-// a token from the web identity provider. For a comparison of
-// AssumeRoleWithWebIdentity with the other API operations that produce temporary
-// credentials, see Requesting Temporary Security Credentials
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-// and Comparing the Amazon Web Services STS API operations
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// Amazon Cognito federated identities (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html)
+// . For mobile applications, we recommend that you use Amazon Cognito. You can use
+// Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
+// and the Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/)
+// to uniquely identify a user. You can also supply the user with a consistent
+// identity throughout the lifetime of an application. To learn more about Amazon
+// Cognito, see Amazon Cognito identity pools (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html)
+// in Amazon Cognito Developer Guide. Calling AssumeRoleWithWebIdentity does not
+// require the use of Amazon Web Services security credentials. Therefore, you can
+// distribute an application (for example, on mobile devices) that requests
+// temporary security credentials without including long-term Amazon Web Services
+// credentials in the application. You also don't need to deploy server-based proxy
+// services that use long-term Amazon Web Services credentials. Instead, the
+// identity of the caller is validated by using a token from the web identity
+// provider. For a comparison of AssumeRoleWithWebIdentity with the other API
+// operations that produce temporary credentials, see Requesting Temporary
+// Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
 // in the IAM User Guide. The temporary security credentials returned by this API
 // consist of an access key ID, a secret access key, and a security token.
 // Applications can use these temporary security credentials to sign calls to
 // Amazon Web Services service API operations. Session Duration By default, the
-// temporary security credentials created by AssumeRoleWithWebIdentity last for one
-// hour. However, you can use the optional DurationSeconds parameter to specify the
-// duration of your session. You can provide a value from 900 seconds (15 minutes)
-// up to the maximum session duration setting for the role. This setting can have a
-// value from 1 hour to 12 hours. To learn how to view the maximum value for your
-// role, see View the Maximum Session Duration Setting for a Role
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+// temporary security credentials created by AssumeRoleWithWebIdentity last for
+// one hour. However, you can use the optional DurationSeconds parameter to
+// specify the duration of your session. You can provide a value from 900 seconds
+// (15 minutes) up to the maximum session duration setting for the role. This
+// setting can have a value from 1 hour to 12 hours. To learn how to view the
+// maximum value for your role, see View the Maximum Session Duration Setting for
+// a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
 // in the IAM User Guide. The maximum session duration limit applies when you use
 // the AssumeRole* API operations or the assume-role* CLI commands. However the
 // limit does not apply when you use those operations to create a console URL. For
-// more information, see Using IAM Roles
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the IAM
-// User Guide. Permissions The temporary security credentials created by
+// more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
+// in the IAM User Guide. Permissions The temporary security credentials created by
 // AssumeRoleWithWebIdentity can be used to make API calls to any Amazon Web
 // Services service with the following exception: you cannot call the STS
 // GetFederationToken or GetSessionToken API operations. (Optional) You can pass
-// inline or managed session policies
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // to this operation. You can pass a single JSON policy document to use as an
 // inline session policy. You can also specify up to 10 managed policy Amazon
 // Resource Names (ARNs) to use as managed session policies. The plaintext that you
@@ -72,17 +62,14 @@ import (
 // credentials in subsequent Amazon Web Services API calls to access resources in
 // the account that owns the role. You cannot use session policies to grant more
 // permissions than those allowed by the identity-based policy of the role that is
-// being assumed. For more information, see Session Policies
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // in the IAM User Guide. Tags (Optional) You can configure your IdP to pass
 // attributes into your web identity token as session tags. Each session tag
 // consists of a key name and an associated value. For more information about
-// session tags, see Passing Session Tags in STS
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
-// IAM User Guide. You can pass up to 50 session tags. The plaintext session tag
-// keys can’t exceed 128 characters and the values can’t exceed 256 characters. For
-// these and additional limits, see IAM and STS Character Limits
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+// session tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide. You can pass up to 50 session tags. The plaintext session
+// tag keys can’t exceed 128 characters and the values can’t exceed 256 characters.
+// For these and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
 // in the IAM User Guide. An Amazon Web Services conversion compresses the passed
 // inline session policy, managed policy ARNs, and session tags into a packed
 // binary format that has a separate limit. Your request can fail for this limit
@@ -93,52 +80,38 @@ import (
 // overrides the role tag with the same key. An administrator must grant you the
 // permissions necessary to pass session tags. The administrator can also create
 // granular permissions to allow you to pass only specific session tags. For more
-// information, see Tutorial: Using Tags for Attribute-Based Access Control
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// information, see Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
 // in the IAM User Guide. You can set the session tags as transitive. Transitive
-// tags persist during role chaining. For more information, see Chaining Roles with
-// Session Tags
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+// tags persist during role chaining. For more information, see Chaining Roles
+// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
 // in the IAM User Guide. Identities Before your application can call
-// AssumeRoleWithWebIdentity, you must have an identity token from a supported
+// AssumeRoleWithWebIdentity , you must have an identity token from a supported
 // identity provider and create a role that the application can assume. The role
 // that your application assumes must trust the identity provider that is
 // associated with the identity token. In other words, the identity provider must
 // be specified in the role's trust policy. Calling AssumeRoleWithWebIdentity can
-// result in an entry in your CloudTrail logs. The entry includes the Subject
-// (http://openid.net/specs/openid-connect-core-1_0.html#Claims) of the provided
-// web identity token. We recommend that you avoid using any personally
-// identifiable information (PII) in this field. For example, you could instead use
-// a GUID or a pairwise identifier, as suggested in the OIDC specification
-// (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes). For more
-// information about how to use web identity federation and the
+// result in an entry in your CloudTrail logs. The entry includes the Subject (http://openid.net/specs/openid-connect-core-1_0.html#Claims)
+// of the provided web identity token. We recommend that you avoid using any
+// personally identifiable information (PII) in this field. For example, you could
+// instead use a GUID or a pairwise identifier, as suggested in the OIDC
+// specification (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes)
+// . For more information about how to use web identity federation and the
 // AssumeRoleWithWebIdentity API, see the following resources:
-//
-// * Using Web
-// Identity Federation API Operations for Mobile Apps
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
-// and Federation Through a Web-based Identity Provider
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity).
-//
-// *
-// Web Identity Federation Playground
-// (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/).
-// Walk through the process of authenticating through Login with Amazon, Facebook,
-// or Google, getting temporary security credentials, and then using those
-// credentials to make a request to Amazon Web Services.
-//
-// * Amazon Web Services SDK
-// for iOS Developer Guide (http://aws.amazon.com/sdkforios/) and Amazon Web
-// Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/).
-// These toolkits contain sample apps that show how to invoke the identity
-// providers. The toolkits then show how to use the information from these
-// providers to get and use temporary security credentials.
-//
-// * Web Identity
-// Federation with Mobile Applications
-// (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications).
-// This article discusses web identity federation and shows an example of how to
-// use web identity federation to get access to content in Amazon S3.
+//   - Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
+//     and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
+//     .
+//   - Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/)
+//     . Walk through the process of authenticating through Login with Amazon,
+//     Facebook, or Google, getting temporary security credentials, and then using
+//     those credentials to make a request to Amazon Web Services.
+//   - Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
+//     and Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/)
+//     . These toolkits contain sample apps that show how to invoke the identity
+//     providers. The toolkits then show how to use the information from these
+//     providers to get and use temporary security credentials.
+//   - Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications)
+//     . This article discusses web identity federation and shows an example of how to
+//     use web identity federation to get access to content in Amazon S3.
 func (c *Client) AssumeRoleWithWebIdentity(ctx context.Context, params *AssumeRoleWithWebIdentityInput, optFns ...func(*Options)) (*AssumeRoleWithWebIdentityOutput, error) {
 	if params == nil {
 		params = &AssumeRoleWithWebIdentityInput{}
@@ -187,16 +160,14 @@ type AssumeRoleWithWebIdentityInput struct {
 	// higher than this setting, the operation fails. For example, if you specify a
 	// session duration of 12 hours, but your administrator set the maximum session
 	// duration to 6 hours, your operation fails. To learn how to view the maximum
-	// value for your role, see View the Maximum Session Duration Setting for a Role
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+	// value for your role, see View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
 	// in the IAM User Guide. By default, the value is set to 3600 seconds. The
 	// DurationSeconds parameter is separate from the duration of a console session
 	// that you might request using the returned credentials. The request to the
 	// federation endpoint for a console sign-in token takes a SessionDuration
 	// parameter that specifies the maximum length of the console session. For more
 	// information, see Creating a URL that Enables Federated Users to Access the
-	// Amazon Web Services Management Console
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
+	// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
 	// in the IAM User Guide.
 	DurationSeconds *int32
 
@@ -208,8 +179,7 @@ type AssumeRoleWithWebIdentityInput struct {
 	// access resources in the account that owns the role. You cannot use session
 	// policies to grant more permissions than those allowed by the identity-based
 	// policy of the role that is being assumed. For more information, see Session
-	// Policies
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// in the IAM User Guide. The plaintext that you use for both inline and managed
 	// session policies can't exceed 2,048 characters. The JSON policy characters can
 	// be any ASCII character from the space character to the end of the valid
@@ -227,9 +197,8 @@ type AssumeRoleWithWebIdentityInput struct {
 	// the role. This parameter is optional. You can provide up to 10 managed policy
 	// ARNs. However, the plaintext that you use for both inline and managed session
 	// policies can't exceed 2,048 characters. For more information about ARNs, see
-	// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
-	// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
-	// the Amazon Web Services General Reference. An Amazon Web Services conversion
+	// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+	// in the Amazon Web Services General Reference. An Amazon Web Services conversion
 	// compresses the passed inline session policy, managed policy ARNs, and session
 	// tags into a packed binary format that has a separate limit. Your request can
 	// fail for this limit even if your plaintext meets the other requirements. The
@@ -241,8 +210,7 @@ type AssumeRoleWithWebIdentityInput struct {
 	// Services API calls to access resources in the account that owns the role. You
 	// cannot use session policies to grant more permissions than those allowed by the
 	// identity-based policy of the role that is being assumed. For more information,
-	// see Session Policies
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// in the IAM User Guide.
 	PolicyArns []types.PolicyDescriptorType
 
@@ -265,7 +233,7 @@ type AssumeRoleWithWebIdentityOutput struct {
 	// that you can use to refer to the resulting temporary security credentials. For
 	// example, you can reference these credentials as a principal in a resource-based
 	// policy by using the ARN or assumed role ID. The ARN and ID include the
-	// RoleSessionName that you specified when you called AssumeRole.
+	// RoleSessionName that you specified when you called AssumeRole .
 	AssumedRoleUser *types.AssumedRoleUser
 
 	// The intended audience (also known as client ID) of the web identity token. This
@@ -285,10 +253,10 @@ type AssumeRoleWithWebIdentityOutput struct {
 	// allowed space.
 	PackedPolicySize *int32
 
-	// The issuing authority of the web identity token presented. For OpenID Connect ID
-	// tokens, this contains the value of the iss field. For OAuth 2.0 access tokens,
-	// this contains the value of the ProviderId parameter that was passed in the
-	// AssumeRoleWithWebIdentity request.
+	// The issuing authority of the web identity token presented. For OpenID Connect
+	// ID tokens, this contains the value of the iss field. For OAuth 2.0 access
+	// tokens, this contains the value of the ProviderId parameter that was passed in
+	// the AssumeRoleWithWebIdentity request.
 	Provider *string
 
 	// The value of the source identity that is returned in the JSON web token (JWT)
@@ -297,17 +265,14 @@ type AssumeRoleWithWebIdentityOutput struct {
 	// key in a role trust policy. That way, actions that are taken with the role are
 	// associated with that user. After the source identity is set, the value cannot be
 	// changed. It is present in the request for all actions that are taken by the role
-	// and persists across chained role
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
+	// and persists across chained role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
 	// sessions. You can configure your identity provider to use an attribute
 	// associated with your users, like user name or email, as the source identity when
-	// calling AssumeRoleWithWebIdentity. You do this by adding a claim to the JSON web
-	// token. To learn more about OIDC tokens and claims, see Using Tokens with User
-	// Pools
-	// (https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html)
+	// calling AssumeRoleWithWebIdentity . You do this by adding a claim to the JSON
+	// web token. To learn more about OIDC tokens and claims, see Using Tokens with
+	// User Pools (https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html)
 	// in the Amazon Cognito Developer Guide. For more information about using source
-	// identity, see Monitor and control actions taken with assumed roles
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
+	// identity, see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
 	// in the IAM User Guide. The regex used to validate this parameter is a string of
 	// characters consisting of upper- and lower-case alphanumeric characters with no
 	// spaces. You can also include underscores or any of the following characters:
@@ -373,6 +338,9 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssumeRoleWithWebIdentity(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go
index b7a637d42..587d1d3c0 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go
@@ -22,27 +22,17 @@ import (
 // encoded because the details of the authorization status can contain privileged
 // information that the user who requested the operation should not see. To decode
 // an authorization status message, a user must be granted permissions through an
-// IAM policy
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) to
-// request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage) action.
-// The decoded message includes the following type of information:
-//
-// * Whether the
-// request was denied due to an explicit deny or due to the absence of an explicit
-// allow. For more information, see Determining Whether a Request is Allowed or
-// Denied
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow)
-// in the IAM User Guide.
-//
-// * The principal who made the request.
-//
-// * The requested
-// action.
-//
-// * The requested resource.
-//
-// * The values of condition keys in the
-// context of the user's request.
+// IAM policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
+// to request the DecodeAuthorizationMessage ( sts:DecodeAuthorizationMessage )
+// action. The decoded message includes the following type of information:
+//   - Whether the request was denied due to an explicit deny or due to the
+//     absence of an explicit allow. For more information, see Determining Whether a
+//     Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow)
+//     in the IAM User Guide.
+//   - The principal who made the request.
+//   - The requested action.
+//   - The requested resource.
+//   - The values of condition keys in the context of the user's request.
 func (c *Client) DecodeAuthorizationMessage(ctx context.Context, params *DecodeAuthorizationMessageInput, optFns ...func(*Options)) (*DecodeAuthorizationMessageOutput, error) {
 	if params == nil {
 		params = &DecodeAuthorizationMessageInput{}
@@ -133,6 +123,9 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDecodeAuthorizationMessage(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go
index b86a425d0..f090ecf47 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go
@@ -11,21 +11,18 @@ import (
 )
 
 // Returns the account identifier for the specified access key ID. Access keys
-// consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE) and a
-// secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). For
-// more information about access keys, see Managing Access Keys for IAM Users
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
+// consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE ) and
+// a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY ).
+// For more information about access keys, see Managing Access Keys for IAM Users (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
 // in the IAM User Guide. When you pass an access key ID to this operation, it
 // returns the ID of the Amazon Web Services account to which the keys belong.
 // Access key IDs beginning with AKIA are long-term credentials for an IAM user or
 // the Amazon Web Services account root user. Access key IDs beginning with ASIA
 // are temporary credentials that are created using STS operations. If the account
 // in the response belongs to you, you can sign in as the root user and review your
-// root user access keys. Then, you can pull a credentials report
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html)
+// root user access keys. Then, you can pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html)
 // to learn which IAM user owns the keys. To learn who requested the temporary
-// credentials for an ASIA access key, view the STS events in your CloudTrail logs
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
+// credentials for an ASIA access key, view the STS events in your CloudTrail logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
 // in the IAM User Guide. This operation does not indicate the state of the access
 // key. The key might be active, inactive, or deleted. Active keys might not have
 // permissions to perform an operation. Providing a deleted access key might return
@@ -119,6 +116,9 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetAccessKeyInfo(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go
index a7f96c220..93823927b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go
@@ -12,12 +12,11 @@ import (
 
 // Returns details about the IAM user or role whose credentials are used to call
 // the operation. No permissions are required to perform this operation. If an
-// administrator adds a policy to your IAM user or role that explicitly denies
-// access to the sts:GetCallerIdentity action, you can still perform this
-// operation. Permissions are not required because the same information is returned
-// when an IAM user or role is denied access. To view an example response, see I Am
-// Not Authorized to Perform: iam:DeleteVirtualMFADevice
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
+// administrator attaches a policy to your identity that explicitly denies access
+// to the sts:GetCallerIdentity action, you can still perform this operation.
+// Permissions are not required because the same information is returned when
+// access is denied. To view an example response, see I Am Not Authorized to
+// Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
 // in the IAM User Guide.
 func (c *Client) GetCallerIdentity(ctx context.Context, params *GetCallerIdentityInput, optFns ...func(*Options)) (*GetCallerIdentityOutput, error) {
 	if params == nil {
@@ -49,10 +48,9 @@ type GetCallerIdentityOutput struct {
 	// The Amazon Web Services ARN associated with the calling entity.
 	Arn *string
 
-	// The unique identifier of the calling entity. The exact value depends on the type
-	// of entity that is making the call. The values returned are those listed in the
-	// aws:userid column in the Principal table
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable)
+	// The unique identifier of the calling entity. The exact value depends on the
+	// type of entity that is making the call. The values returned are those listed in
+	// the aws:userid column in the Principal table (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable)
 	// found on the Policy Variables reference page in the IAM User Guide.
 	UserId *string
 
@@ -110,6 +108,9 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetCallerIdentity(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go
index 8acb5acaa..ccb7366e2 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go
@@ -11,50 +11,40 @@ import (
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Returns a set of temporary security credentials (consisting of an access key ID,
-// a secret access key, and a security token) for a federated user. A typical use
-// is in a proxy application that gets temporary security credentials on behalf of
+// Returns a set of temporary security credentials (consisting of an access key
+// ID, a secret access key, and a security token) for a user. A typical use is in a
+// proxy application that gets temporary security credentials on behalf of
 // distributed applications inside a corporate network. You must call the
 // GetFederationToken operation using the long-term security credentials of an IAM
 // user. As a result, this call is appropriate in contexts where those credentials
-// can be safely stored, usually in a server-based application. For a comparison of
+// can be safeguarded, usually in a server-based application. For a comparison of
 // GetFederationToken with the other API operations that produce temporary
-// credentials, see Requesting Temporary Security Credentials
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-// and Comparing the Amazon Web Services STS API operations
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// in the IAM User Guide. Although it is possible to call GetFederationToken using
+// the security credentials of an Amazon Web Services account root user rather than
+// an IAM user that you create for the purpose of a proxy application, we do not
+// recommend it. For more information, see Safeguard your root user credentials
+// and don't use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
 // in the IAM User Guide. You can create a mobile-based or browser-based app that
 // can authenticate users using a web identity provider like Login with Amazon,
 // Facebook, Google, or an OpenID Connect-compatible identity provider. In this
 // case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/)
-// or AssumeRoleWithWebIdentity. For more information, see Federation Through a
-// Web-based Identity Provider
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
-// in the IAM User Guide. You can also call GetFederationToken using the security
-// credentials of an Amazon Web Services account root user, but we do not recommend
-// it. Instead, we recommend that you create an IAM user for the purpose of the
-// proxy application. Then attach a policy to the IAM user that limits federated
-// users to only the actions and resources that they need to access. For more
-// information, see IAM Best Practices
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) in the
-// IAM User Guide. Session duration The temporary credentials are valid for the
-// specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600
+// or AssumeRoleWithWebIdentity . For more information, see Federation Through a
+// Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
+// in the IAM User Guide. Session duration The temporary credentials are valid for
+// the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600
 // seconds (36 hours). The default session duration is 43,200 seconds (12 hours).
-// Temporary credentials obtained by using the Amazon Web Services account root
-// user credentials have a maximum duration of 3,600 seconds (1 hour). Permissions
-// You can use the temporary credentials created by GetFederationToken in any
-// Amazon Web Services service with the following exceptions:
+// Temporary credentials obtained by using the root user credentials have a maximum
+// duration of 3,600 seconds (1 hour). Permissions You can use the temporary
+// credentials created by GetFederationToken in any Amazon Web Services service
+// with the following exceptions:
+//   - You cannot call any IAM operations using the CLI or the Amazon Web Services
+//     API. This limitation does not apply to console sessions.
+//   - You cannot call any STS operations except GetCallerIdentity .
 //
-// * You cannot call
-// any IAM operations using the CLI or the Amazon Web Services API. This limitation
-// does not apply to console sessions.
-//
-// * You cannot call any STS operations except
-// GetCallerIdentity.
-//
-// You can use temporary credentials for single sign-on (SSO)
-// to the console. You must pass an inline or managed session policy
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// You can use temporary credentials for single sign-on (SSO) to the console. You
+// must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // to this operation. You can pass a single JSON policy document to use as an
 // inline session policy. You can also specify up to 10 managed policy Amazon
 // Resource Names (ARNs) to use as managed session policies. The plaintext that you
@@ -65,38 +55,33 @@ import (
 // policies and the session policies that you pass. This gives you a way to further
 // restrict the permissions for a federated user. You cannot use session policies
 // to grant more permissions than those that are defined in the permissions policy
-// of the IAM user. For more information, see Session Policies
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// of the IAM user. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // in the IAM User Guide. For information about using GetFederationToken to create
 // temporary security credentials, see GetFederationToken—Federation Through a
-// Custom Identity Broker
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken).
-// You can use the credentials to access a resource that has a resource-based
+// Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken)
+// . You can use the credentials to access a resource that has a resource-based
 // policy. If that policy specifically references the federated user session in the
 // Principal element of the policy, the session has the permissions allowed by the
 // policy. These permissions are granted in addition to the permissions granted by
 // the session policies. Tags (Optional) You can pass tag key-value pairs to your
 // session. These are called session tags. For more information about session tags,
-// see Passing Session Tags in STS
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
-// IAM User Guide. You can create a mobile-based or browser-based app that can
-// authenticate users using a web identity provider like Login with Amazon,
+// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide. You can create a mobile-based or browser-based app that
+// can authenticate users using a web identity provider like Login with Amazon,
 // Facebook, Google, or an OpenID Connect-compatible identity provider. In this
 // case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/)
-// or AssumeRoleWithWebIdentity. For more information, see Federation Through a
-// Web-based Identity Provider
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
+// or AssumeRoleWithWebIdentity . For more information, see Federation Through a
+// Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
 // in the IAM User Guide. An administrator must grant you the permissions necessary
 // to pass session tags. The administrator can also create granular permissions to
 // allow you to pass only specific session tags. For more information, see
-// Tutorial: Using Tags for Attribute-Based Access Control
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
 // in the IAM User Guide. Tag key–value pairs are not case sensitive, but case is
 // preserved. This means that you cannot have separate Department and department
-// tag keys. Assume that the user that you are federating has the
-// Department=Marketing tag and you pass the department=engineering session tag.
-// Department and department are not saved as separate tags, and the session tag
-// passed in the request takes precedence over the user tag.
+// tag keys. Assume that the user that you are federating has the Department =
+// Marketing tag and you pass the department = engineering session tag. Department
+// and department are not saved as separate tags, and the session tag passed in
+// the request takes precedence over the user tag.
 func (c *Client) GetFederationToken(ctx context.Context, params *GetFederationTokenInput, optFns ...func(*Options)) (*GetFederationTokenOutput, error) {
 	if params == nil {
 		params = &GetFederationTokenInput{}
@@ -115,26 +100,26 @@ func (c *Client) GetFederationToken(ctx context.Context, params *GetFederationTo
 type GetFederationTokenInput struct {
 
 	// The name of the federated user. The name is used as an identifier for the
-	// temporary security credentials (such as Bob). For example, you can reference the
-	// federated user name in a resource-based policy, such as in an Amazon S3 bucket
-	// policy. The regex used to validate this parameter is a string of characters
-	// consisting of upper- and lower-case alphanumeric characters with no spaces. You
-	// can also include underscores or any of the following characters: =,.@-
+	// temporary security credentials (such as Bob ). For example, you can reference
+	// the federated user name in a resource-based policy, such as in an Amazon S3
+	// bucket policy. The regex used to validate this parameter is a string of
+	// characters consisting of upper- and lower-case alphanumeric characters with no
+	// spaces. You can also include underscores or any of the following characters:
+	// =,.@-
 	//
 	// This member is required.
 	Name *string
 
-	// The duration, in seconds, that the session should last. Acceptable durations for
-	// federation sessions range from 900 seconds (15 minutes) to 129,600 seconds (36
-	// hours), with 43,200 seconds (12 hours) as the default. Sessions obtained using
-	// Amazon Web Services account root user credentials are restricted to a maximum of
-	// 3,600 seconds (one hour). If the specified duration is longer than one hour, the
-	// session obtained by using root user credentials defaults to one hour.
+	// The duration, in seconds, that the session should last. Acceptable durations
+	// for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds
+	// (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained
+	// using root user credentials are restricted to a maximum of 3,600 seconds (one
+	// hour). If the specified duration is longer than one hour, the session obtained
+	// by using root user credentials defaults to one hour.
 	DurationSeconds *int32
 
 	// An IAM policy in JSON format that you want to use as an inline session policy.
-	// You must pass an inline or managed session policy
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// to this operation. You can pass a single JSON policy document to use as an
 	// inline session policy. You can also specify up to 10 managed policy Amazon
 	// Resource Names (ARNs) to use as managed session policies. This parameter is
@@ -144,8 +129,7 @@ type GetFederationTokenInput struct {
 	// session policies that you pass. This gives you a way to further restrict the
 	// permissions for a federated user. You cannot use session policies to grant more
 	// permissions than those that are defined in the permissions policy of the IAM
-	// user. For more information, see Session Policies
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// user. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// in the IAM User Guide. The resulting credentials can be used to access a
 	// resource that has a resource-based policy. If that policy specifically
 	// references the federated user session in the Principal element of the policy,
@@ -166,24 +150,21 @@ type GetFederationTokenInput struct {
 	// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
 	// use as a managed session policy. The policies must exist in the same account as
 	// the IAM user that is requesting federated access. You must pass an inline or
-	// managed session policy
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// to this operation. You can pass a single JSON policy document to use as an
 	// inline session policy. You can also specify up to 10 managed policy Amazon
 	// Resource Names (ARNs) to use as managed session policies. The plaintext that you
 	// use for both inline and managed session policies can't exceed 2,048 characters.
 	// You can provide up to 10 managed policy ARNs. For more information about ARNs,
-	// see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
-	// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
-	// the Amazon Web Services General Reference. This parameter is optional. However,
-	// if you do not pass any session policies, then the resulting federated user
-	// session has no permissions. When you pass session policies, the session
+	// see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+	// in the Amazon Web Services General Reference. This parameter is optional.
+	// However, if you do not pass any session policies, then the resulting federated
+	// user session has no permissions. When you pass session policies, the session
 	// permissions are the intersection of the IAM user policies and the session
 	// policies that you pass. This gives you a way to further restrict the permissions
 	// for a federated user. You cannot use session policies to grant more permissions
 	// than those that are defined in the permissions policy of the IAM user. For more
-	// information, see Session Policies
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+	// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 	// in the IAM User Guide. The resulting credentials can be used to access a
 	// resource that has a resource-based policy. If that policy specifically
 	// references the federated user session in the Principal element of the policy,
@@ -192,20 +173,18 @@ type GetFederationTokenInput struct {
 	// An Amazon Web Services conversion compresses the passed inline session policy,
 	// managed policy ARNs, and session tags into a packed binary format that has a
 	// separate limit. Your request can fail for this limit even if your plaintext
-	// meets the other requirements. The PackedPolicySize response element indicates by
-	// percentage how close the policies and tags for your request are to the upper
+	// meets the other requirements. The PackedPolicySize response element indicates
+	// by percentage how close the policies and tags for your request are to the upper
 	// size limit.
 	PolicyArns []types.PolicyDescriptorType
 
 	// A list of session tags. Each session tag consists of a key name and an
 	// associated value. For more information about session tags, see Passing Session
-	// Tags in STS
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
-	// IAM User Guide. This parameter is optional. You can pass up to 50 session tags.
-	// The plaintext session tag keys can’t exceed 128 characters and the values can’t
-	// exceed 256 characters. For these and additional limits, see IAM and STS
-	// Character Limits
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+	// Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+	// in the IAM User Guide. This parameter is optional. You can pass up to 50 session
+	// tags. The plaintext session tag keys can’t exceed 128 characters and the values
+	// can’t exceed 256 characters. For these and additional limits, see IAM and STS
+	// Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
 	// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
 	// inline session policy, managed policy ARNs, and session tags into a packed
 	// binary format that has a separate limit. Your request can fail for this limit
@@ -216,9 +195,9 @@ type GetFederationTokenInput struct {
 	// you do, session tags override a user tag with the same key. Tag key–value pairs
 	// are not case sensitive, but case is preserved. This means that you cannot have
 	// separate Department and department tag keys. Assume that the role has the
-	// Department=Marketing tag and you pass the department=engineering session tag.
-	// Department and department are not saved as separate tags, and the session tag
-	// passed in the request takes precedence over the role tag.
+	// Department = Marketing tag and you pass the department = engineering session
+	// tag. Department and department are not saved as separate tags, and the session
+	// tag passed in the request takes precedence over the role tag.
 	Tags []types.Tag
 
 	noSmithyDocumentSerde
@@ -236,7 +215,7 @@ type GetFederationTokenOutput struct {
 	Credentials *types.Credentials
 
 	// Identifiers for the federated user associated with the credentials (such as
-	// arn:aws:sts::123456789012:federated-user/Bob or 123456789012:Bob). You can use
+	// arn:aws:sts::123456789012:federated-user/Bob or 123456789012:Bob ). You can use
 	// the federated user's ARN in your resource-based policies, such as an Amazon S3
 	// bucket policy.
 	FederatedUser *types.FederatedUser
@@ -304,6 +283,9 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetFederationToken(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go
index bfde51689..4dfac4c98 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go
@@ -11,59 +11,46 @@ import (
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Returns a set of temporary credentials for an Amazon Web Services account or IAM
-// user. The credentials consist of an access key ID, a secret access key, and a
-// security token. Typically, you use GetSessionToken if you want to use MFA to
+// Returns a set of temporary credentials for an Amazon Web Services account or
+// IAM user. The credentials consist of an access key ID, a secret access key, and
+// a security token. Typically, you use GetSessionToken if you want to use MFA to
 // protect programmatic calls to specific Amazon Web Services API operations like
-// Amazon EC2 StopInstances. MFA-enabled IAM users would need to call
-// GetSessionToken and submit an MFA code that is associated with their MFA device.
-// Using the temporary security credentials that are returned from the call, IAM
-// users can then make programmatic calls to API operations that require MFA
-// authentication. If you do not supply a correct MFA code, then the API returns an
-// access denied error. For a comparison of GetSessionToken with the other API
-// operations that produce temporary credentials, see Requesting Temporary Security
-// Credentials
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-// and Comparing the Amazon Web Services STS API operations
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// Amazon EC2 StopInstances . MFA-enabled IAM users must call GetSessionToken and
+// submit an MFA code that is associated with their MFA device. Using the temporary
+// security credentials that the call returns, IAM users can then make programmatic
+// calls to API operations that require MFA authentication. An incorrect MFA code
+// causes the API to return an access denied error. For a comparison of
+// GetSessionToken with the other API operations that produce temporary
+// credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
 // in the IAM User Guide. No permissions are required for users to perform this
 // operation. The purpose of the sts:GetSessionToken operation is to authenticate
 // the user using MFA. You cannot use policies to control authentication
-// operations. For more information, see Permissions for GetSessionToken
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html)
+// operations. For more information, see Permissions for GetSessionToken (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html)
 // in the IAM User Guide. Session Duration The GetSessionToken operation must be
-// called by using the long-term Amazon Web Services security credentials of the
-// Amazon Web Services account root user or an IAM user. Credentials that are
-// created by IAM users are valid for the duration that you specify. This duration
-// can range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
-// hours), with a default of 43,200 seconds (12 hours). Credentials based on
-// account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds
-// (1 hour), with a default of 1 hour. Permissions The temporary security
-// credentials created by GetSessionToken can be used to make API calls to any
-// Amazon Web Services service with the following exceptions:
+// called by using the long-term Amazon Web Services security credentials of an IAM
+// user. Credentials that are created by IAM users are valid for the duration that
+// you specify. This duration can range from 900 seconds (15 minutes) up to a
+// maximum of 129,600 seconds (36 hours), with a default of 43,200 seconds (12
+// hours). Credentials based on account credentials can range from 900 seconds (15
+// minutes) up to 3,600 seconds (1 hour), with a default of 1 hour. Permissions The
+// temporary security credentials created by GetSessionToken can be used to make
+// API calls to any Amazon Web Services service with the following exceptions:
+//   - You cannot call any IAM API operations unless MFA authentication
+//     information is included in the request.
+//   - You cannot call any STS API except AssumeRole or GetCallerIdentity .
 //
-// * You cannot call
-// any IAM API operations unless MFA authentication information is included in the
-// request.
-//
-// * You cannot call any STS API except AssumeRole or
-// GetCallerIdentity.
-//
-// We recommend that you do not call GetSessionToken with
-// Amazon Web Services account root user credentials. Instead, follow our best
-// practices
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users)
-// by creating one or more IAM users, giving them the necessary permissions, and
-// using IAM users for everyday interaction with Amazon Web Services. The
-// credentials that are returned by GetSessionToken are based on permissions
-// associated with the user whose credentials were used to call the operation. If
-// GetSessionToken is called using Amazon Web Services account root user
-// credentials, the temporary credentials have root user permissions. Similarly, if
-// GetSessionToken is called using the credentials of an IAM user, the temporary
-// credentials have the same permissions as the IAM user. For more information
-// about using GetSessionToken to create temporary credentials, go to Temporary
-// Credentials for Users in Untrusted Environments
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
+// The credentials that GetSessionToken returns are based on permissions
+// associated with the IAM user whose credentials were used to call the operation.
+// The temporary credentials have the same permissions as the IAM user. Although it
+// is possible to call GetSessionToken using the security credentials of an Amazon
+// Web Services account root user rather than an IAM user, we do not recommend it.
+// If GetSessionToken is called using root user credentials, the temporary
+// credentials have root user permissions. For more information, see Safeguard
+// your root user credentials and don't use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
+// in the IAM User Guide For more information about using GetSessionToken to
+// create temporary credentials, see Temporary Credentials for Users in Untrusted
+// Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
 // in the IAM User Guide.
 func (c *Client) GetSessionToken(ctx context.Context, params *GetSessionTokenInput, optFns ...func(*Options)) (*GetSessionTokenOutput, error) {
 	if params == nil {
@@ -90,25 +77,25 @@ type GetSessionTokenInput struct {
 	// Services account owners defaults to one hour.
 	DurationSeconds *int32
 
-	// The identification number of the MFA device that is associated with the IAM user
-	// who is making the GetSessionToken call. Specify this value if the IAM user has a
-	// policy that requires MFA authentication. The value is either the serial number
-	// for a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN)
-	// for a virtual device (such as arn:aws:iam::123456789012:mfa/user). You can find
-	// the device for an IAM user by going to the Amazon Web Services Management
-	// Console and viewing the user's security credentials. The regex used to validate
-	// this parameter is a string of characters consisting of upper- and lower-case
-	// alphanumeric characters with no spaces. You can also include underscores or any
-	// of the following characters: =,.@:/-
+	// The identification number of the MFA device that is associated with the IAM
+	// user who is making the GetSessionToken call. Specify this value if the IAM user
+	// has a policy that requires MFA authentication. The value is either the serial
+	// number for a hardware device (such as GAHT12345678 ) or an Amazon Resource Name
+	// (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user ). You
+	// can find the device for an IAM user by going to the Amazon Web Services
+	// Management Console and viewing the user's security credentials. The regex used
+	// to validate this parameter is a string of characters consisting of upper- and
+	// lower-case alphanumeric characters with no spaces. You can also include
+	// underscores or any of the following characters: =,.@:/-
 	SerialNumber *string
 
-	// The value provided by the MFA device, if MFA is required. If any policy requires
-	// the IAM user to submit an MFA code, specify this value. If MFA authentication is
-	// required, the user must provide a code when requesting a set of temporary
-	// security credentials. A user who fails to provide the code receives an "access
-	// denied" response when requesting resources that require MFA authentication. The
-	// format for this parameter, as described by its regex pattern, is a sequence of
-	// six numeric digits.
+	// The value provided by the MFA device, if MFA is required. If any policy
+	// requires the IAM user to submit an MFA code, specify this value. If MFA
+	// authentication is required, the user must provide a code when requesting a set
+	// of temporary security credentials. A user who fails to provide the code receives
+	// an "access denied" response when requesting resources that require MFA
+	// authentication. The format for this parameter, as described by its regex
+	// pattern, is a sequence of six numeric digits.
 	TokenCode *string
 
 	noSmithyDocumentSerde
@@ -179,6 +166,9 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack,
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetSessionToken(options.Region), middleware.Before); err != nil {
 		return err
 	}
+	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+		return err
+	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/doc.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/doc.go
index 7cabbb97e..d963fd8d1 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/doc.go
@@ -4,9 +4,8 @@
 // Security Token Service.
 //
 // Security Token Service Security Token Service (STS) enables you to request
-// temporary, limited-privilege credentials for Identity and Access Management
-// (IAM) users or for users that you authenticate (federated users). This guide
-// provides descriptions of the STS API. For more information about using this
-// service, see Temporary Security Credentials
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
+// temporary, limited-privilege credentials for users. This guide provides
+// descriptions of the STS API. For more information about using this service, see
+// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
+// .
 package sts
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
index 50e7650db..d6a59e44f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
@@ -3,4 +3,4 @@
 package sts
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.18.7"
+const goModuleVersion = "1.19.0"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go
index 1f99a0209..93ae947dd 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go
@@ -89,6 +89,7 @@ var partitionRegexp = struct {
 	AwsCn    *regexp.Regexp
 	AwsIso   *regexp.Regexp
 	AwsIsoB  *regexp.Regexp
+	AwsIsoE  *regexp.Regexp
 	AwsUsGov *regexp.Regexp
 }{
 
@@ -96,6 +97,7 @@ var partitionRegexp = struct {
 	AwsCn:    regexp.MustCompile("^cn\\-\\w+\\-\\d+$"),
 	AwsIso:   regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"),
 	AwsIsoB:  regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"),
+	AwsIsoE:  regexp.MustCompile("^eu\\-isoe\\-\\w+\\-\\d+$"),
 	AwsUsGov: regexp.MustCompile("^us\\-gov\\-\\w+\\-\\d+$"),
 }
 
@@ -384,6 +386,27 @@ var defaultPartitions = endpoints.Partitions{
 			}: endpoints.Endpoint{},
 		},
 	},
+	{
+		ID: "aws-iso-e",
+		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
+			{
+				Variant: endpoints.FIPSVariant,
+			}: {
+				Hostname:          "sts-fips.{region}.cloud.adc-e.uk",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+			{
+				Variant: 0,
+			}: {
+				Hostname:          "sts.{region}.cloud.adc-e.uk",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+		},
+		RegionRegex:    partitionRegexp.AwsIsoE,
+		IsRegionalized: true,
+	},
 	{
 		ID: "aws-us-gov",
 		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/errors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/errors.go
index 9e3adaa9a..097875b27 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/errors.go
@@ -183,12 +183,10 @@ func (e *MalformedPolicyDocumentException) ErrorFault() smithy.ErrorFault { retu
 // compresses the session policy document, session policy ARNs, and session tags
 // into a packed binary format that has a separate limit. The error message
 // indicates by percentage how close the policies and tags are to the upper size
-// limit. For more information, see Passing Session Tags in STS
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
-// IAM User Guide. You could receive this error even though you meet other defined
-// session policy and session tag limits. For more information, see IAM and STS
-// Entity Character Limits
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
+// limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide. You could receive this error even though you meet other
+// defined session policy and session tag limits. For more information, see IAM
+// and STS Entity Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
 // in the IAM User Guide.
 type PackedPolicyTooLargeException struct {
 	Message *string
@@ -215,11 +213,10 @@ func (e *PackedPolicyTooLargeException) ErrorCode() string {
 }
 func (e *PackedPolicyTooLargeException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
-// STS is not activated in the requested region for the account that is being asked
-// to generate credentials. The account administrator must use the IAM console to
-// activate STS in that region. For more information, see Activating and
-// Deactivating Amazon Web Services STS in an Amazon Web Services Region
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// STS is not activated in the requested region for the account that is being
+// asked to generate credentials. The account administrator must use the IAM
+// console to activate STS in that region. For more information, see Activating
+// and Deactivating Amazon Web Services STS in an Amazon Web Services Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 // in the IAM User Guide.
 type RegionDisabledException struct {
 	Message *string
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/types.go
index 86e509905..90d4f62ae 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/types.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/types.go
@@ -13,9 +13,8 @@ type AssumedRoleUser struct {
 
 	// The ARN of the temporary security credentials that are returned from the
 	// AssumeRole action. For more information about ARNs and how to use them in
-	// policies, see IAM Identifiers
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in
-	// the IAM User Guide.
+	// policies, see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
+	// in the IAM User Guide.
 	//
 	// This member is required.
 	Arn *string
@@ -62,9 +61,8 @@ type FederatedUser struct {
 
 	// The ARN that specifies the federated user that is associated with the
 	// credentials. For more information about ARNs and how to use them in policies,
-	// see IAM Identifiers
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in
-	// the IAM User Guide.
+	// see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
+	// in the IAM User Guide.
 	//
 	// This member is required.
 	Arn *string
@@ -84,26 +82,23 @@ type PolicyDescriptorType struct {
 
 	// The Amazon Resource Name (ARN) of the IAM managed policy to use as a session
 	// policy for the role. For more information about ARNs, see Amazon Resource Names
-	// (ARNs) and Amazon Web Services Service Namespaces
-	// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
-	// the Amazon Web Services General Reference.
+	// (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+	// in the Amazon Web Services General Reference.
 	Arn *string
 
 	noSmithyDocumentSerde
 }
 
-// You can pass custom key-value pair attributes when you assume a role or federate
-// a user. These are called session tags. You can then use the session tags to
-// control access to resources. For more information, see Tagging Amazon Web
-// Services STS Sessions
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the
-// IAM User Guide.
+// You can pass custom key-value pair attributes when you assume a role or
+// federate a user. These are called session tags. You can then use the session
+// tags to control access to resources. For more information, see Tagging Amazon
+// Web Services STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
 type Tag struct {
 
 	// The key for a session tag. You can pass up to 50 session tags. The plain text
 	// session tag keys can’t exceed 128 characters. For these and additional limits,
-	// see IAM and STS Character Limits
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+	// see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
 	// in the IAM User Guide.
 	//
 	// This member is required.
@@ -111,8 +106,7 @@ type Tag struct {
 
 	// The value for a session tag. You can pass up to 50 session tags. The plain text
 	// session tag values can’t exceed 256 characters. For these and additional limits,
-	// see IAM and STS Character Limits
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+	// see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
 	// in the IAM User Guide.
 	//
 	// This member is required.
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/config.go b/vendor/github.com/aws/aws-sdk-go/aws/config.go
index 776e31b21..e325867e7 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/config.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/config.go
@@ -252,19 +252,8 @@ type Config struct {
 	// and specify a Retryer instead.
 	SleepDelay func(time.Duration)
 
-	// DisableRestProtocolURICleaning will not clean the URL path when making rest protocol requests.
-	// Will default to false. This would only be used for empty directory names in s3 requests.
-	//
-	// Example:
-	//    sess := session.Must(session.NewSession(&aws.Config{
-	//         DisableRestProtocolURICleaning: aws.Bool(true),
-	//    }))
-	//
-	//    svc := s3.New(sess)
-	//    out, err := svc.GetObject(&s3.GetObjectInput {
-	//    	Bucket: aws.String("bucketname"),
-	//    	Key: aws.String("//foo//bar//moo"),
-	//    })
+	// Deprecated: This setting no longer has any effect.
+	// RESTful paths are no longer cleaned after request serialization.
 	DisableRestProtocolURICleaning *bool
 
 	// EnableEndpointDiscovery will allow for endpoint discovery on operations that
@@ -497,8 +486,8 @@ func (c *Config) WithLowerCaseHeaderMaps(t bool) *Config {
 	return c
 }
 
-// WithDisableRestProtocolURICleaning sets a config DisableRestProtocolURICleaning value
-// returning a Config pointer for chaining.
+// Deprecated: This setting no longer has any effect.
+// RESTful paths are no longer cleaned after request serialization.
 func (c *Config) WithDisableRestProtocolURICleaning(t bool) *Config {
 	c.DisableRestProtocolURICleaning = &t
 	return c
@@ -611,7 +600,7 @@ func mergeInConfig(dst *Config, other *Config) {
 	if other.DisableRestProtocolURICleaning != nil {
 		dst.DisableRestProtocolURICleaning = other.DisableRestProtocolURICleaning
 	}
-
+	
 	if other.EnforceShouldRetryCheck != nil {
 		dst.EnforceShouldRetryCheck = other.EnforceShouldRetryCheck
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
index 85443fbc7..9f8b5b4ac 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
@@ -13,6 +13,7 @@ const (
 	AwsUsGovPartitionID = "aws-us-gov" // AWS GovCloud (US) partition.
 	AwsIsoPartitionID   = "aws-iso"    // AWS ISO (US) partition.
 	AwsIsoBPartitionID  = "aws-iso-b"  // AWS ISOB (US) partition.
+	AwsIsoEPartitionID  = "aws-iso-e"  // AWS ISOE (Europe) partition.
 )
 
 // AWS Standard partition's regions.
@@ -69,8 +70,11 @@ const (
 	UsIsobEast1RegionID = "us-isob-east-1" // US ISOB East (Ohio).
 )
 
+// AWS ISOE (Europe) partition's regions.
+const ()
+
 // DefaultResolver returns an Endpoint resolver that will be able
-// to resolve endpoints for: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), and AWS ISOB (US).
+// to resolve endpoints for: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), AWS ISOB (US), and AWS ISOE (Europe).
 //
 // Use DefaultPartitions() to get the list of the default partitions.
 func DefaultResolver() Resolver {
@@ -78,7 +82,7 @@ func DefaultResolver() Resolver {
 }
 
 // DefaultPartitions returns a list of the partitions the SDK is bundled
-// with. The available partitions are: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), and AWS ISOB (US).
+// with. The available partitions are: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), AWS ISOB (US), and AWS ISOE (Europe).
 //
 //    partitions := endpoints.DefaultPartitions
 //    for _, p := range partitions {
@@ -94,6 +98,7 @@ var defaultPartitions = partitions{
 	awsusgovPartition,
 	awsisoPartition,
 	awsisobPartition,
+	awsisoePartition,
 }
 
 // AwsPartition returns the Resolver for AWS Standard.
@@ -604,6 +609,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-3",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
@@ -865,6 +873,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "eu-north-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{},
@@ -920,6 +931,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "eu-north-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{},
@@ -1846,6 +1860,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-1",
 				}: endpoint{},
@@ -2062,6 +2079,9 @@ var awsPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "me-south-1",
 				}: endpoint{},
@@ -3172,6 +3192,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-1",
 				}: endpoint{},
@@ -3187,12 +3210,18 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "eu-central-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-north-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{},
@@ -3202,6 +3231,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "eu-west-3",
 				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "me-south-1",
 				}: endpoint{},
@@ -3229,43 +3261,6 @@ var awsPartition = partition{
 				},
 			},
 			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "ap-northeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-central-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-north-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "eu-west-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-1",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-east-2",
-				}: endpoint{},
-				endpointKey{
-					Region: "us-west-2",
-				}: endpoint{},
-			},
-		},
-		"arc-zonal-shift": service{
-			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{},
 				endpointKey{
 					Region: "ap-northeast-1",
 				}: endpoint{},
@@ -3281,9 +3276,6 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-2",
 				}: endpoint{},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{},
 				endpointKey{
 					Region: "eu-central-1",
 				}: endpoint{},
@@ -3313,6 +3305,91 @@ var awsPartition = partition{
 				}: endpoint{},
 			},
 		},
+		"arc-zonal-shift": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
 		"athena": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -3528,6 +3605,12 @@ var awsPartition = partition{
 				}: endpoint{
 					Hostname: "athena-fips.us-east-1.amazonaws.com",
 				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "athena-fips.us-east-1.api.aws",
+				},
 				endpointKey{
 					Region: "us-east-2",
 				}: endpoint{},
@@ -3543,6 +3626,12 @@ var awsPartition = partition{
 				}: endpoint{
 					Hostname: "athena-fips.us-east-2.amazonaws.com",
 				},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "athena-fips.us-east-2.api.aws",
+				},
 				endpointKey{
 					Region: "us-west-1",
 				}: endpoint{},
@@ -3558,6 +3647,12 @@ var awsPartition = partition{
 				}: endpoint{
 					Hostname: "athena-fips.us-west-1.amazonaws.com",
 				},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "athena-fips.us-west-1.api.aws",
+				},
 				endpointKey{
 					Region: "us-west-2",
 				}: endpoint{},
@@ -3573,6 +3668,12 @@ var awsPartition = partition{
 				}: endpoint{
 					Hostname: "athena-fips.us-west-2.amazonaws.com",
 				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "athena-fips.us-west-2.api.aws",
+				},
 			},
 		},
 		"auditmanager": service{
@@ -3800,6 +3901,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-1",
 				}: endpoint{},
@@ -3809,18 +3913,27 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-3",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-central-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-north-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{},
@@ -3964,6 +4077,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-1",
 				}: endpoint{},
@@ -3979,12 +4095,18 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "eu-central-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-north-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{},
@@ -6680,12 +6802,42 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "eu-west-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "connect-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "connect-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
 				endpointKey{
 					Region: "us-east-1",
 				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "connect-fips.us-east-1.amazonaws.com",
+				},
 				endpointKey{
 					Region: "us-west-2",
 				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "connect-fips.us-west-2.amazonaws.com",
+				},
 			},
 		},
 		"connect-campaigns": service{
@@ -6767,12 +6919,21 @@ var awsPartition = partition{
 		},
 		"controltower": service{
 			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-northeast-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "ap-northeast-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
@@ -6782,6 +6943,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
@@ -6806,6 +6970,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "eu-north-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{},
@@ -6815,6 +6982,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "eu-west-3",
 				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "sa-east-1",
 				}: endpoint{},
@@ -6854,6 +7024,24 @@ var awsPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "controltower-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1-fips",
+				}: endpoint{
+					Hostname: "controltower-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
 				endpointKey{
 					Region: "us-west-2",
 				}: endpoint{},
@@ -7598,6 +7786,12 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "devops-guru-fips.ca-central-1.amazonaws.com",
+				},
 				endpointKey{
 					Region: "eu-central-1",
 				}: endpoint{},
@@ -7613,6 +7807,15 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "eu-west-3",
 				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "devops-guru-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
 				endpointKey{
 					Region: "fips-us-east-1",
 				}: endpoint{
@@ -7631,6 +7834,15 @@ var awsPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "devops-guru-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
 				endpointKey{
 					Region: "fips-us-west-2",
 				}: endpoint{
@@ -7664,6 +7876,12 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "us-west-1",
 				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "devops-guru-fips.us-west-1.amazonaws.com",
+				},
 				endpointKey{
 					Region: "us-west-2",
 				}: endpoint{},
@@ -8317,6 +8535,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-3",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
@@ -9676,6 +9897,15 @@ var awsPartition = partition{
 				}: endpoint{
 					Hostname: "elasticfilesystem-fips.ap-southeast-3.amazonaws.com",
 				},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
+				endpointKey{
+					Region:  "ap-southeast-4",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-southeast-4.amazonaws.com",
+				},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
@@ -9847,6 +10077,15 @@ var awsPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "fips-ap-southeast-4",
+				}: endpoint{
+					Hostname: "elasticfilesystem-fips.ap-southeast-4.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-4",
+					},
+					Deprecated: boxedTrue,
+				},
 				endpointKey{
 					Region: "fips-ca-central-1",
 				}: endpoint{
@@ -10504,6 +10743,9 @@ var awsPartition = partition{
 		},
 		"emr-containers": service{
 			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-northeast-1",
 				}: endpoint{},
@@ -10588,6 +10830,9 @@ var awsPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "sa-east-1",
 				}: endpoint{},
@@ -10631,6 +10876,9 @@ var awsPartition = partition{
 		},
 		"emr-serverless": service{
 			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-northeast-1",
 				}: endpoint{},
@@ -10715,6 +10963,9 @@ var awsPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "sa-east-1",
 				}: endpoint{},
@@ -11356,6 +11607,9 @@ var awsPartition = partition{
 				}: endpoint{
 					Hostname: "fms-fips.ap-south-1.amazonaws.com",
 				},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-1",
 				}: endpoint{},
@@ -11395,6 +11649,9 @@ var awsPartition = partition{
 				}: endpoint{
 					Hostname: "fms-fips.eu-central-1.amazonaws.com",
 				},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-north-1",
 				}: endpoint{},
@@ -11407,6 +11664,9 @@ var awsPartition = partition{
 				}: endpoint{
 					Hostname: "fms-fips.eu-south-1.amazonaws.com",
 				},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{},
@@ -11864,6 +12124,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-1",
 				}: endpoint{},
@@ -11885,12 +12148,18 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "eu-central-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-north-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{},
@@ -12432,12 +12701,18 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "eu-central-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-north-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{},
@@ -12843,6 +13118,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-3",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
@@ -13489,21 +13767,11 @@ var awsPartition = partition{
 				}: endpoint{
 					Hostname: "internetmonitor.ap-northeast-2.api.aws",
 				},
-				endpointKey{
-					Region: "ap-northeast-3",
-				}: endpoint{
-					Hostname: "internetmonitor.ap-northeast-3.api.aws",
-				},
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{
 					Hostname: "internetmonitor.ap-south-1.api.aws",
 				},
-				endpointKey{
-					Region: "ap-south-2",
-				}: endpoint{
-					Hostname: "internetmonitor.ap-south-2.api.aws",
-				},
 				endpointKey{
 					Region: "ap-southeast-1",
 				}: endpoint{
@@ -13514,16 +13782,6 @@ var awsPartition = partition{
 				}: endpoint{
 					Hostname: "internetmonitor.ap-southeast-2.api.aws",
 				},
-				endpointKey{
-					Region: "ap-southeast-3",
-				}: endpoint{
-					Hostname: "internetmonitor.ap-southeast-3.api.aws",
-				},
-				endpointKey{
-					Region: "ap-southeast-4",
-				}: endpoint{
-					Hostname: "internetmonitor.ap-southeast-4.api.aws",
-				},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{
@@ -13534,11 +13792,6 @@ var awsPartition = partition{
 				}: endpoint{
 					Hostname: "internetmonitor.eu-central-1.api.aws",
 				},
-				endpointKey{
-					Region: "eu-central-2",
-				}: endpoint{
-					Hostname: "internetmonitor.eu-central-2.api.aws",
-				},
 				endpointKey{
 					Region: "eu-north-1",
 				}: endpoint{
@@ -13549,11 +13802,6 @@ var awsPartition = partition{
 				}: endpoint{
 					Hostname: "internetmonitor.eu-south-1.api.aws",
 				},
-				endpointKey{
-					Region: "eu-south-2",
-				}: endpoint{
-					Hostname: "internetmonitor.eu-south-2.api.aws",
-				},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{
@@ -13569,11 +13817,6 @@ var awsPartition = partition{
 				}: endpoint{
 					Hostname: "internetmonitor.eu-west-3.api.aws",
 				},
-				endpointKey{
-					Region: "me-central-1",
-				}: endpoint{
-					Hostname: "internetmonitor.me-central-1.api.aws",
-				},
 				endpointKey{
 					Region: "me-south-1",
 				}: endpoint{
@@ -14527,6 +14770,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-1",
 				}: endpoint{},
@@ -14539,15 +14785,27 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kafka-fips.ca-central-1.amazonaws.com",
+				},
 				endpointKey{
 					Region: "eu-central-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-north-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{},
@@ -14557,6 +14815,51 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "eu-west-3",
 				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "kafka-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "kafka-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "kafka-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "kafka-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "kafka-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
 				endpointKey{
 					Region: "me-central-1",
 				}: endpoint{},
@@ -14569,15 +14872,39 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "us-east-1",
 				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kafka-fips.us-east-1.amazonaws.com",
+				},
 				endpointKey{
 					Region: "us-east-2",
 				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kafka-fips.us-east-2.amazonaws.com",
+				},
 				endpointKey{
 					Region: "us-west-1",
 				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kafka-fips.us-west-1.amazonaws.com",
+				},
 				endpointKey{
 					Region: "us-west-2",
 				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kafka-fips.us-west-2.amazonaws.com",
+				},
 			},
 		},
 		"kafkaconnect": service{
@@ -15013,6 +15340,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-1",
 				}: endpoint{},
@@ -15022,18 +15352,27 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-3",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-central-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-north-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{},
@@ -15489,6 +15828,14 @@ var awsPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "il-central-1-fips",
+				}: endpoint{
+					Hostname: "kms-fips.il-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "il-central-1",
+					},
+				},
 				endpointKey{
 					Region: "me-central-1",
 				}: endpoint{},
@@ -15652,12 +15999,18 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "eu-central-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-north-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{},
@@ -16189,6 +16542,12 @@ var awsPartition = partition{
 		},
 		"license-manager-linux-subscriptions": service{
 			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-northeast-1",
 				}: endpoint{},
@@ -16201,21 +16560,39 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-central-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-north-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{},
@@ -16261,6 +16638,12 @@ var awsPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "sa-east-1",
 				}: endpoint{},
@@ -17691,6 +18074,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-1",
 				}: endpoint{},
@@ -17700,6 +18086,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-3",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
@@ -18242,6 +18631,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-1",
 				}: endpoint{},
@@ -18251,18 +18643,27 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-3",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-central-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-north-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{},
@@ -18965,6 +19366,94 @@ var awsPartition = partition{
 				},
 			},
 		},
+		"omics": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{
+					Hostname: "omics.ap-southeast-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-southeast-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{
+					Hostname: "omics.eu-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-central-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{
+					Hostname: "omics.eu-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-1",
+					},
+				},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{
+					Hostname: "omics.eu-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "eu-west-2",
+					},
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "omics-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "omics-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{
+					Hostname: "omics.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "omics-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{
+					Hostname: "omics.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "omics-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
+			},
+		},
 		"opsworks": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -19077,6 +19566,40 @@ var awsPartition = partition{
 				},
 			},
 		},
+		"osis": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+			},
+		},
 		"outposts": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -19634,6 +20157,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-northeast-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
@@ -19941,18 +20467,63 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
+				endpointKey{
+					Region:  "ca-central-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "profile-fips.ca-central-1.amazonaws.com",
+				},
 				endpointKey{
 					Region: "eu-central-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "fips-ca-central-1",
+				}: endpoint{
+					Hostname: "profile-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "profile-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "profile-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
 				endpointKey{
 					Region: "us-east-1",
 				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "profile-fips.us-east-1.amazonaws.com",
+				},
 				endpointKey{
 					Region: "us-west-2",
 				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "profile-fips.us-west-2.amazonaws.com",
+				},
 			},
 		},
 		"projects.iot1click": service{
@@ -21426,16 +21997,6 @@ var awsPartition = partition{
 				},
 			},
 			Endpoints: serviceEndpoints{
-				endpointKey{
-					Region: "af-south-1",
-				}: endpoint{
-					Hostname: "resource-explorer-2.af-south-1.api.aws",
-				},
-				endpointKey{
-					Region: "ap-east-1",
-				}: endpoint{
-					Hostname: "resource-explorer-2.ap-east-1.api.aws",
-				},
 				endpointKey{
 					Region: "ap-northeast-1",
 				}: endpoint{
@@ -21854,6 +22415,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-southeast-1",
 				}: endpoint{},
@@ -21863,6 +22427,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-3",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-4",
+				}: endpoint{},
 				endpointKey{
 					Region: "ca-central-1",
 				}: endpoint{},
@@ -21878,6 +22445,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "eu-south-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-2",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{},
@@ -24739,6 +25309,130 @@ var awsPartition = partition{
 				},
 			},
 		},
+		"signer": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "af-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "ap-southeast-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-central-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
+				endpointKey{
+					Region: "fips-us-east-1",
+				}: endpoint{
+					Hostname: "signer-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-east-2",
+				}: endpoint{
+					Hostname: "signer-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-1",
+				}: endpoint{
+					Hostname: "signer-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "fips-us-west-2",
+				}: endpoint{
+					Hostname: "signer-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "me-south-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "sa-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "signer-fips.us-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-east-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-east-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "signer-fips.us-east-2.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "signer-fips.us-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-west-2",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-west-2",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "signer-fips.us-west-2.amazonaws.com",
+				},
+			},
+		},
 		"simspaceweaver": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -25230,6 +25924,9 @@ var awsPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "me-central-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "sa-east-1",
 				}: endpoint{},
@@ -28394,6 +29091,14 @@ var awsPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "fips-il-central-1",
+				}: endpoint{
+					Hostname: "waf-regional-fips.il-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "il-central-1",
+					},
+				},
 				endpointKey{
 					Region: "fips-me-central-1",
 				}: endpoint{
@@ -29100,6 +29805,14 @@ var awsPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "fips-il-central-1",
+				}: endpoint{
+					Hostname: "wafv2-fips.il-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "il-central-1",
+					},
+				},
 				endpointKey{
 					Region: "fips-me-central-1",
 				}: endpoint{
@@ -29816,6 +30529,16 @@ var awscnPartition = partition{
 				}: endpoint{},
 			},
 		},
+		"airflow": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
 		"api.ecr": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -30194,7 +30917,10 @@ var awscnPartition = partition{
 			Endpoints: serviceEndpoints{
 				endpointKey{
 					Region: "cn-north-1",
-				}: endpoint{},
+				}: endpoint{
+					Hostname:  "data.ats.iot.cn-north-1.amazonaws.com.cn",
+					Protocols: []string{"https"},
+				},
 				endpointKey{
 					Region: "cn-northwest-1",
 				}: endpoint{},
@@ -30457,6 +31183,16 @@ var awscnPartition = partition{
 				}: endpoint{},
 			},
 		},
+		"emr-serverless": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
 		"es": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -30821,6 +31557,16 @@ var awscnPartition = partition{
 				}: endpoint{},
 			},
 		},
+		"license-manager-linux-subscriptions": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
 		"logs": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -31258,6 +32004,16 @@ var awscnPartition = partition{
 				}: endpoint{},
 			},
 		},
+		"signer": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "cn-north-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "cn-northwest-1",
+				}: endpoint{},
+			},
+		},
 		"sms": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -32152,13 +32908,45 @@ var awsusgovPartition = partition{
 				endpointKey{
 					Region: "us-gov-east-1",
 				}: endpoint{
+					Hostname:  "application-autoscaling.us-gov-east-1.amazonaws.com",
 					Protocols: []string{"http", "https"},
 				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "application-autoscaling.us-gov-east-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname:  "application-autoscaling.us-gov-east-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+
+					Deprecated: boxedTrue,
+				},
 				endpointKey{
 					Region: "us-gov-west-1",
 				}: endpoint{
+					Hostname:  "application-autoscaling.us-gov-west-1.amazonaws.com",
 					Protocols: []string{"http", "https"},
 				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname:  "application-autoscaling.us-gov-west-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname:  "application-autoscaling.us-gov-west-1.amazonaws.com",
+					Protocols: []string{"http", "https"},
+
+					Deprecated: boxedTrue,
+				},
 			},
 		},
 		"applicationinsights": service{
@@ -32273,6 +33061,12 @@ var awsusgovPartition = partition{
 				}: endpoint{
 					Hostname: "athena-fips.us-gov-east-1.amazonaws.com",
 				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "athena-fips.us-gov-east-1.api.aws",
+				},
 				endpointKey{
 					Region: "us-gov-west-1",
 				}: endpoint{},
@@ -32288,6 +33082,12 @@ var awsusgovPartition = partition{
 				}: endpoint{
 					Hostname: "athena-fips.us-gov-west-1.amazonaws.com",
 				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant | dualStackVariant,
+				}: endpoint{
+					Hostname: "athena-fips.us-gov-west-1.api.aws",
+				},
 			},
 		},
 		"autoscaling": service{
@@ -32785,6 +33585,9 @@ var awsusgovPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "us-gov-west-1",
 				}: endpoint{},
@@ -32959,9 +33762,24 @@ var awsusgovPartition = partition{
 		},
 		"connect": service{
 			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-gov-west-1",
+				}: endpoint{
+					Hostname: "connect.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
 				endpointKey{
 					Region: "us-gov-west-1",
 				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "connect.us-gov-west-1.amazonaws.com",
+				},
 			},
 		},
 		"controltower": service{
@@ -34673,10 +35491,56 @@ var awsusgovPartition = partition{
 			Endpoints: serviceEndpoints{
 				endpointKey{
 					Region: "us-gov-east-1",
-				}: endpoint{},
+				}: endpoint{
+					Hostname: "kafka.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kafka.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "kafka.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
 				endpointKey{
 					Region: "us-gov-west-1",
-				}: endpoint{},
+				}: endpoint{
+					Hostname: "kafka.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "kafka.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "kafka.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+					Deprecated: boxedTrue,
+				},
 			},
 		},
 		"kendra": service{
@@ -35869,9 +36733,35 @@ var awsusgovPartition = partition{
 				endpointKey{
 					Region: "us-gov-east-1",
 				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "route53resolver.us-gov-east-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-east-1-fips",
+				}: endpoint{
+					Hostname: "route53resolver.us-gov-east-1.amazonaws.com",
+
+					Deprecated: boxedTrue,
+				},
 				endpointKey{
 					Region: "us-gov-west-1",
 				}: endpoint{},
+				endpointKey{
+					Region:  "us-gov-west-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "route53resolver.us-gov-west-1.amazonaws.com",
+				},
+				endpointKey{
+					Region: "us-gov-west-1-fips",
+				}: endpoint{
+					Hostname: "route53resolver.us-gov-west-1.amazonaws.com",
+
+					Deprecated: boxedTrue,
+				},
 			},
 		},
 		"runtime.lex": service{
@@ -36632,14 +37522,14 @@ var awsusgovPartition = partition{
 				endpointKey{
 					Region: "us-gov-west-1",
 				}: endpoint{
-					Protocols: []string{"http", "https"},
+					Protocols: []string{"https"},
 				},
 				endpointKey{
 					Region:  "us-gov-west-1",
 					Variant: fipsVariant,
 				}: endpoint{
 					Hostname:  "sns.us-gov-west-1.amazonaws.com",
-					Protocols: []string{"http", "https"},
+					Protocols: []string{"https"},
 				},
 			},
 		},
@@ -37380,6 +38270,9 @@ var awsusgovPartition = partition{
 					},
 					Deprecated: boxedTrue,
 				},
+				endpointKey{
+					Region: "us-gov-east-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "us-gov-west-1",
 				}: endpoint{},
@@ -37542,6 +38435,13 @@ var awsisoPartition = partition{
 				}: endpoint{},
 			},
 		},
+		"athena": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+			},
+		},
 		"autoscaling": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -37554,6 +38454,16 @@ var awsisoPartition = partition{
 				}: endpoint{},
 			},
 		},
+		"cloudcontrolapi": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
+			},
+		},
 		"cloudformation": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -37977,6 +38887,9 @@ var awsisoPartition = partition{
 				endpointKey{
 					Region: "us-iso-east-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "us-iso-west-1",
+				}: endpoint{},
 			},
 		},
 		"logs": service{
@@ -38037,6 +38950,28 @@ var awsisoPartition = partition{
 				}: endpoint{},
 			},
 		},
+		"rbin": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-iso-east-1",
+				}: endpoint{
+					Hostname: "rbin-fips.us-iso-east-1.c2s.ic.gov",
+					CredentialScope: credentialScope{
+						Region: "us-iso-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-iso-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-iso-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rbin-fips.us-iso-east-1.c2s.ic.gov",
+				},
+			},
+		},
 		"rds": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -38698,6 +39633,28 @@ var awsisobPartition = partition{
 				}: endpoint{},
 			},
 		},
+		"rbin": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "fips-us-isob-east-1",
+				}: endpoint{
+					Hostname: "rbin-fips.us-isob-east-1.sc2s.sgov.gov",
+					CredentialScope: credentialScope{
+						Region: "us-isob-east-1",
+					},
+					Deprecated: boxedTrue,
+				},
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+				endpointKey{
+					Region:  "us-isob-east-1",
+					Variant: fipsVariant,
+				}: endpoint{
+					Hostname: "rbin-fips.us-isob-east-1.sc2s.sgov.gov",
+				},
+			},
+		},
 		"rds": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -38753,6 +39710,13 @@ var awsisobPartition = partition{
 				}: endpoint{},
 			},
 		},
+		"secretsmanager": service{
+			Endpoints: serviceEndpoints{
+				endpointKey{
+					Region: "us-isob-east-1",
+				}: endpoint{},
+			},
+		},
 		"snowball": service{
 			Endpoints: serviceEndpoints{
 				endpointKey{
@@ -38864,3 +39828,37 @@ var awsisobPartition = partition{
 		},
 	},
 }
+
+// AwsIsoEPartition returns the Resolver for AWS ISOE (Europe).
+func AwsIsoEPartition() Partition {
+	return awsisoePartition.Partition()
+}
+
+var awsisoePartition = partition{
+	ID:        "aws-iso-e",
+	Name:      "AWS ISOE (Europe)",
+	DNSSuffix: "cloud.adc-e.uk",
+	RegionRegex: regionRegex{
+		Regexp: func() *regexp.Regexp {
+			reg, _ := regexp.Compile("^eu\\-isoe\\-\\w+\\-\\d+$")
+			return reg
+		}(),
+	},
+	Defaults: endpointDefaults{
+		defaultKey{}: endpoint{
+			Hostname:          "{service}.{region}.{dnsSuffix}",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+		defaultKey{
+			Variant: fipsVariant,
+		}: endpoint{
+			Hostname:          "{service}-fips.{region}.{dnsSuffix}",
+			DNSSuffix:         "cloud.adc-e.uk",
+			Protocols:         []string{"https"},
+			SignatureVersions: []string{"v4"},
+		},
+	},
+	Regions:  regions{},
+	Services: services{},
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go
index 93acc8f74..08c8e130d 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/version.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go
@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.44.237"
+const SDKVersion = "1.44.265"
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
index 1d273ff0e..00d4d91c5 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
@@ -9,7 +9,6 @@ import (
 	"math"
 	"net/http"
 	"net/url"
-	"path"
 	"reflect"
 	"strconv"
 	"strings"
@@ -134,9 +133,6 @@ func buildLocationElements(r *request.Request, v reflect.Value, buildGETQuery bo
 	}
 
 	r.HTTPRequest.URL.RawQuery = query.Encode()
-	if !aws.BoolValue(r.Config.DisableRestProtocolURICleaning) {
-		cleanPath(r.HTTPRequest.URL)
-	}
 }
 
 func buildBody(r *request.Request, v reflect.Value) {
@@ -244,19 +240,6 @@ func buildQueryString(query url.Values, v reflect.Value, name string, tag reflec
 	return nil
 }
 
-func cleanPath(u *url.URL) {
-	hasSlash := strings.HasSuffix(u.Path, "/")
-
-	// clean up path, removing duplicate `/`
-	u.Path = path.Clean(u.Path)
-	u.RawPath = path.Clean(u.RawPath)
-
-	if hasSlash && !strings.HasSuffix(u.Path, "/") {
-		u.Path += "/"
-		u.RawPath += "/"
-	}
-}
-
 // EscapePath escapes part of a URL path in Amazon style
 func EscapePath(path string, encodeSep bool) string {
 	var buf bytes.Buffer
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go
index 4fffd0427..5366a646d 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go
@@ -2,6 +2,7 @@ package restjson
 
 import (
 	"bytes"
+	"encoding/json"
 	"io"
 	"io/ioutil"
 	"net/http"
@@ -40,54 +41,30 @@ func (u *UnmarshalTypedError) UnmarshalError(
 	resp *http.Response,
 	respMeta protocol.ResponseMetadata,
 ) (error, error) {
-
-	code := resp.Header.Get(errorTypeHeader)
-	msg := resp.Header.Get(errorMessageHeader)
-
-	body := resp.Body
-	if len(code) == 0 || len(msg) == 0 {
-		// If unable to get code from HTTP headers have to parse JSON message
-		// to determine what kind of exception this will be.
-		var buf bytes.Buffer
-		var jsonErr jsonErrorResponse
-		teeReader := io.TeeReader(resp.Body, &buf)
-		err := jsonutil.UnmarshalJSONError(&jsonErr, teeReader)
-		if err != nil {
-			return nil, err
-		}
-
-		body = ioutil.NopCloser(&buf)
-		if len(code) == 0 {
-			code = jsonErr.Code
-		}
-		msg = jsonErr.Message
+	code, msg, err := unmarshalErrorInfo(resp)
+	if err != nil {
+		return nil, err
 	}
 
-	// If code has colon separators remove them so can compare against modeled
-	// exception names.
-	code = strings.SplitN(code, ":", 2)[0]
-
-	if fn, ok := u.exceptions[code]; ok {
-		// If exception code is know, use associated constructor to get a value
-		// for the exception that the JSON body can be unmarshaled into.
-		v := fn(respMeta)
-		if err := jsonutil.UnmarshalJSONCaseInsensitive(v, body); err != nil {
-			return nil, err
-		}
-
-		if err := rest.UnmarshalResponse(resp, v, true); err != nil {
-			return nil, err
-		}
-
-		return v, nil
+	fn, ok := u.exceptions[code]
+	if !ok {
+		return awserr.NewRequestFailure(
+			awserr.New(code, msg, nil),
+			respMeta.StatusCode,
+			respMeta.RequestID,
+		), nil
 	}
 
-	// fallback to unmodeled generic exceptions
-	return awserr.NewRequestFailure(
-		awserr.New(code, msg, nil),
-		respMeta.StatusCode,
-		respMeta.RequestID,
-	), nil
+	v := fn(respMeta)
+	if err := jsonutil.UnmarshalJSONCaseInsensitive(v, resp.Body); err != nil {
+		return nil, err
+	}
+
+	if err := rest.UnmarshalResponse(resp, v, true); err != nil {
+		return nil, err
+	}
+
+	return v, nil
 }
 
 // UnmarshalErrorHandler is a named request handler for unmarshaling restjson
@@ -101,36 +78,80 @@ var UnmarshalErrorHandler = request.NamedHandler{
 func UnmarshalError(r *request.Request) {
 	defer r.HTTPResponse.Body.Close()
 
-	var jsonErr jsonErrorResponse
-	err := jsonutil.UnmarshalJSONError(&jsonErr, r.HTTPResponse.Body)
+	code, msg, err := unmarshalErrorInfo(r.HTTPResponse)
 	if err != nil {
 		r.Error = awserr.NewRequestFailure(
-			awserr.New(request.ErrCodeSerialization,
-				"failed to unmarshal response error", err),
+			awserr.New(request.ErrCodeSerialization, "failed to unmarshal response error", err),
 			r.HTTPResponse.StatusCode,
 			r.RequestID,
 		)
 		return
 	}
 
-	code := r.HTTPResponse.Header.Get(errorTypeHeader)
-	if code == "" {
-		code = jsonErr.Code
-	}
-	msg := r.HTTPResponse.Header.Get(errorMessageHeader)
-	if msg == "" {
-		msg = jsonErr.Message
-	}
-
-	code = strings.SplitN(code, ":", 2)[0]
 	r.Error = awserr.NewRequestFailure(
-		awserr.New(code, jsonErr.Message, nil),
+		awserr.New(code, msg, nil),
 		r.HTTPResponse.StatusCode,
 		r.RequestID,
 	)
 }
 
 type jsonErrorResponse struct {
+	Type    string `json:"__type"`
 	Code    string `json:"code"`
 	Message string `json:"message"`
 }
+
+func (j *jsonErrorResponse) SanitizedCode() string {
+	code := j.Code
+	if len(j.Type) > 0 {
+		code = j.Type
+	}
+	return sanitizeCode(code)
+}
+
+// Remove superfluous components from a restJson error code.
+//   - If a : character is present, then take only the contents before the
+//     first : character in the value.
+//   - If a # character is present, then take only the contents after the first
+//     # character in the value.
+//
+// All of the following error values resolve to FooError:
+//   - FooError
+//   - FooError:http://internal.amazon.com/coral/com.amazon.coral.validate/
+//   - aws.protocoltests.restjson#FooError
+//   - aws.protocoltests.restjson#FooError:http://internal.amazon.com/coral/com.amazon.coral.validate/
+func sanitizeCode(code string) string {
+	noColon := strings.SplitN(code, ":", 2)[0]
+	hashSplit := strings.SplitN(noColon, "#", 2)
+	return hashSplit[len(hashSplit)-1]
+}
+
+// attempt to garner error details from the response, preferring header values
+// when present
+func unmarshalErrorInfo(resp *http.Response) (code string, msg string, err error) {
+	code = sanitizeCode(resp.Header.Get(errorTypeHeader))
+	msg = resp.Header.Get(errorMessageHeader)
+	if len(code) > 0 && len(msg) > 0 {
+		return
+	}
+
+	// a modeled error will have to be re-deserialized later, so the body must
+	// be preserved
+	var buf bytes.Buffer
+	tee := io.TeeReader(resp.Body, &buf)
+	defer func() { resp.Body = ioutil.NopCloser(&buf) }()
+
+	var jsonErr jsonErrorResponse
+	if decodeErr := json.NewDecoder(tee).Decode(&jsonErr); decodeErr != nil && decodeErr != io.EOF {
+		err = awserr.NewUnmarshalError(decodeErr, "failed to decode response body", buf.Bytes())
+		return
+	}
+
+	if len(code) == 0 {
+		code = jsonErr.SanitizedCode()
+	}
+	if len(msg) == 0 {
+		msg = jsonErr.Message
+	}
+	return
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
index 63729d0a7..7ac6b93f4 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
@@ -85,9 +85,9 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // in the IAM User Guide.
 //
-// When you create a role, you create two policies: A role trust policy that
-// specifies who can assume the role and a permissions policy that specifies
-// what can be done with the role. You specify the trusted principal who is
+// When you create a role, you create two policies: a role trust policy that
+// specifies who can assume the role, and a permissions policy that specifies
+// what can be done with the role. You specify the trusted principal that is
 // allowed to assume the role in the role trust policy.
 //
 // To assume a role from a different account, your Amazon Web Services account
@@ -96,9 +96,9 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 // are allowed to delegate that access to users in the account.
 //
 // A user who wants to access a role in a different account must also have permissions
-// that are delegated from the user account administrator. The administrator
-// must attach a policy that allows the user to call AssumeRole for the ARN
-// of the role in the other account.
+// that are delegated from the account administrator. The administrator must
+// attach a policy that allows the user to call AssumeRole for the ARN of the
+// role in the other account.
 //
 // To allow a user to assume a role in the same account, you can do either of
 // the following:
@@ -517,10 +517,8 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 // a user. You can also supply the user with a consistent identity throughout
 // the lifetime of an application.
 //
-// To learn more about Amazon Cognito, see Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840)
-// in Amazon Web Services SDK for Android Developer Guide and Amazon Cognito
-// Overview (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664)
-// in the Amazon Web Services SDK for iOS Developer Guide.
+// To learn more about Amazon Cognito, see Amazon Cognito identity pools (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html)
+// in Amazon Cognito Developer Guide.
 //
 // Calling AssumeRoleWithWebIdentity does not require the use of Amazon Web
 // Services security credentials. Therefore, you can distribute an application
@@ -984,11 +982,11 @@ func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *requ
 // call the operation.
 //
 // No permissions are required to perform this operation. If an administrator
-// adds a policy to your IAM user or role that explicitly denies access to the
-// sts:GetCallerIdentity action, you can still perform this operation. Permissions
-// are not required because the same information is returned when an IAM user
-// or role is denied access. To view an example response, see I Am Not Authorized
-// to Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
+// attaches a policy to your identity that explicitly denies access to the sts:GetCallerIdentity
+// action, you can still perform this operation. Permissions are not required
+// because the same information is returned when access is denied. To view an
+// example response, see I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
 // in the IAM User Guide.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -1063,18 +1061,26 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
 // GetFederationToken API operation for AWS Security Token Service.
 //
 // Returns a set of temporary security credentials (consisting of an access
-// key ID, a secret access key, and a security token) for a federated user.
-// A typical use is in a proxy application that gets temporary security credentials
-// on behalf of distributed applications inside a corporate network. You must
-// call the GetFederationToken operation using the long-term security credentials
-// of an IAM user. As a result, this call is appropriate in contexts where those
-// credentials can be safely stored, usually in a server-based application.
+// key ID, a secret access key, and a security token) for a user. A typical
+// use is in a proxy application that gets temporary security credentials on
+// behalf of distributed applications inside a corporate network.
+//
+// You must call the GetFederationToken operation using the long-term security
+// credentials of an IAM user. As a result, this call is appropriate in contexts
+// where those credentials can be safeguarded, usually in a server-based application.
 // For a comparison of GetFederationToken with the other API operations that
 // produce temporary credentials, see Requesting Temporary Security Credentials
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
 // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
 // in the IAM User Guide.
 //
+// Although it is possible to call GetFederationToken using the security credentials
+// of an Amazon Web Services account root user rather than an IAM user that
+// you create for the purpose of a proxy application, we do not recommend it.
+// For more information, see Safeguard your root user credentials and don't
+// use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
+// in the IAM User Guide.
+//
 // You can create a mobile-based or browser-based app that can authenticate
 // users using a web identity provider like Login with Amazon, Facebook, Google,
 // or an OpenID Connect-compatible identity provider. In this case, we recommend
@@ -1083,21 +1089,13 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
 // in the IAM User Guide.
 //
-// You can also call GetFederationToken using the security credentials of an
-// Amazon Web Services account root user, but we do not recommend it. Instead,
-// we recommend that you create an IAM user for the purpose of the proxy application.
-// Then attach a policy to the IAM user that limits federated users to only
-// the actions and resources that they need to access. For more information,
-// see IAM Best Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html)
-// in the IAM User Guide.
-//
 // # Session duration
 //
 // The temporary credentials are valid for the specified duration, from 900
 // seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default
 // session duration is 43,200 seconds (12 hours). Temporary credentials obtained
-// by using the Amazon Web Services account root user credentials have a maximum
-// duration of 3,600 seconds (1 hour).
+// by using the root user credentials have a maximum duration of 3,600 seconds
+// (1 hour).
 //
 // # Permissions
 //
@@ -1267,12 +1265,13 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
 // or IAM user. The credentials consist of an access key ID, a secret access
 // key, and a security token. Typically, you use GetSessionToken if you want
 // to use MFA to protect programmatic calls to specific Amazon Web Services
-// API operations like Amazon EC2 StopInstances. MFA-enabled IAM users would
-// need to call GetSessionToken and submit an MFA code that is associated with
-// their MFA device. Using the temporary security credentials that are returned
-// from the call, IAM users can then make programmatic calls to API operations
-// that require MFA authentication. If you do not supply a correct MFA code,
-// then the API returns an access denied error. For a comparison of GetSessionToken
+// API operations like Amazon EC2 StopInstances.
+//
+// MFA-enabled IAM users must call GetSessionToken and submit an MFA code that
+// is associated with their MFA device. Using the temporary security credentials
+// that the call returns, IAM users can then make programmatic calls to API
+// operations that require MFA authentication. An incorrect MFA code causes
+// the API to return an access denied error. For a comparison of GetSessionToken
 // with the other API operations that produce temporary credentials, see Requesting
 // Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
 // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
@@ -1287,13 +1286,12 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
 // # Session Duration
 //
 // The GetSessionToken operation must be called by using the long-term Amazon
-// Web Services security credentials of the Amazon Web Services account root
-// user or an IAM user. Credentials that are created by IAM users are valid
-// for the duration that you specify. This duration can range from 900 seconds
-// (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default
-// of 43,200 seconds (12 hours). Credentials based on account credentials can
-// range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a
-// default of 1 hour.
+// Web Services security credentials of an IAM user. Credentials that are created
+// by IAM users are valid for the duration that you specify. This duration can
+// range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
+// hours), with a default of 43,200 seconds (12 hours). Credentials based on
+// account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds
+// (1 hour), with a default of 1 hour.
 //
 // # Permissions
 //
@@ -1305,20 +1303,20 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
 //
 //   - You cannot call any STS API except AssumeRole or GetCallerIdentity.
 //
-// We recommend that you do not call GetSessionToken with Amazon Web Services
-// account root user credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users)
-// by creating one or more IAM users, giving them the necessary permissions,
-// and using IAM users for everyday interaction with Amazon Web Services.
+// The credentials that GetSessionToken returns are based on permissions associated
+// with the IAM user whose credentials were used to call the operation. The
+// temporary credentials have the same permissions as the IAM user.
 //
-// The credentials that are returned by GetSessionToken are based on permissions
-// associated with the user whose credentials were used to call the operation.
-// If GetSessionToken is called using Amazon Web Services account root user
-// credentials, the temporary credentials have root user permissions. Similarly,
-// if GetSessionToken is called using the credentials of an IAM user, the temporary
-// credentials have the same permissions as the IAM user.
+// Although it is possible to call GetSessionToken using the security credentials
+// of an Amazon Web Services account root user rather than an IAM user, we do
+// not recommend it. If GetSessionToken is called using root user credentials,
+// the temporary credentials have root user permissions. For more information,
+// see Safeguard your root user credentials and don't use them for everyday
+// tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
+// in the IAM User Guide
 //
 // For more information about using GetSessionToken to create temporary credentials,
-// go to Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
+// see Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
 // in the IAM User Guide.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -1900,8 +1898,12 @@ type AssumeRoleWithSAMLInput struct {
 	// For more information, see Configuring a Relying Party and Adding Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html)
 	// in the IAM User Guide.
 	//
+	// SAMLAssertion is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by AssumeRoleWithSAMLInput's
+	// String and GoString methods.
+	//
 	// SAMLAssertion is a required field
-	SAMLAssertion *string `min:"4" type:"string" required:"true"`
+	SAMLAssertion *string `min:"4" type:"string" required:"true" sensitive:"true"`
 }
 
 // String returns the string representation.
@@ -2036,7 +2038,7 @@ type AssumeRoleWithSAMLOutput struct {
 	//    IAM.
 	//
 	// The combination of NameQualifier and Subject can be used to uniquely identify
-	// a federated user.
+	// a user.
 	//
 	// The following pseudocode shows how the hash value is calculated:
 	//
@@ -2266,8 +2268,12 @@ type AssumeRoleWithWebIdentityInput struct {
 	// the user who is using your application with a web identity provider before
 	// the application makes an AssumeRoleWithWebIdentity call.
 	//
+	// WebIdentityToken is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by AssumeRoleWithWebIdentityInput's
+	// String and GoString methods.
+	//
 	// WebIdentityToken is a required field
-	WebIdentityToken *string `min:"4" type:"string" required:"true"`
+	WebIdentityToken *string `min:"4" type:"string" required:"true" sensitive:"true"`
 }
 
 // String returns the string representation.
@@ -2573,8 +2579,12 @@ type Credentials struct {
 
 	// The secret access key that can be used to sign requests.
 	//
+	// SecretAccessKey is a sensitive parameter and its value will be
+	// replaced with "sensitive" in string returned by Credentials's
+	// String and GoString methods.
+	//
 	// SecretAccessKey is a required field
-	SecretAccessKey *string `type:"string" required:"true"`
+	SecretAccessKey *string `type:"string" required:"true" sensitive:"true"`
 
 	// The token that users must pass to the service API to use the temporary credentials.
 	//
@@ -2922,10 +2932,9 @@ type GetFederationTokenInput struct {
 	// The duration, in seconds, that the session should last. Acceptable durations
 	// for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds
 	// (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained
-	// using Amazon Web Services account root user credentials are restricted to
-	// a maximum of 3,600 seconds (one hour). If the specified duration is longer
-	// than one hour, the session obtained by using root user credentials defaults
-	// to one hour.
+	// using root user credentials are restricted to a maximum of 3,600 seconds
+	// (one hour). If the specified duration is longer than one hour, the session
+	// obtained by using root user credentials defaults to one hour.
 	DurationSeconds *int64 `min:"900" type:"integer"`
 
 	// The name of the federated user. The name is used as an identifier for the
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
index c40f5a2a5..ea1d9eb0c 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
@@ -4,10 +4,9 @@
 // requests to AWS Security Token Service.
 //
 // Security Token Service (STS) enables you to request temporary, limited-privilege
-// credentials for Identity and Access Management (IAM) users or for users that
-// you authenticate (federated users). This guide provides descriptions of the
-// STS API. For more information about using this service, see Temporary Security
-// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
+// credentials for users. This guide provides descriptions of the STS API. For
+// more information about using this service, see Temporary Security Credentials
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
 //
 // See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service.
 //
diff --git a/vendor/github.com/google/s2a-go/.gitignore b/vendor/github.com/google/s2a-go/.gitignore
new file mode 100644
index 000000000..01764d1cd
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/.gitignore
@@ -0,0 +1,6 @@
+# Ignore binaries without extension
+//example/client/client
+//example/server/server
+//internal/v2/fakes2av2_server/fakes2av2_server
+
+.idea/
\ No newline at end of file
diff --git a/vendor/github.com/google/s2a-go/CODE_OF_CONDUCT.md b/vendor/github.com/google/s2a-go/CODE_OF_CONDUCT.md
new file mode 100644
index 000000000..dc079b4d6
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/CODE_OF_CONDUCT.md
@@ -0,0 +1,93 @@
+# Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of
+experience, education, socio-economic status, nationality, personal appearance,
+race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+*   Using welcoming and inclusive language
+*   Being respectful of differing viewpoints and experiences
+*   Gracefully accepting constructive criticism
+*   Focusing on what is best for the community
+*   Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+*   The use of sexualized language or imagery and unwelcome sexual attention or
+    advances
+*   Trolling, insulting/derogatory comments, and personal or political attacks
+*   Public or private harassment
+*   Publishing others' private information, such as a physical or electronic
+    address, without explicit permission
+*   Other conduct which could reasonably be considered inappropriate in a
+    professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, or to ban temporarily or permanently any
+contributor for other behaviors that they deem inappropriate, threatening,
+offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+This Code of Conduct also applies outside the project spaces when the Project
+Steward has a reasonable belief that an individual's behavior may have a
+negative impact on the project or its community.
+
+## Conflict Resolution
+
+We do not believe that all conflict is bad; healthy debate and disagreement
+often yield positive results. However, it is never okay to be disrespectful or
+to engage in behavior that violates the project’s code of conduct.
+
+If you see someone violating the code of conduct, you are encouraged to address
+the behavior directly with those involved. Many issues can be resolved quickly
+and easily, and this gives people more control over the outcome of their
+dispute. If you are unable to resolve the matter for any reason, or if the
+behavior is threatening or harassing, report it. We are dedicated to providing
+an environment where participants feel welcome and safe.
+
+Reports should be directed to *[PROJECT STEWARD NAME(s) AND EMAIL(s)]*, the
+Project Steward(s) for *[PROJECT NAME]*. It is the Project Steward’s duty to
+receive and address reported violations of the code of conduct. They will then
+work with a committee consisting of representatives from the Open Source
+Programs Office and the Google Open Source Strategy team. If for any reason you
+are uncomfortable reaching out to the Project Steward, please email
+opensource@google.com.
+
+We will investigate every complaint, but you may not receive a direct response.
+We will use our discretion in determining when and how to follow up on reported
+incidents, which may range from not taking action to permanent expulsion from
+the project and project-sponsored spaces. We will notify the accused of the
+report and provide them an opportunity to discuss it before any action is taken.
+The identity of the reporter will be omitted from the details of the report
+supplied to the accused. In potentially harmful situations, such as ongoing
+harassment or threats to anyone's safety, we may take action without notice.
+
+## Attribution
+
+This Code of Conduct is adapted from the Contributor Covenant, version 1.4,
+available at
+https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
diff --git a/vendor/github.com/google/s2a-go/CONTRIBUTING.md b/vendor/github.com/google/s2a-go/CONTRIBUTING.md
new file mode 100644
index 000000000..22b241cb7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/CONTRIBUTING.md
@@ -0,0 +1,29 @@
+# How to Contribute
+
+We'd love to accept your patches and contributions to this project. There are
+just a few small guidelines you need to follow.
+
+## Contributor License Agreement
+
+Contributions to this project must be accompanied by a Contributor License
+Agreement (CLA). You (or your employer) retain the copyright to your
+contribution; this simply gives us permission to use and redistribute your
+contributions as part of the project. Head over to
+<https://cla.developers.google.com/> to see your current agreements on file or
+to sign a new one.
+
+You generally only need to submit a CLA once, so if you've already submitted one
+(even if it was for a different project), you probably don't need to do it
+again.
+
+## Code reviews
+
+All submissions, including submissions by project members, require review. We
+use GitHub pull requests for this purpose. Consult
+[GitHub Help](https://help.github.com/articles/about-pull-requests/) for more
+information on using pull requests.
+
+## Community Guidelines
+
+This project follows
+[Google's Open Source Community Guidelines](https://opensource.google/conduct/).
diff --git a/vendor/github.com/google/s2a-go/LICENSE.md b/vendor/github.com/google/s2a-go/LICENSE.md
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/LICENSE.md
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/google/s2a-go/README.md b/vendor/github.com/google/s2a-go/README.md
new file mode 100644
index 000000000..d566950f3
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/README.md
@@ -0,0 +1,17 @@
+# Secure Session Agent Client Libraries
+
+The Secure Session Agent is a service that enables a workload to offload select
+operations from the mTLS handshake and protects a workload's private key
+material from exfiltration. Specifically, the workload asks the Secure Session
+Agent for the TLS configuration to use during the handshake, to perform private
+key operations, and to validate the peer certificate chain. The Secure Session
+Agent's client libraries enable applications to communicate with the Secure
+Session Agent during the TLS handshake, and to encrypt traffic to the peer
+after the TLS handshake is complete.
+
+This repository contains the source code for the Secure Session Agent's Go
+client libraries, which allow gRPC-Go applications to use the Secure Session
+Agent. This repository supports the Bazel and Golang build systems.
+
+All code in this repository is experimental and subject to change. We do not
+guarantee API stability at this time.
diff --git a/vendor/github.com/google/s2a-go/fallback/s2a_fallback.go b/vendor/github.com/google/s2a-go/fallback/s2a_fallback.go
new file mode 100644
index 000000000..034d1b912
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/fallback/s2a_fallback.go
@@ -0,0 +1,167 @@
+/*
+ *
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package fallback provides default implementations of fallback options when S2A fails.
+package fallback
+
+import (
+	"context"
+	"crypto/tls"
+	"fmt"
+	"net"
+
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/grpclog"
+)
+
+const (
+	alpnProtoStrH2   = "h2"
+	alpnProtoStrHTTP = "http/1.1"
+	defaultHTTPSPort = "443"
+)
+
+// FallbackTLSConfigGRPC is a tls.Config used by the DefaultFallbackClientHandshakeFunc function.
+// It supports GRPC use case, thus the alpn is set to 'h2'.
+var FallbackTLSConfigGRPC = tls.Config{
+	MinVersion:         tls.VersionTLS13,
+	ClientSessionCache: nil,
+	NextProtos:         []string{alpnProtoStrH2},
+}
+
+// FallbackTLSConfigHTTP is a tls.Config used by the DefaultFallbackDialerAndAddress func.
+// It supports the HTTP use case and the alpn is set to both 'http/1.1' and 'h2'.
+var FallbackTLSConfigHTTP = tls.Config{
+	MinVersion:         tls.VersionTLS13,
+	ClientSessionCache: nil,
+	NextProtos:         []string{alpnProtoStrH2, alpnProtoStrHTTP},
+}
+
+// ClientHandshake establishes a TLS connection and returns it, plus its auth info.
+// Inputs:
+//
+//	targetServer: the server attempted with S2A.
+//	conn: the tcp connection to the server at address targetServer that was passed into S2A's ClientHandshake func.
+//	            If fallback is successful, the `conn` should be closed.
+//	err: the error encountered when performing the client-side TLS handshake with S2A.
+type ClientHandshake func(ctx context.Context, targetServer string, conn net.Conn, err error) (net.Conn, credentials.AuthInfo, error)
+
+// DefaultFallbackClientHandshakeFunc returns a ClientHandshake function,
+// which establishes a TLS connection to the provided fallbackAddr, returns the new connection and its auth info.
+// Example use:
+//
+//	transportCreds, _ = s2a.NewClientCreds(&s2a.ClientOptions{
+//		S2AAddress: s2aAddress,
+//		FallbackOpts: &s2a.FallbackOptions{ // optional
+//			FallbackClientHandshakeFunc: fallback.DefaultFallbackClientHandshakeFunc(fallbackAddr),
+//		},
+//	})
+//
+// The fallback server's certificate must be verifiable using OS root store.
+// The fallbackAddr is expected to be a network address, e.g. example.com:port. If port is not specified,
+// it uses default port 443.
+// In the returned function's TLS config, ClientSessionCache is explicitly set to nil to disable TLS resumption,
+// and min TLS version is set to 1.3.
+func DefaultFallbackClientHandshakeFunc(fallbackAddr string) (ClientHandshake, error) {
+	var fallbackDialer = tls.Dialer{Config: &FallbackTLSConfigGRPC}
+	return defaultFallbackClientHandshakeFuncInternal(fallbackAddr, fallbackDialer.DialContext)
+}
+
+func defaultFallbackClientHandshakeFuncInternal(fallbackAddr string, dialContextFunc func(context.Context, string, string) (net.Conn, error)) (ClientHandshake, error) {
+	fallbackServerAddr, err := processFallbackAddr(fallbackAddr)
+	if err != nil {
+		if grpclog.V(1) {
+			grpclog.Infof("error processing fallback address [%s]: %v", fallbackAddr, err)
+		}
+		return nil, err
+	}
+	return func(ctx context.Context, targetServer string, conn net.Conn, s2aErr error) (net.Conn, credentials.AuthInfo, error) {
+		fbConn, fbErr := dialContextFunc(ctx, "tcp", fallbackServerAddr)
+		if fbErr != nil {
+			grpclog.Infof("dialing to fallback server %s failed: %v", fallbackServerAddr, fbErr)
+			return nil, nil, fmt.Errorf("dialing to fallback server %s failed: %v; S2A client handshake with %s error: %w", fallbackServerAddr, fbErr, targetServer, s2aErr)
+		}
+
+		tc, success := fbConn.(*tls.Conn)
+		if !success {
+			grpclog.Infof("the connection with fallback server is expected to be tls but isn't")
+			return nil, nil, fmt.Errorf("the connection with fallback server is expected to be tls but isn't; S2A client handshake with %s error: %w", targetServer, s2aErr)
+		}
+
+		tlsInfo := credentials.TLSInfo{
+			State: tc.ConnectionState(),
+			CommonAuthInfo: credentials.CommonAuthInfo{
+				SecurityLevel: credentials.PrivacyAndIntegrity,
+			},
+		}
+		if grpclog.V(1) {
+			grpclog.Infof("ConnectionState.NegotiatedProtocol: %v", tc.ConnectionState().NegotiatedProtocol)
+			grpclog.Infof("ConnectionState.HandshakeComplete: %v", tc.ConnectionState().HandshakeComplete)
+			grpclog.Infof("ConnectionState.ServerName: %v", tc.ConnectionState().ServerName)
+		}
+		conn.Close()
+		return fbConn, tlsInfo, nil
+	}, nil
+}
+
+// DefaultFallbackDialerAndAddress returns a TLS dialer and the network address to dial.
+// Example use:
+//
+//	    fallbackDialer, fallbackServerAddr := fallback.DefaultFallbackDialerAndAddress(fallbackAddr)
+//		dialTLSContext := s2a.NewS2aDialTLSContextFunc(&s2a.ClientOptions{
+//			S2AAddress:         s2aAddress, // required
+//			FallbackOpts: &s2a.FallbackOptions{
+//				FallbackDialer: &s2a.FallbackDialer{
+//					Dialer:     fallbackDialer,
+//					ServerAddr: fallbackServerAddr,
+//				},
+//			},
+//	})
+//
+// The fallback server's certificate should be verifiable using OS root store.
+// The fallbackAddr is expected to be a network address, e.g. example.com:port. If port is not specified,
+// it uses default port 443.
+// In the returned function's TLS config, ClientSessionCache is explicitly set to nil to disable TLS resumption,
+// and min TLS version is set to 1.3.
+func DefaultFallbackDialerAndAddress(fallbackAddr string) (*tls.Dialer, string, error) {
+	fallbackServerAddr, err := processFallbackAddr(fallbackAddr)
+	if err != nil {
+		if grpclog.V(1) {
+			grpclog.Infof("error processing fallback address [%s]: %v", fallbackAddr, err)
+		}
+		return nil, "", err
+	}
+	return &tls.Dialer{Config: &FallbackTLSConfigHTTP}, fallbackServerAddr, nil
+}
+
+func processFallbackAddr(fallbackAddr string) (string, error) {
+	var fallbackServerAddr string
+	var err error
+
+	if fallbackAddr == "" {
+		return "", fmt.Errorf("empty fallback address")
+	}
+	_, _, err = net.SplitHostPort(fallbackAddr)
+	if err != nil {
+		// fallbackAddr does not have port suffix
+		fallbackServerAddr = net.JoinHostPort(fallbackAddr, defaultHTTPSPort)
+	} else {
+		// FallbackServerAddr already has port suffix
+		fallbackServerAddr = fallbackAddr
+	}
+	return fallbackServerAddr, nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/authinfo/authinfo.go b/vendor/github.com/google/s2a-go/internal/authinfo/authinfo.go
new file mode 100644
index 000000000..aa3967f9d
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/authinfo/authinfo.go
@@ -0,0 +1,119 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package authinfo provides authentication and authorization information that
+// results from the TLS handshake.
+package authinfo
+
+import (
+	"errors"
+
+	commonpb "github.com/google/s2a-go/internal/proto/common_go_proto"
+	contextpb "github.com/google/s2a-go/internal/proto/s2a_context_go_proto"
+	grpcpb "github.com/google/s2a-go/internal/proto/s2a_go_proto"
+	"google.golang.org/grpc/credentials"
+)
+
+var _ credentials.AuthInfo = (*S2AAuthInfo)(nil)
+
+const s2aAuthType = "s2a"
+
+// S2AAuthInfo exposes authentication and authorization information from the
+// S2A session result to the gRPC stack.
+type S2AAuthInfo struct {
+	s2aContext     *contextpb.S2AContext
+	commonAuthInfo credentials.CommonAuthInfo
+}
+
+// NewS2AAuthInfo returns a new S2AAuthInfo object from the S2A session result.
+func NewS2AAuthInfo(result *grpcpb.SessionResult) (credentials.AuthInfo, error) {
+	return newS2AAuthInfo(result)
+}
+
+func newS2AAuthInfo(result *grpcpb.SessionResult) (*S2AAuthInfo, error) {
+	if result == nil {
+		return nil, errors.New("NewS2aAuthInfo given nil session result")
+	}
+	return &S2AAuthInfo{
+		s2aContext: &contextpb.S2AContext{
+			ApplicationProtocol:  result.GetApplicationProtocol(),
+			TlsVersion:           result.GetState().GetTlsVersion(),
+			Ciphersuite:          result.GetState().GetTlsCiphersuite(),
+			PeerIdentity:         result.GetPeerIdentity(),
+			LocalIdentity:        result.GetLocalIdentity(),
+			PeerCertFingerprint:  result.GetPeerCertFingerprint(),
+			LocalCertFingerprint: result.GetLocalCertFingerprint(),
+			IsHandshakeResumed:   result.GetState().GetIsHandshakeResumed(),
+		},
+		commonAuthInfo: credentials.CommonAuthInfo{SecurityLevel: credentials.PrivacyAndIntegrity},
+	}, nil
+}
+
+// AuthType returns the authentication type.
+func (s *S2AAuthInfo) AuthType() string {
+	return s2aAuthType
+}
+
+// ApplicationProtocol returns the application protocol, e.g. "grpc".
+func (s *S2AAuthInfo) ApplicationProtocol() string {
+	return s.s2aContext.GetApplicationProtocol()
+}
+
+// TLSVersion returns the TLS version negotiated during the handshake.
+func (s *S2AAuthInfo) TLSVersion() commonpb.TLSVersion {
+	return s.s2aContext.GetTlsVersion()
+}
+
+// Ciphersuite returns the ciphersuite negotiated during the handshake.
+func (s *S2AAuthInfo) Ciphersuite() commonpb.Ciphersuite {
+	return s.s2aContext.GetCiphersuite()
+}
+
+// PeerIdentity returns the authenticated identity of the peer.
+func (s *S2AAuthInfo) PeerIdentity() *commonpb.Identity {
+	return s.s2aContext.GetPeerIdentity()
+}
+
+// LocalIdentity returns the local identity of the application used during
+// session setup.
+func (s *S2AAuthInfo) LocalIdentity() *commonpb.Identity {
+	return s.s2aContext.GetLocalIdentity()
+}
+
+// PeerCertFingerprint returns the SHA256 hash of the peer certificate used in
+// the S2A handshake.
+func (s *S2AAuthInfo) PeerCertFingerprint() []byte {
+	return s.s2aContext.GetPeerCertFingerprint()
+}
+
+// LocalCertFingerprint returns the SHA256 hash of the local certificate used
+// in the S2A handshake.
+func (s *S2AAuthInfo) LocalCertFingerprint() []byte {
+	return s.s2aContext.GetLocalCertFingerprint()
+}
+
+// IsHandshakeResumed returns true if a cached session was used to resume
+// the handshake.
+func (s *S2AAuthInfo) IsHandshakeResumed() bool {
+	return s.s2aContext.GetIsHandshakeResumed()
+}
+
+// SecurityLevel returns the security level of the connection.
+func (s *S2AAuthInfo) SecurityLevel() credentials.SecurityLevel {
+	return s.commonAuthInfo.SecurityLevel
+}
diff --git a/vendor/github.com/google/s2a-go/internal/handshaker/handshaker.go b/vendor/github.com/google/s2a-go/internal/handshaker/handshaker.go
new file mode 100644
index 000000000..8297c9a97
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/handshaker/handshaker.go
@@ -0,0 +1,438 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package handshaker communicates with the S2A handshaker service.
+package handshaker
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"sync"
+
+	"github.com/google/s2a-go/internal/authinfo"
+	commonpb "github.com/google/s2a-go/internal/proto/common_go_proto"
+	s2apb "github.com/google/s2a-go/internal/proto/s2a_go_proto"
+	"github.com/google/s2a-go/internal/record"
+	"github.com/google/s2a-go/internal/tokenmanager"
+	grpc "google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/grpclog"
+)
+
+var (
+	// appProtocol contains the application protocol accepted by the handshaker.
+	appProtocol = "grpc"
+	// frameLimit is the maximum size of a frame in bytes.
+	frameLimit = 1024 * 64
+	// peerNotRespondingError is the error thrown when the peer doesn't respond.
+	errPeerNotResponding = errors.New("peer is not responding and re-connection should be attempted")
+)
+
+// Handshaker defines a handshaker interface.
+type Handshaker interface {
+	// ClientHandshake starts and completes a TLS handshake from the client side,
+	// and returns a secure connection along with additional auth information.
+	ClientHandshake(ctx context.Context) (net.Conn, credentials.AuthInfo, error)
+	// ServerHandshake starts and completes a TLS handshake from the server side,
+	// and returns a secure connection along with additional auth information.
+	ServerHandshake(ctx context.Context) (net.Conn, credentials.AuthInfo, error)
+	// Close terminates the Handshaker. It should be called when the handshake
+	// is complete.
+	Close() error
+}
+
+// ClientHandshakerOptions contains the options needed to configure the S2A
+// handshaker service on the client-side.
+type ClientHandshakerOptions struct {
+	// MinTLSVersion specifies the min TLS version supported by the client.
+	MinTLSVersion commonpb.TLSVersion
+	// MaxTLSVersion specifies the max TLS version supported by the client.
+	MaxTLSVersion commonpb.TLSVersion
+	// TLSCiphersuites is the ordered list of ciphersuites supported by the
+	// client.
+	TLSCiphersuites []commonpb.Ciphersuite
+	// TargetIdentities contains a list of allowed server identities. One of the
+	// target identities should match the peer identity in the handshake
+	// result; otherwise, the handshake fails.
+	TargetIdentities []*commonpb.Identity
+	// LocalIdentity is the local identity of the client application. If none is
+	// provided, then the S2A will choose the default identity.
+	LocalIdentity *commonpb.Identity
+	// TargetName is the allowed server name, which may be used for server
+	// authorization check by the S2A if it is provided.
+	TargetName string
+	// EnsureProcessSessionTickets allows users to wait and ensure that all
+	// available session tickets are sent to S2A before a process completes.
+	EnsureProcessSessionTickets *sync.WaitGroup
+}
+
+// ServerHandshakerOptions contains the options needed to configure the S2A
+// handshaker service on the server-side.
+type ServerHandshakerOptions struct {
+	// MinTLSVersion specifies the min TLS version supported by the server.
+	MinTLSVersion commonpb.TLSVersion
+	// MaxTLSVersion specifies the max TLS version supported by the server.
+	MaxTLSVersion commonpb.TLSVersion
+	// TLSCiphersuites is the ordered list of ciphersuites supported by the
+	// server.
+	TLSCiphersuites []commonpb.Ciphersuite
+	// LocalIdentities is the list of local identities that may be assumed by
+	// the server. If no local identity is specified, then the S2A chooses a
+	// default local identity.
+	LocalIdentities []*commonpb.Identity
+}
+
+// s2aHandshaker performs a TLS handshake using the S2A handshaker service.
+type s2aHandshaker struct {
+	// stream is used to communicate with the S2A handshaker service.
+	stream s2apb.S2AService_SetUpSessionClient
+	// conn is the connection to the peer.
+	conn net.Conn
+	// clientOpts should be non-nil iff the handshaker is client-side.
+	clientOpts *ClientHandshakerOptions
+	// serverOpts should be non-nil iff the handshaker is server-side.
+	serverOpts *ServerHandshakerOptions
+	// isClient determines if the handshaker is client or server side.
+	isClient bool
+	// hsAddr stores the address of the S2A handshaker service.
+	hsAddr string
+	// tokenManager manages access tokens for authenticating to S2A.
+	tokenManager tokenmanager.AccessTokenManager
+	// localIdentities is the set of local identities for whom the
+	// tokenManager should fetch a token when preparing a request to be
+	// sent to S2A.
+	localIdentities []*commonpb.Identity
+}
+
+// NewClientHandshaker creates an s2aHandshaker instance that performs a
+// client-side TLS handshake using the S2A handshaker service.
+func NewClientHandshaker(ctx context.Context, conn *grpc.ClientConn, c net.Conn, hsAddr string, opts *ClientHandshakerOptions) (Handshaker, error) {
+	stream, err := s2apb.NewS2AServiceClient(conn).SetUpSession(ctx, grpc.WaitForReady(true))
+	if err != nil {
+		return nil, err
+	}
+	tokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
+	if err != nil {
+		grpclog.Infof("failed to create single token access token manager: %v", err)
+	}
+	return newClientHandshaker(stream, c, hsAddr, opts, tokenManager), nil
+}
+
+func newClientHandshaker(stream s2apb.S2AService_SetUpSessionClient, c net.Conn, hsAddr string, opts *ClientHandshakerOptions, tokenManager tokenmanager.AccessTokenManager) *s2aHandshaker {
+	var localIdentities []*commonpb.Identity
+	if opts != nil {
+		localIdentities = []*commonpb.Identity{opts.LocalIdentity}
+	}
+	return &s2aHandshaker{
+		stream:          stream,
+		conn:            c,
+		clientOpts:      opts,
+		isClient:        true,
+		hsAddr:          hsAddr,
+		tokenManager:    tokenManager,
+		localIdentities: localIdentities,
+	}
+}
+
+// NewServerHandshaker creates an s2aHandshaker instance that performs a
+// server-side TLS handshake using the S2A handshaker service.
+func NewServerHandshaker(ctx context.Context, conn *grpc.ClientConn, c net.Conn, hsAddr string, opts *ServerHandshakerOptions) (Handshaker, error) {
+	stream, err := s2apb.NewS2AServiceClient(conn).SetUpSession(ctx, grpc.WaitForReady(true))
+	if err != nil {
+		return nil, err
+	}
+	tokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
+	if err != nil {
+		grpclog.Infof("failed to create single token access token manager: %v", err)
+	}
+	return newServerHandshaker(stream, c, hsAddr, opts, tokenManager), nil
+}
+
+func newServerHandshaker(stream s2apb.S2AService_SetUpSessionClient, c net.Conn, hsAddr string, opts *ServerHandshakerOptions, tokenManager tokenmanager.AccessTokenManager) *s2aHandshaker {
+	var localIdentities []*commonpb.Identity
+	if opts != nil {
+		localIdentities = opts.LocalIdentities
+	}
+	return &s2aHandshaker{
+		stream:          stream,
+		conn:            c,
+		serverOpts:      opts,
+		isClient:        false,
+		hsAddr:          hsAddr,
+		tokenManager:    tokenManager,
+		localIdentities: localIdentities,
+	}
+}
+
+// ClientHandshake performs a client-side TLS handshake using the S2A handshaker
+// service. When complete, returns a TLS connection.
+func (h *s2aHandshaker) ClientHandshake(_ context.Context) (net.Conn, credentials.AuthInfo, error) {
+	if !h.isClient {
+		return nil, nil, errors.New("only handshakers created using NewClientHandshaker can perform a client-side handshake")
+	}
+	// Extract the hostname from the target name. The target name is assumed to be an authority.
+	hostname, _, err := net.SplitHostPort(h.clientOpts.TargetName)
+	if err != nil {
+		// If the target name had no host port or could not be parsed, use it as is.
+		hostname = h.clientOpts.TargetName
+	}
+
+	// Prepare a client start message to send to the S2A handshaker service.
+	req := &s2apb.SessionReq{
+		ReqOneof: &s2apb.SessionReq_ClientStart{
+			ClientStart: &s2apb.ClientSessionStartReq{
+				ApplicationProtocols: []string{appProtocol},
+				MinTlsVersion:        h.clientOpts.MinTLSVersion,
+				MaxTlsVersion:        h.clientOpts.MaxTLSVersion,
+				TlsCiphersuites:      h.clientOpts.TLSCiphersuites,
+				TargetIdentities:     h.clientOpts.TargetIdentities,
+				LocalIdentity:        h.clientOpts.LocalIdentity,
+				TargetName:           hostname,
+			},
+		},
+		AuthMechanisms: h.getAuthMechanisms(),
+	}
+	conn, result, err := h.setUpSession(req)
+	if err != nil {
+		return nil, nil, err
+	}
+	authInfo, err := authinfo.NewS2AAuthInfo(result)
+	if err != nil {
+		return nil, nil, err
+	}
+	return conn, authInfo, nil
+}
+
+// ServerHandshake performs a server-side TLS handshake using the S2A handshaker
+// service. When complete, returns a TLS connection.
+func (h *s2aHandshaker) ServerHandshake(_ context.Context) (net.Conn, credentials.AuthInfo, error) {
+	if h.isClient {
+		return nil, nil, errors.New("only handshakers created using NewServerHandshaker can perform a server-side handshake")
+	}
+	p := make([]byte, frameLimit)
+	n, err := h.conn.Read(p)
+	if err != nil {
+		return nil, nil, err
+	}
+	// Prepare a server start message to send to the S2A handshaker service.
+	req := &s2apb.SessionReq{
+		ReqOneof: &s2apb.SessionReq_ServerStart{
+			ServerStart: &s2apb.ServerSessionStartReq{
+				ApplicationProtocols: []string{appProtocol},
+				MinTlsVersion:        h.serverOpts.MinTLSVersion,
+				MaxTlsVersion:        h.serverOpts.MaxTLSVersion,
+				TlsCiphersuites:      h.serverOpts.TLSCiphersuites,
+				LocalIdentities:      h.serverOpts.LocalIdentities,
+				InBytes:              p[:n],
+			},
+		},
+		AuthMechanisms: h.getAuthMechanisms(),
+	}
+	conn, result, err := h.setUpSession(req)
+	if err != nil {
+		return nil, nil, err
+	}
+	authInfo, err := authinfo.NewS2AAuthInfo(result)
+	if err != nil {
+		return nil, nil, err
+	}
+	return conn, authInfo, nil
+}
+
+// setUpSession proxies messages between the peer and the S2A handshaker
+// service.
+func (h *s2aHandshaker) setUpSession(req *s2apb.SessionReq) (net.Conn, *s2apb.SessionResult, error) {
+	resp, err := h.accessHandshakerService(req)
+	if err != nil {
+		return nil, nil, err
+	}
+	// Check if the returned status is an error.
+	if resp.GetStatus() != nil {
+		if got, want := resp.GetStatus().Code, uint32(codes.OK); got != want {
+			return nil, nil, fmt.Errorf("%v", resp.GetStatus().Details)
+		}
+	}
+	// Calculate the extra unread bytes from the Session. Attempting to consume
+	// more than the bytes sent will throw an error.
+	var extra []byte
+	if req.GetServerStart() != nil {
+		if resp.GetBytesConsumed() > uint32(len(req.GetServerStart().GetInBytes())) {
+			return nil, nil, errors.New("handshaker service consumed bytes value is out-of-bounds")
+		}
+		extra = req.GetServerStart().GetInBytes()[resp.GetBytesConsumed():]
+	}
+	result, extra, err := h.processUntilDone(resp, extra)
+	if err != nil {
+		return nil, nil, err
+	}
+	if result.GetLocalIdentity() == nil {
+		return nil, nil, errors.New("local identity must be populated in session result")
+	}
+
+	// Create a new TLS record protocol using the Session Result.
+	newConn, err := record.NewConn(&record.ConnParameters{
+		NetConn:                     h.conn,
+		Ciphersuite:                 result.GetState().GetTlsCiphersuite(),
+		TLSVersion:                  result.GetState().GetTlsVersion(),
+		InTrafficSecret:             result.GetState().GetInKey(),
+		OutTrafficSecret:            result.GetState().GetOutKey(),
+		UnusedBuf:                   extra,
+		InSequence:                  result.GetState().GetInSequence(),
+		OutSequence:                 result.GetState().GetOutSequence(),
+		HSAddr:                      h.hsAddr,
+		ConnectionID:                result.GetState().GetConnectionId(),
+		LocalIdentity:               result.GetLocalIdentity(),
+		EnsureProcessSessionTickets: h.ensureProcessSessionTickets(),
+	})
+	if err != nil {
+		return nil, nil, err
+	}
+	return newConn, result, nil
+}
+
+func (h *s2aHandshaker) ensureProcessSessionTickets() *sync.WaitGroup {
+	if h.clientOpts == nil {
+		return nil
+	}
+	return h.clientOpts.EnsureProcessSessionTickets
+}
+
+// accessHandshakerService sends the session request to the S2A handshaker
+// service and returns the session response.
+func (h *s2aHandshaker) accessHandshakerService(req *s2apb.SessionReq) (*s2apb.SessionResp, error) {
+	if err := h.stream.Send(req); err != nil {
+		return nil, err
+	}
+	resp, err := h.stream.Recv()
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// processUntilDone continues proxying messages between the peer and the S2A
+// handshaker service until the handshaker service returns the SessionResult at
+// the end of the handshake or an error occurs.
+func (h *s2aHandshaker) processUntilDone(resp *s2apb.SessionResp, unusedBytes []byte) (*s2apb.SessionResult, []byte, error) {
+	for {
+		if len(resp.OutFrames) > 0 {
+			if _, err := h.conn.Write(resp.OutFrames); err != nil {
+				return nil, nil, err
+			}
+		}
+		if resp.Result != nil {
+			return resp.Result, unusedBytes, nil
+		}
+		buf := make([]byte, frameLimit)
+		n, err := h.conn.Read(buf)
+		if err != nil && err != io.EOF {
+			return nil, nil, err
+		}
+		// If there is nothing to send to the handshaker service and nothing is
+		// received from the peer, then we are stuck. This covers the case when
+		// the peer is not responding. Note that handshaker service connection
+		// issues are caught in accessHandshakerService before we even get
+		// here.
+		if len(resp.OutFrames) == 0 && n == 0 {
+			return nil, nil, errPeerNotResponding
+		}
+		// Append extra bytes from the previous interaction with the handshaker
+		// service with the current buffer read from conn.
+		p := append(unusedBytes, buf[:n]...)
+		// From here on, p and unusedBytes point to the same slice.
+		resp, err = h.accessHandshakerService(&s2apb.SessionReq{
+			ReqOneof: &s2apb.SessionReq_Next{
+				Next: &s2apb.SessionNextReq{
+					InBytes: p,
+				},
+			},
+			AuthMechanisms: h.getAuthMechanisms(),
+		})
+		if err != nil {
+			return nil, nil, err
+		}
+
+		// Cache the local identity returned by S2A, if it is populated. This
+		// overwrites any existing local identities. This is done because, once the
+		// S2A has selected a local identity, then only that local identity should
+		// be asserted in future requests until the end of the current handshake.
+		if resp.GetLocalIdentity() != nil {
+			h.localIdentities = []*commonpb.Identity{resp.GetLocalIdentity()}
+		}
+
+		// Set unusedBytes based on the handshaker service response.
+		if resp.GetBytesConsumed() > uint32(len(p)) {
+			return nil, nil, errors.New("handshaker service consumed bytes value is out-of-bounds")
+		}
+		unusedBytes = p[resp.GetBytesConsumed():]
+	}
+}
+
+// Close shuts down the handshaker and the stream to the S2A handshaker service
+// when the handshake is complete. It should be called when the caller obtains
+// the secure connection at the end of the handshake.
+func (h *s2aHandshaker) Close() error {
+	return h.stream.CloseSend()
+}
+
+func (h *s2aHandshaker) getAuthMechanisms() []*s2apb.AuthenticationMechanism {
+	if h.tokenManager == nil {
+		return nil
+	}
+	// First handle the special case when no local identities have been provided
+	// by the application. In this case, an AuthenticationMechanism with no local
+	// identity will be sent.
+	if len(h.localIdentities) == 0 {
+		token, err := h.tokenManager.DefaultToken()
+		if err != nil {
+			grpclog.Infof("unable to get token for empty local identity: %v", err)
+			return nil
+		}
+		return []*s2apb.AuthenticationMechanism{
+			{
+				MechanismOneof: &s2apb.AuthenticationMechanism_Token{
+					Token: token,
+				},
+			},
+		}
+	}
+
+	// Next, handle the case where the application (or the S2A) has provided
+	// one or more local identities.
+	var authMechanisms []*s2apb.AuthenticationMechanism
+	for _, localIdentity := range h.localIdentities {
+		token, err := h.tokenManager.Token(localIdentity)
+		if err != nil {
+			grpclog.Infof("unable to get token for local identity %v: %v", localIdentity, err)
+			continue
+		}
+
+		authMechanism := &s2apb.AuthenticationMechanism{
+			Identity: localIdentity,
+			MechanismOneof: &s2apb.AuthenticationMechanism_Token{
+				Token: token,
+			},
+		}
+		authMechanisms = append(authMechanisms, authMechanism)
+	}
+	return authMechanisms
+}
diff --git a/vendor/github.com/google/s2a-go/internal/handshaker/service/service.go b/vendor/github.com/google/s2a-go/internal/handshaker/service/service.go
new file mode 100644
index 000000000..032045c0e
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/handshaker/service/service.go
@@ -0,0 +1,92 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package service is a utility for calling the S2A handshaker service.
+package service
+
+import (
+	"context"
+	"flag"
+	"net"
+	"sync"
+	"time"
+
+	"google.golang.org/appengine"
+	"google.golang.org/appengine/socket"
+	grpc "google.golang.org/grpc"
+	"google.golang.org/grpc/grpclog"
+)
+
+var (
+	// enableAppEngineDialer indicates whether an AppEngine-specific dial option
+	// should be used.
+	enableAppEngineDialer bool
+	// appEngineDialerHook is an AppEngine-specific dial option that is set
+	// during init time. If nil, then the application is not running on Google
+	// AppEngine.
+	appEngineDialerHook func(context.Context) grpc.DialOption
+	// mu guards hsConnMap and hsDialer.
+	mu sync.Mutex
+	// hsConnMap represents a mapping from an S2A handshaker service address
+	// to a corresponding connection to an S2A handshaker service instance.
+	hsConnMap = make(map[string]*grpc.ClientConn)
+	// hsDialer will be reassigned in tests.
+	hsDialer = grpc.Dial
+)
+
+func init() {
+	flag.BoolVar(&enableAppEngineDialer, "s2a_enable_appengine_dialer", false, "If true, opportunistically use AppEngine-specific dialer to call S2A.")
+	if !appengine.IsAppEngine() && !appengine.IsDevAppServer() {
+		return
+	}
+	appEngineDialerHook = func(ctx context.Context) grpc.DialOption {
+		return grpc.WithDialer(func(addr string, timeout time.Duration) (net.Conn, error) {
+			return socket.DialTimeout(ctx, "tcp", addr, timeout)
+		})
+	}
+}
+
+// Dial dials the S2A handshaker service. If a connection has already been
+// established, this function returns it. Otherwise, a new connection is
+// created.
+func Dial(handshakerServiceAddress string) (*grpc.ClientConn, error) {
+	mu.Lock()
+	defer mu.Unlock()
+
+	hsConn, ok := hsConnMap[handshakerServiceAddress]
+	if !ok {
+		// Create a new connection to the S2A handshaker service. Note that
+		// this connection stays open until the application is closed.
+		grpcOpts := []grpc.DialOption{
+			grpc.WithInsecure(),
+		}
+		if enableAppEngineDialer && appEngineDialerHook != nil {
+			if grpclog.V(1) {
+				grpclog.Info("Using AppEngine-specific dialer to talk to S2A.")
+			}
+			grpcOpts = append(grpcOpts, appEngineDialerHook(context.Background()))
+		}
+		var err error
+		hsConn, err = hsDialer(handshakerServiceAddress, grpcOpts...)
+		if err != nil {
+			return nil, err
+		}
+		hsConnMap[handshakerServiceAddress] = hsConn
+	}
+	return hsConn, nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/proto/common_go_proto/common.pb.go b/vendor/github.com/google/s2a-go/internal/proto/common_go_proto/common.pb.go
new file mode 100644
index 000000000..16278a1d9
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/proto/common_go_proto/common.pb.go
@@ -0,0 +1,389 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        v3.21.12
+// source: internal/proto/common/common.proto
+
+package common_go_proto
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// The ciphersuites supported by S2A. The name determines the confidentiality,
+// and authentication ciphers as well as the hash algorithm used for PRF in
+// TLS 1.2 or HKDF in TLS 1.3. Thus, the components of the name are:
+//   - AEAD -- for encryption and authentication, e.g., AES_128_GCM.
+//   - Hash algorithm -- used in PRF or HKDF, e.g., SHA256.
+type Ciphersuite int32
+
+const (
+	Ciphersuite_AES_128_GCM_SHA256       Ciphersuite = 0
+	Ciphersuite_AES_256_GCM_SHA384       Ciphersuite = 1
+	Ciphersuite_CHACHA20_POLY1305_SHA256 Ciphersuite = 2
+)
+
+// Enum value maps for Ciphersuite.
+var (
+	Ciphersuite_name = map[int32]string{
+		0: "AES_128_GCM_SHA256",
+		1: "AES_256_GCM_SHA384",
+		2: "CHACHA20_POLY1305_SHA256",
+	}
+	Ciphersuite_value = map[string]int32{
+		"AES_128_GCM_SHA256":       0,
+		"AES_256_GCM_SHA384":       1,
+		"CHACHA20_POLY1305_SHA256": 2,
+	}
+)
+
+func (x Ciphersuite) Enum() *Ciphersuite {
+	p := new(Ciphersuite)
+	*p = x
+	return p
+}
+
+func (x Ciphersuite) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Ciphersuite) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_common_common_proto_enumTypes[0].Descriptor()
+}
+
+func (Ciphersuite) Type() protoreflect.EnumType {
+	return &file_internal_proto_common_common_proto_enumTypes[0]
+}
+
+func (x Ciphersuite) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Ciphersuite.Descriptor instead.
+func (Ciphersuite) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_common_common_proto_rawDescGZIP(), []int{0}
+}
+
+// The TLS versions supported by S2A's handshaker module.
+type TLSVersion int32
+
+const (
+	TLSVersion_TLS1_2 TLSVersion = 0
+	TLSVersion_TLS1_3 TLSVersion = 1
+)
+
+// Enum value maps for TLSVersion.
+var (
+	TLSVersion_name = map[int32]string{
+		0: "TLS1_2",
+		1: "TLS1_3",
+	}
+	TLSVersion_value = map[string]int32{
+		"TLS1_2": 0,
+		"TLS1_3": 1,
+	}
+)
+
+func (x TLSVersion) Enum() *TLSVersion {
+	p := new(TLSVersion)
+	*p = x
+	return p
+}
+
+func (x TLSVersion) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (TLSVersion) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_common_common_proto_enumTypes[1].Descriptor()
+}
+
+func (TLSVersion) Type() protoreflect.EnumType {
+	return &file_internal_proto_common_common_proto_enumTypes[1]
+}
+
+func (x TLSVersion) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use TLSVersion.Descriptor instead.
+func (TLSVersion) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_common_common_proto_rawDescGZIP(), []int{1}
+}
+
+type Identity struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to IdentityOneof:
+	//
+	//	*Identity_SpiffeId
+	//	*Identity_Hostname
+	//	*Identity_Uid
+	//	*Identity_MdbUsername
+	//	*Identity_GaiaId
+	IdentityOneof isIdentity_IdentityOneof `protobuf_oneof:"identity_oneof"`
+	// Additional identity-specific attributes.
+	Attributes map[string]string `protobuf:"bytes,3,rep,name=attributes,proto3" json:"attributes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+}
+
+func (x *Identity) Reset() {
+	*x = Identity{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_common_common_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Identity) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Identity) ProtoMessage() {}
+
+func (x *Identity) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_common_common_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Identity.ProtoReflect.Descriptor instead.
+func (*Identity) Descriptor() ([]byte, []int) {
+	return file_internal_proto_common_common_proto_rawDescGZIP(), []int{0}
+}
+
+func (m *Identity) GetIdentityOneof() isIdentity_IdentityOneof {
+	if m != nil {
+		return m.IdentityOneof
+	}
+	return nil
+}
+
+func (x *Identity) GetSpiffeId() string {
+	if x, ok := x.GetIdentityOneof().(*Identity_SpiffeId); ok {
+		return x.SpiffeId
+	}
+	return ""
+}
+
+func (x *Identity) GetHostname() string {
+	if x, ok := x.GetIdentityOneof().(*Identity_Hostname); ok {
+		return x.Hostname
+	}
+	return ""
+}
+
+func (x *Identity) GetUid() string {
+	if x, ok := x.GetIdentityOneof().(*Identity_Uid); ok {
+		return x.Uid
+	}
+	return ""
+}
+
+func (x *Identity) GetMdbUsername() string {
+	if x, ok := x.GetIdentityOneof().(*Identity_MdbUsername); ok {
+		return x.MdbUsername
+	}
+	return ""
+}
+
+func (x *Identity) GetGaiaId() string {
+	if x, ok := x.GetIdentityOneof().(*Identity_GaiaId); ok {
+		return x.GaiaId
+	}
+	return ""
+}
+
+func (x *Identity) GetAttributes() map[string]string {
+	if x != nil {
+		return x.Attributes
+	}
+	return nil
+}
+
+type isIdentity_IdentityOneof interface {
+	isIdentity_IdentityOneof()
+}
+
+type Identity_SpiffeId struct {
+	// The SPIFFE ID of a connection endpoint.
+	SpiffeId string `protobuf:"bytes,1,opt,name=spiffe_id,json=spiffeId,proto3,oneof"`
+}
+
+type Identity_Hostname struct {
+	// The hostname of a connection endpoint.
+	Hostname string `protobuf:"bytes,2,opt,name=hostname,proto3,oneof"`
+}
+
+type Identity_Uid struct {
+	// The UID of a connection endpoint.
+	Uid string `protobuf:"bytes,4,opt,name=uid,proto3,oneof"`
+}
+
+type Identity_MdbUsername struct {
+	// The MDB username of a connection endpoint.
+	MdbUsername string `protobuf:"bytes,5,opt,name=mdb_username,json=mdbUsername,proto3,oneof"`
+}
+
+type Identity_GaiaId struct {
+	// The Gaia ID of a connection endpoint.
+	GaiaId string `protobuf:"bytes,6,opt,name=gaia_id,json=gaiaId,proto3,oneof"`
+}
+
+func (*Identity_SpiffeId) isIdentity_IdentityOneof() {}
+
+func (*Identity_Hostname) isIdentity_IdentityOneof() {}
+
+func (*Identity_Uid) isIdentity_IdentityOneof() {}
+
+func (*Identity_MdbUsername) isIdentity_IdentityOneof() {}
+
+func (*Identity_GaiaId) isIdentity_IdentityOneof() {}
+
+var File_internal_proto_common_common_proto protoreflect.FileDescriptor
+
+var file_internal_proto_common_common_proto_rawDesc = []byte{
+	0x0a, 0x22, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x12, 0x09, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22,
+	0xb1, 0x02, 0x0a, 0x08, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x1d, 0x0a, 0x09,
+	0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48,
+	0x00, 0x52, 0x08, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x08, 0x68,
+	0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52,
+	0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x03, 0x75, 0x69, 0x64,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x23, 0x0a,
+	0x0c, 0x6d, 0x64, 0x62, 0x5f, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20,
+	0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0b, 0x6d, 0x64, 0x62, 0x55, 0x73, 0x65, 0x72, 0x6e, 0x61,
+	0x6d, 0x65, 0x12, 0x19, 0x0a, 0x07, 0x67, 0x61, 0x69, 0x61, 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20,
+	0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x67, 0x61, 0x69, 0x61, 0x49, 0x64, 0x12, 0x43, 0x0a,
+	0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x23, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64,
+	0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65,
+	0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74,
+	0x65, 0x73, 0x1a, 0x3d, 0x0a, 0x0f, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73,
+	0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38,
+	0x01, 0x42, 0x10, 0x0a, 0x0e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x6f, 0x6e,
+	0x65, 0x6f, 0x66, 0x2a, 0x5b, 0x0a, 0x0b, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75, 0x69,
+	0x74, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x45, 0x53, 0x5f, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43,
+	0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x45,
+	0x53, 0x5f, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34,
+	0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30, 0x5f, 0x50,
+	0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x02,
+	0x2a, 0x24, 0x0a, 0x0a, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x0a,
+	0x0a, 0x06, 0x54, 0x4c, 0x53, 0x31, 0x5f, 0x32, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x4c,
+	0x53, 0x31, 0x5f, 0x33, 0x10, 0x01, 0x42, 0x36, 0x5a, 0x34, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
+	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x73, 0x32, 0x61, 0x2f,
+	0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x63,
+	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x67, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_internal_proto_common_common_proto_rawDescOnce sync.Once
+	file_internal_proto_common_common_proto_rawDescData = file_internal_proto_common_common_proto_rawDesc
+)
+
+func file_internal_proto_common_common_proto_rawDescGZIP() []byte {
+	file_internal_proto_common_common_proto_rawDescOnce.Do(func() {
+		file_internal_proto_common_common_proto_rawDescData = protoimpl.X.CompressGZIP(file_internal_proto_common_common_proto_rawDescData)
+	})
+	return file_internal_proto_common_common_proto_rawDescData
+}
+
+var file_internal_proto_common_common_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
+var file_internal_proto_common_common_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_internal_proto_common_common_proto_goTypes = []interface{}{
+	(Ciphersuite)(0), // 0: s2a.proto.Ciphersuite
+	(TLSVersion)(0),  // 1: s2a.proto.TLSVersion
+	(*Identity)(nil), // 2: s2a.proto.Identity
+	nil,              // 3: s2a.proto.Identity.AttributesEntry
+}
+var file_internal_proto_common_common_proto_depIdxs = []int32{
+	3, // 0: s2a.proto.Identity.attributes:type_name -> s2a.proto.Identity.AttributesEntry
+	1, // [1:1] is the sub-list for method output_type
+	1, // [1:1] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_internal_proto_common_common_proto_init() }
+func file_internal_proto_common_common_proto_init() {
+	if File_internal_proto_common_common_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_internal_proto_common_common_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Identity); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_internal_proto_common_common_proto_msgTypes[0].OneofWrappers = []interface{}{
+		(*Identity_SpiffeId)(nil),
+		(*Identity_Hostname)(nil),
+		(*Identity_Uid)(nil),
+		(*Identity_MdbUsername)(nil),
+		(*Identity_GaiaId)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_internal_proto_common_common_proto_rawDesc,
+			NumEnums:      2,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_internal_proto_common_common_proto_goTypes,
+		DependencyIndexes: file_internal_proto_common_common_proto_depIdxs,
+		EnumInfos:         file_internal_proto_common_common_proto_enumTypes,
+		MessageInfos:      file_internal_proto_common_common_proto_msgTypes,
+	}.Build()
+	File_internal_proto_common_common_proto = out.File
+	file_internal_proto_common_common_proto_rawDesc = nil
+	file_internal_proto_common_common_proto_goTypes = nil
+	file_internal_proto_common_common_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/proto/s2a_context_go_proto/s2a_context.pb.go b/vendor/github.com/google/s2a-go/internal/proto/s2a_context_go_proto/s2a_context.pb.go
new file mode 100644
index 000000000..f4f763ae1
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/proto/s2a_context_go_proto/s2a_context.pb.go
@@ -0,0 +1,267 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        v3.21.12
+// source: internal/proto/s2a_context/s2a_context.proto
+
+package s2a_context_go_proto
+
+import (
+	common_go_proto "github.com/google/s2a-go/internal/proto/common_go_proto"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type S2AContext struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The application protocol negotiated for this connection, e.g., 'grpc'.
+	ApplicationProtocol string `protobuf:"bytes,1,opt,name=application_protocol,json=applicationProtocol,proto3" json:"application_protocol,omitempty"`
+	// The TLS version number that the S2A's handshaker module used to set up the
+	// session.
+	TlsVersion common_go_proto.TLSVersion `protobuf:"varint,2,opt,name=tls_version,json=tlsVersion,proto3,enum=s2a.proto.TLSVersion" json:"tls_version,omitempty"`
+	// The TLS ciphersuite negotiated by the S2A's handshaker module.
+	Ciphersuite common_go_proto.Ciphersuite `protobuf:"varint,3,opt,name=ciphersuite,proto3,enum=s2a.proto.Ciphersuite" json:"ciphersuite,omitempty"`
+	// The authenticated identity of the peer.
+	PeerIdentity *common_go_proto.Identity `protobuf:"bytes,4,opt,name=peer_identity,json=peerIdentity,proto3" json:"peer_identity,omitempty"`
+	// The local identity used during session setup. This could be:
+	//   - The local identity that the client specifies in ClientSessionStartReq.
+	//   - One of the local identities that the server specifies in
+	//     ServerSessionStartReq.
+	//   - If neither client or server specifies local identities, the S2A picks the
+	//     default one. In this case, this field will contain that identity.
+	LocalIdentity *common_go_proto.Identity `protobuf:"bytes,5,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
+	// The SHA256 hash of the peer certificate used in the handshake.
+	PeerCertFingerprint []byte `protobuf:"bytes,6,opt,name=peer_cert_fingerprint,json=peerCertFingerprint,proto3" json:"peer_cert_fingerprint,omitempty"`
+	// The SHA256 hash of the local certificate used in the handshake.
+	LocalCertFingerprint []byte `protobuf:"bytes,7,opt,name=local_cert_fingerprint,json=localCertFingerprint,proto3" json:"local_cert_fingerprint,omitempty"`
+	// Set to true if a cached session was reused to resume the handshake.
+	IsHandshakeResumed bool `protobuf:"varint,8,opt,name=is_handshake_resumed,json=isHandshakeResumed,proto3" json:"is_handshake_resumed,omitempty"`
+}
+
+func (x *S2AContext) Reset() {
+	*x = S2AContext{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_context_s2a_context_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *S2AContext) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*S2AContext) ProtoMessage() {}
+
+func (x *S2AContext) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_context_s2a_context_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use S2AContext.ProtoReflect.Descriptor instead.
+func (*S2AContext) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_context_s2a_context_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *S2AContext) GetApplicationProtocol() string {
+	if x != nil {
+		return x.ApplicationProtocol
+	}
+	return ""
+}
+
+func (x *S2AContext) GetTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.TlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *S2AContext) GetCiphersuite() common_go_proto.Ciphersuite {
+	if x != nil {
+		return x.Ciphersuite
+	}
+	return common_go_proto.Ciphersuite(0)
+}
+
+func (x *S2AContext) GetPeerIdentity() *common_go_proto.Identity {
+	if x != nil {
+		return x.PeerIdentity
+	}
+	return nil
+}
+
+func (x *S2AContext) GetLocalIdentity() *common_go_proto.Identity {
+	if x != nil {
+		return x.LocalIdentity
+	}
+	return nil
+}
+
+func (x *S2AContext) GetPeerCertFingerprint() []byte {
+	if x != nil {
+		return x.PeerCertFingerprint
+	}
+	return nil
+}
+
+func (x *S2AContext) GetLocalCertFingerprint() []byte {
+	if x != nil {
+		return x.LocalCertFingerprint
+	}
+	return nil
+}
+
+func (x *S2AContext) GetIsHandshakeResumed() bool {
+	if x != nil {
+		return x.IsHandshakeResumed
+	}
+	return false
+}
+
+var File_internal_proto_s2a_context_s2a_context_proto protoreflect.FileDescriptor
+
+var file_internal_proto_s2a_context_s2a_context_proto_rawDesc = []byte{
+	0x0a, 0x2c, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2f, 0x73, 0x32, 0x61, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2f, 0x73, 0x32, 0x61,
+	0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x09,
+	0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x22, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
+	0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc3, 0x03,
+	0x0a, 0x0a, 0x53, 0x32, 0x41, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x31, 0x0a, 0x14,
+	0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x61, 0x70, 0x70, 0x6c,
+	0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12,
+	0x36, 0x0a, 0x0b, 0x74, 0x6c, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x74, 0x6c, 0x73,
+	0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x0b, 0x63, 0x69, 0x70, 0x68, 0x65,
+	0x72, 0x73, 0x75, 0x69, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x73,
+	0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73,
+	0x75, 0x69, 0x74, 0x65, 0x52, 0x0b, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75, 0x69, 0x74,
+	0x65, 0x12, 0x38, 0x0a, 0x0d, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69,
+	0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x0c, 0x70,
+	0x65, 0x65, 0x72, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x3a, 0x0a, 0x0e, 0x6c,
+	0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x05, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
+	0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49,
+	0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x65, 0x65, 0x72, 0x5f,
+	0x63, 0x65, 0x72, 0x74, 0x5f, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74,
+	0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x13, 0x70, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74,
+	0x46, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x12, 0x34, 0x0a, 0x16, 0x6c,
+	0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72,
+	0x70, 0x72, 0x69, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x14, 0x6c, 0x6f, 0x63,
+	0x61, 0x6c, 0x43, 0x65, 0x72, 0x74, 0x46, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e,
+	0x74, 0x12, 0x30, 0x0a, 0x14, 0x69, 0x73, 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b,
+	0x65, 0x5f, 0x72, 0x65, 0x73, 0x75, 0x6d, 0x65, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x12, 0x69, 0x73, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x52, 0x65, 0x73, 0x75,
+	0x6d, 0x65, 0x64, 0x42, 0x3b, 0x5a, 0x39, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f,
+	0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x73, 0x32, 0x61, 0x2f, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x32, 0x61, 0x5f,
+	0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x67, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_internal_proto_s2a_context_s2a_context_proto_rawDescOnce sync.Once
+	file_internal_proto_s2a_context_s2a_context_proto_rawDescData = file_internal_proto_s2a_context_s2a_context_proto_rawDesc
+)
+
+func file_internal_proto_s2a_context_s2a_context_proto_rawDescGZIP() []byte {
+	file_internal_proto_s2a_context_s2a_context_proto_rawDescOnce.Do(func() {
+		file_internal_proto_s2a_context_s2a_context_proto_rawDescData = protoimpl.X.CompressGZIP(file_internal_proto_s2a_context_s2a_context_proto_rawDescData)
+	})
+	return file_internal_proto_s2a_context_s2a_context_proto_rawDescData
+}
+
+var file_internal_proto_s2a_context_s2a_context_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_internal_proto_s2a_context_s2a_context_proto_goTypes = []interface{}{
+	(*S2AContext)(nil),               // 0: s2a.proto.S2AContext
+	(common_go_proto.TLSVersion)(0),  // 1: s2a.proto.TLSVersion
+	(common_go_proto.Ciphersuite)(0), // 2: s2a.proto.Ciphersuite
+	(*common_go_proto.Identity)(nil), // 3: s2a.proto.Identity
+}
+var file_internal_proto_s2a_context_s2a_context_proto_depIdxs = []int32{
+	1, // 0: s2a.proto.S2AContext.tls_version:type_name -> s2a.proto.TLSVersion
+	2, // 1: s2a.proto.S2AContext.ciphersuite:type_name -> s2a.proto.Ciphersuite
+	3, // 2: s2a.proto.S2AContext.peer_identity:type_name -> s2a.proto.Identity
+	3, // 3: s2a.proto.S2AContext.local_identity:type_name -> s2a.proto.Identity
+	4, // [4:4] is the sub-list for method output_type
+	4, // [4:4] is the sub-list for method input_type
+	4, // [4:4] is the sub-list for extension type_name
+	4, // [4:4] is the sub-list for extension extendee
+	0, // [0:4] is the sub-list for field type_name
+}
+
+func init() { file_internal_proto_s2a_context_s2a_context_proto_init() }
+func file_internal_proto_s2a_context_s2a_context_proto_init() {
+	if File_internal_proto_s2a_context_s2a_context_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_internal_proto_s2a_context_s2a_context_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*S2AContext); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_internal_proto_s2a_context_s2a_context_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_internal_proto_s2a_context_s2a_context_proto_goTypes,
+		DependencyIndexes: file_internal_proto_s2a_context_s2a_context_proto_depIdxs,
+		MessageInfos:      file_internal_proto_s2a_context_s2a_context_proto_msgTypes,
+	}.Build()
+	File_internal_proto_s2a_context_s2a_context_proto = out.File
+	file_internal_proto_s2a_context_s2a_context_proto_rawDesc = nil
+	file_internal_proto_s2a_context_s2a_context_proto_goTypes = nil
+	file_internal_proto_s2a_context_s2a_context_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/proto/s2a_go_proto/s2a.pb.go b/vendor/github.com/google/s2a-go/internal/proto/s2a_go_proto/s2a.pb.go
new file mode 100644
index 000000000..0a86ebee5
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/proto/s2a_go_proto/s2a.pb.go
@@ -0,0 +1,1377 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        v3.21.12
+// source: internal/proto/s2a/s2a.proto
+
+package s2a_go_proto
+
+import (
+	common_go_proto "github.com/google/s2a-go/internal/proto/common_go_proto"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type AuthenticationMechanism struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// (Optional) Application may specify an identity associated to an
+	// authentication mechanism. Otherwise, S2A assumes that the authentication
+	// mechanism is associated with the default identity. If the default identity
+	// cannot be determined, session setup fails.
+	Identity *common_go_proto.Identity `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
+	// Types that are assignable to MechanismOneof:
+	//
+	//	*AuthenticationMechanism_Token
+	MechanismOneof isAuthenticationMechanism_MechanismOneof `protobuf_oneof:"mechanism_oneof"`
+}
+
+func (x *AuthenticationMechanism) Reset() {
+	*x = AuthenticationMechanism{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *AuthenticationMechanism) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AuthenticationMechanism) ProtoMessage() {}
+
+func (x *AuthenticationMechanism) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AuthenticationMechanism.ProtoReflect.Descriptor instead.
+func (*AuthenticationMechanism) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *AuthenticationMechanism) GetIdentity() *common_go_proto.Identity {
+	if x != nil {
+		return x.Identity
+	}
+	return nil
+}
+
+func (m *AuthenticationMechanism) GetMechanismOneof() isAuthenticationMechanism_MechanismOneof {
+	if m != nil {
+		return m.MechanismOneof
+	}
+	return nil
+}
+
+func (x *AuthenticationMechanism) GetToken() string {
+	if x, ok := x.GetMechanismOneof().(*AuthenticationMechanism_Token); ok {
+		return x.Token
+	}
+	return ""
+}
+
+type isAuthenticationMechanism_MechanismOneof interface {
+	isAuthenticationMechanism_MechanismOneof()
+}
+
+type AuthenticationMechanism_Token struct {
+	// A token that the application uses to authenticate itself to the S2A.
+	Token string `protobuf:"bytes,2,opt,name=token,proto3,oneof"`
+}
+
+func (*AuthenticationMechanism_Token) isAuthenticationMechanism_MechanismOneof() {}
+
+type ClientSessionStartReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The application protocols supported by the client, e.g., "grpc".
+	ApplicationProtocols []string `protobuf:"bytes,1,rep,name=application_protocols,json=applicationProtocols,proto3" json:"application_protocols,omitempty"`
+	// (Optional) The minimum TLS version number that the S2A's handshaker module
+	// will use to set up the session. If this field is not provided, S2A will use
+	// the minimum version it supports.
+	MinTlsVersion common_go_proto.TLSVersion `protobuf:"varint,2,opt,name=min_tls_version,json=minTlsVersion,proto3,enum=s2a.proto.TLSVersion" json:"min_tls_version,omitempty"`
+	// (Optional) The maximum TLS version number that the S2A's handshaker module
+	// will use to set up the session. If this field is not provided, S2A will use
+	// the maximum version it supports.
+	MaxTlsVersion common_go_proto.TLSVersion `protobuf:"varint,3,opt,name=max_tls_version,json=maxTlsVersion,proto3,enum=s2a.proto.TLSVersion" json:"max_tls_version,omitempty"`
+	// The TLS ciphersuites that the client is willing to support.
+	TlsCiphersuites []common_go_proto.Ciphersuite `protobuf:"varint,4,rep,packed,name=tls_ciphersuites,json=tlsCiphersuites,proto3,enum=s2a.proto.Ciphersuite" json:"tls_ciphersuites,omitempty"`
+	// (Optional) Describes which server identities are acceptable by the client.
+	// If target identities are provided and none of them matches the peer
+	// identity of the server, session setup fails.
+	TargetIdentities []*common_go_proto.Identity `protobuf:"bytes,5,rep,name=target_identities,json=targetIdentities,proto3" json:"target_identities,omitempty"`
+	// (Optional) Application may specify a local identity. Otherwise, S2A chooses
+	// the default local identity. If the default identity cannot be determined,
+	// session setup fails.
+	LocalIdentity *common_go_proto.Identity `protobuf:"bytes,6,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
+	// The target name that is used by S2A to configure SNI in the TLS handshake.
+	// It is also used to perform server authorization check if avaiable. This
+	// check is intended to verify that the peer authenticated identity is
+	// authorized to run a service with the target name.
+	// This field MUST only contain the host portion of the server address. It
+	// MUST not contain the scheme or the port number. For example, if the server
+	// address is dns://www.example.com:443, the value of this field should be
+	// set to www.example.com.
+	TargetName string `protobuf:"bytes,7,opt,name=target_name,json=targetName,proto3" json:"target_name,omitempty"`
+}
+
+func (x *ClientSessionStartReq) Reset() {
+	*x = ClientSessionStartReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ClientSessionStartReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ClientSessionStartReq) ProtoMessage() {}
+
+func (x *ClientSessionStartReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ClientSessionStartReq.ProtoReflect.Descriptor instead.
+func (*ClientSessionStartReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *ClientSessionStartReq) GetApplicationProtocols() []string {
+	if x != nil {
+		return x.ApplicationProtocols
+	}
+	return nil
+}
+
+func (x *ClientSessionStartReq) GetMinTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.MinTlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *ClientSessionStartReq) GetMaxTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.MaxTlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *ClientSessionStartReq) GetTlsCiphersuites() []common_go_proto.Ciphersuite {
+	if x != nil {
+		return x.TlsCiphersuites
+	}
+	return nil
+}
+
+func (x *ClientSessionStartReq) GetTargetIdentities() []*common_go_proto.Identity {
+	if x != nil {
+		return x.TargetIdentities
+	}
+	return nil
+}
+
+func (x *ClientSessionStartReq) GetLocalIdentity() *common_go_proto.Identity {
+	if x != nil {
+		return x.LocalIdentity
+	}
+	return nil
+}
+
+func (x *ClientSessionStartReq) GetTargetName() string {
+	if x != nil {
+		return x.TargetName
+	}
+	return ""
+}
+
+type ServerSessionStartReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The application protocols supported by the server, e.g., "grpc".
+	ApplicationProtocols []string `protobuf:"bytes,1,rep,name=application_protocols,json=applicationProtocols,proto3" json:"application_protocols,omitempty"`
+	// (Optional) The minimum TLS version number that the S2A's handshaker module
+	// will use to set up the session. If this field is not provided, S2A will use
+	// the minimum version it supports.
+	MinTlsVersion common_go_proto.TLSVersion `protobuf:"varint,2,opt,name=min_tls_version,json=minTlsVersion,proto3,enum=s2a.proto.TLSVersion" json:"min_tls_version,omitempty"`
+	// (Optional) The maximum TLS version number that the S2A's handshaker module
+	// will use to set up the session. If this field is not provided, S2A will use
+	// the maximum version it supports.
+	MaxTlsVersion common_go_proto.TLSVersion `protobuf:"varint,3,opt,name=max_tls_version,json=maxTlsVersion,proto3,enum=s2a.proto.TLSVersion" json:"max_tls_version,omitempty"`
+	// The TLS ciphersuites that the server is willing to support.
+	TlsCiphersuites []common_go_proto.Ciphersuite `protobuf:"varint,4,rep,packed,name=tls_ciphersuites,json=tlsCiphersuites,proto3,enum=s2a.proto.Ciphersuite" json:"tls_ciphersuites,omitempty"`
+	// (Optional) A list of local identities supported by the server, if
+	// specified. Otherwise, S2A chooses the default local identity. If the
+	// default identity cannot be determined, session setup fails.
+	LocalIdentities []*common_go_proto.Identity `protobuf:"bytes,5,rep,name=local_identities,json=localIdentities,proto3" json:"local_identities,omitempty"`
+	// The byte representation of the first handshake message received from the
+	// client peer. It is possible that this first message is split into multiple
+	// chunks. In this case, the first chunk is sent using this field and the
+	// following chunks are sent using the in_bytes field of SessionNextReq
+	// Specifically, if the client peer is using S2A, this field contains the
+	// bytes in the out_frames field of SessionResp message that the client peer
+	// received from its S2A after initiating the handshake.
+	InBytes []byte `protobuf:"bytes,6,opt,name=in_bytes,json=inBytes,proto3" json:"in_bytes,omitempty"`
+}
+
+func (x *ServerSessionStartReq) Reset() {
+	*x = ServerSessionStartReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ServerSessionStartReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ServerSessionStartReq) ProtoMessage() {}
+
+func (x *ServerSessionStartReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ServerSessionStartReq.ProtoReflect.Descriptor instead.
+func (*ServerSessionStartReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *ServerSessionStartReq) GetApplicationProtocols() []string {
+	if x != nil {
+		return x.ApplicationProtocols
+	}
+	return nil
+}
+
+func (x *ServerSessionStartReq) GetMinTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.MinTlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *ServerSessionStartReq) GetMaxTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.MaxTlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *ServerSessionStartReq) GetTlsCiphersuites() []common_go_proto.Ciphersuite {
+	if x != nil {
+		return x.TlsCiphersuites
+	}
+	return nil
+}
+
+func (x *ServerSessionStartReq) GetLocalIdentities() []*common_go_proto.Identity {
+	if x != nil {
+		return x.LocalIdentities
+	}
+	return nil
+}
+
+func (x *ServerSessionStartReq) GetInBytes() []byte {
+	if x != nil {
+		return x.InBytes
+	}
+	return nil
+}
+
+type SessionNextReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The byte representation of session setup, i.e., handshake messages.
+	// Specifically:
+	//   - All handshake messages sent from the server to the client.
+	//   - All, except for the first, handshake messages sent from the client to
+	//     the server. Note that the first message is communicated to S2A using the
+	//     in_bytes field of ServerSessionStartReq.
+	//
+	// If the peer is using S2A, this field contains the bytes in the out_frames
+	// field of SessionResp message that the peer received from its S2A.
+	InBytes []byte `protobuf:"bytes,1,opt,name=in_bytes,json=inBytes,proto3" json:"in_bytes,omitempty"`
+}
+
+func (x *SessionNextReq) Reset() {
+	*x = SessionNextReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SessionNextReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SessionNextReq) ProtoMessage() {}
+
+func (x *SessionNextReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SessionNextReq.ProtoReflect.Descriptor instead.
+func (*SessionNextReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *SessionNextReq) GetInBytes() []byte {
+	if x != nil {
+		return x.InBytes
+	}
+	return nil
+}
+
+type ResumptionTicketReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The byte representation of a NewSessionTicket message received from the
+	// server.
+	InBytes [][]byte `protobuf:"bytes,1,rep,name=in_bytes,json=inBytes,proto3" json:"in_bytes,omitempty"`
+	// A connection identifier that was created and sent by S2A at the end of a
+	// handshake.
+	ConnectionId uint64 `protobuf:"varint,2,opt,name=connection_id,json=connectionId,proto3" json:"connection_id,omitempty"`
+	// The local identity that was used by S2A during session setup and included
+	// in |SessionResult|.
+	LocalIdentity *common_go_proto.Identity `protobuf:"bytes,3,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
+}
+
+func (x *ResumptionTicketReq) Reset() {
+	*x = ResumptionTicketReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ResumptionTicketReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResumptionTicketReq) ProtoMessage() {}
+
+func (x *ResumptionTicketReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResumptionTicketReq.ProtoReflect.Descriptor instead.
+func (*ResumptionTicketReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *ResumptionTicketReq) GetInBytes() [][]byte {
+	if x != nil {
+		return x.InBytes
+	}
+	return nil
+}
+
+func (x *ResumptionTicketReq) GetConnectionId() uint64 {
+	if x != nil {
+		return x.ConnectionId
+	}
+	return 0
+}
+
+func (x *ResumptionTicketReq) GetLocalIdentity() *common_go_proto.Identity {
+	if x != nil {
+		return x.LocalIdentity
+	}
+	return nil
+}
+
+type SessionReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to ReqOneof:
+	//
+	//	*SessionReq_ClientStart
+	//	*SessionReq_ServerStart
+	//	*SessionReq_Next
+	//	*SessionReq_ResumptionTicket
+	ReqOneof isSessionReq_ReqOneof `protobuf_oneof:"req_oneof"`
+	// (Optional) The authentication mechanisms that the client wishes to use to
+	// authenticate to the S2A, ordered by preference. The S2A will always use the
+	// first authentication mechanism that appears in the list and is supported by
+	// the S2A.
+	AuthMechanisms []*AuthenticationMechanism `protobuf:"bytes,5,rep,name=auth_mechanisms,json=authMechanisms,proto3" json:"auth_mechanisms,omitempty"`
+}
+
+func (x *SessionReq) Reset() {
+	*x = SessionReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SessionReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SessionReq) ProtoMessage() {}
+
+func (x *SessionReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SessionReq.ProtoReflect.Descriptor instead.
+func (*SessionReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{5}
+}
+
+func (m *SessionReq) GetReqOneof() isSessionReq_ReqOneof {
+	if m != nil {
+		return m.ReqOneof
+	}
+	return nil
+}
+
+func (x *SessionReq) GetClientStart() *ClientSessionStartReq {
+	if x, ok := x.GetReqOneof().(*SessionReq_ClientStart); ok {
+		return x.ClientStart
+	}
+	return nil
+}
+
+func (x *SessionReq) GetServerStart() *ServerSessionStartReq {
+	if x, ok := x.GetReqOneof().(*SessionReq_ServerStart); ok {
+		return x.ServerStart
+	}
+	return nil
+}
+
+func (x *SessionReq) GetNext() *SessionNextReq {
+	if x, ok := x.GetReqOneof().(*SessionReq_Next); ok {
+		return x.Next
+	}
+	return nil
+}
+
+func (x *SessionReq) GetResumptionTicket() *ResumptionTicketReq {
+	if x, ok := x.GetReqOneof().(*SessionReq_ResumptionTicket); ok {
+		return x.ResumptionTicket
+	}
+	return nil
+}
+
+func (x *SessionReq) GetAuthMechanisms() []*AuthenticationMechanism {
+	if x != nil {
+		return x.AuthMechanisms
+	}
+	return nil
+}
+
+type isSessionReq_ReqOneof interface {
+	isSessionReq_ReqOneof()
+}
+
+type SessionReq_ClientStart struct {
+	// The client session setup request message.
+	ClientStart *ClientSessionStartReq `protobuf:"bytes,1,opt,name=client_start,json=clientStart,proto3,oneof"`
+}
+
+type SessionReq_ServerStart struct {
+	// The server session setup request message.
+	ServerStart *ServerSessionStartReq `protobuf:"bytes,2,opt,name=server_start,json=serverStart,proto3,oneof"`
+}
+
+type SessionReq_Next struct {
+	// The next session setup message request message.
+	Next *SessionNextReq `protobuf:"bytes,3,opt,name=next,proto3,oneof"`
+}
+
+type SessionReq_ResumptionTicket struct {
+	// The resumption ticket that is received from the server. This message is
+	// only accepted by S2A if it is running as a client and if it is received
+	// after session setup is complete. If S2A is running as a server and it
+	// receives this message, the session is terminated.
+	ResumptionTicket *ResumptionTicketReq `protobuf:"bytes,4,opt,name=resumption_ticket,json=resumptionTicket,proto3,oneof"`
+}
+
+func (*SessionReq_ClientStart) isSessionReq_ReqOneof() {}
+
+func (*SessionReq_ServerStart) isSessionReq_ReqOneof() {}
+
+func (*SessionReq_Next) isSessionReq_ReqOneof() {}
+
+func (*SessionReq_ResumptionTicket) isSessionReq_ReqOneof() {}
+
+type SessionState struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The TLS version number that the S2A's handshaker module used to set up the
+	// session.
+	TlsVersion common_go_proto.TLSVersion `protobuf:"varint,1,opt,name=tls_version,json=tlsVersion,proto3,enum=s2a.proto.TLSVersion" json:"tls_version,omitempty"`
+	// The TLS ciphersuite negotiated by the S2A's handshaker module.
+	TlsCiphersuite common_go_proto.Ciphersuite `protobuf:"varint,2,opt,name=tls_ciphersuite,json=tlsCiphersuite,proto3,enum=s2a.proto.Ciphersuite" json:"tls_ciphersuite,omitempty"`
+	// The sequence number of the next, incoming, TLS record.
+	InSequence uint64 `protobuf:"varint,3,opt,name=in_sequence,json=inSequence,proto3" json:"in_sequence,omitempty"`
+	// The sequence number of the next, outgoing, TLS record.
+	OutSequence uint64 `protobuf:"varint,4,opt,name=out_sequence,json=outSequence,proto3" json:"out_sequence,omitempty"`
+	// The key for the inbound direction.
+	InKey []byte `protobuf:"bytes,5,opt,name=in_key,json=inKey,proto3" json:"in_key,omitempty"`
+	// The key for the outbound direction.
+	OutKey []byte `protobuf:"bytes,6,opt,name=out_key,json=outKey,proto3" json:"out_key,omitempty"`
+	// The constant part of the record nonce for the outbound direction.
+	InFixedNonce []byte `protobuf:"bytes,7,opt,name=in_fixed_nonce,json=inFixedNonce,proto3" json:"in_fixed_nonce,omitempty"`
+	// The constant part of the record nonce for the inbound direction.
+	OutFixedNonce []byte `protobuf:"bytes,8,opt,name=out_fixed_nonce,json=outFixedNonce,proto3" json:"out_fixed_nonce,omitempty"`
+	// A connection identifier that can be provided to S2A to perform operations
+	// related to this connection. This identifier will be stored by the record
+	// protocol, and included in the |ResumptionTicketReq| message that is later
+	// sent back to S2A. This field is set only for client-side connections.
+	ConnectionId uint64 `protobuf:"varint,9,opt,name=connection_id,json=connectionId,proto3" json:"connection_id,omitempty"`
+	// Set to true if a cached session was reused to do an abbreviated handshake.
+	IsHandshakeResumed bool `protobuf:"varint,10,opt,name=is_handshake_resumed,json=isHandshakeResumed,proto3" json:"is_handshake_resumed,omitempty"`
+}
+
+func (x *SessionState) Reset() {
+	*x = SessionState{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SessionState) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SessionState) ProtoMessage() {}
+
+func (x *SessionState) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SessionState.ProtoReflect.Descriptor instead.
+func (*SessionState) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *SessionState) GetTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.TlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *SessionState) GetTlsCiphersuite() common_go_proto.Ciphersuite {
+	if x != nil {
+		return x.TlsCiphersuite
+	}
+	return common_go_proto.Ciphersuite(0)
+}
+
+func (x *SessionState) GetInSequence() uint64 {
+	if x != nil {
+		return x.InSequence
+	}
+	return 0
+}
+
+func (x *SessionState) GetOutSequence() uint64 {
+	if x != nil {
+		return x.OutSequence
+	}
+	return 0
+}
+
+func (x *SessionState) GetInKey() []byte {
+	if x != nil {
+		return x.InKey
+	}
+	return nil
+}
+
+func (x *SessionState) GetOutKey() []byte {
+	if x != nil {
+		return x.OutKey
+	}
+	return nil
+}
+
+func (x *SessionState) GetInFixedNonce() []byte {
+	if x != nil {
+		return x.InFixedNonce
+	}
+	return nil
+}
+
+func (x *SessionState) GetOutFixedNonce() []byte {
+	if x != nil {
+		return x.OutFixedNonce
+	}
+	return nil
+}
+
+func (x *SessionState) GetConnectionId() uint64 {
+	if x != nil {
+		return x.ConnectionId
+	}
+	return 0
+}
+
+func (x *SessionState) GetIsHandshakeResumed() bool {
+	if x != nil {
+		return x.IsHandshakeResumed
+	}
+	return false
+}
+
+type SessionResult struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The application protocol negotiated for this session.
+	ApplicationProtocol string `protobuf:"bytes,1,opt,name=application_protocol,json=applicationProtocol,proto3" json:"application_protocol,omitempty"`
+	// The session state at the end. This state contains all cryptographic
+	// material required to initialize the record protocol object.
+	State *SessionState `protobuf:"bytes,2,opt,name=state,proto3" json:"state,omitempty"`
+	// The authenticated identity of the peer.
+	PeerIdentity *common_go_proto.Identity `protobuf:"bytes,4,opt,name=peer_identity,json=peerIdentity,proto3" json:"peer_identity,omitempty"`
+	// The local identity used during session setup. This could be:
+	//   - The local identity that the client specifies in ClientSessionStartReq.
+	//   - One of the local identities that the server specifies in
+	//     ServerSessionStartReq.
+	//   - If neither client or server specifies local identities, the S2A picks the
+	//     default one. In this case, this field will contain that identity.
+	LocalIdentity *common_go_proto.Identity `protobuf:"bytes,5,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
+	// The SHA256 hash of the local certificate used in the handshake.
+	LocalCertFingerprint []byte `protobuf:"bytes,6,opt,name=local_cert_fingerprint,json=localCertFingerprint,proto3" json:"local_cert_fingerprint,omitempty"`
+	// The SHA256 hash of the peer certificate used in the handshake.
+	PeerCertFingerprint []byte `protobuf:"bytes,7,opt,name=peer_cert_fingerprint,json=peerCertFingerprint,proto3" json:"peer_cert_fingerprint,omitempty"`
+}
+
+func (x *SessionResult) Reset() {
+	*x = SessionResult{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[7]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SessionResult) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SessionResult) ProtoMessage() {}
+
+func (x *SessionResult) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[7]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SessionResult.ProtoReflect.Descriptor instead.
+func (*SessionResult) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *SessionResult) GetApplicationProtocol() string {
+	if x != nil {
+		return x.ApplicationProtocol
+	}
+	return ""
+}
+
+func (x *SessionResult) GetState() *SessionState {
+	if x != nil {
+		return x.State
+	}
+	return nil
+}
+
+func (x *SessionResult) GetPeerIdentity() *common_go_proto.Identity {
+	if x != nil {
+		return x.PeerIdentity
+	}
+	return nil
+}
+
+func (x *SessionResult) GetLocalIdentity() *common_go_proto.Identity {
+	if x != nil {
+		return x.LocalIdentity
+	}
+	return nil
+}
+
+func (x *SessionResult) GetLocalCertFingerprint() []byte {
+	if x != nil {
+		return x.LocalCertFingerprint
+	}
+	return nil
+}
+
+func (x *SessionResult) GetPeerCertFingerprint() []byte {
+	if x != nil {
+		return x.PeerCertFingerprint
+	}
+	return nil
+}
+
+type SessionStatus struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The status code that is specific to the application and the implementation
+	// of S2A, e.g., gRPC status code.
+	Code uint32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"`
+	// The status details.
+	Details string `protobuf:"bytes,2,opt,name=details,proto3" json:"details,omitempty"`
+}
+
+func (x *SessionStatus) Reset() {
+	*x = SessionStatus{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[8]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SessionStatus) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SessionStatus) ProtoMessage() {}
+
+func (x *SessionStatus) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[8]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SessionStatus.ProtoReflect.Descriptor instead.
+func (*SessionStatus) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *SessionStatus) GetCode() uint32 {
+	if x != nil {
+		return x.Code
+	}
+	return 0
+}
+
+func (x *SessionStatus) GetDetails() string {
+	if x != nil {
+		return x.Details
+	}
+	return ""
+}
+
+type SessionResp struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The local identity used during session setup. This could be:
+	//   - The local identity that the client specifies in ClientSessionStartReq.
+	//   - One of the local identities that the server specifies in
+	//     ServerSessionStartReq.
+	//   - If neither client or server specifies local identities, the S2A picks the
+	//     default one. In this case, this field will contain that identity.
+	//
+	// If the SessionResult is populated, then this must coincide with the local
+	// identity specified in the SessionResult; otherwise, the handshake must
+	// fail.
+	LocalIdentity *common_go_proto.Identity `protobuf:"bytes,1,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
+	// The byte representation of the frames that should be sent to the peer. May
+	// be empty if nothing needs to be sent to the peer or if in_bytes in the
+	// SessionReq is incomplete. All bytes in a non-empty out_frames must be sent
+	// to the peer even if the session setup status is not OK as these frames may
+	// contain appropriate alerts.
+	OutFrames []byte `protobuf:"bytes,2,opt,name=out_frames,json=outFrames,proto3" json:"out_frames,omitempty"`
+	// Number of bytes in the in_bytes field that are consumed by S2A. It is
+	// possible that part of in_bytes is unrelated to the session setup process.
+	BytesConsumed uint32 `protobuf:"varint,3,opt,name=bytes_consumed,json=bytesConsumed,proto3" json:"bytes_consumed,omitempty"`
+	// This is set if the session is successfully set up. out_frames may
+	// still be set to frames that needs to be forwarded to the peer.
+	Result *SessionResult `protobuf:"bytes,4,opt,name=result,proto3" json:"result,omitempty"`
+	// Status of session setup at the current stage.
+	Status *SessionStatus `protobuf:"bytes,5,opt,name=status,proto3" json:"status,omitempty"`
+}
+
+func (x *SessionResp) Reset() {
+	*x = SessionResp{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_s2a_s2a_proto_msgTypes[9]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SessionResp) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SessionResp) ProtoMessage() {}
+
+func (x *SessionResp) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_s2a_s2a_proto_msgTypes[9]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SessionResp.ProtoReflect.Descriptor instead.
+func (*SessionResp) Descriptor() ([]byte, []int) {
+	return file_internal_proto_s2a_s2a_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *SessionResp) GetLocalIdentity() *common_go_proto.Identity {
+	if x != nil {
+		return x.LocalIdentity
+	}
+	return nil
+}
+
+func (x *SessionResp) GetOutFrames() []byte {
+	if x != nil {
+		return x.OutFrames
+	}
+	return nil
+}
+
+func (x *SessionResp) GetBytesConsumed() uint32 {
+	if x != nil {
+		return x.BytesConsumed
+	}
+	return 0
+}
+
+func (x *SessionResp) GetResult() *SessionResult {
+	if x != nil {
+		return x.Result
+	}
+	return nil
+}
+
+func (x *SessionResp) GetStatus() *SessionStatus {
+	if x != nil {
+		return x.Status
+	}
+	return nil
+}
+
+var File_internal_proto_s2a_s2a_proto protoreflect.FileDescriptor
+
+var file_internal_proto_s2a_s2a_proto_rawDesc = []byte{
+	0x0a, 0x1c, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2f, 0x73, 0x32, 0x61, 0x2f, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x09,
+	0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x22, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
+	0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x75, 0x0a,
+	0x17, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d,
+	0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x12, 0x2f, 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e,
+	0x74, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x32, 0x61,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52,
+	0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x16, 0x0a, 0x05, 0x74, 0x6f, 0x6b,
+	0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65,
+	0x6e, 0x42, 0x11, 0x0a, 0x0f, 0x6d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x5f, 0x6f,
+	0x6e, 0x65, 0x6f, 0x66, 0x22, 0xac, 0x03, 0x0a, 0x15, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53,
+	0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x72, 0x74, 0x52, 0x65, 0x71, 0x12, 0x33,
+	0x0a, 0x15, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x61,
+	0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63,
+	0x6f, 0x6c, 0x73, 0x12, 0x3d, 0x0a, 0x0f, 0x6d, 0x69, 0x6e, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x76,
+	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x73,
+	0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x6d, 0x69, 0x6e, 0x54, 0x6c, 0x73, 0x56, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x12, 0x3d, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x76, 0x65,
+	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x73, 0x32,
+	0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x52, 0x0d, 0x6d, 0x61, 0x78, 0x54, 0x6c, 0x73, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
+	0x6e, 0x12, 0x41, 0x0a, 0x10, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73,
+	0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x73, 0x32,
+	0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75,
+	0x69, 0x74, 0x65, 0x52, 0x0f, 0x74, 0x6c, 0x73, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75,
+	0x69, 0x74, 0x65, 0x73, 0x12, 0x40, 0x0a, 0x11, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x69,
+	0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x13, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e,
+	0x74, 0x69, 0x74, 0x79, 0x52, 0x10, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x49, 0x64, 0x65, 0x6e,
+	0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f,
+	0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13,
+	0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74,
+	0x69, 0x74, 0x79, 0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69,
+	0x74, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x6e, 0x61, 0x6d,
+	0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x4e,
+	0x61, 0x6d, 0x65, 0x22, 0xe8, 0x02, 0x0a, 0x15, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x53, 0x65,
+	0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x72, 0x74, 0x52, 0x65, 0x71, 0x12, 0x33, 0x0a,
+	0x15, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x61, 0x70,
+	0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f,
+	0x6c, 0x73, 0x12, 0x3d, 0x0a, 0x0f, 0x6d, 0x69, 0x6e, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x76, 0x65,
+	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x73, 0x32,
+	0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x52, 0x0d, 0x6d, 0x69, 0x6e, 0x54, 0x6c, 0x73, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
+	0x6e, 0x12, 0x3d, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x76, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x73, 0x32, 0x61,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
+	0x6e, 0x52, 0x0d, 0x6d, 0x61, 0x78, 0x54, 0x6c, 0x73, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
+	0x12, 0x41, 0x0a, 0x10, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75,
+	0x69, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x73, 0x32, 0x61,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75, 0x69,
+	0x74, 0x65, 0x52, 0x0f, 0x74, 0x6c, 0x73, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75, 0x69,
+	0x74, 0x65, 0x73, 0x12, 0x3e, 0x0a, 0x10, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x65,
+	0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e,
+	0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69,
+	0x74, 0x79, 0x52, 0x0f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74,
+	0x69, 0x65, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x6e, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18,
+	0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x69, 0x6e, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0x2b,
+	0x0a, 0x0e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x4e, 0x65, 0x78, 0x74, 0x52, 0x65, 0x71,
+	0x12, 0x19, 0x0a, 0x08, 0x69, 0x6e, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0c, 0x52, 0x07, 0x69, 0x6e, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0x91, 0x01, 0x0a, 0x13,
+	0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74,
+	0x52, 0x65, 0x71, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x6e, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18,
+	0x01, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x07, 0x69, 0x6e, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x23,
+	0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x49, 0x64, 0x12, 0x3a, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x65,
+	0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x32,
+	0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79,
+	0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22,
+	0xf4, 0x02, 0x0a, 0x0a, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x45,
+	0x0a, 0x0c, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74,
+	0x61, 0x72, 0x74, 0x52, 0x65, 0x71, 0x48, 0x00, 0x52, 0x0b, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
+	0x53, 0x74, 0x61, 0x72, 0x74, 0x12, 0x45, 0x0a, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f,
+	0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x73, 0x32,
+	0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x53, 0x65,
+	0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x72, 0x74, 0x52, 0x65, 0x71, 0x48, 0x00, 0x52,
+	0x0b, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x53, 0x74, 0x61, 0x72, 0x74, 0x12, 0x2f, 0x0a, 0x04,
+	0x6e, 0x65, 0x78, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x73, 0x32, 0x61,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x4e, 0x65,
+	0x78, 0x74, 0x52, 0x65, 0x71, 0x48, 0x00, 0x52, 0x04, 0x6e, 0x65, 0x78, 0x74, 0x12, 0x4d, 0x0a,
+	0x11, 0x72, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x63, 0x6b,
+	0x65, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54,
+	0x69, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x65, 0x71, 0x48, 0x00, 0x52, 0x10, 0x72, 0x65, 0x73, 0x75,
+	0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x4b, 0x0a, 0x0f,
+	0x61, 0x75, 0x74, 0x68, 0x5f, 0x6d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x73, 0x18,
+	0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x4d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x52, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x4d,
+	0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x73, 0x42, 0x0b, 0x0a, 0x09, 0x72, 0x65, 0x71,
+	0x5f, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x22, 0xa0, 0x03, 0x0a, 0x0c, 0x53, 0x65, 0x73, 0x73, 0x69,
+	0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x36, 0x0a, 0x0b, 0x74, 0x6c, 0x73, 0x5f, 0x76,
+	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x73,
+	0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x74, 0x6c, 0x73, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12,
+	0x3f, 0x0a, 0x0f, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75, 0x69,
+	0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75, 0x69, 0x74, 0x65,
+	0x52, 0x0e, 0x74, 0x6c, 0x73, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75, 0x69, 0x74, 0x65,
+	0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6e, 0x5f, 0x73, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x69, 0x6e, 0x53, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63,
+	0x65, 0x12, 0x21, 0x0a, 0x0c, 0x6f, 0x75, 0x74, 0x5f, 0x73, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63,
+	0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x6f, 0x75, 0x74, 0x53, 0x65, 0x71, 0x75,
+	0x65, 0x6e, 0x63, 0x65, 0x12, 0x15, 0x0a, 0x06, 0x69, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x05,
+	0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x69, 0x6e, 0x4b, 0x65, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x6f,
+	0x75, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x6f, 0x75,
+	0x74, 0x4b, 0x65, 0x79, 0x12, 0x24, 0x0a, 0x0e, 0x69, 0x6e, 0x5f, 0x66, 0x69, 0x78, 0x65, 0x64,
+	0x5f, 0x6e, 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x69, 0x6e,
+	0x46, 0x69, 0x78, 0x65, 0x64, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x12, 0x26, 0x0a, 0x0f, 0x6f, 0x75,
+	0x74, 0x5f, 0x66, 0x69, 0x78, 0x65, 0x64, 0x5f, 0x6e, 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x08, 0x20,
+	0x01, 0x28, 0x0c, 0x52, 0x0d, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x78, 0x65, 0x64, 0x4e, 0x6f, 0x6e,
+	0x63, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x5f, 0x69, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x12, 0x30, 0x0a, 0x14, 0x69, 0x73, 0x5f, 0x68, 0x61,
+	0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x75, 0x6d, 0x65, 0x64, 0x18,
+	0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x69, 0x73, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61,
+	0x6b, 0x65, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x65, 0x64, 0x22, 0xd1, 0x02, 0x0a, 0x0d, 0x53, 0x65,
+	0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x31, 0x0a, 0x14, 0x61,
+	0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x63, 0x6f, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x61, 0x70, 0x70, 0x6c, 0x69,
+	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x2d,
+	0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e,
+	0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f,
+	0x6e, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x38, 0x0a,
+	0x0d, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x04,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x0c, 0x70, 0x65, 0x65, 0x72, 0x49,
+	0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x3a, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
+	0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x13, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e,
+	0x74, 0x69, 0x74, 0x79, 0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e, 0x74,
+	0x69, 0x74, 0x79, 0x12, 0x34, 0x0a, 0x16, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x63, 0x65, 0x72,
+	0x74, 0x5f, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x18, 0x06, 0x20,
+	0x01, 0x28, 0x0c, 0x52, 0x14, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x65, 0x72, 0x74, 0x46, 0x69,
+	0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x65, 0x65,
+	0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69,
+	0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x13, 0x70, 0x65, 0x65, 0x72, 0x43, 0x65,
+	0x72, 0x74, 0x46, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x22, 0x3d, 0x0a,
+	0x0d, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x12,
+	0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x63, 0x6f,
+	0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0xf3, 0x01, 0x0a,
+	0x0b, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x3a, 0x0a, 0x0e,
+	0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
+	0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x6f, 0x75, 0x74, 0x5f,
+	0x66, 0x72, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x6f, 0x75,
+	0x74, 0x46, 0x72, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x62, 0x79, 0x74, 0x65, 0x73,
+	0x5f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52,
+	0x0d, 0x62, 0x79, 0x74, 0x65, 0x73, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x64, 0x12, 0x30,
+	0x0a, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18,
+	0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69,
+	0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74,
+	0x12, 0x30, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x18, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x65, 0x73,
+	0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74,
+	0x75, 0x73, 0x32, 0x51, 0x0a, 0x0a, 0x53, 0x32, 0x41, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
+	0x12, 0x43, 0x0a, 0x0c, 0x53, 0x65, 0x74, 0x55, 0x70, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e,
+	0x12, 0x15, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x65, 0x73,
+	0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x1a, 0x16, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x22,
+	0x00, 0x28, 0x01, 0x30, 0x01, 0x42, 0x33, 0x5a, 0x31, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
+	0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x73, 0x32, 0x61, 0x2f, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x32,
+	0x61, 0x5f, 0x67, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x33,
+}
+
+var (
+	file_internal_proto_s2a_s2a_proto_rawDescOnce sync.Once
+	file_internal_proto_s2a_s2a_proto_rawDescData = file_internal_proto_s2a_s2a_proto_rawDesc
+)
+
+func file_internal_proto_s2a_s2a_proto_rawDescGZIP() []byte {
+	file_internal_proto_s2a_s2a_proto_rawDescOnce.Do(func() {
+		file_internal_proto_s2a_s2a_proto_rawDescData = protoimpl.X.CompressGZIP(file_internal_proto_s2a_s2a_proto_rawDescData)
+	})
+	return file_internal_proto_s2a_s2a_proto_rawDescData
+}
+
+var file_internal_proto_s2a_s2a_proto_msgTypes = make([]protoimpl.MessageInfo, 10)
+var file_internal_proto_s2a_s2a_proto_goTypes = []interface{}{
+	(*AuthenticationMechanism)(nil),  // 0: s2a.proto.AuthenticationMechanism
+	(*ClientSessionStartReq)(nil),    // 1: s2a.proto.ClientSessionStartReq
+	(*ServerSessionStartReq)(nil),    // 2: s2a.proto.ServerSessionStartReq
+	(*SessionNextReq)(nil),           // 3: s2a.proto.SessionNextReq
+	(*ResumptionTicketReq)(nil),      // 4: s2a.proto.ResumptionTicketReq
+	(*SessionReq)(nil),               // 5: s2a.proto.SessionReq
+	(*SessionState)(nil),             // 6: s2a.proto.SessionState
+	(*SessionResult)(nil),            // 7: s2a.proto.SessionResult
+	(*SessionStatus)(nil),            // 8: s2a.proto.SessionStatus
+	(*SessionResp)(nil),              // 9: s2a.proto.SessionResp
+	(*common_go_proto.Identity)(nil), // 10: s2a.proto.Identity
+	(common_go_proto.TLSVersion)(0),  // 11: s2a.proto.TLSVersion
+	(common_go_proto.Ciphersuite)(0), // 12: s2a.proto.Ciphersuite
+}
+var file_internal_proto_s2a_s2a_proto_depIdxs = []int32{
+	10, // 0: s2a.proto.AuthenticationMechanism.identity:type_name -> s2a.proto.Identity
+	11, // 1: s2a.proto.ClientSessionStartReq.min_tls_version:type_name -> s2a.proto.TLSVersion
+	11, // 2: s2a.proto.ClientSessionStartReq.max_tls_version:type_name -> s2a.proto.TLSVersion
+	12, // 3: s2a.proto.ClientSessionStartReq.tls_ciphersuites:type_name -> s2a.proto.Ciphersuite
+	10, // 4: s2a.proto.ClientSessionStartReq.target_identities:type_name -> s2a.proto.Identity
+	10, // 5: s2a.proto.ClientSessionStartReq.local_identity:type_name -> s2a.proto.Identity
+	11, // 6: s2a.proto.ServerSessionStartReq.min_tls_version:type_name -> s2a.proto.TLSVersion
+	11, // 7: s2a.proto.ServerSessionStartReq.max_tls_version:type_name -> s2a.proto.TLSVersion
+	12, // 8: s2a.proto.ServerSessionStartReq.tls_ciphersuites:type_name -> s2a.proto.Ciphersuite
+	10, // 9: s2a.proto.ServerSessionStartReq.local_identities:type_name -> s2a.proto.Identity
+	10, // 10: s2a.proto.ResumptionTicketReq.local_identity:type_name -> s2a.proto.Identity
+	1,  // 11: s2a.proto.SessionReq.client_start:type_name -> s2a.proto.ClientSessionStartReq
+	2,  // 12: s2a.proto.SessionReq.server_start:type_name -> s2a.proto.ServerSessionStartReq
+	3,  // 13: s2a.proto.SessionReq.next:type_name -> s2a.proto.SessionNextReq
+	4,  // 14: s2a.proto.SessionReq.resumption_ticket:type_name -> s2a.proto.ResumptionTicketReq
+	0,  // 15: s2a.proto.SessionReq.auth_mechanisms:type_name -> s2a.proto.AuthenticationMechanism
+	11, // 16: s2a.proto.SessionState.tls_version:type_name -> s2a.proto.TLSVersion
+	12, // 17: s2a.proto.SessionState.tls_ciphersuite:type_name -> s2a.proto.Ciphersuite
+	6,  // 18: s2a.proto.SessionResult.state:type_name -> s2a.proto.SessionState
+	10, // 19: s2a.proto.SessionResult.peer_identity:type_name -> s2a.proto.Identity
+	10, // 20: s2a.proto.SessionResult.local_identity:type_name -> s2a.proto.Identity
+	10, // 21: s2a.proto.SessionResp.local_identity:type_name -> s2a.proto.Identity
+	7,  // 22: s2a.proto.SessionResp.result:type_name -> s2a.proto.SessionResult
+	8,  // 23: s2a.proto.SessionResp.status:type_name -> s2a.proto.SessionStatus
+	5,  // 24: s2a.proto.S2AService.SetUpSession:input_type -> s2a.proto.SessionReq
+	9,  // 25: s2a.proto.S2AService.SetUpSession:output_type -> s2a.proto.SessionResp
+	25, // [25:26] is the sub-list for method output_type
+	24, // [24:25] is the sub-list for method input_type
+	24, // [24:24] is the sub-list for extension type_name
+	24, // [24:24] is the sub-list for extension extendee
+	0,  // [0:24] is the sub-list for field type_name
+}
+
+func init() { file_internal_proto_s2a_s2a_proto_init() }
+func file_internal_proto_s2a_s2a_proto_init() {
+	if File_internal_proto_s2a_s2a_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_internal_proto_s2a_s2a_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*AuthenticationMechanism); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_s2a_s2a_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ClientSessionStartReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_s2a_s2a_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ServerSessionStartReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_s2a_s2a_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SessionNextReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_s2a_s2a_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ResumptionTicketReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_s2a_s2a_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SessionReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_s2a_s2a_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SessionState); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_s2a_s2a_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SessionResult); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_s2a_s2a_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SessionStatus); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_s2a_s2a_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SessionResp); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_internal_proto_s2a_s2a_proto_msgTypes[0].OneofWrappers = []interface{}{
+		(*AuthenticationMechanism_Token)(nil),
+	}
+	file_internal_proto_s2a_s2a_proto_msgTypes[5].OneofWrappers = []interface{}{
+		(*SessionReq_ClientStart)(nil),
+		(*SessionReq_ServerStart)(nil),
+		(*SessionReq_Next)(nil),
+		(*SessionReq_ResumptionTicket)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_internal_proto_s2a_s2a_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   10,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_internal_proto_s2a_s2a_proto_goTypes,
+		DependencyIndexes: file_internal_proto_s2a_s2a_proto_depIdxs,
+		MessageInfos:      file_internal_proto_s2a_s2a_proto_msgTypes,
+	}.Build()
+	File_internal_proto_s2a_s2a_proto = out.File
+	file_internal_proto_s2a_s2a_proto_rawDesc = nil
+	file_internal_proto_s2a_s2a_proto_goTypes = nil
+	file_internal_proto_s2a_s2a_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/proto/s2a_go_proto/s2a_grpc.pb.go b/vendor/github.com/google/s2a-go/internal/proto/s2a_go_proto/s2a_grpc.pb.go
new file mode 100644
index 000000000..0fa582fc8
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/proto/s2a_go_proto/s2a_grpc.pb.go
@@ -0,0 +1,173 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.3.0
+// - protoc             v3.21.12
+// source: internal/proto/s2a/s2a.proto
+
+package s2a_go_proto
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.32.0 or later.
+const _ = grpc.SupportPackageIsVersion7
+
+const (
+	S2AService_SetUpSession_FullMethodName = "/s2a.proto.S2AService/SetUpSession"
+)
+
+// S2AServiceClient is the client API for S2AService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type S2AServiceClient interface {
+	// S2A service accepts a stream of session setup requests and returns a stream
+	// of session setup responses. The client of this service is expected to send
+	// exactly one client_start or server_start message followed by at least one
+	// next message. Applications running TLS clients can send requests with
+	// resumption_ticket messages only after the session is successfully set up.
+	//
+	// Every time S2A client sends a request, this service sends a response.
+	// However, clients do not have to wait for service response before sending
+	// the next request.
+	SetUpSession(ctx context.Context, opts ...grpc.CallOption) (S2AService_SetUpSessionClient, error)
+}
+
+type s2AServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewS2AServiceClient(cc grpc.ClientConnInterface) S2AServiceClient {
+	return &s2AServiceClient{cc}
+}
+
+func (c *s2AServiceClient) SetUpSession(ctx context.Context, opts ...grpc.CallOption) (S2AService_SetUpSessionClient, error) {
+	stream, err := c.cc.NewStream(ctx, &S2AService_ServiceDesc.Streams[0], S2AService_SetUpSession_FullMethodName, opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &s2AServiceSetUpSessionClient{stream}
+	return x, nil
+}
+
+type S2AService_SetUpSessionClient interface {
+	Send(*SessionReq) error
+	Recv() (*SessionResp, error)
+	grpc.ClientStream
+}
+
+type s2AServiceSetUpSessionClient struct {
+	grpc.ClientStream
+}
+
+func (x *s2AServiceSetUpSessionClient) Send(m *SessionReq) error {
+	return x.ClientStream.SendMsg(m)
+}
+
+func (x *s2AServiceSetUpSessionClient) Recv() (*SessionResp, error) {
+	m := new(SessionResp)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+// S2AServiceServer is the server API for S2AService service.
+// All implementations must embed UnimplementedS2AServiceServer
+// for forward compatibility
+type S2AServiceServer interface {
+	// S2A service accepts a stream of session setup requests and returns a stream
+	// of session setup responses. The client of this service is expected to send
+	// exactly one client_start or server_start message followed by at least one
+	// next message. Applications running TLS clients can send requests with
+	// resumption_ticket messages only after the session is successfully set up.
+	//
+	// Every time S2A client sends a request, this service sends a response.
+	// However, clients do not have to wait for service response before sending
+	// the next request.
+	SetUpSession(S2AService_SetUpSessionServer) error
+	mustEmbedUnimplementedS2AServiceServer()
+}
+
+// UnimplementedS2AServiceServer must be embedded to have forward compatible implementations.
+type UnimplementedS2AServiceServer struct {
+}
+
+func (UnimplementedS2AServiceServer) SetUpSession(S2AService_SetUpSessionServer) error {
+	return status.Errorf(codes.Unimplemented, "method SetUpSession not implemented")
+}
+func (UnimplementedS2AServiceServer) mustEmbedUnimplementedS2AServiceServer() {}
+
+// UnsafeS2AServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to S2AServiceServer will
+// result in compilation errors.
+type UnsafeS2AServiceServer interface {
+	mustEmbedUnimplementedS2AServiceServer()
+}
+
+func RegisterS2AServiceServer(s grpc.ServiceRegistrar, srv S2AServiceServer) {
+	s.RegisterService(&S2AService_ServiceDesc, srv)
+}
+
+func _S2AService_SetUpSession_Handler(srv interface{}, stream grpc.ServerStream) error {
+	return srv.(S2AServiceServer).SetUpSession(&s2AServiceSetUpSessionServer{stream})
+}
+
+type S2AService_SetUpSessionServer interface {
+	Send(*SessionResp) error
+	Recv() (*SessionReq, error)
+	grpc.ServerStream
+}
+
+type s2AServiceSetUpSessionServer struct {
+	grpc.ServerStream
+}
+
+func (x *s2AServiceSetUpSessionServer) Send(m *SessionResp) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+func (x *s2AServiceSetUpSessionServer) Recv() (*SessionReq, error) {
+	m := new(SessionReq)
+	if err := x.ServerStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+// S2AService_ServiceDesc is the grpc.ServiceDesc for S2AService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var S2AService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "s2a.proto.S2AService",
+	HandlerType: (*S2AServiceServer)(nil),
+	Methods:     []grpc.MethodDesc{},
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "SetUpSession",
+			Handler:       _S2AService_SetUpSession_Handler,
+			ServerStreams: true,
+			ClientStreams: true,
+		},
+	},
+	Metadata: "internal/proto/s2a/s2a.proto",
+}
diff --git a/vendor/github.com/google/s2a-go/internal/proto/v2/common_go_proto/common.pb.go b/vendor/github.com/google/s2a-go/internal/proto/v2/common_go_proto/common.pb.go
new file mode 100644
index 000000000..c84bed977
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/proto/v2/common_go_proto/common.pb.go
@@ -0,0 +1,367 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        v3.21.12
+// source: internal/proto/v2/common/common.proto
+
+package common_go_proto
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// The TLS 1.0-1.2 ciphersuites that the application can negotiate when using
+// S2A.
+type Ciphersuite int32
+
+const (
+	Ciphersuite_CIPHERSUITE_UNSPECIFIED                               Ciphersuite = 0
+	Ciphersuite_CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       Ciphersuite = 1
+	Ciphersuite_CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384       Ciphersuite = 2
+	Ciphersuite_CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 Ciphersuite = 3
+	Ciphersuite_CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256         Ciphersuite = 4
+	Ciphersuite_CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384         Ciphersuite = 5
+	Ciphersuite_CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   Ciphersuite = 6
+)
+
+// Enum value maps for Ciphersuite.
+var (
+	Ciphersuite_name = map[int32]string{
+		0: "CIPHERSUITE_UNSPECIFIED",
+		1: "CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+		2: "CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+		3: "CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+		4: "CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+		5: "CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+		6: "CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+	}
+	Ciphersuite_value = map[string]int32{
+		"CIPHERSUITE_UNSPECIFIED":                               0,
+		"CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256":       1,
+		"CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384":       2,
+		"CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": 3,
+		"CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256":         4,
+		"CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384":         5,
+		"CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256":   6,
+	}
+)
+
+func (x Ciphersuite) Enum() *Ciphersuite {
+	p := new(Ciphersuite)
+	*p = x
+	return p
+}
+
+func (x Ciphersuite) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Ciphersuite) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_common_common_proto_enumTypes[0].Descriptor()
+}
+
+func (Ciphersuite) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_common_common_proto_enumTypes[0]
+}
+
+func (x Ciphersuite) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Ciphersuite.Descriptor instead.
+func (Ciphersuite) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_common_common_proto_rawDescGZIP(), []int{0}
+}
+
+// The TLS versions supported by S2A's handshaker module.
+type TLSVersion int32
+
+const (
+	TLSVersion_TLS_VERSION_UNSPECIFIED TLSVersion = 0
+	TLSVersion_TLS_VERSION_1_0         TLSVersion = 1
+	TLSVersion_TLS_VERSION_1_1         TLSVersion = 2
+	TLSVersion_TLS_VERSION_1_2         TLSVersion = 3
+	TLSVersion_TLS_VERSION_1_3         TLSVersion = 4
+)
+
+// Enum value maps for TLSVersion.
+var (
+	TLSVersion_name = map[int32]string{
+		0: "TLS_VERSION_UNSPECIFIED",
+		1: "TLS_VERSION_1_0",
+		2: "TLS_VERSION_1_1",
+		3: "TLS_VERSION_1_2",
+		4: "TLS_VERSION_1_3",
+	}
+	TLSVersion_value = map[string]int32{
+		"TLS_VERSION_UNSPECIFIED": 0,
+		"TLS_VERSION_1_0":         1,
+		"TLS_VERSION_1_1":         2,
+		"TLS_VERSION_1_2":         3,
+		"TLS_VERSION_1_3":         4,
+	}
+)
+
+func (x TLSVersion) Enum() *TLSVersion {
+	p := new(TLSVersion)
+	*p = x
+	return p
+}
+
+func (x TLSVersion) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (TLSVersion) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_common_common_proto_enumTypes[1].Descriptor()
+}
+
+func (TLSVersion) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_common_common_proto_enumTypes[1]
+}
+
+func (x TLSVersion) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use TLSVersion.Descriptor instead.
+func (TLSVersion) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_common_common_proto_rawDescGZIP(), []int{1}
+}
+
+// The side in the TLS connection.
+type ConnectionSide int32
+
+const (
+	ConnectionSide_CONNECTION_SIDE_UNSPECIFIED ConnectionSide = 0
+	ConnectionSide_CONNECTION_SIDE_CLIENT      ConnectionSide = 1
+	ConnectionSide_CONNECTION_SIDE_SERVER      ConnectionSide = 2
+)
+
+// Enum value maps for ConnectionSide.
+var (
+	ConnectionSide_name = map[int32]string{
+		0: "CONNECTION_SIDE_UNSPECIFIED",
+		1: "CONNECTION_SIDE_CLIENT",
+		2: "CONNECTION_SIDE_SERVER",
+	}
+	ConnectionSide_value = map[string]int32{
+		"CONNECTION_SIDE_UNSPECIFIED": 0,
+		"CONNECTION_SIDE_CLIENT":      1,
+		"CONNECTION_SIDE_SERVER":      2,
+	}
+)
+
+func (x ConnectionSide) Enum() *ConnectionSide {
+	p := new(ConnectionSide)
+	*p = x
+	return p
+}
+
+func (x ConnectionSide) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (ConnectionSide) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_common_common_proto_enumTypes[2].Descriptor()
+}
+
+func (ConnectionSide) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_common_common_proto_enumTypes[2]
+}
+
+func (x ConnectionSide) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use ConnectionSide.Descriptor instead.
+func (ConnectionSide) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_common_common_proto_rawDescGZIP(), []int{2}
+}
+
+// The ALPN protocols that the application can negotiate during a TLS handshake.
+type AlpnProtocol int32
+
+const (
+	AlpnProtocol_ALPN_PROTOCOL_UNSPECIFIED AlpnProtocol = 0
+	AlpnProtocol_ALPN_PROTOCOL_GRPC        AlpnProtocol = 1
+	AlpnProtocol_ALPN_PROTOCOL_HTTP2       AlpnProtocol = 2
+	AlpnProtocol_ALPN_PROTOCOL_HTTP1_1     AlpnProtocol = 3
+)
+
+// Enum value maps for AlpnProtocol.
+var (
+	AlpnProtocol_name = map[int32]string{
+		0: "ALPN_PROTOCOL_UNSPECIFIED",
+		1: "ALPN_PROTOCOL_GRPC",
+		2: "ALPN_PROTOCOL_HTTP2",
+		3: "ALPN_PROTOCOL_HTTP1_1",
+	}
+	AlpnProtocol_value = map[string]int32{
+		"ALPN_PROTOCOL_UNSPECIFIED": 0,
+		"ALPN_PROTOCOL_GRPC":        1,
+		"ALPN_PROTOCOL_HTTP2":       2,
+		"ALPN_PROTOCOL_HTTP1_1":     3,
+	}
+)
+
+func (x AlpnProtocol) Enum() *AlpnProtocol {
+	p := new(AlpnProtocol)
+	*p = x
+	return p
+}
+
+func (x AlpnProtocol) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (AlpnProtocol) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_common_common_proto_enumTypes[3].Descriptor()
+}
+
+func (AlpnProtocol) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_common_common_proto_enumTypes[3]
+}
+
+func (x AlpnProtocol) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use AlpnProtocol.Descriptor instead.
+func (AlpnProtocol) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_common_common_proto_rawDescGZIP(), []int{3}
+}
+
+var File_internal_proto_v2_common_common_proto protoreflect.FileDescriptor
+
+var file_internal_proto_v2_common_common_proto_rawDesc = []byte{
+	0x0a, 0x25, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2f, 0x76, 0x32, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f,
+	0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0c, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2a, 0xee, 0x02, 0x0a, 0x0b, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72,
+	0x73, 0x75, 0x69, 0x74, 0x65, 0x12, 0x1b, 0x0a, 0x17, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x53,
+	0x55, 0x49, 0x54, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44,
+	0x10, 0x00, 0x12, 0x33, 0x0a, 0x2f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x53, 0x55, 0x49, 0x54,
+	0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x57, 0x49,
+	0x54, 0x48, 0x5f, 0x41, 0x45, 0x53, 0x5f, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53,
+	0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x33, 0x0a, 0x2f, 0x43, 0x49, 0x50, 0x48, 0x45,
+	0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x45, 0x43, 0x44,
+	0x53, 0x41, 0x5f, 0x57, 0x49, 0x54, 0x48, 0x5f, 0x41, 0x45, 0x53, 0x5f, 0x32, 0x35, 0x36, 0x5f,
+	0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x02, 0x12, 0x39, 0x0a, 0x35,
+	0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48,
+	0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x57, 0x49, 0x54, 0x48, 0x5f, 0x43, 0x48, 0x41,
+	0x43, 0x48, 0x41, 0x32, 0x30, 0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35, 0x5f, 0x53,
+	0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x03, 0x12, 0x31, 0x0a, 0x2d, 0x43, 0x49, 0x50, 0x48, 0x45,
+	0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f, 0x52, 0x53, 0x41,
+	0x5f, 0x57, 0x49, 0x54, 0x48, 0x5f, 0x41, 0x45, 0x53, 0x5f, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43,
+	0x4d, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x31, 0x0a, 0x2d, 0x43, 0x49,
+	0x50, 0x48, 0x45, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x48, 0x45, 0x5f,
+	0x52, 0x53, 0x41, 0x5f, 0x57, 0x49, 0x54, 0x48, 0x5f, 0x41, 0x45, 0x53, 0x5f, 0x32, 0x35, 0x36,
+	0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x05, 0x12, 0x37, 0x0a,
+	0x33, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x45, 0x43, 0x44,
+	0x48, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x57, 0x49, 0x54, 0x48, 0x5f, 0x43, 0x48, 0x41, 0x43,
+	0x48, 0x41, 0x32, 0x30, 0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35, 0x5f, 0x53, 0x48,
+	0x41, 0x32, 0x35, 0x36, 0x10, 0x06, 0x2a, 0x7d, 0x0a, 0x0a, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1b, 0x0a, 0x17, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53,
+	0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
+	0x00, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e,
+	0x5f, 0x31, 0x5f, 0x30, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45,
+	0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x31, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x54,
+	0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x31, 0x5f, 0x32, 0x10, 0x03,
+	0x12, 0x13, 0x0a, 0x0f, 0x54, 0x4c, 0x53, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x5f,
+	0x31, 0x5f, 0x33, 0x10, 0x04, 0x2a, 0x69, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x53, 0x69, 0x64, 0x65, 0x12, 0x1f, 0x0a, 0x1b, 0x43, 0x4f, 0x4e, 0x4e, 0x45,
+	0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45,
+	0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x43, 0x4f, 0x4e, 0x4e,
+	0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x44, 0x45, 0x5f, 0x43, 0x4c, 0x49, 0x45,
+	0x4e, 0x54, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x49,
+	0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x44, 0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x02,
+	0x2a, 0x79, 0x0a, 0x0c, 0x41, 0x6c, 0x70, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c,
+	0x12, 0x1d, 0x0a, 0x19, 0x41, 0x4c, 0x50, 0x4e, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f,
+	0x4c, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
+	0x16, 0x0a, 0x12, 0x41, 0x4c, 0x50, 0x4e, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c,
+	0x5f, 0x47, 0x52, 0x50, 0x43, 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, 0x41, 0x4c, 0x50, 0x4e, 0x5f,
+	0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x48, 0x54, 0x54, 0x50, 0x32, 0x10, 0x02,
+	0x12, 0x19, 0x0a, 0x15, 0x41, 0x4c, 0x50, 0x4e, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f,
+	0x4c, 0x5f, 0x48, 0x54, 0x54, 0x50, 0x31, 0x5f, 0x31, 0x10, 0x03, 0x42, 0x39, 0x5a, 0x37, 0x67,
+	0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2f, 0x73, 0x32, 0x61, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x67, 0x6f,
+	0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_internal_proto_v2_common_common_proto_rawDescOnce sync.Once
+	file_internal_proto_v2_common_common_proto_rawDescData = file_internal_proto_v2_common_common_proto_rawDesc
+)
+
+func file_internal_proto_v2_common_common_proto_rawDescGZIP() []byte {
+	file_internal_proto_v2_common_common_proto_rawDescOnce.Do(func() {
+		file_internal_proto_v2_common_common_proto_rawDescData = protoimpl.X.CompressGZIP(file_internal_proto_v2_common_common_proto_rawDescData)
+	})
+	return file_internal_proto_v2_common_common_proto_rawDescData
+}
+
+var file_internal_proto_v2_common_common_proto_enumTypes = make([]protoimpl.EnumInfo, 4)
+var file_internal_proto_v2_common_common_proto_goTypes = []interface{}{
+	(Ciphersuite)(0),    // 0: s2a.proto.v2.Ciphersuite
+	(TLSVersion)(0),     // 1: s2a.proto.v2.TLSVersion
+	(ConnectionSide)(0), // 2: s2a.proto.v2.ConnectionSide
+	(AlpnProtocol)(0),   // 3: s2a.proto.v2.AlpnProtocol
+}
+var file_internal_proto_v2_common_common_proto_depIdxs = []int32{
+	0, // [0:0] is the sub-list for method output_type
+	0, // [0:0] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_internal_proto_v2_common_common_proto_init() }
+func file_internal_proto_v2_common_common_proto_init() {
+	if File_internal_proto_v2_common_common_proto != nil {
+		return
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_internal_proto_v2_common_common_proto_rawDesc,
+			NumEnums:      4,
+			NumMessages:   0,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_internal_proto_v2_common_common_proto_goTypes,
+		DependencyIndexes: file_internal_proto_v2_common_common_proto_depIdxs,
+		EnumInfos:         file_internal_proto_v2_common_common_proto_enumTypes,
+	}.Build()
+	File_internal_proto_v2_common_common_proto = out.File
+	file_internal_proto_v2_common_common_proto_rawDesc = nil
+	file_internal_proto_v2_common_common_proto_goTypes = nil
+	file_internal_proto_v2_common_common_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_context_go_proto/s2a_context.pb.go b/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_context_go_proto/s2a_context.pb.go
new file mode 100644
index 000000000..b7fd871c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_context_go_proto/s2a_context.pb.go
@@ -0,0 +1,248 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        v3.21.12
+// source: internal/proto/v2/s2a_context/s2a_context.proto
+
+package s2a_context_go_proto
+
+import (
+	common_go_proto "github.com/google/s2a-go/internal/proto/common_go_proto"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type S2AContext struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The SPIFFE ID from the peer leaf certificate, if present.
+	//
+	// This field is only populated if the leaf certificate is a valid SPIFFE
+	// SVID; in particular, there is a unique URI SAN and this URI SAN is a valid
+	// SPIFFE ID.
+	LeafCertSpiffeId string `protobuf:"bytes,1,opt,name=leaf_cert_spiffe_id,json=leafCertSpiffeId,proto3" json:"leaf_cert_spiffe_id,omitempty"`
+	// The URIs that are present in the SubjectAltName extension of the peer leaf
+	// certificate.
+	//
+	// Note that the extracted URIs are not validated and may not be properly
+	// formatted.
+	LeafCertUris []string `protobuf:"bytes,2,rep,name=leaf_cert_uris,json=leafCertUris,proto3" json:"leaf_cert_uris,omitempty"`
+	// The DNSNames that are present in the SubjectAltName extension of the peer
+	// leaf certificate.
+	LeafCertDnsnames []string `protobuf:"bytes,3,rep,name=leaf_cert_dnsnames,json=leafCertDnsnames,proto3" json:"leaf_cert_dnsnames,omitempty"`
+	// The (ordered) list of fingerprints in the certificate chain used to verify
+	// the given leaf certificate. The order MUST be from leaf certificate
+	// fingerprint to root certificate fingerprint.
+	//
+	// A fingerprint is the base-64 encoding of the SHA256 hash of the
+	// DER-encoding of a certificate. The list MAY be populated even if the peer
+	// certificate chain was NOT validated successfully.
+	PeerCertificateChainFingerprints []string `protobuf:"bytes,4,rep,name=peer_certificate_chain_fingerprints,json=peerCertificateChainFingerprints,proto3" json:"peer_certificate_chain_fingerprints,omitempty"`
+	// The local identity used during session setup.
+	LocalIdentity *common_go_proto.Identity `protobuf:"bytes,5,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
+	// The SHA256 hash of the DER-encoding of the local leaf certificate used in
+	// the handshake.
+	LocalLeafCertFingerprint []byte `protobuf:"bytes,6,opt,name=local_leaf_cert_fingerprint,json=localLeafCertFingerprint,proto3" json:"local_leaf_cert_fingerprint,omitempty"`
+}
+
+func (x *S2AContext) Reset() {
+	*x = S2AContext{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_context_s2a_context_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *S2AContext) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*S2AContext) ProtoMessage() {}
+
+func (x *S2AContext) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_context_s2a_context_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use S2AContext.ProtoReflect.Descriptor instead.
+func (*S2AContext) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_context_s2a_context_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *S2AContext) GetLeafCertSpiffeId() string {
+	if x != nil {
+		return x.LeafCertSpiffeId
+	}
+	return ""
+}
+
+func (x *S2AContext) GetLeafCertUris() []string {
+	if x != nil {
+		return x.LeafCertUris
+	}
+	return nil
+}
+
+func (x *S2AContext) GetLeafCertDnsnames() []string {
+	if x != nil {
+		return x.LeafCertDnsnames
+	}
+	return nil
+}
+
+func (x *S2AContext) GetPeerCertificateChainFingerprints() []string {
+	if x != nil {
+		return x.PeerCertificateChainFingerprints
+	}
+	return nil
+}
+
+func (x *S2AContext) GetLocalIdentity() *common_go_proto.Identity {
+	if x != nil {
+		return x.LocalIdentity
+	}
+	return nil
+}
+
+func (x *S2AContext) GetLocalLeafCertFingerprint() []byte {
+	if x != nil {
+		return x.LocalLeafCertFingerprint
+	}
+	return nil
+}
+
+var File_internal_proto_v2_s2a_context_s2a_context_proto protoreflect.FileDescriptor
+
+var file_internal_proto_v2_s2a_context_s2a_context_proto_rawDesc = []byte{
+	0x0a, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2f, 0x76, 0x32, 0x2f, 0x73, 0x32, 0x61, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2f,
+	0x73, 0x32, 0x61, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x12, 0x0c, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x1a,
+	0x22, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f,
+	0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x22, 0xd9, 0x02, 0x0a, 0x0a, 0x53, 0x32, 0x41, 0x43, 0x6f, 0x6e, 0x74, 0x65,
+	0x78, 0x74, 0x12, 0x2d, 0x0a, 0x13, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x5f,
+	0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x10, 0x6c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x53, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49,
+	0x64, 0x12, 0x24, 0x0a, 0x0e, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x75,
+	0x72, 0x69, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x6c, 0x65, 0x61, 0x66, 0x43,
+	0x65, 0x72, 0x74, 0x55, 0x72, 0x69, 0x73, 0x12, 0x2c, 0x0a, 0x12, 0x6c, 0x65, 0x61, 0x66, 0x5f,
+	0x63, 0x65, 0x72, 0x74, 0x5f, 0x64, 0x6e, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x03, 0x20,
+	0x03, 0x28, 0x09, 0x52, 0x10, 0x6c, 0x65, 0x61, 0x66, 0x43, 0x65, 0x72, 0x74, 0x44, 0x6e, 0x73,
+	0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x4d, 0x0a, 0x23, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65,
+	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f,
+	0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x73, 0x18, 0x04, 0x20, 0x03,
+	0x28, 0x09, 0x52, 0x20, 0x70, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x46, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72,
+	0x69, 0x6e, 0x74, 0x73, 0x12, 0x3a, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x69, 0x64,
+	0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73,
+	0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74,
+	0x79, 0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79,
+	0x12, 0x3d, 0x0a, 0x1b, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x63,
+	0x65, 0x72, 0x74, 0x5f, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x18,
+	0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x18, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x4c, 0x65, 0x61, 0x66,
+	0x43, 0x65, 0x72, 0x74, 0x46, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x42,
+	0x3e, 0x5a, 0x3c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x73, 0x32, 0x61, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x73, 0x32, 0x61, 0x5f, 0x63,
+	0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x67, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_internal_proto_v2_s2a_context_s2a_context_proto_rawDescOnce sync.Once
+	file_internal_proto_v2_s2a_context_s2a_context_proto_rawDescData = file_internal_proto_v2_s2a_context_s2a_context_proto_rawDesc
+)
+
+func file_internal_proto_v2_s2a_context_s2a_context_proto_rawDescGZIP() []byte {
+	file_internal_proto_v2_s2a_context_s2a_context_proto_rawDescOnce.Do(func() {
+		file_internal_proto_v2_s2a_context_s2a_context_proto_rawDescData = protoimpl.X.CompressGZIP(file_internal_proto_v2_s2a_context_s2a_context_proto_rawDescData)
+	})
+	return file_internal_proto_v2_s2a_context_s2a_context_proto_rawDescData
+}
+
+var file_internal_proto_v2_s2a_context_s2a_context_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_internal_proto_v2_s2a_context_s2a_context_proto_goTypes = []interface{}{
+	(*S2AContext)(nil),               // 0: s2a.proto.v2.S2AContext
+	(*common_go_proto.Identity)(nil), // 1: s2a.proto.Identity
+}
+var file_internal_proto_v2_s2a_context_s2a_context_proto_depIdxs = []int32{
+	1, // 0: s2a.proto.v2.S2AContext.local_identity:type_name -> s2a.proto.Identity
+	1, // [1:1] is the sub-list for method output_type
+	1, // [1:1] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_internal_proto_v2_s2a_context_s2a_context_proto_init() }
+func file_internal_proto_v2_s2a_context_s2a_context_proto_init() {
+	if File_internal_proto_v2_s2a_context_s2a_context_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_internal_proto_v2_s2a_context_s2a_context_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*S2AContext); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_internal_proto_v2_s2a_context_s2a_context_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_internal_proto_v2_s2a_context_s2a_context_proto_goTypes,
+		DependencyIndexes: file_internal_proto_v2_s2a_context_s2a_context_proto_depIdxs,
+		MessageInfos:      file_internal_proto_v2_s2a_context_s2a_context_proto_msgTypes,
+	}.Build()
+	File_internal_proto_v2_s2a_context_s2a_context_proto = out.File
+	file_internal_proto_v2_s2a_context_s2a_context_proto_rawDesc = nil
+	file_internal_proto_v2_s2a_context_s2a_context_proto_goTypes = nil
+	file_internal_proto_v2_s2a_context_s2a_context_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_go_proto/s2a.pb.go b/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_go_proto/s2a.pb.go
new file mode 100644
index 000000000..1133e7c1c
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_go_proto/s2a.pb.go
@@ -0,0 +1,2480 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        v3.21.12
+// source: internal/proto/v2/s2a/s2a.proto
+
+package s2a_go_proto
+
+import (
+	common_go_proto1 "github.com/google/s2a-go/internal/proto/common_go_proto"
+	common_go_proto "github.com/google/s2a-go/internal/proto/v2/common_go_proto"
+	s2a_context_go_proto "github.com/google/s2a-go/internal/proto/v2/s2a_context_go_proto"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type SignatureAlgorithm int32
+
+const (
+	SignatureAlgorithm_S2A_SSL_SIGN_UNSPECIFIED SignatureAlgorithm = 0
+	// RSA Public-Key Cryptography Standards #1.
+	SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA256 SignatureAlgorithm = 1
+	SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA384 SignatureAlgorithm = 2
+	SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA512 SignatureAlgorithm = 3
+	// ECDSA.
+	SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256 SignatureAlgorithm = 4
+	SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384 SignatureAlgorithm = 5
+	SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512 SignatureAlgorithm = 6
+	// RSA Probabilistic Signature Scheme.
+	SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256 SignatureAlgorithm = 7
+	SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384 SignatureAlgorithm = 8
+	SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512 SignatureAlgorithm = 9
+	// ED25519.
+	SignatureAlgorithm_S2A_SSL_SIGN_ED25519 SignatureAlgorithm = 10
+)
+
+// Enum value maps for SignatureAlgorithm.
+var (
+	SignatureAlgorithm_name = map[int32]string{
+		0:  "S2A_SSL_SIGN_UNSPECIFIED",
+		1:  "S2A_SSL_SIGN_RSA_PKCS1_SHA256",
+		2:  "S2A_SSL_SIGN_RSA_PKCS1_SHA384",
+		3:  "S2A_SSL_SIGN_RSA_PKCS1_SHA512",
+		4:  "S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256",
+		5:  "S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384",
+		6:  "S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512",
+		7:  "S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256",
+		8:  "S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384",
+		9:  "S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512",
+		10: "S2A_SSL_SIGN_ED25519",
+	}
+	SignatureAlgorithm_value = map[string]int32{
+		"S2A_SSL_SIGN_UNSPECIFIED":            0,
+		"S2A_SSL_SIGN_RSA_PKCS1_SHA256":       1,
+		"S2A_SSL_SIGN_RSA_PKCS1_SHA384":       2,
+		"S2A_SSL_SIGN_RSA_PKCS1_SHA512":       3,
+		"S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256": 4,
+		"S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384": 5,
+		"S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512": 6,
+		"S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256":    7,
+		"S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384":    8,
+		"S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512":    9,
+		"S2A_SSL_SIGN_ED25519":                10,
+	}
+)
+
+func (x SignatureAlgorithm) Enum() *SignatureAlgorithm {
+	p := new(SignatureAlgorithm)
+	*p = x
+	return p
+}
+
+func (x SignatureAlgorithm) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (SignatureAlgorithm) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_s2a_s2a_proto_enumTypes[0].Descriptor()
+}
+
+func (SignatureAlgorithm) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_s2a_s2a_proto_enumTypes[0]
+}
+
+func (x SignatureAlgorithm) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use SignatureAlgorithm.Descriptor instead.
+func (SignatureAlgorithm) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{0}
+}
+
+type GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate int32
+
+const (
+	GetTlsConfigurationResp_ServerTlsConfiguration_UNSPECIFIED                                            GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 0
+	GetTlsConfigurationResp_ServerTlsConfiguration_DONT_REQUEST_CLIENT_CERTIFICATE                        GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 1
+	GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY             GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 2
+	GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY                  GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 3
+	GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 4
+	GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY      GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 5
+)
+
+// Enum value maps for GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate.
+var (
+	GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate_name = map[int32]string{
+		0: "UNSPECIFIED",
+		1: "DONT_REQUEST_CLIENT_CERTIFICATE",
+		2: "REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY",
+		3: "REQUEST_CLIENT_CERTIFICATE_AND_VERIFY",
+		4: "REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY",
+		5: "REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY",
+	}
+	GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate_value = map[string]int32{
+		"UNSPECIFIED":                                            0,
+		"DONT_REQUEST_CLIENT_CERTIFICATE":                        1,
+		"REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY":             2,
+		"REQUEST_CLIENT_CERTIFICATE_AND_VERIFY":                  3,
+		"REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY": 4,
+		"REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY":      5,
+	}
+)
+
+func (x GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Enum() *GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate {
+	p := new(GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate)
+	*p = x
+	return p
+}
+
+func (x GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_s2a_s2a_proto_enumTypes[1].Descriptor()
+}
+
+func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_s2a_s2a_proto_enumTypes[1]
+}
+
+func (x GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate.Descriptor instead.
+func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{4, 1, 0}
+}
+
+type OffloadPrivateKeyOperationReq_PrivateKeyOperation int32
+
+const (
+	OffloadPrivateKeyOperationReq_UNSPECIFIED OffloadPrivateKeyOperationReq_PrivateKeyOperation = 0
+	// When performing a TLS 1.2 or 1.3 handshake, the (partial) transcript of
+	// the TLS handshake must be signed to prove possession of the private key.
+	//
+	// See https://www.rfc-editor.org/rfc/rfc8446.html#section-4.4.3.
+	OffloadPrivateKeyOperationReq_SIGN OffloadPrivateKeyOperationReq_PrivateKeyOperation = 1
+	// When performing a TLS 1.2 handshake using an RSA algorithm, the key
+	// exchange algorithm involves the client generating a premaster secret,
+	// encrypting it using the server's public key, and sending this encrypted
+	// blob to the server in a ClientKeyExchange message.
+	//
+	// See https://www.rfc-editor.org/rfc/rfc4346#section-7.4.7.1.
+	OffloadPrivateKeyOperationReq_DECRYPT OffloadPrivateKeyOperationReq_PrivateKeyOperation = 2
+)
+
+// Enum value maps for OffloadPrivateKeyOperationReq_PrivateKeyOperation.
+var (
+	OffloadPrivateKeyOperationReq_PrivateKeyOperation_name = map[int32]string{
+		0: "UNSPECIFIED",
+		1: "SIGN",
+		2: "DECRYPT",
+	}
+	OffloadPrivateKeyOperationReq_PrivateKeyOperation_value = map[string]int32{
+		"UNSPECIFIED": 0,
+		"SIGN":        1,
+		"DECRYPT":     2,
+	}
+)
+
+func (x OffloadPrivateKeyOperationReq_PrivateKeyOperation) Enum() *OffloadPrivateKeyOperationReq_PrivateKeyOperation {
+	p := new(OffloadPrivateKeyOperationReq_PrivateKeyOperation)
+	*p = x
+	return p
+}
+
+func (x OffloadPrivateKeyOperationReq_PrivateKeyOperation) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_s2a_s2a_proto_enumTypes[2].Descriptor()
+}
+
+func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_s2a_s2a_proto_enumTypes[2]
+}
+
+func (x OffloadPrivateKeyOperationReq_PrivateKeyOperation) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use OffloadPrivateKeyOperationReq_PrivateKeyOperation.Descriptor instead.
+func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{5, 0}
+}
+
+type OffloadResumptionKeyOperationReq_ResumptionKeyOperation int32
+
+const (
+	OffloadResumptionKeyOperationReq_UNSPECIFIED OffloadResumptionKeyOperationReq_ResumptionKeyOperation = 0
+	OffloadResumptionKeyOperationReq_ENCRYPT     OffloadResumptionKeyOperationReq_ResumptionKeyOperation = 1
+	OffloadResumptionKeyOperationReq_DECRYPT     OffloadResumptionKeyOperationReq_ResumptionKeyOperation = 2
+)
+
+// Enum value maps for OffloadResumptionKeyOperationReq_ResumptionKeyOperation.
+var (
+	OffloadResumptionKeyOperationReq_ResumptionKeyOperation_name = map[int32]string{
+		0: "UNSPECIFIED",
+		1: "ENCRYPT",
+		2: "DECRYPT",
+	}
+	OffloadResumptionKeyOperationReq_ResumptionKeyOperation_value = map[string]int32{
+		"UNSPECIFIED": 0,
+		"ENCRYPT":     1,
+		"DECRYPT":     2,
+	}
+)
+
+func (x OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Enum() *OffloadResumptionKeyOperationReq_ResumptionKeyOperation {
+	p := new(OffloadResumptionKeyOperationReq_ResumptionKeyOperation)
+	*p = x
+	return p
+}
+
+func (x OffloadResumptionKeyOperationReq_ResumptionKeyOperation) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_s2a_s2a_proto_enumTypes[3].Descriptor()
+}
+
+func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_s2a_s2a_proto_enumTypes[3]
+}
+
+func (x OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use OffloadResumptionKeyOperationReq_ResumptionKeyOperation.Descriptor instead.
+func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{7, 0}
+}
+
+type ValidatePeerCertificateChainReq_VerificationMode int32
+
+const (
+	// The default verification mode supported by S2A.
+	ValidatePeerCertificateChainReq_UNSPECIFIED ValidatePeerCertificateChainReq_VerificationMode = 0
+	// The SPIFFE verification mode selects the set of trusted certificates to
+	// use for path building based on the SPIFFE trust domain in the peer's leaf
+	// certificate.
+	ValidatePeerCertificateChainReq_SPIFFE ValidatePeerCertificateChainReq_VerificationMode = 1
+	// The connect-to-Google verification mode uses the trust bundle for
+	// connecting to Google, e.g. *.mtls.googleapis.com endpoints.
+	ValidatePeerCertificateChainReq_CONNECT_TO_GOOGLE ValidatePeerCertificateChainReq_VerificationMode = 2
+)
+
+// Enum value maps for ValidatePeerCertificateChainReq_VerificationMode.
+var (
+	ValidatePeerCertificateChainReq_VerificationMode_name = map[int32]string{
+		0: "UNSPECIFIED",
+		1: "SPIFFE",
+		2: "CONNECT_TO_GOOGLE",
+	}
+	ValidatePeerCertificateChainReq_VerificationMode_value = map[string]int32{
+		"UNSPECIFIED":       0,
+		"SPIFFE":            1,
+		"CONNECT_TO_GOOGLE": 2,
+	}
+)
+
+func (x ValidatePeerCertificateChainReq_VerificationMode) Enum() *ValidatePeerCertificateChainReq_VerificationMode {
+	p := new(ValidatePeerCertificateChainReq_VerificationMode)
+	*p = x
+	return p
+}
+
+func (x ValidatePeerCertificateChainReq_VerificationMode) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (ValidatePeerCertificateChainReq_VerificationMode) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_s2a_s2a_proto_enumTypes[4].Descriptor()
+}
+
+func (ValidatePeerCertificateChainReq_VerificationMode) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_s2a_s2a_proto_enumTypes[4]
+}
+
+func (x ValidatePeerCertificateChainReq_VerificationMode) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use ValidatePeerCertificateChainReq_VerificationMode.Descriptor instead.
+func (ValidatePeerCertificateChainReq_VerificationMode) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{9, 0}
+}
+
+type ValidatePeerCertificateChainResp_ValidationResult int32
+
+const (
+	ValidatePeerCertificateChainResp_UNSPECIFIED ValidatePeerCertificateChainResp_ValidationResult = 0
+	ValidatePeerCertificateChainResp_SUCCESS     ValidatePeerCertificateChainResp_ValidationResult = 1
+	ValidatePeerCertificateChainResp_FAILURE     ValidatePeerCertificateChainResp_ValidationResult = 2
+)
+
+// Enum value maps for ValidatePeerCertificateChainResp_ValidationResult.
+var (
+	ValidatePeerCertificateChainResp_ValidationResult_name = map[int32]string{
+		0: "UNSPECIFIED",
+		1: "SUCCESS",
+		2: "FAILURE",
+	}
+	ValidatePeerCertificateChainResp_ValidationResult_value = map[string]int32{
+		"UNSPECIFIED": 0,
+		"SUCCESS":     1,
+		"FAILURE":     2,
+	}
+)
+
+func (x ValidatePeerCertificateChainResp_ValidationResult) Enum() *ValidatePeerCertificateChainResp_ValidationResult {
+	p := new(ValidatePeerCertificateChainResp_ValidationResult)
+	*p = x
+	return p
+}
+
+func (x ValidatePeerCertificateChainResp_ValidationResult) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (ValidatePeerCertificateChainResp_ValidationResult) Descriptor() protoreflect.EnumDescriptor {
+	return file_internal_proto_v2_s2a_s2a_proto_enumTypes[5].Descriptor()
+}
+
+func (ValidatePeerCertificateChainResp_ValidationResult) Type() protoreflect.EnumType {
+	return &file_internal_proto_v2_s2a_s2a_proto_enumTypes[5]
+}
+
+func (x ValidatePeerCertificateChainResp_ValidationResult) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use ValidatePeerCertificateChainResp_ValidationResult.Descriptor instead.
+func (ValidatePeerCertificateChainResp_ValidationResult) EnumDescriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{10, 0}
+}
+
+type AlpnPolicy struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// If true, the application MUST perform ALPN negotiation.
+	EnableAlpnNegotiation bool `protobuf:"varint,1,opt,name=enable_alpn_negotiation,json=enableAlpnNegotiation,proto3" json:"enable_alpn_negotiation,omitempty"`
+	// The ordered list of ALPN protocols that specify how the application SHOULD
+	// negotiate ALPN during the TLS handshake.
+	//
+	// The application MAY ignore any ALPN protocols in this list that are not
+	// supported by the application.
+	AlpnProtocols []common_go_proto.AlpnProtocol `protobuf:"varint,2,rep,packed,name=alpn_protocols,json=alpnProtocols,proto3,enum=s2a.proto.v2.AlpnProtocol" json:"alpn_protocols,omitempty"`
+}
+
+func (x *AlpnPolicy) Reset() {
+	*x = AlpnPolicy{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *AlpnPolicy) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AlpnPolicy) ProtoMessage() {}
+
+func (x *AlpnPolicy) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AlpnPolicy.ProtoReflect.Descriptor instead.
+func (*AlpnPolicy) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *AlpnPolicy) GetEnableAlpnNegotiation() bool {
+	if x != nil {
+		return x.EnableAlpnNegotiation
+	}
+	return false
+}
+
+func (x *AlpnPolicy) GetAlpnProtocols() []common_go_proto.AlpnProtocol {
+	if x != nil {
+		return x.AlpnProtocols
+	}
+	return nil
+}
+
+type AuthenticationMechanism struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Applications may specify an identity associated to an authentication
+	// mechanism. Otherwise, S2A assumes that the authentication mechanism is
+	// associated with the default identity. If the default identity cannot be
+	// determined, the request is rejected.
+	Identity *common_go_proto1.Identity `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
+	// Types that are assignable to MechanismOneof:
+	//
+	//	*AuthenticationMechanism_Token
+	MechanismOneof isAuthenticationMechanism_MechanismOneof `protobuf_oneof:"mechanism_oneof"`
+}
+
+func (x *AuthenticationMechanism) Reset() {
+	*x = AuthenticationMechanism{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *AuthenticationMechanism) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AuthenticationMechanism) ProtoMessage() {}
+
+func (x *AuthenticationMechanism) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AuthenticationMechanism.ProtoReflect.Descriptor instead.
+func (*AuthenticationMechanism) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *AuthenticationMechanism) GetIdentity() *common_go_proto1.Identity {
+	if x != nil {
+		return x.Identity
+	}
+	return nil
+}
+
+func (m *AuthenticationMechanism) GetMechanismOneof() isAuthenticationMechanism_MechanismOneof {
+	if m != nil {
+		return m.MechanismOneof
+	}
+	return nil
+}
+
+func (x *AuthenticationMechanism) GetToken() string {
+	if x, ok := x.GetMechanismOneof().(*AuthenticationMechanism_Token); ok {
+		return x.Token
+	}
+	return ""
+}
+
+type isAuthenticationMechanism_MechanismOneof interface {
+	isAuthenticationMechanism_MechanismOneof()
+}
+
+type AuthenticationMechanism_Token struct {
+	// A token that the application uses to authenticate itself to S2A.
+	Token string `protobuf:"bytes,2,opt,name=token,proto3,oneof"`
+}
+
+func (*AuthenticationMechanism_Token) isAuthenticationMechanism_MechanismOneof() {}
+
+type Status struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The status code that is specific to the application and the implementation
+	// of S2A, e.g., gRPC status code.
+	Code uint32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"`
+	// The status details.
+	Details string `protobuf:"bytes,2,opt,name=details,proto3" json:"details,omitempty"`
+}
+
+func (x *Status) Reset() {
+	*x = Status{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Status) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Status) ProtoMessage() {}
+
+func (x *Status) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Status.ProtoReflect.Descriptor instead.
+func (*Status) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *Status) GetCode() uint32 {
+	if x != nil {
+		return x.Code
+	}
+	return 0
+}
+
+func (x *Status) GetDetails() string {
+	if x != nil {
+		return x.Details
+	}
+	return ""
+}
+
+type GetTlsConfigurationReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The role of the application in the TLS connection.
+	ConnectionSide common_go_proto.ConnectionSide `protobuf:"varint,1,opt,name=connection_side,json=connectionSide,proto3,enum=s2a.proto.v2.ConnectionSide" json:"connection_side,omitempty"`
+	// The server name indication (SNI) extension, which MAY be populated when a
+	// server is offloading to S2A. The SNI is used to determine the server
+	// identity if the local identity in the request is empty.
+	Sni string `protobuf:"bytes,2,opt,name=sni,proto3" json:"sni,omitempty"`
+}
+
+func (x *GetTlsConfigurationReq) Reset() {
+	*x = GetTlsConfigurationReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GetTlsConfigurationReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetTlsConfigurationReq) ProtoMessage() {}
+
+func (x *GetTlsConfigurationReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetTlsConfigurationReq.ProtoReflect.Descriptor instead.
+func (*GetTlsConfigurationReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *GetTlsConfigurationReq) GetConnectionSide() common_go_proto.ConnectionSide {
+	if x != nil {
+		return x.ConnectionSide
+	}
+	return common_go_proto.ConnectionSide(0)
+}
+
+func (x *GetTlsConfigurationReq) GetSni() string {
+	if x != nil {
+		return x.Sni
+	}
+	return ""
+}
+
+type GetTlsConfigurationResp struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to TlsConfiguration:
+	//
+	//	*GetTlsConfigurationResp_ClientTlsConfiguration_
+	//	*GetTlsConfigurationResp_ServerTlsConfiguration_
+	TlsConfiguration isGetTlsConfigurationResp_TlsConfiguration `protobuf_oneof:"tls_configuration"`
+}
+
+func (x *GetTlsConfigurationResp) Reset() {
+	*x = GetTlsConfigurationResp{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GetTlsConfigurationResp) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetTlsConfigurationResp) ProtoMessage() {}
+
+func (x *GetTlsConfigurationResp) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetTlsConfigurationResp.ProtoReflect.Descriptor instead.
+func (*GetTlsConfigurationResp) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{4}
+}
+
+func (m *GetTlsConfigurationResp) GetTlsConfiguration() isGetTlsConfigurationResp_TlsConfiguration {
+	if m != nil {
+		return m.TlsConfiguration
+	}
+	return nil
+}
+
+func (x *GetTlsConfigurationResp) GetClientTlsConfiguration() *GetTlsConfigurationResp_ClientTlsConfiguration {
+	if x, ok := x.GetTlsConfiguration().(*GetTlsConfigurationResp_ClientTlsConfiguration_); ok {
+		return x.ClientTlsConfiguration
+	}
+	return nil
+}
+
+func (x *GetTlsConfigurationResp) GetServerTlsConfiguration() *GetTlsConfigurationResp_ServerTlsConfiguration {
+	if x, ok := x.GetTlsConfiguration().(*GetTlsConfigurationResp_ServerTlsConfiguration_); ok {
+		return x.ServerTlsConfiguration
+	}
+	return nil
+}
+
+type isGetTlsConfigurationResp_TlsConfiguration interface {
+	isGetTlsConfigurationResp_TlsConfiguration()
+}
+
+type GetTlsConfigurationResp_ClientTlsConfiguration_ struct {
+	ClientTlsConfiguration *GetTlsConfigurationResp_ClientTlsConfiguration `protobuf:"bytes,1,opt,name=client_tls_configuration,json=clientTlsConfiguration,proto3,oneof"`
+}
+
+type GetTlsConfigurationResp_ServerTlsConfiguration_ struct {
+	ServerTlsConfiguration *GetTlsConfigurationResp_ServerTlsConfiguration `protobuf:"bytes,2,opt,name=server_tls_configuration,json=serverTlsConfiguration,proto3,oneof"`
+}
+
+func (*GetTlsConfigurationResp_ClientTlsConfiguration_) isGetTlsConfigurationResp_TlsConfiguration() {
+}
+
+func (*GetTlsConfigurationResp_ServerTlsConfiguration_) isGetTlsConfigurationResp_TlsConfiguration() {
+}
+
+type OffloadPrivateKeyOperationReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The operation the private key is used for.
+	Operation OffloadPrivateKeyOperationReq_PrivateKeyOperation `protobuf:"varint,1,opt,name=operation,proto3,enum=s2a.proto.v2.OffloadPrivateKeyOperationReq_PrivateKeyOperation" json:"operation,omitempty"`
+	// The signature algorithm to be used for signing operations.
+	SignatureAlgorithm SignatureAlgorithm `protobuf:"varint,2,opt,name=signature_algorithm,json=signatureAlgorithm,proto3,enum=s2a.proto.v2.SignatureAlgorithm" json:"signature_algorithm,omitempty"`
+	// The input bytes to be signed or decrypted.
+	//
+	// Types that are assignable to InBytes:
+	//
+	//	*OffloadPrivateKeyOperationReq_RawBytes
+	//	*OffloadPrivateKeyOperationReq_Sha256Digest
+	//	*OffloadPrivateKeyOperationReq_Sha384Digest
+	//	*OffloadPrivateKeyOperationReq_Sha512Digest
+	InBytes isOffloadPrivateKeyOperationReq_InBytes `protobuf_oneof:"in_bytes"`
+}
+
+func (x *OffloadPrivateKeyOperationReq) Reset() {
+	*x = OffloadPrivateKeyOperationReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *OffloadPrivateKeyOperationReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*OffloadPrivateKeyOperationReq) ProtoMessage() {}
+
+func (x *OffloadPrivateKeyOperationReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use OffloadPrivateKeyOperationReq.ProtoReflect.Descriptor instead.
+func (*OffloadPrivateKeyOperationReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *OffloadPrivateKeyOperationReq) GetOperation() OffloadPrivateKeyOperationReq_PrivateKeyOperation {
+	if x != nil {
+		return x.Operation
+	}
+	return OffloadPrivateKeyOperationReq_UNSPECIFIED
+}
+
+func (x *OffloadPrivateKeyOperationReq) GetSignatureAlgorithm() SignatureAlgorithm {
+	if x != nil {
+		return x.SignatureAlgorithm
+	}
+	return SignatureAlgorithm_S2A_SSL_SIGN_UNSPECIFIED
+}
+
+func (m *OffloadPrivateKeyOperationReq) GetInBytes() isOffloadPrivateKeyOperationReq_InBytes {
+	if m != nil {
+		return m.InBytes
+	}
+	return nil
+}
+
+func (x *OffloadPrivateKeyOperationReq) GetRawBytes() []byte {
+	if x, ok := x.GetInBytes().(*OffloadPrivateKeyOperationReq_RawBytes); ok {
+		return x.RawBytes
+	}
+	return nil
+}
+
+func (x *OffloadPrivateKeyOperationReq) GetSha256Digest() []byte {
+	if x, ok := x.GetInBytes().(*OffloadPrivateKeyOperationReq_Sha256Digest); ok {
+		return x.Sha256Digest
+	}
+	return nil
+}
+
+func (x *OffloadPrivateKeyOperationReq) GetSha384Digest() []byte {
+	if x, ok := x.GetInBytes().(*OffloadPrivateKeyOperationReq_Sha384Digest); ok {
+		return x.Sha384Digest
+	}
+	return nil
+}
+
+func (x *OffloadPrivateKeyOperationReq) GetSha512Digest() []byte {
+	if x, ok := x.GetInBytes().(*OffloadPrivateKeyOperationReq_Sha512Digest); ok {
+		return x.Sha512Digest
+	}
+	return nil
+}
+
+type isOffloadPrivateKeyOperationReq_InBytes interface {
+	isOffloadPrivateKeyOperationReq_InBytes()
+}
+
+type OffloadPrivateKeyOperationReq_RawBytes struct {
+	// Raw bytes to be hashed and signed, or decrypted.
+	RawBytes []byte `protobuf:"bytes,4,opt,name=raw_bytes,json=rawBytes,proto3,oneof"`
+}
+
+type OffloadPrivateKeyOperationReq_Sha256Digest struct {
+	// A SHA256 hash to be signed. Must be 32 bytes.
+	Sha256Digest []byte `protobuf:"bytes,5,opt,name=sha256_digest,json=sha256Digest,proto3,oneof"`
+}
+
+type OffloadPrivateKeyOperationReq_Sha384Digest struct {
+	// A SHA384 hash to be signed. Must be 48 bytes.
+	Sha384Digest []byte `protobuf:"bytes,6,opt,name=sha384_digest,json=sha384Digest,proto3,oneof"`
+}
+
+type OffloadPrivateKeyOperationReq_Sha512Digest struct {
+	// A SHA512 hash to be signed. Must be 64 bytes.
+	Sha512Digest []byte `protobuf:"bytes,7,opt,name=sha512_digest,json=sha512Digest,proto3,oneof"`
+}
+
+func (*OffloadPrivateKeyOperationReq_RawBytes) isOffloadPrivateKeyOperationReq_InBytes() {}
+
+func (*OffloadPrivateKeyOperationReq_Sha256Digest) isOffloadPrivateKeyOperationReq_InBytes() {}
+
+func (*OffloadPrivateKeyOperationReq_Sha384Digest) isOffloadPrivateKeyOperationReq_InBytes() {}
+
+func (*OffloadPrivateKeyOperationReq_Sha512Digest) isOffloadPrivateKeyOperationReq_InBytes() {}
+
+type OffloadPrivateKeyOperationResp struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The signed or decrypted output bytes.
+	OutBytes []byte `protobuf:"bytes,1,opt,name=out_bytes,json=outBytes,proto3" json:"out_bytes,omitempty"`
+}
+
+func (x *OffloadPrivateKeyOperationResp) Reset() {
+	*x = OffloadPrivateKeyOperationResp{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *OffloadPrivateKeyOperationResp) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*OffloadPrivateKeyOperationResp) ProtoMessage() {}
+
+func (x *OffloadPrivateKeyOperationResp) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use OffloadPrivateKeyOperationResp.ProtoReflect.Descriptor instead.
+func (*OffloadPrivateKeyOperationResp) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *OffloadPrivateKeyOperationResp) GetOutBytes() []byte {
+	if x != nil {
+		return x.OutBytes
+	}
+	return nil
+}
+
+type OffloadResumptionKeyOperationReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The operation the resumption key is used for.
+	Operation OffloadResumptionKeyOperationReq_ResumptionKeyOperation `protobuf:"varint,1,opt,name=operation,proto3,enum=s2a.proto.v2.OffloadResumptionKeyOperationReq_ResumptionKeyOperation" json:"operation,omitempty"`
+	// The bytes to be encrypted or decrypted.
+	InBytes []byte `protobuf:"bytes,2,opt,name=in_bytes,json=inBytes,proto3" json:"in_bytes,omitempty"`
+}
+
+func (x *OffloadResumptionKeyOperationReq) Reset() {
+	*x = OffloadResumptionKeyOperationReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[7]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *OffloadResumptionKeyOperationReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*OffloadResumptionKeyOperationReq) ProtoMessage() {}
+
+func (x *OffloadResumptionKeyOperationReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[7]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use OffloadResumptionKeyOperationReq.ProtoReflect.Descriptor instead.
+func (*OffloadResumptionKeyOperationReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *OffloadResumptionKeyOperationReq) GetOperation() OffloadResumptionKeyOperationReq_ResumptionKeyOperation {
+	if x != nil {
+		return x.Operation
+	}
+	return OffloadResumptionKeyOperationReq_UNSPECIFIED
+}
+
+func (x *OffloadResumptionKeyOperationReq) GetInBytes() []byte {
+	if x != nil {
+		return x.InBytes
+	}
+	return nil
+}
+
+type OffloadResumptionKeyOperationResp struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The encrypted or decrypted bytes.
+	OutBytes []byte `protobuf:"bytes,1,opt,name=out_bytes,json=outBytes,proto3" json:"out_bytes,omitempty"`
+}
+
+func (x *OffloadResumptionKeyOperationResp) Reset() {
+	*x = OffloadResumptionKeyOperationResp{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[8]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *OffloadResumptionKeyOperationResp) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*OffloadResumptionKeyOperationResp) ProtoMessage() {}
+
+func (x *OffloadResumptionKeyOperationResp) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[8]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use OffloadResumptionKeyOperationResp.ProtoReflect.Descriptor instead.
+func (*OffloadResumptionKeyOperationResp) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *OffloadResumptionKeyOperationResp) GetOutBytes() []byte {
+	if x != nil {
+		return x.OutBytes
+	}
+	return nil
+}
+
+type ValidatePeerCertificateChainReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The verification mode that S2A MUST use to validate the peer certificate
+	// chain.
+	Mode ValidatePeerCertificateChainReq_VerificationMode `protobuf:"varint,1,opt,name=mode,proto3,enum=s2a.proto.v2.ValidatePeerCertificateChainReq_VerificationMode" json:"mode,omitempty"`
+	// Types that are assignable to PeerOneof:
+	//
+	//	*ValidatePeerCertificateChainReq_ClientPeer_
+	//	*ValidatePeerCertificateChainReq_ServerPeer_
+	PeerOneof isValidatePeerCertificateChainReq_PeerOneof `protobuf_oneof:"peer_oneof"`
+}
+
+func (x *ValidatePeerCertificateChainReq) Reset() {
+	*x = ValidatePeerCertificateChainReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[9]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ValidatePeerCertificateChainReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ValidatePeerCertificateChainReq) ProtoMessage() {}
+
+func (x *ValidatePeerCertificateChainReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[9]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ValidatePeerCertificateChainReq.ProtoReflect.Descriptor instead.
+func (*ValidatePeerCertificateChainReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *ValidatePeerCertificateChainReq) GetMode() ValidatePeerCertificateChainReq_VerificationMode {
+	if x != nil {
+		return x.Mode
+	}
+	return ValidatePeerCertificateChainReq_UNSPECIFIED
+}
+
+func (m *ValidatePeerCertificateChainReq) GetPeerOneof() isValidatePeerCertificateChainReq_PeerOneof {
+	if m != nil {
+		return m.PeerOneof
+	}
+	return nil
+}
+
+func (x *ValidatePeerCertificateChainReq) GetClientPeer() *ValidatePeerCertificateChainReq_ClientPeer {
+	if x, ok := x.GetPeerOneof().(*ValidatePeerCertificateChainReq_ClientPeer_); ok {
+		return x.ClientPeer
+	}
+	return nil
+}
+
+func (x *ValidatePeerCertificateChainReq) GetServerPeer() *ValidatePeerCertificateChainReq_ServerPeer {
+	if x, ok := x.GetPeerOneof().(*ValidatePeerCertificateChainReq_ServerPeer_); ok {
+		return x.ServerPeer
+	}
+	return nil
+}
+
+type isValidatePeerCertificateChainReq_PeerOneof interface {
+	isValidatePeerCertificateChainReq_PeerOneof()
+}
+
+type ValidatePeerCertificateChainReq_ClientPeer_ struct {
+	ClientPeer *ValidatePeerCertificateChainReq_ClientPeer `protobuf:"bytes,2,opt,name=client_peer,json=clientPeer,proto3,oneof"`
+}
+
+type ValidatePeerCertificateChainReq_ServerPeer_ struct {
+	ServerPeer *ValidatePeerCertificateChainReq_ServerPeer `protobuf:"bytes,3,opt,name=server_peer,json=serverPeer,proto3,oneof"`
+}
+
+func (*ValidatePeerCertificateChainReq_ClientPeer_) isValidatePeerCertificateChainReq_PeerOneof() {}
+
+func (*ValidatePeerCertificateChainReq_ServerPeer_) isValidatePeerCertificateChainReq_PeerOneof() {}
+
+type ValidatePeerCertificateChainResp struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The result of validating the peer certificate chain.
+	ValidationResult ValidatePeerCertificateChainResp_ValidationResult `protobuf:"varint,1,opt,name=validation_result,json=validationResult,proto3,enum=s2a.proto.v2.ValidatePeerCertificateChainResp_ValidationResult" json:"validation_result,omitempty"`
+	// The validation details. This field is only populated when the validation
+	// result is NOT SUCCESS.
+	ValidationDetails string `protobuf:"bytes,2,opt,name=validation_details,json=validationDetails,proto3" json:"validation_details,omitempty"`
+	// The S2A context contains information from the peer certificate chain.
+	//
+	// The S2A context MAY be populated even if validation of the peer certificate
+	// chain fails.
+	Context *s2a_context_go_proto.S2AContext `protobuf:"bytes,3,opt,name=context,proto3" json:"context,omitempty"`
+}
+
+func (x *ValidatePeerCertificateChainResp) Reset() {
+	*x = ValidatePeerCertificateChainResp{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[10]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ValidatePeerCertificateChainResp) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ValidatePeerCertificateChainResp) ProtoMessage() {}
+
+func (x *ValidatePeerCertificateChainResp) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[10]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ValidatePeerCertificateChainResp.ProtoReflect.Descriptor instead.
+func (*ValidatePeerCertificateChainResp) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *ValidatePeerCertificateChainResp) GetValidationResult() ValidatePeerCertificateChainResp_ValidationResult {
+	if x != nil {
+		return x.ValidationResult
+	}
+	return ValidatePeerCertificateChainResp_UNSPECIFIED
+}
+
+func (x *ValidatePeerCertificateChainResp) GetValidationDetails() string {
+	if x != nil {
+		return x.ValidationDetails
+	}
+	return ""
+}
+
+func (x *ValidatePeerCertificateChainResp) GetContext() *s2a_context_go_proto.S2AContext {
+	if x != nil {
+		return x.Context
+	}
+	return nil
+}
+
+type SessionReq struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The identity corresponding to the TLS configurations that MUST be used for
+	// the TLS handshake.
+	//
+	// If a managed identity already exists, the local identity and authentication
+	// mechanisms are ignored. If a managed identity doesn't exist and the local
+	// identity is not populated, S2A will try to deduce the managed identity to
+	// use from the SNI extension. If that also fails, S2A uses the default
+	// identity (if one exists).
+	LocalIdentity *common_go_proto1.Identity `protobuf:"bytes,1,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
+	// The authentication mechanisms that the application wishes to use to
+	// authenticate to S2A, ordered by preference. S2A will always use the first
+	// authentication mechanism that matches the managed identity.
+	AuthenticationMechanisms []*AuthenticationMechanism `protobuf:"bytes,2,rep,name=authentication_mechanisms,json=authenticationMechanisms,proto3" json:"authentication_mechanisms,omitempty"`
+	// Types that are assignable to ReqOneof:
+	//
+	//	*SessionReq_GetTlsConfigurationReq
+	//	*SessionReq_OffloadPrivateKeyOperationReq
+	//	*SessionReq_OffloadResumptionKeyOperationReq
+	//	*SessionReq_ValidatePeerCertificateChainReq
+	ReqOneof isSessionReq_ReqOneof `protobuf_oneof:"req_oneof"`
+}
+
+func (x *SessionReq) Reset() {
+	*x = SessionReq{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[11]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SessionReq) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SessionReq) ProtoMessage() {}
+
+func (x *SessionReq) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[11]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SessionReq.ProtoReflect.Descriptor instead.
+func (*SessionReq) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *SessionReq) GetLocalIdentity() *common_go_proto1.Identity {
+	if x != nil {
+		return x.LocalIdentity
+	}
+	return nil
+}
+
+func (x *SessionReq) GetAuthenticationMechanisms() []*AuthenticationMechanism {
+	if x != nil {
+		return x.AuthenticationMechanisms
+	}
+	return nil
+}
+
+func (m *SessionReq) GetReqOneof() isSessionReq_ReqOneof {
+	if m != nil {
+		return m.ReqOneof
+	}
+	return nil
+}
+
+func (x *SessionReq) GetGetTlsConfigurationReq() *GetTlsConfigurationReq {
+	if x, ok := x.GetReqOneof().(*SessionReq_GetTlsConfigurationReq); ok {
+		return x.GetTlsConfigurationReq
+	}
+	return nil
+}
+
+func (x *SessionReq) GetOffloadPrivateKeyOperationReq() *OffloadPrivateKeyOperationReq {
+	if x, ok := x.GetReqOneof().(*SessionReq_OffloadPrivateKeyOperationReq); ok {
+		return x.OffloadPrivateKeyOperationReq
+	}
+	return nil
+}
+
+func (x *SessionReq) GetOffloadResumptionKeyOperationReq() *OffloadResumptionKeyOperationReq {
+	if x, ok := x.GetReqOneof().(*SessionReq_OffloadResumptionKeyOperationReq); ok {
+		return x.OffloadResumptionKeyOperationReq
+	}
+	return nil
+}
+
+func (x *SessionReq) GetValidatePeerCertificateChainReq() *ValidatePeerCertificateChainReq {
+	if x, ok := x.GetReqOneof().(*SessionReq_ValidatePeerCertificateChainReq); ok {
+		return x.ValidatePeerCertificateChainReq
+	}
+	return nil
+}
+
+type isSessionReq_ReqOneof interface {
+	isSessionReq_ReqOneof()
+}
+
+type SessionReq_GetTlsConfigurationReq struct {
+	// Requests the certificate chain and TLS configuration corresponding to the
+	// local identity, which the application MUST use to negotiate the TLS
+	// handshake.
+	GetTlsConfigurationReq *GetTlsConfigurationReq `protobuf:"bytes,3,opt,name=get_tls_configuration_req,json=getTlsConfigurationReq,proto3,oneof"`
+}
+
+type SessionReq_OffloadPrivateKeyOperationReq struct {
+	// Signs or decrypts the input bytes using a private key corresponding to
+	// the local identity in the request.
+	//
+	// WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
+	// S2Av2 by a server during a TLS 1.2 handshake.
+	OffloadPrivateKeyOperationReq *OffloadPrivateKeyOperationReq `protobuf:"bytes,4,opt,name=offload_private_key_operation_req,json=offloadPrivateKeyOperationReq,proto3,oneof"`
+}
+
+type SessionReq_OffloadResumptionKeyOperationReq struct {
+	// Encrypts or decrypts the input bytes using a resumption key corresponding
+	// to the local identity in the request.
+	OffloadResumptionKeyOperationReq *OffloadResumptionKeyOperationReq `protobuf:"bytes,5,opt,name=offload_resumption_key_operation_req,json=offloadResumptionKeyOperationReq,proto3,oneof"`
+}
+
+type SessionReq_ValidatePeerCertificateChainReq struct {
+	// Verifies the peer's certificate chain using
+	// (a) trust bundles corresponding to the local identity in the request, and
+	// (b) the verification mode in the request.
+	ValidatePeerCertificateChainReq *ValidatePeerCertificateChainReq `protobuf:"bytes,6,opt,name=validate_peer_certificate_chain_req,json=validatePeerCertificateChainReq,proto3,oneof"`
+}
+
+func (*SessionReq_GetTlsConfigurationReq) isSessionReq_ReqOneof() {}
+
+func (*SessionReq_OffloadPrivateKeyOperationReq) isSessionReq_ReqOneof() {}
+
+func (*SessionReq_OffloadResumptionKeyOperationReq) isSessionReq_ReqOneof() {}
+
+func (*SessionReq_ValidatePeerCertificateChainReq) isSessionReq_ReqOneof() {}
+
+type SessionResp struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Status of the session response.
+	//
+	// The status field is populated so that if an error occurs when making an
+	// individual request, then communication with the S2A may continue. If an
+	// error is returned directly (e.g. at the gRPC layer), then it may result
+	// that the bidirectional stream being closed.
+	Status *Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
+	// Types that are assignable to RespOneof:
+	//
+	//	*SessionResp_GetTlsConfigurationResp
+	//	*SessionResp_OffloadPrivateKeyOperationResp
+	//	*SessionResp_OffloadResumptionKeyOperationResp
+	//	*SessionResp_ValidatePeerCertificateChainResp
+	RespOneof isSessionResp_RespOneof `protobuf_oneof:"resp_oneof"`
+}
+
+func (x *SessionResp) Reset() {
+	*x = SessionResp{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[12]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SessionResp) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SessionResp) ProtoMessage() {}
+
+func (x *SessionResp) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[12]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SessionResp.ProtoReflect.Descriptor instead.
+func (*SessionResp) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{12}
+}
+
+func (x *SessionResp) GetStatus() *Status {
+	if x != nil {
+		return x.Status
+	}
+	return nil
+}
+
+func (m *SessionResp) GetRespOneof() isSessionResp_RespOneof {
+	if m != nil {
+		return m.RespOneof
+	}
+	return nil
+}
+
+func (x *SessionResp) GetGetTlsConfigurationResp() *GetTlsConfigurationResp {
+	if x, ok := x.GetRespOneof().(*SessionResp_GetTlsConfigurationResp); ok {
+		return x.GetTlsConfigurationResp
+	}
+	return nil
+}
+
+func (x *SessionResp) GetOffloadPrivateKeyOperationResp() *OffloadPrivateKeyOperationResp {
+	if x, ok := x.GetRespOneof().(*SessionResp_OffloadPrivateKeyOperationResp); ok {
+		return x.OffloadPrivateKeyOperationResp
+	}
+	return nil
+}
+
+func (x *SessionResp) GetOffloadResumptionKeyOperationResp() *OffloadResumptionKeyOperationResp {
+	if x, ok := x.GetRespOneof().(*SessionResp_OffloadResumptionKeyOperationResp); ok {
+		return x.OffloadResumptionKeyOperationResp
+	}
+	return nil
+}
+
+func (x *SessionResp) GetValidatePeerCertificateChainResp() *ValidatePeerCertificateChainResp {
+	if x, ok := x.GetRespOneof().(*SessionResp_ValidatePeerCertificateChainResp); ok {
+		return x.ValidatePeerCertificateChainResp
+	}
+	return nil
+}
+
+type isSessionResp_RespOneof interface {
+	isSessionResp_RespOneof()
+}
+
+type SessionResp_GetTlsConfigurationResp struct {
+	// Contains the certificate chain and TLS configurations corresponding to
+	// the local identity.
+	GetTlsConfigurationResp *GetTlsConfigurationResp `protobuf:"bytes,2,opt,name=get_tls_configuration_resp,json=getTlsConfigurationResp,proto3,oneof"`
+}
+
+type SessionResp_OffloadPrivateKeyOperationResp struct {
+	// Contains the signed or encrypted output bytes using the private key
+	// corresponding to the local identity.
+	OffloadPrivateKeyOperationResp *OffloadPrivateKeyOperationResp `protobuf:"bytes,3,opt,name=offload_private_key_operation_resp,json=offloadPrivateKeyOperationResp,proto3,oneof"`
+}
+
+type SessionResp_OffloadResumptionKeyOperationResp struct {
+	// Contains the encrypted or decrypted output bytes using the resumption key
+	// corresponding to the local identity.
+	OffloadResumptionKeyOperationResp *OffloadResumptionKeyOperationResp `protobuf:"bytes,4,opt,name=offload_resumption_key_operation_resp,json=offloadResumptionKeyOperationResp,proto3,oneof"`
+}
+
+type SessionResp_ValidatePeerCertificateChainResp struct {
+	// Contains the validation result, peer identity and fingerprints of peer
+	// certificates.
+	ValidatePeerCertificateChainResp *ValidatePeerCertificateChainResp `protobuf:"bytes,5,opt,name=validate_peer_certificate_chain_resp,json=validatePeerCertificateChainResp,proto3,oneof"`
+}
+
+func (*SessionResp_GetTlsConfigurationResp) isSessionResp_RespOneof() {}
+
+func (*SessionResp_OffloadPrivateKeyOperationResp) isSessionResp_RespOneof() {}
+
+func (*SessionResp_OffloadResumptionKeyOperationResp) isSessionResp_RespOneof() {}
+
+func (*SessionResp_ValidatePeerCertificateChainResp) isSessionResp_RespOneof() {}
+
+// Next ID: 8
+type GetTlsConfigurationResp_ClientTlsConfiguration struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The certificate chain that the client MUST use for the TLS handshake.
+	// It's a list of PEM-encoded certificates, ordered from leaf to root,
+	// excluding the root.
+	CertificateChain []string `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
+	// The minimum TLS version number that the client MUST use for the TLS
+	// handshake. If this field is not provided, the client MUST use the default
+	// minimum version of the client's TLS library.
+	MinTlsVersion common_go_proto.TLSVersion `protobuf:"varint,2,opt,name=min_tls_version,json=minTlsVersion,proto3,enum=s2a.proto.v2.TLSVersion" json:"min_tls_version,omitempty"`
+	// The maximum TLS version number that the client MUST use for the TLS
+	// handshake. If this field is not provided, the client MUST use the default
+	// maximum version of the client's TLS library.
+	MaxTlsVersion common_go_proto.TLSVersion `protobuf:"varint,3,opt,name=max_tls_version,json=maxTlsVersion,proto3,enum=s2a.proto.v2.TLSVersion" json:"max_tls_version,omitempty"`
+	// The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+	// negotiate in the TLS handshake.
+	Ciphersuites []common_go_proto.Ciphersuite `protobuf:"varint,6,rep,packed,name=ciphersuites,proto3,enum=s2a.proto.v2.Ciphersuite" json:"ciphersuites,omitempty"`
+	// The policy that dictates how the client negotiates ALPN during the TLS
+	// handshake.
+	AlpnPolicy *AlpnPolicy `protobuf:"bytes,7,opt,name=alpn_policy,json=alpnPolicy,proto3" json:"alpn_policy,omitempty"`
+}
+
+func (x *GetTlsConfigurationResp_ClientTlsConfiguration) Reset() {
+	*x = GetTlsConfigurationResp_ClientTlsConfiguration{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[13]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GetTlsConfigurationResp_ClientTlsConfiguration) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetTlsConfigurationResp_ClientTlsConfiguration) ProtoMessage() {}
+
+func (x *GetTlsConfigurationResp_ClientTlsConfiguration) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[13]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetTlsConfigurationResp_ClientTlsConfiguration.ProtoReflect.Descriptor instead.
+func (*GetTlsConfigurationResp_ClientTlsConfiguration) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{4, 0}
+}
+
+func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetCertificateChain() []string {
+	if x != nil {
+		return x.CertificateChain
+	}
+	return nil
+}
+
+func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetMinTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.MinTlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetMaxTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.MaxTlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetCiphersuites() []common_go_proto.Ciphersuite {
+	if x != nil {
+		return x.Ciphersuites
+	}
+	return nil
+}
+
+func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetAlpnPolicy() *AlpnPolicy {
+	if x != nil {
+		return x.AlpnPolicy
+	}
+	return nil
+}
+
+// Next ID: 12
+type GetTlsConfigurationResp_ServerTlsConfiguration struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The certificate chain that the server MUST use for the TLS handshake.
+	// It's a list of PEM-encoded certificates, ordered from leaf to root,
+	// excluding the root.
+	CertificateChain []string `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
+	// The minimum TLS version number that the server MUST use for the TLS
+	// handshake. If this field is not provided, the server MUST use the default
+	// minimum version of the server's TLS library.
+	MinTlsVersion common_go_proto.TLSVersion `protobuf:"varint,2,opt,name=min_tls_version,json=minTlsVersion,proto3,enum=s2a.proto.v2.TLSVersion" json:"min_tls_version,omitempty"`
+	// The maximum TLS version number that the server MUST use for the TLS
+	// handshake. If this field is not provided, the server MUST use the default
+	// maximum version of the server's TLS library.
+	MaxTlsVersion common_go_proto.TLSVersion `protobuf:"varint,3,opt,name=max_tls_version,json=maxTlsVersion,proto3,enum=s2a.proto.v2.TLSVersion" json:"max_tls_version,omitempty"`
+	// The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+	// negotiate in the TLS handshake.
+	Ciphersuites []common_go_proto.Ciphersuite `protobuf:"varint,10,rep,packed,name=ciphersuites,proto3,enum=s2a.proto.v2.Ciphersuite" json:"ciphersuites,omitempty"`
+	// Whether to enable TLS resumption.
+	TlsResumptionEnabled bool `protobuf:"varint,6,opt,name=tls_resumption_enabled,json=tlsResumptionEnabled,proto3" json:"tls_resumption_enabled,omitempty"`
+	// Whether the server MUST request a client certificate (i.e. to negotiate
+	// TLS vs. mTLS).
+	RequestClientCertificate GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate `protobuf:"varint,7,opt,name=request_client_certificate,json=requestClientCertificate,proto3,enum=s2a.proto.v2.GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate" json:"request_client_certificate,omitempty"`
+	// Returns the maximum number of extra bytes that
+	// |OffloadResumptionKeyOperation| can add to the number of unencrypted
+	// bytes to form the encrypted bytes.
+	MaxOverheadOfTicketAead uint32 `protobuf:"varint,9,opt,name=max_overhead_of_ticket_aead,json=maxOverheadOfTicketAead,proto3" json:"max_overhead_of_ticket_aead,omitempty"`
+	// The policy that dictates how the server negotiates ALPN during the TLS
+	// handshake.
+	AlpnPolicy *AlpnPolicy `protobuf:"bytes,11,opt,name=alpn_policy,json=alpnPolicy,proto3" json:"alpn_policy,omitempty"`
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) Reset() {
+	*x = GetTlsConfigurationResp_ServerTlsConfiguration{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[14]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetTlsConfigurationResp_ServerTlsConfiguration) ProtoMessage() {}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[14]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetTlsConfigurationResp_ServerTlsConfiguration.ProtoReflect.Descriptor instead.
+func (*GetTlsConfigurationResp_ServerTlsConfiguration) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{4, 1}
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetCertificateChain() []string {
+	if x != nil {
+		return x.CertificateChain
+	}
+	return nil
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetMinTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.MinTlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetMaxTlsVersion() common_go_proto.TLSVersion {
+	if x != nil {
+		return x.MaxTlsVersion
+	}
+	return common_go_proto.TLSVersion(0)
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetCiphersuites() []common_go_proto.Ciphersuite {
+	if x != nil {
+		return x.Ciphersuites
+	}
+	return nil
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetTlsResumptionEnabled() bool {
+	if x != nil {
+		return x.TlsResumptionEnabled
+	}
+	return false
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetRequestClientCertificate() GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate {
+	if x != nil {
+		return x.RequestClientCertificate
+	}
+	return GetTlsConfigurationResp_ServerTlsConfiguration_UNSPECIFIED
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetMaxOverheadOfTicketAead() uint32 {
+	if x != nil {
+		return x.MaxOverheadOfTicketAead
+	}
+	return 0
+}
+
+func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetAlpnPolicy() *AlpnPolicy {
+	if x != nil {
+		return x.AlpnPolicy
+	}
+	return nil
+}
+
+type ValidatePeerCertificateChainReq_ClientPeer struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The certificate chain to be verified. The chain MUST be a list of
+	// DER-encoded certificates, ordered from leaf to root, excluding the root.
+	CertificateChain [][]byte `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
+}
+
+func (x *ValidatePeerCertificateChainReq_ClientPeer) Reset() {
+	*x = ValidatePeerCertificateChainReq_ClientPeer{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[15]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ValidatePeerCertificateChainReq_ClientPeer) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ValidatePeerCertificateChainReq_ClientPeer) ProtoMessage() {}
+
+func (x *ValidatePeerCertificateChainReq_ClientPeer) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[15]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ValidatePeerCertificateChainReq_ClientPeer.ProtoReflect.Descriptor instead.
+func (*ValidatePeerCertificateChainReq_ClientPeer) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{9, 0}
+}
+
+func (x *ValidatePeerCertificateChainReq_ClientPeer) GetCertificateChain() [][]byte {
+	if x != nil {
+		return x.CertificateChain
+	}
+	return nil
+}
+
+type ValidatePeerCertificateChainReq_ServerPeer struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The certificate chain to be verified. The chain MUST be a list of
+	// DER-encoded certificates, ordered from leaf to root, excluding the root.
+	CertificateChain [][]byte `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
+	// The expected hostname of the server.
+	ServerHostname string `protobuf:"bytes,2,opt,name=server_hostname,json=serverHostname,proto3" json:"server_hostname,omitempty"`
+}
+
+func (x *ValidatePeerCertificateChainReq_ServerPeer) Reset() {
+	*x = ValidatePeerCertificateChainReq_ServerPeer{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[16]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ValidatePeerCertificateChainReq_ServerPeer) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ValidatePeerCertificateChainReq_ServerPeer) ProtoMessage() {}
+
+func (x *ValidatePeerCertificateChainReq_ServerPeer) ProtoReflect() protoreflect.Message {
+	mi := &file_internal_proto_v2_s2a_s2a_proto_msgTypes[16]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ValidatePeerCertificateChainReq_ServerPeer.ProtoReflect.Descriptor instead.
+func (*ValidatePeerCertificateChainReq_ServerPeer) Descriptor() ([]byte, []int) {
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP(), []int{9, 1}
+}
+
+func (x *ValidatePeerCertificateChainReq_ServerPeer) GetCertificateChain() [][]byte {
+	if x != nil {
+		return x.CertificateChain
+	}
+	return nil
+}
+
+func (x *ValidatePeerCertificateChainReq_ServerPeer) GetServerHostname() string {
+	if x != nil {
+		return x.ServerHostname
+	}
+	return ""
+}
+
+var File_internal_proto_v2_s2a_s2a_proto protoreflect.FileDescriptor
+
+var file_internal_proto_v2_s2a_s2a_proto_rawDesc = []byte{
+	0x0a, 0x1f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2f, 0x76, 0x32, 0x2f, 0x73, 0x32, 0x61, 0x2f, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x12, 0x0c, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x1a,
+	0x22, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f,
+	0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x1a, 0x25, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f,
+	0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2f, 0x69, 0x6e, 0x74, 0x65,
+	0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x73, 0x32,
+	0x61, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2f, 0x73, 0x32, 0x61, 0x5f, 0x63, 0x6f,
+	0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x87, 0x01, 0x0a, 0x0a,
+	0x41, 0x6c, 0x70, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x36, 0x0a, 0x17, 0x65, 0x6e,
+	0x61, 0x62, 0x6c, 0x65, 0x5f, 0x61, 0x6c, 0x70, 0x6e, 0x5f, 0x6e, 0x65, 0x67, 0x6f, 0x74, 0x69,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x65, 0x6e, 0x61,
+	0x62, 0x6c, 0x65, 0x41, 0x6c, 0x70, 0x6e, 0x4e, 0x65, 0x67, 0x6f, 0x74, 0x69, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x0e, 0x61, 0x6c, 0x70, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x63, 0x6f, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x73, 0x32, 0x61,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6c, 0x70, 0x6e, 0x50, 0x72,
+	0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x0d, 0x61, 0x6c, 0x70, 0x6e, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x22, 0x75, 0x0a, 0x17, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74,
+	0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d,
+	0x12, 0x2f, 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49,
+	0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74,
+	0x79, 0x12, 0x16, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x48, 0x00, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x42, 0x11, 0x0a, 0x0f, 0x6d, 0x65, 0x63,
+	0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x5f, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x22, 0x36, 0x0a, 0x06,
+	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x65,
+	0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x65, 0x74,
+	0x61, 0x69, 0x6c, 0x73, 0x22, 0x71, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x45,
+	0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x69, 0x64,
+	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x53, 0x69, 0x64, 0x65, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x53, 0x69, 0x64, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x22, 0xf1, 0x0b, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x54,
+	0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x65, 0x73, 0x70, 0x12, 0x78, 0x0a, 0x18, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x74, 0x6c,
+	0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x2e, 0x43, 0x6c, 0x69,
+	0x65, 0x6e, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x16, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x6c, 0x73,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x78, 0x0a,
+	0x18, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x3c, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x47,
+	0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x6c, 0x73,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52,
+	0x16, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0xcf, 0x02, 0x0a, 0x16, 0x43, 0x6c, 0x69, 0x65,
+	0x6e, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x12, 0x2b, 0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+	0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x63,
+	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x12,
+	0x40, 0x0a, 0x0f, 0x6d, 0x69, 0x6e, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69,
+	0x6f, 0x6e, 0x52, 0x0d, 0x6d, 0x69, 0x6e, 0x54, 0x6c, 0x73, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
+	0x6e, 0x12, 0x40, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x76, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x73, 0x32, 0x61,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x6d, 0x61, 0x78, 0x54, 0x6c, 0x73, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x12, 0x3d, 0x0a, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75, 0x69,
+	0x74, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x73, 0x32, 0x61, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73,
+	0x75, 0x69, 0x74, 0x65, 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75, 0x69, 0x74,
+	0x65, 0x73, 0x12, 0x39, 0x0a, 0x0b, 0x61, 0x6c, 0x70, 0x6e, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x6c, 0x70, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x52, 0x0a, 0x61, 0x6c, 0x70, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4a, 0x04, 0x08,
+	0x04, 0x10, 0x05, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x1a, 0xfa, 0x06, 0x0a, 0x16, 0x53, 0x65,
+	0x72, 0x76, 0x65, 0x72, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2b, 0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52,
+	0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69,
+	0x6e, 0x12, 0x40, 0x0a, 0x0f, 0x6d, 0x69, 0x6e, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x76, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x73, 0x32, 0x61,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x54, 0x4c, 0x53, 0x56, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x6d, 0x69, 0x6e, 0x54, 0x6c, 0x73, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x12, 0x40, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x76,
+	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x73,
+	0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x54, 0x4c, 0x53, 0x56,
+	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x6d, 0x61, 0x78, 0x54, 0x6c, 0x73, 0x56, 0x65,
+	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x3d, 0x0a, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73,
+	0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x73, 0x32,
+	0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x69, 0x70, 0x68, 0x65,
+	0x72, 0x73, 0x75, 0x69, 0x74, 0x65, 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x73, 0x75,
+	0x69, 0x74, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x16, 0x74, 0x6c, 0x73, 0x5f, 0x72, 0x65, 0x73, 0x75,
+	0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x06,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x14, 0x74, 0x6c, 0x73, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x93, 0x01, 0x0a, 0x1a, 0x72,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x65,
+	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0e, 0x32,
+	0x55, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x47,
+	0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x6c, 0x73,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x18, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x43,
+	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x12, 0x3c, 0x0a, 0x1b, 0x6d, 0x61, 0x78, 0x5f, 0x6f, 0x76, 0x65, 0x72, 0x68, 0x65, 0x61, 0x64,
+	0x5f, 0x6f, 0x66, 0x5f, 0x74, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x61, 0x65, 0x61, 0x64, 0x18,
+	0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x17, 0x6d, 0x61, 0x78, 0x4f, 0x76, 0x65, 0x72, 0x68, 0x65,
+	0x61, 0x64, 0x4f, 0x66, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x41, 0x65, 0x61, 0x64, 0x12, 0x39,
+	0x0a, 0x0b, 0x61, 0x6c, 0x70, 0x6e, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x0b, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
+	0x76, 0x32, 0x2e, 0x41, 0x6c, 0x70, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0a, 0x61,
+	0x6c, 0x70, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x9e, 0x02, 0x0a, 0x18, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43,
+	0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x23, 0x0a, 0x1f, 0x44, 0x4f, 0x4e, 0x54, 0x5f,
+	0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x5f, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x43,
+	0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x10, 0x01, 0x12, 0x2e, 0x0a, 0x2a,
+	0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x5f, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x43,
+	0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x5f, 0x42, 0x55, 0x54, 0x5f, 0x44,
+	0x4f, 0x4e, 0x54, 0x5f, 0x56, 0x45, 0x52, 0x49, 0x46, 0x59, 0x10, 0x02, 0x12, 0x29, 0x0a, 0x25,
+	0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x5f, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x43,
+	0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x56,
+	0x45, 0x52, 0x49, 0x46, 0x59, 0x10, 0x03, 0x12, 0x3a, 0x0a, 0x36, 0x52, 0x45, 0x51, 0x55, 0x45,
+	0x53, 0x54, 0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45, 0x5f, 0x43,
+	0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54,
+	0x45, 0x5f, 0x42, 0x55, 0x54, 0x5f, 0x44, 0x4f, 0x4e, 0x54, 0x5f, 0x56, 0x45, 0x52, 0x49, 0x46,
+	0x59, 0x10, 0x04, 0x12, 0x35, 0x0a, 0x31, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x5f, 0x41,
+	0x4e, 0x44, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45, 0x5f, 0x43, 0x4c, 0x49, 0x45, 0x4e,
+	0x54, 0x5f, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x5f, 0x41, 0x4e,
+	0x44, 0x5f, 0x56, 0x45, 0x52, 0x49, 0x46, 0x59, 0x10, 0x05, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05,
+	0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x42, 0x13, 0x0a, 0x11, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xb0, 0x03, 0x0a, 0x1d,
+	0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65,
+	0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x5d, 0x0a,
+	0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e,
+	0x32, 0x3f, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e,
+	0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65,
+	0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x2e, 0x50, 0x72,
+	0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x51, 0x0a, 0x13,
+	0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69,
+	0x74, 0x68, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, 0x73, 0x32, 0x61, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75,
+	0x72, 0x65, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x52, 0x12, 0x73, 0x69, 0x67,
+	0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12,
+	0x1d, 0x0a, 0x09, 0x72, 0x61, 0x77, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01,
+	0x28, 0x0c, 0x48, 0x00, 0x52, 0x08, 0x72, 0x61, 0x77, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x25,
+	0x0a, 0x0d, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18,
+	0x05, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x0c, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x44,
+	0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x25, 0x0a, 0x0d, 0x73, 0x68, 0x61, 0x33, 0x38, 0x34, 0x5f,
+	0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x0c,
+	0x73, 0x68, 0x61, 0x33, 0x38, 0x34, 0x44, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x25, 0x0a, 0x0d,
+	0x73, 0x68, 0x61, 0x35, 0x31, 0x32, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x07, 0x20,
+	0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x0c, 0x73, 0x68, 0x61, 0x35, 0x31, 0x32, 0x44, 0x69, 0x67,
+	0x65, 0x73, 0x74, 0x22, 0x3d, 0x0a, 0x13, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65,
+	0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e,
+	0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x53,
+	0x49, 0x47, 0x4e, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x43, 0x52, 0x59, 0x50, 0x54,
+	0x10, 0x02, 0x42, 0x0a, 0x0a, 0x08, 0x69, 0x6e, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x22, 0x3d,
+	0x0a, 0x1e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65,
+	0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70,
+	0x12, 0x1b, 0x0a, 0x09, 0x6f, 0x75, 0x74, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0c, 0x52, 0x08, 0x6f, 0x75, 0x74, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0xe7, 0x01,
+	0x0a, 0x20, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x65, 0x71, 0x12, 0x63, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x45, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75,
+	0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x65, 0x71, 0x2e, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6f, 0x70,
+	0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x6e, 0x5f, 0x62, 0x79,
+	0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x69, 0x6e, 0x42, 0x79, 0x74,
+	0x65, 0x73, 0x22, 0x43, 0x0a, 0x16, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0f, 0x0a, 0x0b,
+	0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a,
+	0x07, 0x45, 0x4e, 0x43, 0x52, 0x59, 0x50, 0x54, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45,
+	0x43, 0x52, 0x59, 0x50, 0x54, 0x10, 0x02, 0x22, 0x40, 0x0a, 0x21, 0x4f, 0x66, 0x66, 0x6c, 0x6f,
+	0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f,
+	0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x1b, 0x0a, 0x09,
+	0x6f, 0x75, 0x74, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52,
+	0x08, 0x6f, 0x75, 0x74, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0xa4, 0x04, 0x0a, 0x1f, 0x56, 0x61,
+	0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
+	0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x52, 0x0a,
+	0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3e, 0x2e, 0x73, 0x32,
+	0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64,
+	0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
+	0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x2e, 0x56, 0x65, 0x72, 0x69, 0x66,
+	0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64,
+	0x65, 0x12, 0x5b, 0x0a, 0x0b, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x70, 0x65, 0x65, 0x72,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65,
+	0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61,
+	0x69, 0x6e, 0x52, 0x65, 0x71, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x65, 0x65, 0x72,
+	0x48, 0x00, 0x52, 0x0a, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x65, 0x65, 0x72, 0x12, 0x5b,
+	0x0a, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
+	0x76, 0x32, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43,
+	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52,
+	0x65, 0x71, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x50, 0x65, 0x65, 0x72, 0x48, 0x00, 0x52,
+	0x0a, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x50, 0x65, 0x65, 0x72, 0x1a, 0x39, 0x0a, 0x0a, 0x43,
+	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x65, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x11, 0x63, 0x65, 0x72,
+	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01,
+	0x20, 0x03, 0x28, 0x0c, 0x52, 0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+	0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x1a, 0x62, 0x0a, 0x0a, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
+	0x50, 0x65, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52,
+	0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69,
+	0x6e, 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x68, 0x6f, 0x73, 0x74,
+	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x46, 0x0a, 0x10, 0x56, 0x65,
+	0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x0f,
+	0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
+	0x0a, 0x0a, 0x06, 0x53, 0x50, 0x49, 0x46, 0x46, 0x45, 0x10, 0x01, 0x12, 0x15, 0x0a, 0x11, 0x43,
+	0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x5f, 0x54, 0x4f, 0x5f, 0x47, 0x4f, 0x4f, 0x47, 0x4c, 0x45,
+	0x10, 0x02, 0x42, 0x0c, 0x0a, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x6f, 0x6e, 0x65, 0x6f, 0x66,
+	0x22, 0xb2, 0x02, 0x0a, 0x20, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65,
+	0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69,
+	0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x6c, 0x0a, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e,
+	0x32, 0x3f, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e,
+	0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74,
+	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70,
+	0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c,
+	0x74, 0x52, 0x10, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73,
+	0x75, 0x6c, 0x74, 0x12, 0x2d, 0x0a, 0x12, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x5f, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69,
+	0x6c, 0x73, 0x12, 0x32, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
+	0x76, 0x32, 0x2e, 0x53, 0x32, 0x41, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x07, 0x63,
+	0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x3d, 0x0a, 0x10, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e,
+	0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x53,
+	0x55, 0x43, 0x43, 0x45, 0x53, 0x53, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x41, 0x49, 0x4c,
+	0x55, 0x52, 0x45, 0x10, 0x02, 0x22, 0x97, 0x05, 0x0a, 0x0a, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f,
+	0x6e, 0x52, 0x65, 0x71, 0x12, 0x3a, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x69, 0x64,
+	0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73,
+	0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74,
+	0x79, 0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79,
+	0x12, 0x62, 0x0a, 0x19, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x73, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
+	0x76, 0x32, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x4d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x52, 0x18, 0x61, 0x75, 0x74, 0x68,
+	0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x63, 0x68, 0x61, 0x6e,
+	0x69, 0x73, 0x6d, 0x73, 0x12, 0x61, 0x0a, 0x19, 0x67, 0x65, 0x74, 0x5f, 0x74, 0x6c, 0x73, 0x5f,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65,
+	0x71, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x48, 0x00, 0x52,
+	0x16, 0x67, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x77, 0x0a, 0x21, 0x6f, 0x66, 0x66, 0x6c, 0x6f,
+	0x61, 0x64, 0x5f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f,
+	0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x04, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76,
+	0x32, 0x2e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65,
+	0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x48,
+	0x00, 0x52, 0x1d, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74,
+	0x65, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71,
+	0x12, 0x80, 0x01, 0x0a, 0x24, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x72, 0x65, 0x73,
+	0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f, 0x70, 0x65, 0x72,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x2e, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x4f,
+	0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x48,
+	0x00, 0x52, 0x20, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x65, 0x71, 0x12, 0x7d, 0x0a, 0x23, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x5f,
+	0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x2d, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e,
+	0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74,
+	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x48,
+	0x00, 0x52, 0x1f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43,
+	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52,
+	0x65, 0x71, 0x42, 0x0b, 0x0a, 0x09, 0x72, 0x65, 0x71, 0x5f, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x22,
+	0xb4, 0x04, 0x0a, 0x0b, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12,
+	0x2c, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x14, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53,
+	0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x64, 0x0a,
+	0x1a, 0x67, 0x65, 0x74, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75,
+	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x25, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32,
+	0x2e, 0x47, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x48, 0x00, 0x52, 0x17, 0x67, 0x65, 0x74, 0x54,
+	0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x65, 0x73, 0x70, 0x12, 0x7a, 0x0a, 0x22, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x70,
+	0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x2c, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x4f,
+	0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79,
+	0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x48, 0x00, 0x52,
+	0x1e, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b,
+	0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12,
+	0x83, 0x01, 0x0a, 0x25, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x75,
+	0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x2f, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x4f,
+	0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70,
+	0x48, 0x00, 0x52, 0x21, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x80, 0x01, 0x0a, 0x24, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61,
+	0x74, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18, 0x05,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x2e, 0x76, 0x32, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72,
+	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e,
+	0x52, 0x65, 0x73, 0x70, 0x48, 0x00, 0x52, 0x20, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65,
+	0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43,
+	0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x42, 0x0c, 0x0a, 0x0a, 0x72, 0x65, 0x73, 0x70,
+	0x5f, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x2a, 0xa2, 0x03, 0x0a, 0x12, 0x53, 0x69, 0x67, 0x6e, 0x61,
+	0x74, 0x75, 0x72, 0x65, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x1c, 0x0a,
+	0x18, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x55, 0x4e,
+	0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x21, 0x0a, 0x1d, 0x53,
+	0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f,
+	0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x21,
+	0x0a, 0x1d, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52,
+	0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10,
+	0x02, 0x12, 0x21, 0x0a, 0x1d, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47,
+	0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x35,
+	0x31, 0x32, 0x10, 0x03, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f,
+	0x53, 0x49, 0x47, 0x4e, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32,
+	0x35, 0x36, 0x52, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x27, 0x0a,
+	0x23, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x45, 0x43,
+	0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34, 0x52, 0x31, 0x5f, 0x53, 0x48,
+	0x41, 0x33, 0x38, 0x34, 0x10, 0x05, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53,
+	0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43,
+	0x50, 0x35, 0x32, 0x31, 0x52, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x06, 0x12,
+	0x24, 0x0a, 0x20, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f,
+	0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x52, 0x53, 0x41, 0x45, 0x5f, 0x53, 0x48, 0x41,
+	0x32, 0x35, 0x36, 0x10, 0x07, 0x12, 0x24, 0x0a, 0x20, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c,
+	0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x52, 0x53,
+	0x41, 0x45, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x08, 0x12, 0x24, 0x0a, 0x20, 0x53,
+	0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f,
+	0x50, 0x53, 0x53, 0x5f, 0x52, 0x53, 0x41, 0x45, 0x5f, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10,
+	0x09, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47,
+	0x4e, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x0a, 0x32, 0x57, 0x0a, 0x0a, 0x53,
+	0x32, 0x41, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x49, 0x0a, 0x0c, 0x53, 0x65, 0x74,
+	0x55, 0x70, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x2e, 0x73, 0x32, 0x61, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e,
+	0x52, 0x65, 0x71, 0x1a, 0x19, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
+	0x76, 0x32, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x22, 0x00,
+	0x28, 0x01, 0x30, 0x01, 0x42, 0x36, 0x5a, 0x34, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63,
+	0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x73, 0x32, 0x61, 0x2f, 0x69, 0x6e,
+	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x76, 0x32, 0x2f,
+	0x73, 0x32, 0x61, 0x5f, 0x67, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_internal_proto_v2_s2a_s2a_proto_rawDescOnce sync.Once
+	file_internal_proto_v2_s2a_s2a_proto_rawDescData = file_internal_proto_v2_s2a_s2a_proto_rawDesc
+)
+
+func file_internal_proto_v2_s2a_s2a_proto_rawDescGZIP() []byte {
+	file_internal_proto_v2_s2a_s2a_proto_rawDescOnce.Do(func() {
+		file_internal_proto_v2_s2a_s2a_proto_rawDescData = protoimpl.X.CompressGZIP(file_internal_proto_v2_s2a_s2a_proto_rawDescData)
+	})
+	return file_internal_proto_v2_s2a_s2a_proto_rawDescData
+}
+
+var file_internal_proto_v2_s2a_s2a_proto_enumTypes = make([]protoimpl.EnumInfo, 6)
+var file_internal_proto_v2_s2a_s2a_proto_msgTypes = make([]protoimpl.MessageInfo, 17)
+var file_internal_proto_v2_s2a_s2a_proto_goTypes = []interface{}{
+	(SignatureAlgorithm)(0), // 0: s2a.proto.v2.SignatureAlgorithm
+	(GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate)(0), // 1: s2a.proto.v2.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate
+	(OffloadPrivateKeyOperationReq_PrivateKeyOperation)(0),                       // 2: s2a.proto.v2.OffloadPrivateKeyOperationReq.PrivateKeyOperation
+	(OffloadResumptionKeyOperationReq_ResumptionKeyOperation)(0),                 // 3: s2a.proto.v2.OffloadResumptionKeyOperationReq.ResumptionKeyOperation
+	(ValidatePeerCertificateChainReq_VerificationMode)(0),                        // 4: s2a.proto.v2.ValidatePeerCertificateChainReq.VerificationMode
+	(ValidatePeerCertificateChainResp_ValidationResult)(0),                       // 5: s2a.proto.v2.ValidatePeerCertificateChainResp.ValidationResult
+	(*AlpnPolicy)(nil),                                     // 6: s2a.proto.v2.AlpnPolicy
+	(*AuthenticationMechanism)(nil),                        // 7: s2a.proto.v2.AuthenticationMechanism
+	(*Status)(nil),                                         // 8: s2a.proto.v2.Status
+	(*GetTlsConfigurationReq)(nil),                         // 9: s2a.proto.v2.GetTlsConfigurationReq
+	(*GetTlsConfigurationResp)(nil),                        // 10: s2a.proto.v2.GetTlsConfigurationResp
+	(*OffloadPrivateKeyOperationReq)(nil),                  // 11: s2a.proto.v2.OffloadPrivateKeyOperationReq
+	(*OffloadPrivateKeyOperationResp)(nil),                 // 12: s2a.proto.v2.OffloadPrivateKeyOperationResp
+	(*OffloadResumptionKeyOperationReq)(nil),               // 13: s2a.proto.v2.OffloadResumptionKeyOperationReq
+	(*OffloadResumptionKeyOperationResp)(nil),              // 14: s2a.proto.v2.OffloadResumptionKeyOperationResp
+	(*ValidatePeerCertificateChainReq)(nil),                // 15: s2a.proto.v2.ValidatePeerCertificateChainReq
+	(*ValidatePeerCertificateChainResp)(nil),               // 16: s2a.proto.v2.ValidatePeerCertificateChainResp
+	(*SessionReq)(nil),                                     // 17: s2a.proto.v2.SessionReq
+	(*SessionResp)(nil),                                    // 18: s2a.proto.v2.SessionResp
+	(*GetTlsConfigurationResp_ClientTlsConfiguration)(nil), // 19: s2a.proto.v2.GetTlsConfigurationResp.ClientTlsConfiguration
+	(*GetTlsConfigurationResp_ServerTlsConfiguration)(nil), // 20: s2a.proto.v2.GetTlsConfigurationResp.ServerTlsConfiguration
+	(*ValidatePeerCertificateChainReq_ClientPeer)(nil),     // 21: s2a.proto.v2.ValidatePeerCertificateChainReq.ClientPeer
+	(*ValidatePeerCertificateChainReq_ServerPeer)(nil),     // 22: s2a.proto.v2.ValidatePeerCertificateChainReq.ServerPeer
+	(common_go_proto.AlpnProtocol)(0),                      // 23: s2a.proto.v2.AlpnProtocol
+	(*common_go_proto1.Identity)(nil),                      // 24: s2a.proto.Identity
+	(common_go_proto.ConnectionSide)(0),                    // 25: s2a.proto.v2.ConnectionSide
+	(*s2a_context_go_proto.S2AContext)(nil),                // 26: s2a.proto.v2.S2AContext
+	(common_go_proto.TLSVersion)(0),                        // 27: s2a.proto.v2.TLSVersion
+	(common_go_proto.Ciphersuite)(0),                       // 28: s2a.proto.v2.Ciphersuite
+}
+var file_internal_proto_v2_s2a_s2a_proto_depIdxs = []int32{
+	23, // 0: s2a.proto.v2.AlpnPolicy.alpn_protocols:type_name -> s2a.proto.v2.AlpnProtocol
+	24, // 1: s2a.proto.v2.AuthenticationMechanism.identity:type_name -> s2a.proto.Identity
+	25, // 2: s2a.proto.v2.GetTlsConfigurationReq.connection_side:type_name -> s2a.proto.v2.ConnectionSide
+	19, // 3: s2a.proto.v2.GetTlsConfigurationResp.client_tls_configuration:type_name -> s2a.proto.v2.GetTlsConfigurationResp.ClientTlsConfiguration
+	20, // 4: s2a.proto.v2.GetTlsConfigurationResp.server_tls_configuration:type_name -> s2a.proto.v2.GetTlsConfigurationResp.ServerTlsConfiguration
+	2,  // 5: s2a.proto.v2.OffloadPrivateKeyOperationReq.operation:type_name -> s2a.proto.v2.OffloadPrivateKeyOperationReq.PrivateKeyOperation
+	0,  // 6: s2a.proto.v2.OffloadPrivateKeyOperationReq.signature_algorithm:type_name -> s2a.proto.v2.SignatureAlgorithm
+	3,  // 7: s2a.proto.v2.OffloadResumptionKeyOperationReq.operation:type_name -> s2a.proto.v2.OffloadResumptionKeyOperationReq.ResumptionKeyOperation
+	4,  // 8: s2a.proto.v2.ValidatePeerCertificateChainReq.mode:type_name -> s2a.proto.v2.ValidatePeerCertificateChainReq.VerificationMode
+	21, // 9: s2a.proto.v2.ValidatePeerCertificateChainReq.client_peer:type_name -> s2a.proto.v2.ValidatePeerCertificateChainReq.ClientPeer
+	22, // 10: s2a.proto.v2.ValidatePeerCertificateChainReq.server_peer:type_name -> s2a.proto.v2.ValidatePeerCertificateChainReq.ServerPeer
+	5,  // 11: s2a.proto.v2.ValidatePeerCertificateChainResp.validation_result:type_name -> s2a.proto.v2.ValidatePeerCertificateChainResp.ValidationResult
+	26, // 12: s2a.proto.v2.ValidatePeerCertificateChainResp.context:type_name -> s2a.proto.v2.S2AContext
+	24, // 13: s2a.proto.v2.SessionReq.local_identity:type_name -> s2a.proto.Identity
+	7,  // 14: s2a.proto.v2.SessionReq.authentication_mechanisms:type_name -> s2a.proto.v2.AuthenticationMechanism
+	9,  // 15: s2a.proto.v2.SessionReq.get_tls_configuration_req:type_name -> s2a.proto.v2.GetTlsConfigurationReq
+	11, // 16: s2a.proto.v2.SessionReq.offload_private_key_operation_req:type_name -> s2a.proto.v2.OffloadPrivateKeyOperationReq
+	13, // 17: s2a.proto.v2.SessionReq.offload_resumption_key_operation_req:type_name -> s2a.proto.v2.OffloadResumptionKeyOperationReq
+	15, // 18: s2a.proto.v2.SessionReq.validate_peer_certificate_chain_req:type_name -> s2a.proto.v2.ValidatePeerCertificateChainReq
+	8,  // 19: s2a.proto.v2.SessionResp.status:type_name -> s2a.proto.v2.Status
+	10, // 20: s2a.proto.v2.SessionResp.get_tls_configuration_resp:type_name -> s2a.proto.v2.GetTlsConfigurationResp
+	12, // 21: s2a.proto.v2.SessionResp.offload_private_key_operation_resp:type_name -> s2a.proto.v2.OffloadPrivateKeyOperationResp
+	14, // 22: s2a.proto.v2.SessionResp.offload_resumption_key_operation_resp:type_name -> s2a.proto.v2.OffloadResumptionKeyOperationResp
+	16, // 23: s2a.proto.v2.SessionResp.validate_peer_certificate_chain_resp:type_name -> s2a.proto.v2.ValidatePeerCertificateChainResp
+	27, // 24: s2a.proto.v2.GetTlsConfigurationResp.ClientTlsConfiguration.min_tls_version:type_name -> s2a.proto.v2.TLSVersion
+	27, // 25: s2a.proto.v2.GetTlsConfigurationResp.ClientTlsConfiguration.max_tls_version:type_name -> s2a.proto.v2.TLSVersion
+	28, // 26: s2a.proto.v2.GetTlsConfigurationResp.ClientTlsConfiguration.ciphersuites:type_name -> s2a.proto.v2.Ciphersuite
+	6,  // 27: s2a.proto.v2.GetTlsConfigurationResp.ClientTlsConfiguration.alpn_policy:type_name -> s2a.proto.v2.AlpnPolicy
+	27, // 28: s2a.proto.v2.GetTlsConfigurationResp.ServerTlsConfiguration.min_tls_version:type_name -> s2a.proto.v2.TLSVersion
+	27, // 29: s2a.proto.v2.GetTlsConfigurationResp.ServerTlsConfiguration.max_tls_version:type_name -> s2a.proto.v2.TLSVersion
+	28, // 30: s2a.proto.v2.GetTlsConfigurationResp.ServerTlsConfiguration.ciphersuites:type_name -> s2a.proto.v2.Ciphersuite
+	1,  // 31: s2a.proto.v2.GetTlsConfigurationResp.ServerTlsConfiguration.request_client_certificate:type_name -> s2a.proto.v2.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate
+	6,  // 32: s2a.proto.v2.GetTlsConfigurationResp.ServerTlsConfiguration.alpn_policy:type_name -> s2a.proto.v2.AlpnPolicy
+	17, // 33: s2a.proto.v2.S2AService.SetUpSession:input_type -> s2a.proto.v2.SessionReq
+	18, // 34: s2a.proto.v2.S2AService.SetUpSession:output_type -> s2a.proto.v2.SessionResp
+	34, // [34:35] is the sub-list for method output_type
+	33, // [33:34] is the sub-list for method input_type
+	33, // [33:33] is the sub-list for extension type_name
+	33, // [33:33] is the sub-list for extension extendee
+	0,  // [0:33] is the sub-list for field type_name
+}
+
+func init() { file_internal_proto_v2_s2a_s2a_proto_init() }
+func file_internal_proto_v2_s2a_s2a_proto_init() {
+	if File_internal_proto_v2_s2a_s2a_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*AlpnPolicy); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*AuthenticationMechanism); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Status); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GetTlsConfigurationReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GetTlsConfigurationResp); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*OffloadPrivateKeyOperationReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*OffloadPrivateKeyOperationResp); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*OffloadResumptionKeyOperationReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*OffloadResumptionKeyOperationResp); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ValidatePeerCertificateChainReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ValidatePeerCertificateChainResp); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SessionReq); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SessionResp); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GetTlsConfigurationResp_ClientTlsConfiguration); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GetTlsConfigurationResp_ServerTlsConfiguration); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ValidatePeerCertificateChainReq_ClientPeer); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_internal_proto_v2_s2a_s2a_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ValidatePeerCertificateChainReq_ServerPeer); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_internal_proto_v2_s2a_s2a_proto_msgTypes[1].OneofWrappers = []interface{}{
+		(*AuthenticationMechanism_Token)(nil),
+	}
+	file_internal_proto_v2_s2a_s2a_proto_msgTypes[4].OneofWrappers = []interface{}{
+		(*GetTlsConfigurationResp_ClientTlsConfiguration_)(nil),
+		(*GetTlsConfigurationResp_ServerTlsConfiguration_)(nil),
+	}
+	file_internal_proto_v2_s2a_s2a_proto_msgTypes[5].OneofWrappers = []interface{}{
+		(*OffloadPrivateKeyOperationReq_RawBytes)(nil),
+		(*OffloadPrivateKeyOperationReq_Sha256Digest)(nil),
+		(*OffloadPrivateKeyOperationReq_Sha384Digest)(nil),
+		(*OffloadPrivateKeyOperationReq_Sha512Digest)(nil),
+	}
+	file_internal_proto_v2_s2a_s2a_proto_msgTypes[9].OneofWrappers = []interface{}{
+		(*ValidatePeerCertificateChainReq_ClientPeer_)(nil),
+		(*ValidatePeerCertificateChainReq_ServerPeer_)(nil),
+	}
+	file_internal_proto_v2_s2a_s2a_proto_msgTypes[11].OneofWrappers = []interface{}{
+		(*SessionReq_GetTlsConfigurationReq)(nil),
+		(*SessionReq_OffloadPrivateKeyOperationReq)(nil),
+		(*SessionReq_OffloadResumptionKeyOperationReq)(nil),
+		(*SessionReq_ValidatePeerCertificateChainReq)(nil),
+	}
+	file_internal_proto_v2_s2a_s2a_proto_msgTypes[12].OneofWrappers = []interface{}{
+		(*SessionResp_GetTlsConfigurationResp)(nil),
+		(*SessionResp_OffloadPrivateKeyOperationResp)(nil),
+		(*SessionResp_OffloadResumptionKeyOperationResp)(nil),
+		(*SessionResp_ValidatePeerCertificateChainResp)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_internal_proto_v2_s2a_s2a_proto_rawDesc,
+			NumEnums:      6,
+			NumMessages:   17,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_internal_proto_v2_s2a_s2a_proto_goTypes,
+		DependencyIndexes: file_internal_proto_v2_s2a_s2a_proto_depIdxs,
+		EnumInfos:         file_internal_proto_v2_s2a_s2a_proto_enumTypes,
+		MessageInfos:      file_internal_proto_v2_s2a_s2a_proto_msgTypes,
+	}.Build()
+	File_internal_proto_v2_s2a_s2a_proto = out.File
+	file_internal_proto_v2_s2a_s2a_proto_rawDesc = nil
+	file_internal_proto_v2_s2a_s2a_proto_goTypes = nil
+	file_internal_proto_v2_s2a_s2a_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_go_proto/s2a_grpc.pb.go b/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_go_proto/s2a_grpc.pb.go
new file mode 100644
index 000000000..2566df6c3
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/proto/v2/s2a_go_proto/s2a_grpc.pb.go
@@ -0,0 +1,159 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.3.0
+// - protoc             v3.21.12
+// source: internal/proto/v2/s2a/s2a.proto
+
+package s2a_go_proto
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.32.0 or later.
+const _ = grpc.SupportPackageIsVersion7
+
+const (
+	S2AService_SetUpSession_FullMethodName = "/s2a.proto.v2.S2AService/SetUpSession"
+)
+
+// S2AServiceClient is the client API for S2AService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type S2AServiceClient interface {
+	// SetUpSession is a bidirectional stream used by applications to offload
+	// operations from the TLS handshake.
+	SetUpSession(ctx context.Context, opts ...grpc.CallOption) (S2AService_SetUpSessionClient, error)
+}
+
+type s2AServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewS2AServiceClient(cc grpc.ClientConnInterface) S2AServiceClient {
+	return &s2AServiceClient{cc}
+}
+
+func (c *s2AServiceClient) SetUpSession(ctx context.Context, opts ...grpc.CallOption) (S2AService_SetUpSessionClient, error) {
+	stream, err := c.cc.NewStream(ctx, &S2AService_ServiceDesc.Streams[0], S2AService_SetUpSession_FullMethodName, opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &s2AServiceSetUpSessionClient{stream}
+	return x, nil
+}
+
+type S2AService_SetUpSessionClient interface {
+	Send(*SessionReq) error
+	Recv() (*SessionResp, error)
+	grpc.ClientStream
+}
+
+type s2AServiceSetUpSessionClient struct {
+	grpc.ClientStream
+}
+
+func (x *s2AServiceSetUpSessionClient) Send(m *SessionReq) error {
+	return x.ClientStream.SendMsg(m)
+}
+
+func (x *s2AServiceSetUpSessionClient) Recv() (*SessionResp, error) {
+	m := new(SessionResp)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+// S2AServiceServer is the server API for S2AService service.
+// All implementations must embed UnimplementedS2AServiceServer
+// for forward compatibility
+type S2AServiceServer interface {
+	// SetUpSession is a bidirectional stream used by applications to offload
+	// operations from the TLS handshake.
+	SetUpSession(S2AService_SetUpSessionServer) error
+	mustEmbedUnimplementedS2AServiceServer()
+}
+
+// UnimplementedS2AServiceServer must be embedded to have forward compatible implementations.
+type UnimplementedS2AServiceServer struct {
+}
+
+func (UnimplementedS2AServiceServer) SetUpSession(S2AService_SetUpSessionServer) error {
+	return status.Errorf(codes.Unimplemented, "method SetUpSession not implemented")
+}
+func (UnimplementedS2AServiceServer) mustEmbedUnimplementedS2AServiceServer() {}
+
+// UnsafeS2AServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to S2AServiceServer will
+// result in compilation errors.
+type UnsafeS2AServiceServer interface {
+	mustEmbedUnimplementedS2AServiceServer()
+}
+
+func RegisterS2AServiceServer(s grpc.ServiceRegistrar, srv S2AServiceServer) {
+	s.RegisterService(&S2AService_ServiceDesc, srv)
+}
+
+func _S2AService_SetUpSession_Handler(srv interface{}, stream grpc.ServerStream) error {
+	return srv.(S2AServiceServer).SetUpSession(&s2AServiceSetUpSessionServer{stream})
+}
+
+type S2AService_SetUpSessionServer interface {
+	Send(*SessionResp) error
+	Recv() (*SessionReq, error)
+	grpc.ServerStream
+}
+
+type s2AServiceSetUpSessionServer struct {
+	grpc.ServerStream
+}
+
+func (x *s2AServiceSetUpSessionServer) Send(m *SessionResp) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+func (x *s2AServiceSetUpSessionServer) Recv() (*SessionReq, error) {
+	m := new(SessionReq)
+	if err := x.ServerStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+// S2AService_ServiceDesc is the grpc.ServiceDesc for S2AService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var S2AService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "s2a.proto.v2.S2AService",
+	HandlerType: (*S2AServiceServer)(nil),
+	Methods:     []grpc.MethodDesc{},
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "SetUpSession",
+			Handler:       _S2AService_SetUpSession_Handler,
+			ServerStreams: true,
+			ClientStreams: true,
+		},
+	},
+	Metadata: "internal/proto/v2/s2a/s2a.proto",
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/aeadcrypter.go b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/aeadcrypter.go
new file mode 100644
index 000000000..486f4ec4f
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/aeadcrypter.go
@@ -0,0 +1,34 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package aeadcrypter provides the interface for AEAD cipher implementations
+// used by S2A's record protocol.
+package aeadcrypter
+
+// S2AAEADCrypter is the interface for an AEAD cipher used by the S2A record
+// protocol.
+type S2AAEADCrypter interface {
+	// Encrypt encrypts the plaintext and computes the tag of dst and plaintext.
+	// dst and plaintext may fully overlap or not at all.
+	Encrypt(dst, plaintext, nonce, aad []byte) ([]byte, error)
+	// Decrypt decrypts ciphertext and verifies the tag. dst and ciphertext may
+	// fully overlap or not at all.
+	Decrypt(dst, ciphertext, nonce, aad []byte) ([]byte, error)
+	// TagSize returns the tag size in bytes.
+	TagSize() int
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/aesgcm.go b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/aesgcm.go
new file mode 100644
index 000000000..85c4e595d
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/aesgcm.go
@@ -0,0 +1,70 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package aeadcrypter
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"fmt"
+)
+
+// Supported key sizes in bytes.
+const (
+	AES128GCMKeySize = 16
+	AES256GCMKeySize = 32
+)
+
+// aesgcm is the struct that holds an AES-GCM cipher for the S2A AEAD crypter.
+type aesgcm struct {
+	aead cipher.AEAD
+}
+
+// NewAESGCM creates an AES-GCM crypter instance. Note that the key must be
+// either 128 bits or 256 bits.
+func NewAESGCM(key []byte) (S2AAEADCrypter, error) {
+	if len(key) != AES128GCMKeySize && len(key) != AES256GCMKeySize {
+		return nil, fmt.Errorf("%d or %d bytes, given: %d", AES128GCMKeySize, AES256GCMKeySize, len(key))
+	}
+	c, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	a, err := cipher.NewGCM(c)
+	if err != nil {
+		return nil, err
+	}
+	return &aesgcm{aead: a}, nil
+}
+
+// Encrypt is the encryption function. dst can contain bytes at the beginning of
+// the ciphertext that will not be encrypted but will be authenticated. If dst
+// has enough capacity to hold these bytes, the ciphertext and the tag, no
+// allocation and copy operations will be performed. dst and plaintext may
+// fully overlap or not at all.
+func (s *aesgcm) Encrypt(dst, plaintext, nonce, aad []byte) ([]byte, error) {
+	return encrypt(s.aead, dst, plaintext, nonce, aad)
+}
+
+func (s *aesgcm) Decrypt(dst, ciphertext, nonce, aad []byte) ([]byte, error) {
+	return decrypt(s.aead, dst, ciphertext, nonce, aad)
+}
+
+func (s *aesgcm) TagSize() int {
+	return TagSize
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go
new file mode 100644
index 000000000..214df4ca4
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go
@@ -0,0 +1,67 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package aeadcrypter
+
+import (
+	"crypto/cipher"
+	"fmt"
+
+	"golang.org/x/crypto/chacha20poly1305"
+)
+
+// Supported key size in bytes.
+const (
+	Chacha20Poly1305KeySize = 32
+)
+
+// chachapoly is the struct that holds a CHACHA-POLY cipher for the S2A AEAD
+// crypter.
+type chachapoly struct {
+	aead cipher.AEAD
+}
+
+// NewChachaPoly creates a Chacha-Poly crypter instance. Note that the key must
+// be Chacha20Poly1305KeySize bytes in length.
+func NewChachaPoly(key []byte) (S2AAEADCrypter, error) {
+	if len(key) != Chacha20Poly1305KeySize {
+		return nil, fmt.Errorf("%d bytes, given: %d", Chacha20Poly1305KeySize, len(key))
+	}
+	c, err := chacha20poly1305.New(key)
+	if err != nil {
+		return nil, err
+	}
+	return &chachapoly{aead: c}, nil
+}
+
+// Encrypt is the encryption function. dst can contain bytes at the beginning of
+// the ciphertext that will not be encrypted but will be authenticated. If dst
+// has enough capacity to hold these bytes, the ciphertext and the tag, no
+// allocation and copy operations will be performed. dst and plaintext may
+// fully overlap or not at all.
+func (s *chachapoly) Encrypt(dst, plaintext, nonce, aad []byte) ([]byte, error) {
+	return encrypt(s.aead, dst, plaintext, nonce, aad)
+}
+
+func (s *chachapoly) Decrypt(dst, ciphertext, nonce, aad []byte) ([]byte, error) {
+	return decrypt(s.aead, dst, ciphertext, nonce, aad)
+}
+
+func (s *chachapoly) TagSize() int {
+	return TagSize
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/common.go b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/common.go
new file mode 100644
index 000000000..b3c36ad95
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/common.go
@@ -0,0 +1,92 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package aeadcrypter
+
+import (
+	"crypto/cipher"
+	"fmt"
+)
+
+const (
+	// TagSize is the tag size in bytes for AES-128-GCM-SHA256,
+	// AES-256-GCM-SHA384, and CHACHA20-POLY1305-SHA256.
+	TagSize = 16
+	// NonceSize is the size of the nonce in number of bytes for
+	// AES-128-GCM-SHA256, AES-256-GCM-SHA384, and CHACHA20-POLY1305-SHA256.
+	NonceSize = 12
+	// SHA256DigestSize is the digest size of sha256 in bytes.
+	SHA256DigestSize = 32
+	// SHA384DigestSize is the digest size of sha384 in bytes.
+	SHA384DigestSize = 48
+)
+
+// sliceForAppend takes a slice and a requested number of bytes. It returns a
+// slice with the contents of the given slice followed by that many bytes and a
+// second slice that aliases into it and contains only the extra bytes. If the
+// original slice has sufficient capacity then no allocation is performed.
+func sliceForAppend(in []byte, n int) (head, tail []byte) {
+	if total := len(in) + n; cap(in) >= total {
+		head = in[:total]
+	} else {
+		head = make([]byte, total)
+		copy(head, in)
+	}
+	tail = head[len(in):]
+	return head, tail
+}
+
+// encrypt is the encryption function for an AEAD crypter. aead determines
+// the type of AEAD crypter. dst can contain bytes at the beginning of the
+// ciphertext that will not be encrypted but will be authenticated. If dst has
+// enough capacity to hold these bytes, the ciphertext and the tag, no
+// allocation and copy operations will be performed. dst and plaintext may
+// fully overlap or not at all.
+func encrypt(aead cipher.AEAD, dst, plaintext, nonce, aad []byte) ([]byte, error) {
+	if len(nonce) != NonceSize {
+		return nil, fmt.Errorf("nonce size must be %d bytes. received: %d", NonceSize, len(nonce))
+	}
+	// If we need to allocate an output buffer, we want to include space for
+	// the tag to avoid forcing the caller to reallocate as well.
+	dlen := len(dst)
+	dst, out := sliceForAppend(dst, len(plaintext)+TagSize)
+	data := out[:len(plaintext)]
+	copy(data, plaintext) // data may fully overlap plaintext
+
+	// Seal appends the ciphertext and the tag to its first argument and
+	// returns the updated slice. However, sliceForAppend above ensures that
+	// dst has enough capacity to avoid a reallocation and copy due to the
+	// append.
+	dst = aead.Seal(dst[:dlen], nonce, data, aad)
+	return dst, nil
+}
+
+// decrypt is the decryption function for an AEAD crypter, where aead determines
+// the type of AEAD crypter, and dst the destination bytes for the decrypted
+// ciphertext. The dst buffer may fully overlap with plaintext or not at all.
+func decrypt(aead cipher.AEAD, dst, ciphertext, nonce, aad []byte) ([]byte, error) {
+	if len(nonce) != NonceSize {
+		return nil, fmt.Errorf("nonce size must be %d bytes. received: %d", NonceSize, len(nonce))
+	}
+	// If dst is equal to ciphertext[:0], ciphertext storage is reused.
+	plaintext, err := aead.Open(dst, nonce, ciphertext, aad)
+	if err != nil {
+		return nil, fmt.Errorf("message auth failed: %v", err)
+	}
+	return plaintext, nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/ciphersuite.go b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/ciphersuite.go
new file mode 100644
index 000000000..ddeaa6d77
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/ciphersuite.go
@@ -0,0 +1,98 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package halfconn
+
+import (
+	"crypto/sha256"
+	"crypto/sha512"
+	"fmt"
+	"hash"
+
+	s2apb "github.com/google/s2a-go/internal/proto/common_go_proto"
+	"github.com/google/s2a-go/internal/record/internal/aeadcrypter"
+)
+
+// ciphersuite is the interface for retrieving ciphersuite-specific information
+// and utilities.
+type ciphersuite interface {
+	// keySize returns the key size in bytes. This refers to the key used by
+	// the AEAD crypter. This is derived by calling HKDF expand on the traffic
+	// secret.
+	keySize() int
+	// nonceSize returns the nonce size in bytes.
+	nonceSize() int
+	// trafficSecretSize returns the traffic secret size in bytes. This refers
+	// to the secret used to derive the traffic key and nonce, as specified in
+	// https://tools.ietf.org/html/rfc8446#section-7.
+	trafficSecretSize() int
+	// hashFunction returns the hash function for the ciphersuite.
+	hashFunction() func() hash.Hash
+	// aeadCrypter takes a key and creates an AEAD crypter for the ciphersuite
+	// using that key.
+	aeadCrypter(key []byte) (aeadcrypter.S2AAEADCrypter, error)
+}
+
+func newCiphersuite(ciphersuite s2apb.Ciphersuite) (ciphersuite, error) {
+	switch ciphersuite {
+	case s2apb.Ciphersuite_AES_128_GCM_SHA256:
+		return &aesgcm128sha256{}, nil
+	case s2apb.Ciphersuite_AES_256_GCM_SHA384:
+		return &aesgcm256sha384{}, nil
+	case s2apb.Ciphersuite_CHACHA20_POLY1305_SHA256:
+		return &chachapolysha256{}, nil
+	default:
+		return nil, fmt.Errorf("unrecognized ciphersuite: %v", ciphersuite)
+	}
+}
+
+// aesgcm128sha256 is the AES-128-GCM-SHA256 implementation of the ciphersuite
+// interface.
+type aesgcm128sha256 struct{}
+
+func (aesgcm128sha256) keySize() int                   { return aeadcrypter.AES128GCMKeySize }
+func (aesgcm128sha256) nonceSize() int                 { return aeadcrypter.NonceSize }
+func (aesgcm128sha256) trafficSecretSize() int         { return aeadcrypter.SHA256DigestSize }
+func (aesgcm128sha256) hashFunction() func() hash.Hash { return sha256.New }
+func (aesgcm128sha256) aeadCrypter(key []byte) (aeadcrypter.S2AAEADCrypter, error) {
+	return aeadcrypter.NewAESGCM(key)
+}
+
+// aesgcm256sha384 is the AES-256-GCM-SHA384 implementation of the ciphersuite
+// interface.
+type aesgcm256sha384 struct{}
+
+func (aesgcm256sha384) keySize() int                   { return aeadcrypter.AES256GCMKeySize }
+func (aesgcm256sha384) nonceSize() int                 { return aeadcrypter.NonceSize }
+func (aesgcm256sha384) trafficSecretSize() int         { return aeadcrypter.SHA384DigestSize }
+func (aesgcm256sha384) hashFunction() func() hash.Hash { return sha512.New384 }
+func (aesgcm256sha384) aeadCrypter(key []byte) (aeadcrypter.S2AAEADCrypter, error) {
+	return aeadcrypter.NewAESGCM(key)
+}
+
+// chachapolysha256 is the ChaChaPoly-SHA256 implementation of the ciphersuite
+// interface.
+type chachapolysha256 struct{}
+
+func (chachapolysha256) keySize() int                   { return aeadcrypter.Chacha20Poly1305KeySize }
+func (chachapolysha256) nonceSize() int                 { return aeadcrypter.NonceSize }
+func (chachapolysha256) trafficSecretSize() int         { return aeadcrypter.SHA256DigestSize }
+func (chachapolysha256) hashFunction() func() hash.Hash { return sha256.New }
+func (chachapolysha256) aeadCrypter(key []byte) (aeadcrypter.S2AAEADCrypter, error) {
+	return aeadcrypter.NewChachaPoly(key)
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/counter.go b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/counter.go
new file mode 100644
index 000000000..9499cdca7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/counter.go
@@ -0,0 +1,60 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package halfconn
+
+import "errors"
+
+// counter is a 64-bit counter.
+type counter struct {
+	val           uint64
+	hasOverflowed bool
+}
+
+// newCounter creates a new counter with the initial value set to val.
+func newCounter(val uint64) counter {
+	return counter{val: val}
+}
+
+// value returns the current value of the counter.
+func (c *counter) value() (uint64, error) {
+	if c.hasOverflowed {
+		return 0, errors.New("counter has overflowed")
+	}
+	return c.val, nil
+}
+
+// increment increments the counter and checks for overflow.
+func (c *counter) increment() {
+	// If the counter is already invalid due to overflow, there is no need to
+	// increase it. We check for the hasOverflowed flag in the call to value().
+	if c.hasOverflowed {
+		return
+	}
+	c.val++
+	if c.val == 0 {
+		c.hasOverflowed = true
+	}
+}
+
+// reset sets the counter value to zero and sets the hasOverflowed flag to
+// false.
+func (c *counter) reset() {
+	c.val = 0
+	c.hasOverflowed = false
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go
new file mode 100644
index 000000000..e05f2c36a
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go
@@ -0,0 +1,59 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package halfconn
+
+import (
+	"fmt"
+	"hash"
+
+	"golang.org/x/crypto/hkdf"
+)
+
+// hkdfExpander is the interface for the HKDF expansion function; see
+// https://tools.ietf.org/html/rfc5869 for details. its use in TLS 1.3 is
+// specified in https://tools.ietf.org/html/rfc8446#section-7.2
+type hkdfExpander interface {
+	// expand takes a secret, a label, and the output length in bytes, and
+	// returns the resulting expanded key.
+	expand(secret, label []byte, length int) ([]byte, error)
+}
+
+// defaultHKDFExpander is the default HKDF expander which uses Go's crypto/hkdf
+// for HKDF expansion.
+type defaultHKDFExpander struct {
+	h func() hash.Hash
+}
+
+// newDefaultHKDFExpander creates an instance of the default HKDF expander
+// using the given hash function.
+func newDefaultHKDFExpander(h func() hash.Hash) hkdfExpander {
+	return &defaultHKDFExpander{h: h}
+}
+
+func (d *defaultHKDFExpander) expand(secret, label []byte, length int) ([]byte, error) {
+	outBuf := make([]byte, length)
+	n, err := hkdf.Expand(d.h, secret, label).Read(outBuf)
+	if err != nil {
+		return nil, fmt.Errorf("hkdf.Expand.Read failed with error: %v", err)
+	}
+	if n < length {
+		return nil, fmt.Errorf("hkdf.Expand.Read returned unexpected length, got %d, want %d", n, length)
+	}
+	return outBuf, nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go
new file mode 100644
index 000000000..dff99ff59
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go
@@ -0,0 +1,193 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package halfconn manages the inbound or outbound traffic of a TLS 1.3
+// connection.
+package halfconn
+
+import (
+	"fmt"
+	"sync"
+
+	s2apb "github.com/google/s2a-go/internal/proto/common_go_proto"
+	"github.com/google/s2a-go/internal/record/internal/aeadcrypter"
+	"golang.org/x/crypto/cryptobyte"
+)
+
+// The constants below were taken from Section 7.2 and 7.3 in
+// https://tools.ietf.org/html/rfc8446#section-7. They are used as the label
+// in HKDF-Expand-Label.
+const (
+	tls13Key    = "tls13 key"
+	tls13Nonce  = "tls13 iv"
+	tls13Update = "tls13 traffic upd"
+)
+
+// S2AHalfConnection stores the state of the TLS 1.3 connection in the
+// inbound or outbound direction.
+type S2AHalfConnection struct {
+	cs       ciphersuite
+	expander hkdfExpander
+	// mutex guards sequence, aeadCrypter, trafficSecret, and nonce.
+	mutex         sync.Mutex
+	aeadCrypter   aeadcrypter.S2AAEADCrypter
+	sequence      counter
+	trafficSecret []byte
+	nonce         []byte
+}
+
+// New creates a new instance of S2AHalfConnection given a ciphersuite and a
+// traffic secret.
+func New(ciphersuite s2apb.Ciphersuite, trafficSecret []byte, sequence uint64) (*S2AHalfConnection, error) {
+	cs, err := newCiphersuite(ciphersuite)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create new ciphersuite: %v", ciphersuite)
+	}
+	if cs.trafficSecretSize() != len(trafficSecret) {
+		return nil, fmt.Errorf("supplied traffic secret must be %v bytes, given: %v bytes", cs.trafficSecretSize(), len(trafficSecret))
+	}
+
+	hc := &S2AHalfConnection{cs: cs, expander: newDefaultHKDFExpander(cs.hashFunction()), sequence: newCounter(sequence), trafficSecret: trafficSecret}
+	if err = hc.updateCrypterAndNonce(hc.trafficSecret); err != nil {
+		return nil, fmt.Errorf("failed to create half connection using traffic secret: %v", err)
+	}
+
+	return hc, nil
+}
+
+// Encrypt encrypts the plaintext and computes the tag of dst and plaintext.
+// dst and plaintext may fully overlap or not at all. Note that the sequence
+// number will still be incremented on failure, unless the sequence has
+// overflowed.
+func (hc *S2AHalfConnection) Encrypt(dst, plaintext, aad []byte) ([]byte, error) {
+	hc.mutex.Lock()
+	sequence, err := hc.getAndIncrementSequence()
+	if err != nil {
+		hc.mutex.Unlock()
+		return nil, err
+	}
+	nonce := hc.maskedNonce(sequence)
+	crypter := hc.aeadCrypter
+	hc.mutex.Unlock()
+	return crypter.Encrypt(dst, plaintext, nonce, aad)
+}
+
+// Decrypt decrypts ciphertext and verifies the tag. dst and ciphertext may
+// fully overlap or not at all. Note that the sequence number will still be
+// incremented on failure, unless the sequence has overflowed.
+func (hc *S2AHalfConnection) Decrypt(dst, ciphertext, aad []byte) ([]byte, error) {
+	hc.mutex.Lock()
+	sequence, err := hc.getAndIncrementSequence()
+	if err != nil {
+		hc.mutex.Unlock()
+		return nil, err
+	}
+	nonce := hc.maskedNonce(sequence)
+	crypter := hc.aeadCrypter
+	hc.mutex.Unlock()
+	return crypter.Decrypt(dst, ciphertext, nonce, aad)
+}
+
+// UpdateKey advances the traffic secret key, as specified in
+// https://tools.ietf.org/html/rfc8446#section-7.2. In addition, it derives
+// a new key and nonce, and resets the sequence number.
+func (hc *S2AHalfConnection) UpdateKey() error {
+	hc.mutex.Lock()
+	defer hc.mutex.Unlock()
+
+	var err error
+	hc.trafficSecret, err = hc.deriveSecret(hc.trafficSecret, []byte(tls13Update), hc.cs.trafficSecretSize())
+	if err != nil {
+		return fmt.Errorf("failed to derive traffic secret: %v", err)
+	}
+
+	if err = hc.updateCrypterAndNonce(hc.trafficSecret); err != nil {
+		return fmt.Errorf("failed to update half connection: %v", err)
+	}
+
+	hc.sequence.reset()
+	return nil
+}
+
+// TagSize returns the tag size in bytes of the underlying AEAD crypter.
+func (hc *S2AHalfConnection) TagSize() int {
+	return hc.aeadCrypter.TagSize()
+}
+
+// updateCrypterAndNonce takes a new traffic secret and updates the crypter
+// and nonce. Note that the mutex must be held while calling this function.
+func (hc *S2AHalfConnection) updateCrypterAndNonce(newTrafficSecret []byte) error {
+	key, err := hc.deriveSecret(newTrafficSecret, []byte(tls13Key), hc.cs.keySize())
+	if err != nil {
+		return fmt.Errorf("failed to update key: %v", err)
+	}
+
+	hc.nonce, err = hc.deriveSecret(newTrafficSecret, []byte(tls13Nonce), hc.cs.nonceSize())
+	if err != nil {
+		return fmt.Errorf("failed to update nonce: %v", err)
+	}
+
+	hc.aeadCrypter, err = hc.cs.aeadCrypter(key)
+	if err != nil {
+		return fmt.Errorf("failed to update AEAD crypter: %v", err)
+	}
+	return nil
+}
+
+// getAndIncrement returns the current sequence number and increments it. Note
+// that the mutex must be held while calling this function.
+func (hc *S2AHalfConnection) getAndIncrementSequence() (uint64, error) {
+	sequence, err := hc.sequence.value()
+	if err != nil {
+		return 0, err
+	}
+	hc.sequence.increment()
+	return sequence, nil
+}
+
+// maskedNonce creates a copy of the nonce that is masked with the sequence
+// number. Note that the mutex must be held while calling this function.
+func (hc *S2AHalfConnection) maskedNonce(sequence uint64) []byte {
+	const uint64Size = 8
+	nonce := make([]byte, len(hc.nonce))
+	copy(nonce, hc.nonce)
+	for i := 0; i < uint64Size; i++ {
+		nonce[aeadcrypter.NonceSize-uint64Size+i] ^= byte(sequence >> uint64(56-uint64Size*i))
+	}
+	return nonce
+}
+
+// deriveSecret implements the Derive-Secret function, as specified in
+// https://tools.ietf.org/html/rfc8446#section-7.1.
+func (hc *S2AHalfConnection) deriveSecret(secret, label []byte, length int) ([]byte, error) {
+	var hkdfLabel cryptobyte.Builder
+	hkdfLabel.AddUint16(uint16(length))
+	hkdfLabel.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+		b.AddBytes(label)
+	})
+	// Append an empty `Context` field to the label, as specified in the RFC.
+	// The half connection does not use the `Context` field.
+	hkdfLabel.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+		b.AddBytes([]byte(""))
+	})
+	hkdfLabelBytes, err := hkdfLabel.Bytes()
+	if err != nil {
+		return nil, fmt.Errorf("deriveSecret failed: %v", err)
+	}
+	return hc.expander.expand(secret, hkdfLabelBytes, length)
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/record.go b/vendor/github.com/google/s2a-go/internal/record/record.go
new file mode 100644
index 000000000..c60515510
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/record.go
@@ -0,0 +1,757 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package record implements the TLS 1.3 record protocol used by the S2A
+// transport credentials.
+package record
+
+import (
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"math"
+	"net"
+	"sync"
+
+	commonpb "github.com/google/s2a-go/internal/proto/common_go_proto"
+	"github.com/google/s2a-go/internal/record/internal/halfconn"
+	"github.com/google/s2a-go/internal/tokenmanager"
+	"google.golang.org/grpc/grpclog"
+)
+
+// recordType is the `ContentType` as described in
+// https://tools.ietf.org/html/rfc8446#section-5.1.
+type recordType byte
+
+const (
+	alert           recordType = 21
+	handshake       recordType = 22
+	applicationData recordType = 23
+)
+
+// keyUpdateRequest is the `KeyUpdateRequest` as described in
+// https://tools.ietf.org/html/rfc8446#section-4.6.3.
+type keyUpdateRequest byte
+
+const (
+	updateNotRequested keyUpdateRequest = 0
+	updateRequested    keyUpdateRequest = 1
+)
+
+// alertDescription is the `AlertDescription` as described in
+// https://tools.ietf.org/html/rfc8446#section-6.
+type alertDescription byte
+
+const (
+	closeNotify alertDescription = 0
+)
+
+// sessionTicketState is used to determine whether session tickets have not yet
+// been received, are in the process of being received, or have finished
+// receiving.
+type sessionTicketState byte
+
+const (
+	ticketsNotYetReceived sessionTicketState = 0
+	receivingTickets      sessionTicketState = 1
+	notReceivingTickets   sessionTicketState = 2
+)
+
+const (
+	// The TLS 1.3-specific constants below (tlsRecordMaxPlaintextSize,
+	// tlsRecordHeaderSize, tlsRecordTypeSize) were taken from
+	// https://tools.ietf.org/html/rfc8446#section-5.1.
+
+	// tlsRecordMaxPlaintextSize is the maximum size in bytes of the plaintext
+	// in a single TLS 1.3 record.
+	tlsRecordMaxPlaintextSize = 16384 // 2^14
+	// tlsRecordTypeSize is the size in bytes of the TLS 1.3 record type.
+	tlsRecordTypeSize = 1
+	// tlsTagSize is the size in bytes of the tag of the following three
+	// ciphersuites: AES-128-GCM-SHA256, AES-256-GCM-SHA384,
+	// CHACHA20-POLY1305-SHA256.
+	tlsTagSize = 16
+	// tlsRecordMaxPayloadSize is the maximum size in bytes of the payload in a
+	// single TLS 1.3 record. This is the maximum size of the plaintext plus the
+	// record type byte and 16 bytes of the tag.
+	tlsRecordMaxPayloadSize = tlsRecordMaxPlaintextSize + tlsRecordTypeSize + tlsTagSize
+	// tlsRecordHeaderTypeSize is the size in bytes of the TLS 1.3 record
+	// header type.
+	tlsRecordHeaderTypeSize = 1
+	// tlsRecordHeaderLegacyRecordVersionSize is the size in bytes of the TLS
+	// 1.3 record header legacy record version.
+	tlsRecordHeaderLegacyRecordVersionSize = 2
+	// tlsRecordHeaderPayloadLengthSize is the size in bytes of the TLS 1.3
+	// record header payload length.
+	tlsRecordHeaderPayloadLengthSize = 2
+	// tlsRecordHeaderSize is the size in bytes of the TLS 1.3 record header.
+	tlsRecordHeaderSize = tlsRecordHeaderTypeSize + tlsRecordHeaderLegacyRecordVersionSize + tlsRecordHeaderPayloadLengthSize
+	// tlsRecordMaxSize
+	tlsRecordMaxSize = tlsRecordMaxPayloadSize + tlsRecordHeaderSize
+	// tlsApplicationData is the application data type of the TLS 1.3 record
+	// header.
+	tlsApplicationData = 23
+	// tlsLegacyRecordVersion is the legacy record version of the TLS record.
+	tlsLegacyRecordVersion = 3
+	// tlsAlertSize is the size in bytes of an alert of TLS 1.3.
+	tlsAlertSize = 2
+)
+
+const (
+	// These are TLS 1.3 handshake-specific constants.
+
+	// tlsHandshakeNewSessionTicketType is the prefix of a handshake new session
+	// ticket message of TLS 1.3.
+	tlsHandshakeNewSessionTicketType = 4
+	// tlsHandshakeKeyUpdateType is the prefix of a handshake key update message
+	// of TLS 1.3.
+	tlsHandshakeKeyUpdateType = 24
+	// tlsHandshakeMsgTypeSize is the size in bytes of the TLS 1.3 handshake
+	// message type field.
+	tlsHandshakeMsgTypeSize = 1
+	// tlsHandshakeLengthSize is the size in bytes of the TLS 1.3 handshake
+	// message length field.
+	tlsHandshakeLengthSize = 3
+	// tlsHandshakeKeyUpdateMsgSize is the size in bytes of the TLS 1.3
+	// handshake key update message.
+	tlsHandshakeKeyUpdateMsgSize = 1
+	// tlsHandshakePrefixSize is the size in bytes of the prefix of the TLS 1.3
+	// handshake message.
+	tlsHandshakePrefixSize = 4
+	// tlsMaxSessionTicketSize is the maximum size of a NewSessionTicket message
+	// in TLS 1.3. This is the sum of the max sizes of all the fields in the
+	// NewSessionTicket struct specified in
+	// https://tools.ietf.org/html/rfc8446#section-4.6.1.
+	tlsMaxSessionTicketSize = 131338
+)
+
+const (
+	// outBufMaxRecords is the maximum number of records that can fit in the
+	// ourRecordsBuf buffer.
+	outBufMaxRecords = 16
+	// outBufMaxSize is the maximum size (in bytes) of the outRecordsBuf buffer.
+	outBufMaxSize = outBufMaxRecords * tlsRecordMaxSize
+	// maxAllowedTickets is the maximum number of session tickets that are
+	// allowed. The number of tickets are limited to ensure that the size of the
+	// ticket queue does not grow indefinitely. S2A also keeps a limit on the
+	// number of tickets that it caches.
+	maxAllowedTickets = 5
+)
+
+// preConstructedKeyUpdateMsg holds the key update message. This is needed as an
+// optimization so that the same message does not need to be constructed every
+// time a key update message is sent.
+var preConstructedKeyUpdateMsg = buildKeyUpdateRequest()
+
+// conn represents a secured TLS connection. It implements the net.Conn
+// interface.
+type conn struct {
+	net.Conn
+	// inConn is the half connection responsible for decrypting incoming bytes.
+	inConn *halfconn.S2AHalfConnection
+	// outConn is the half connection responsible for encrypting outgoing bytes.
+	outConn *halfconn.S2AHalfConnection
+	// pendingApplicationData holds data that has been read from the connection
+	// and decrypted, but has not yet been returned by Read.
+	pendingApplicationData []byte
+	// unusedBuf holds data read from the network that has not yet been
+	// decrypted. This data might not consist of a complete record. It may
+	// consist of several records, the last of which could be incomplete.
+	unusedBuf []byte
+	// outRecordsBuf is a buffer used to store outgoing TLS records before
+	// they are written to the network.
+	outRecordsBuf []byte
+	// nextRecord stores the next record info in the unusedBuf buffer.
+	nextRecord []byte
+	// overheadSize is the overhead size in bytes of each TLS 1.3 record, which
+	// is computed as overheadSize = header size + record type byte + tag size.
+	// Note that there is no padding by zeros in the overhead calculation.
+	overheadSize int
+	// readMutex guards against concurrent calls to Read. This is required since
+	// Close may be called during a Read.
+	readMutex sync.Mutex
+	// writeMutex guards against concurrent calls to Write. This is required
+	// since Close may be called during a Write, and also because a key update
+	// message may be written during a Read.
+	writeMutex sync.Mutex
+	// handshakeBuf holds handshake messages while they are being processed.
+	handshakeBuf []byte
+	// ticketState is the current processing state of the session tickets.
+	ticketState sessionTicketState
+	// sessionTickets holds the completed session tickets until they are sent to
+	// the handshaker service for processing.
+	sessionTickets [][]byte
+	// ticketSender sends session tickets to the S2A handshaker service.
+	ticketSender s2aTicketSender
+	// callComplete is a channel that blocks closing the record protocol until a
+	// pending call to the S2A completes.
+	callComplete chan bool
+}
+
+// ConnParameters holds the parameters used for creating a new conn object.
+type ConnParameters struct {
+	// NetConn is the TCP connection to the peer. This parameter is required.
+	NetConn net.Conn
+	// Ciphersuite is the TLS ciphersuite negotiated by the S2A handshaker
+	// service. This parameter is required.
+	Ciphersuite commonpb.Ciphersuite
+	// TLSVersion is the TLS version number negotiated by the S2A handshaker
+	// service. This parameter is required.
+	TLSVersion commonpb.TLSVersion
+	// InTrafficSecret is the traffic secret used to derive the session key for
+	// the inbound direction. This parameter is required.
+	InTrafficSecret []byte
+	// OutTrafficSecret is the traffic secret used to derive the session key
+	// for the outbound direction. This parameter is required.
+	OutTrafficSecret []byte
+	// UnusedBuf is the data read from the network that has not yet been
+	// decrypted. This parameter is optional. If not provided, then no
+	// application data was sent in the same flight of messages as the final
+	// handshake message.
+	UnusedBuf []byte
+	// InSequence is the sequence number of the next, incoming, TLS record.
+	// This parameter is required.
+	InSequence uint64
+	// OutSequence is the sequence number of the next, outgoing, TLS record.
+	// This parameter is required.
+	OutSequence uint64
+	// HSAddr stores the address of the S2A handshaker service. This parameter
+	// is optional. If not provided, then TLS resumption is disabled.
+	HSAddr string
+	// ConnectionId is the connection identifier that was created and sent by
+	// S2A at the end of a handshake.
+	ConnectionID uint64
+	// LocalIdentity is the local identity that was used by S2A during session
+	// setup and included in the session result.
+	LocalIdentity *commonpb.Identity
+	// EnsureProcessSessionTickets allows users to wait and ensure that all
+	// available session tickets are sent to S2A before a process completes.
+	EnsureProcessSessionTickets *sync.WaitGroup
+}
+
+// NewConn creates a TLS record protocol that wraps the TCP connection.
+func NewConn(o *ConnParameters) (net.Conn, error) {
+	if o == nil {
+		return nil, errors.New("conn options must not be nil")
+	}
+	if o.TLSVersion != commonpb.TLSVersion_TLS1_3 {
+		return nil, errors.New("TLS version must be TLS 1.3")
+	}
+
+	inConn, err := halfconn.New(o.Ciphersuite, o.InTrafficSecret, o.InSequence)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create inbound half connection: %v", err)
+	}
+	outConn, err := halfconn.New(o.Ciphersuite, o.OutTrafficSecret, o.OutSequence)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create outbound half connection: %v", err)
+	}
+
+	// The tag size for the in/out connections should be the same.
+	overheadSize := tlsRecordHeaderSize + tlsRecordTypeSize + inConn.TagSize()
+	var unusedBuf []byte
+	if o.UnusedBuf == nil {
+		// We pre-allocate unusedBuf to be of size
+		// 2*tlsRecordMaxSize-1 during initialization. We only read from the
+		// network into unusedBuf when unusedBuf does not contain a complete
+		// record and the incomplete record is at most tlsRecordMaxSize-1
+		// (bytes). And we read at most tlsRecordMaxSize bytes of data from the
+		// network into unusedBuf at one time. Therefore, 2*tlsRecordMaxSize-1
+		// is large enough to buffer data read from the network.
+		unusedBuf = make([]byte, 0, 2*tlsRecordMaxSize-1)
+	} else {
+		unusedBuf = make([]byte, len(o.UnusedBuf))
+		copy(unusedBuf, o.UnusedBuf)
+	}
+
+	tokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
+	if err != nil {
+		grpclog.Infof("failed to create single token access token manager: %v", err)
+	}
+
+	s2aConn := &conn{
+		Conn:          o.NetConn,
+		inConn:        inConn,
+		outConn:       outConn,
+		unusedBuf:     unusedBuf,
+		outRecordsBuf: make([]byte, tlsRecordMaxSize),
+		nextRecord:    unusedBuf,
+		overheadSize:  overheadSize,
+		ticketState:   ticketsNotYetReceived,
+		// Pre-allocate the buffer for one session ticket message and the max
+		// plaintext size. This is the largest size that handshakeBuf will need
+		// to hold. The largest incomplete handshake message is the
+		// [handshake header size] + [max session ticket size] - 1.
+		// Then, tlsRecordMaxPlaintextSize is the maximum size that will be
+		// appended to the handshakeBuf before the handshake message is
+		// completed. Therefore, the buffer size below should be large enough to
+		// buffer any handshake messages.
+		handshakeBuf: make([]byte, 0, tlsHandshakePrefixSize+tlsMaxSessionTicketSize+tlsRecordMaxPlaintextSize-1),
+		ticketSender: &ticketSender{
+			hsAddr:                      o.HSAddr,
+			connectionID:                o.ConnectionID,
+			localIdentity:               o.LocalIdentity,
+			tokenManager:                tokenManager,
+			ensureProcessSessionTickets: o.EnsureProcessSessionTickets,
+		},
+		callComplete: make(chan bool),
+	}
+	return s2aConn, nil
+}
+
+// Read reads and decrypts a TLS 1.3 record from the underlying connection, and
+// copies any application data received from the peer into b. If the size of the
+// payload is greater than len(b), Read retains the remaining bytes in an
+// internal buffer, and subsequent calls to Read will read from this buffer
+// until it is exhausted. At most 1 TLS record worth of application data is
+// written to b for each call to Read.
+//
+// Note that for the user to efficiently call this method, the user should
+// ensure that the buffer b is allocated such that the buffer does not have any
+// unused segments. This can be done by calling Read via io.ReadFull, which
+// continually calls Read until the specified buffer has been filled. Also note
+// that the user should close the connection via Close() if an error is thrown
+// by a call to Read.
+func (p *conn) Read(b []byte) (n int, err error) {
+	p.readMutex.Lock()
+	defer p.readMutex.Unlock()
+	// Check if p.pendingApplication data has leftover application data from
+	// the previous call to Read.
+	if len(p.pendingApplicationData) == 0 {
+		// Read a full record from the wire.
+		record, err := p.readFullRecord()
+		if err != nil {
+			return 0, err
+		}
+		// Now we have a complete record, so split the header and validate it
+		// The TLS record is split into 2 pieces: the record header and the
+		// payload. The payload has the following form:
+		// [payload] = [ciphertext of application data]
+		//           + [ciphertext of record type byte]
+		//           + [(optionally) ciphertext of padding by zeros]
+		//           + [tag]
+		header, payload, err := splitAndValidateHeader(record)
+		if err != nil {
+			return 0, err
+		}
+		// Decrypt the ciphertext.
+		p.pendingApplicationData, err = p.inConn.Decrypt(payload[:0], payload, header)
+		if err != nil {
+			return 0, err
+		}
+		// Remove the padding by zeros and the record type byte from the
+		// p.pendingApplicationData buffer.
+		msgType, err := p.stripPaddingAndType()
+		if err != nil {
+			return 0, err
+		}
+		// Check that the length of the plaintext after stripping the padding
+		// and record type byte is under the maximum plaintext size.
+		if len(p.pendingApplicationData) > tlsRecordMaxPlaintextSize {
+			return 0, errors.New("plaintext size larger than maximum")
+		}
+		// The expected message types are application data, alert, and
+		// handshake. For application data, the bytes are directly copied into
+		// b. For an alert, the type of the alert is checked and the connection
+		// is closed on a close notify alert. For a handshake message, the
+		// handshake message type is checked. The handshake message type can be
+		// a key update type, for which we advance the traffic secret, and a
+		// new session ticket type, for which we send the received ticket to S2A
+		// for processing.
+		switch msgType {
+		case applicationData:
+			if len(p.handshakeBuf) > 0 {
+				return 0, errors.New("application data received while processing fragmented handshake messages")
+			}
+			if p.ticketState == receivingTickets {
+				p.ticketState = notReceivingTickets
+				grpclog.Infof("Sending session tickets to S2A.")
+				p.ticketSender.sendTicketsToS2A(p.sessionTickets, p.callComplete)
+			}
+		case alert:
+			return 0, p.handleAlertMessage()
+		case handshake:
+			if err = p.handleHandshakeMessage(); err != nil {
+				return 0, err
+			}
+			return 0, nil
+		default:
+			return 0, errors.New("unknown record type")
+		}
+	}
+	// Write as much application data as possible to b, the output buffer.
+	n = copy(b, p.pendingApplicationData)
+	p.pendingApplicationData = p.pendingApplicationData[n:]
+	return n, nil
+}
+
+// Write divides b into segments of size tlsRecordMaxPlaintextSize, builds a
+// TLS 1.3 record (of type "application data") from each segment, and sends
+// the record to the peer. It returns the number of plaintext bytes that were
+// successfully sent to the peer.
+func (p *conn) Write(b []byte) (n int, err error) {
+	p.writeMutex.Lock()
+	defer p.writeMutex.Unlock()
+	return p.writeTLSRecord(b, tlsApplicationData)
+}
+
+// writeTLSRecord divides b into segments of size maxPlaintextBytesPerRecord,
+// builds a TLS 1.3 record (of type recordType) from each segment, and sends
+// the record to the peer. It returns the number of plaintext bytes that were
+// successfully sent to the peer.
+func (p *conn) writeTLSRecord(b []byte, recordType byte) (n int, err error) {
+	// Create a record of only header, record type, and tag if given empty
+	// byte array.
+	if len(b) == 0 {
+		recordEndIndex, _, err := p.buildRecord(b, recordType, 0)
+		if err != nil {
+			return 0, err
+		}
+
+		// Write the bytes stored in outRecordsBuf to p.Conn. Since we return
+		// the number of plaintext bytes written without overhead, we will
+		// always return 0 while p.Conn.Write returns the entire record length.
+		_, err = p.Conn.Write(p.outRecordsBuf[:recordEndIndex])
+		return 0, err
+	}
+
+	numRecords := int(math.Ceil(float64(len(b)) / float64(tlsRecordMaxPlaintextSize)))
+	totalRecordsSize := len(b) + numRecords*p.overheadSize
+	partialBSize := len(b)
+	if totalRecordsSize > outBufMaxSize {
+		totalRecordsSize = outBufMaxSize
+		partialBSize = outBufMaxRecords * tlsRecordMaxPlaintextSize
+	}
+	if len(p.outRecordsBuf) < totalRecordsSize {
+		p.outRecordsBuf = make([]byte, totalRecordsSize)
+	}
+	for bStart := 0; bStart < len(b); bStart += partialBSize {
+		bEnd := bStart + partialBSize
+		if bEnd > len(b) {
+			bEnd = len(b)
+		}
+		partialB := b[bStart:bEnd]
+		recordEndIndex := 0
+		for len(partialB) > 0 {
+			recordEndIndex, partialB, err = p.buildRecord(partialB, recordType, recordEndIndex)
+			if err != nil {
+				// Return the amount of bytes written prior to the error.
+				return bStart, err
+			}
+		}
+		// Write the bytes stored in outRecordsBuf to p.Conn. If there is an
+		// error, calculate the total number of plaintext bytes of complete
+		// records successfully written to the peer and return it.
+		nn, err := p.Conn.Write(p.outRecordsBuf[:recordEndIndex])
+		if err != nil {
+			numberOfCompletedRecords := int(math.Floor(float64(nn) / float64(tlsRecordMaxSize)))
+			return bStart + numberOfCompletedRecords*tlsRecordMaxPlaintextSize, err
+		}
+	}
+	return len(b), nil
+}
+
+// buildRecord builds a TLS 1.3 record of type recordType from plaintext,
+// and writes the record to outRecordsBuf at recordStartIndex. The record will
+// have at most tlsRecordMaxPlaintextSize bytes of payload. It returns the
+// index of outRecordsBuf where the current record ends, as well as any
+// remaining plaintext bytes.
+func (p *conn) buildRecord(plaintext []byte, recordType byte, recordStartIndex int) (n int, remainingPlaintext []byte, err error) {
+	// Construct the payload, which consists of application data and record type.
+	dataLen := len(plaintext)
+	if dataLen > tlsRecordMaxPlaintextSize {
+		dataLen = tlsRecordMaxPlaintextSize
+	}
+	remainingPlaintext = plaintext[dataLen:]
+	newRecordBuf := p.outRecordsBuf[recordStartIndex:]
+
+	copy(newRecordBuf[tlsRecordHeaderSize:], plaintext[:dataLen])
+	newRecordBuf[tlsRecordHeaderSize+dataLen] = recordType
+	payload := newRecordBuf[tlsRecordHeaderSize : tlsRecordHeaderSize+dataLen+1] // 1 is for the recordType.
+	// Construct the header.
+	newRecordBuf[0] = tlsApplicationData
+	newRecordBuf[1] = tlsLegacyRecordVersion
+	newRecordBuf[2] = tlsLegacyRecordVersion
+	binary.BigEndian.PutUint16(newRecordBuf[3:], uint16(len(payload)+tlsTagSize))
+	header := newRecordBuf[:tlsRecordHeaderSize]
+
+	// Encrypt the payload using header as aad.
+	encryptedPayload, err := p.outConn.Encrypt(newRecordBuf[tlsRecordHeaderSize:][:0], payload, header)
+	if err != nil {
+		return 0, plaintext, err
+	}
+	recordStartIndex += len(header) + len(encryptedPayload)
+	return recordStartIndex, remainingPlaintext, nil
+}
+
+func (p *conn) Close() error {
+	p.readMutex.Lock()
+	defer p.readMutex.Unlock()
+	p.writeMutex.Lock()
+	defer p.writeMutex.Unlock()
+	// If p.ticketState is equal to notReceivingTickets, then S2A has
+	// been sent a flight of session tickets, and we must wait for the
+	// call to S2A to complete before closing the record protocol.
+	if p.ticketState == notReceivingTickets {
+		<-p.callComplete
+		grpclog.Infof("Safe to close the connection because sending tickets to S2A is (already) complete.")
+	}
+	return p.Conn.Close()
+}
+
+// stripPaddingAndType strips the padding by zeros and record type from
+// p.pendingApplicationData and returns the record type. Note that
+// p.pendingApplicationData should be of the form:
+// [application data] + [record type byte] + [trailing zeros]
+func (p *conn) stripPaddingAndType() (recordType, error) {
+	if len(p.pendingApplicationData) == 0 {
+		return 0, errors.New("application data had length 0")
+	}
+	i := len(p.pendingApplicationData) - 1
+	// Search for the index of the record type byte.
+	for i > 0 {
+		if p.pendingApplicationData[i] != 0 {
+			break
+		}
+		i--
+	}
+	rt := recordType(p.pendingApplicationData[i])
+	p.pendingApplicationData = p.pendingApplicationData[:i]
+	return rt, nil
+}
+
+// readFullRecord reads from the wire until a record is completed and returns
+// the full record.
+func (p *conn) readFullRecord() (fullRecord []byte, err error) {
+	fullRecord, p.nextRecord, err = parseReadBuffer(p.nextRecord, tlsRecordMaxPayloadSize)
+	if err != nil {
+		return nil, err
+	}
+	// Check whether the next record to be decrypted has been completely
+	// received.
+	if len(fullRecord) == 0 {
+		copy(p.unusedBuf, p.nextRecord)
+		p.unusedBuf = p.unusedBuf[:len(p.nextRecord)]
+		// Always copy next incomplete record to the beginning of the
+		// unusedBuf buffer and reset nextRecord to it.
+		p.nextRecord = p.unusedBuf
+	}
+	// Keep reading from the wire until we have a complete record.
+	for len(fullRecord) == 0 {
+		if len(p.unusedBuf) == cap(p.unusedBuf) {
+			tmp := make([]byte, len(p.unusedBuf), cap(p.unusedBuf)+tlsRecordMaxSize)
+			copy(tmp, p.unusedBuf)
+			p.unusedBuf = tmp
+		}
+		n, err := p.Conn.Read(p.unusedBuf[len(p.unusedBuf):min(cap(p.unusedBuf), len(p.unusedBuf)+tlsRecordMaxSize)])
+		if err != nil {
+			return nil, err
+		}
+		p.unusedBuf = p.unusedBuf[:len(p.unusedBuf)+n]
+		fullRecord, p.nextRecord, err = parseReadBuffer(p.unusedBuf, tlsRecordMaxPayloadSize)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return fullRecord, nil
+}
+
+// parseReadBuffer parses the provided buffer and returns a full record and any
+// remaining bytes in that buffer. If the record is incomplete, nil is returned
+// for the first return value and the given byte buffer is returned for the
+// second return value. The length of the payload specified by the header should
+// not be greater than maxLen, otherwise an error is returned. Note that this
+// function does not allocate or copy any buffers.
+func parseReadBuffer(b []byte, maxLen uint16) (fullRecord, remaining []byte, err error) {
+	// If the header is not complete, return the provided buffer as remaining
+	// buffer.
+	if len(b) < tlsRecordHeaderSize {
+		return nil, b, nil
+	}
+	msgLenField := b[tlsRecordHeaderTypeSize+tlsRecordHeaderLegacyRecordVersionSize : tlsRecordHeaderSize]
+	length := binary.BigEndian.Uint16(msgLenField)
+	if length > maxLen {
+		return nil, nil, fmt.Errorf("record length larger than the limit %d", maxLen)
+	}
+	if len(b) < int(length)+tlsRecordHeaderSize {
+		// Record is not complete yet.
+		return nil, b, nil
+	}
+	return b[:tlsRecordHeaderSize+length], b[tlsRecordHeaderSize+length:], nil
+}
+
+// splitAndValidateHeader splits the header from the payload in the TLS 1.3
+// record and returns them. Note that the header is checked for validity, and an
+// error is returned when an invalid header is parsed. Also note that this
+// function does not allocate or copy any buffers.
+func splitAndValidateHeader(record []byte) (header, payload []byte, err error) {
+	if len(record) < tlsRecordHeaderSize {
+		return nil, nil, fmt.Errorf("record was smaller than the header size")
+	}
+	header = record[:tlsRecordHeaderSize]
+	payload = record[tlsRecordHeaderSize:]
+	if header[0] != tlsApplicationData {
+		return nil, nil, fmt.Errorf("incorrect type in the header")
+	}
+	// Check the legacy record version, which should be 0x03, 0x03.
+	if header[1] != 0x03 || header[2] != 0x03 {
+		return nil, nil, fmt.Errorf("incorrect legacy record version in the header")
+	}
+	return header, payload, nil
+}
+
+// handleAlertMessage handles an alert message.
+func (p *conn) handleAlertMessage() error {
+	if len(p.pendingApplicationData) != tlsAlertSize {
+		return errors.New("invalid alert message size")
+	}
+	alertType := p.pendingApplicationData[1]
+	// Clear the body of the alert message.
+	p.pendingApplicationData = p.pendingApplicationData[:0]
+	if alertType == byte(closeNotify) {
+		return errors.New("received a close notify alert")
+	}
+	// TODO(matthewstevenson88): Add support for more alert types.
+	return fmt.Errorf("received an unrecognized alert type: %v", alertType)
+}
+
+// parseHandshakeHeader parses a handshake message from the handshake buffer.
+// It returns the message type, the message length, the message, the raw message
+// that includes the type and length bytes and a flag indicating whether the
+// handshake message has been fully parsed. i.e. whether the entire handshake
+// message was in the handshake buffer.
+func (p *conn) parseHandshakeMsg() (msgType byte, msgLen uint32, msg []byte, rawMsg []byte, ok bool) {
+	// Handle the case where the 4 byte handshake header is fragmented.
+	if len(p.handshakeBuf) < tlsHandshakePrefixSize {
+		return 0, 0, nil, nil, false
+	}
+	msgType = p.handshakeBuf[0]
+	msgLen = bigEndianInt24(p.handshakeBuf[tlsHandshakeMsgTypeSize : tlsHandshakeMsgTypeSize+tlsHandshakeLengthSize])
+	if msgLen > uint32(len(p.handshakeBuf)-tlsHandshakePrefixSize) {
+		return 0, 0, nil, nil, false
+	}
+	msg = p.handshakeBuf[tlsHandshakePrefixSize : tlsHandshakePrefixSize+msgLen]
+	rawMsg = p.handshakeBuf[:tlsHandshakeMsgTypeSize+tlsHandshakeLengthSize+msgLen]
+	p.handshakeBuf = p.handshakeBuf[tlsHandshakePrefixSize+msgLen:]
+	return msgType, msgLen, msg, rawMsg, true
+}
+
+// handleHandshakeMessage handles a handshake message. Note that the first
+// complete handshake message from the handshake buffer is removed, if it
+// exists.
+func (p *conn) handleHandshakeMessage() error {
+	// Copy the pending application data to the handshake buffer. At this point,
+	// we are guaranteed that the pending application data contains only parts
+	// of a handshake message.
+	p.handshakeBuf = append(p.handshakeBuf, p.pendingApplicationData...)
+	p.pendingApplicationData = p.pendingApplicationData[:0]
+	// Several handshake messages may be coalesced into a single record.
+	// Continue reading them until the handshake buffer is empty.
+	for len(p.handshakeBuf) > 0 {
+		handshakeMsgType, msgLen, msg, rawMsg, ok := p.parseHandshakeMsg()
+		if !ok {
+			// The handshake could not be fully parsed, so read in another
+			// record and try again later.
+			break
+		}
+		switch handshakeMsgType {
+		case tlsHandshakeKeyUpdateType:
+			if msgLen != tlsHandshakeKeyUpdateMsgSize {
+				return errors.New("invalid handshake key update message length")
+			}
+			if len(p.handshakeBuf) != 0 {
+				return errors.New("key update message must be the last message of a handshake record")
+			}
+			if err := p.handleKeyUpdateMsg(msg); err != nil {
+				return err
+			}
+		case tlsHandshakeNewSessionTicketType:
+			// Ignore tickets that are received after a batch of tickets has
+			// been sent to S2A.
+			if p.ticketState == notReceivingTickets {
+				continue
+			}
+			if p.ticketState == ticketsNotYetReceived {
+				p.ticketState = receivingTickets
+			}
+			p.sessionTickets = append(p.sessionTickets, rawMsg)
+			if len(p.sessionTickets) == maxAllowedTickets {
+				p.ticketState = notReceivingTickets
+				grpclog.Infof("Sending session tickets to S2A.")
+				p.ticketSender.sendTicketsToS2A(p.sessionTickets, p.callComplete)
+			}
+		default:
+			return errors.New("unknown handshake message type")
+		}
+	}
+	return nil
+}
+
+func buildKeyUpdateRequest() []byte {
+	b := make([]byte, tlsHandshakePrefixSize+tlsHandshakeKeyUpdateMsgSize)
+	b[0] = tlsHandshakeKeyUpdateType
+	b[1] = 0
+	b[2] = 0
+	b[3] = tlsHandshakeKeyUpdateMsgSize
+	b[4] = byte(updateNotRequested)
+	return b
+}
+
+// handleKeyUpdateMsg handles a key update message.
+func (p *conn) handleKeyUpdateMsg(msg []byte) error {
+	keyUpdateRequest := msg[0]
+	if keyUpdateRequest != byte(updateNotRequested) &&
+		keyUpdateRequest != byte(updateRequested) {
+		return errors.New("invalid handshake key update message")
+	}
+	if err := p.inConn.UpdateKey(); err != nil {
+		return err
+	}
+	// Send a key update message back to the peer if requested.
+	if keyUpdateRequest == byte(updateRequested) {
+		p.writeMutex.Lock()
+		defer p.writeMutex.Unlock()
+		n, err := p.writeTLSRecord(preConstructedKeyUpdateMsg, byte(handshake))
+		if err != nil {
+			return err
+		}
+		if n != tlsHandshakePrefixSize+tlsHandshakeKeyUpdateMsgSize {
+			return errors.New("key update request message wrote less bytes than expected")
+		}
+		if err = p.outConn.UpdateKey(); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// bidEndianInt24 converts the given byte buffer of at least size 3 and
+// outputs the resulting 24 bit integer as a uint32. This is needed because
+// TLS 1.3 requires 3 byte integers, and the binary.BigEndian package does
+// not provide a way to transform a byte buffer into a 3 byte integer.
+func bigEndianInt24(b []byte) uint32 {
+	_ = b[2] // bounds check hint to compiler; see golang.org/issue/14808
+	return uint32(b[2]) | uint32(b[1])<<8 | uint32(b[0])<<16
+}
+
+func min(a, b int) int {
+	if a < b {
+		return a
+	}
+	return b
+}
diff --git a/vendor/github.com/google/s2a-go/internal/record/ticketsender.go b/vendor/github.com/google/s2a-go/internal/record/ticketsender.go
new file mode 100644
index 000000000..33fa3c55d
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/record/ticketsender.go
@@ -0,0 +1,176 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package record
+
+import (
+	"context"
+	"fmt"
+	"sync"
+	"time"
+
+	"github.com/google/s2a-go/internal/handshaker/service"
+	commonpb "github.com/google/s2a-go/internal/proto/common_go_proto"
+	s2apb "github.com/google/s2a-go/internal/proto/s2a_go_proto"
+	"github.com/google/s2a-go/internal/tokenmanager"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/grpclog"
+)
+
+// sessionTimeout is the timeout for creating a session with the S2A handshaker
+// service.
+const sessionTimeout = time.Second * 5
+
+// s2aTicketSender sends session tickets to the S2A handshaker service.
+type s2aTicketSender interface {
+	// sendTicketsToS2A sends the given session tickets to the S2A handshaker
+	// service.
+	sendTicketsToS2A(sessionTickets [][]byte, callComplete chan bool)
+}
+
+// ticketStream is the stream used to send and receive session information.
+type ticketStream interface {
+	Send(*s2apb.SessionReq) error
+	Recv() (*s2apb.SessionResp, error)
+}
+
+type ticketSender struct {
+	// hsAddr stores the address of the S2A handshaker service.
+	hsAddr string
+	// connectionID is the connection identifier that was created and sent by
+	// S2A at the end of a handshake.
+	connectionID uint64
+	// localIdentity is the local identity that was used by S2A during session
+	// setup and included in the session result.
+	localIdentity *commonpb.Identity
+	// tokenManager manages access tokens for authenticating to S2A.
+	tokenManager tokenmanager.AccessTokenManager
+	// ensureProcessSessionTickets allows users to wait and ensure that all
+	// available session tickets are sent to S2A before a process completes.
+	ensureProcessSessionTickets *sync.WaitGroup
+}
+
+// sendTicketsToS2A sends the given sessionTickets to the S2A handshaker
+// service. This is done asynchronously and writes to the error logs if an error
+// occurs.
+func (t *ticketSender) sendTicketsToS2A(sessionTickets [][]byte, callComplete chan bool) {
+	// Note that the goroutine is in the function rather than at the caller
+	// because the fake ticket sender used for testing must run synchronously
+	// so that the session tickets can be accessed from it after the tests have
+	// been run.
+	if t.ensureProcessSessionTickets != nil {
+		t.ensureProcessSessionTickets.Add(1)
+	}
+	go func() {
+		if err := func() error {
+			defer func() {
+				if t.ensureProcessSessionTickets != nil {
+					t.ensureProcessSessionTickets.Done()
+				}
+			}()
+			hsConn, err := service.Dial(t.hsAddr)
+			if err != nil {
+				return err
+			}
+			client := s2apb.NewS2AServiceClient(hsConn)
+			ctx, cancel := context.WithTimeout(context.Background(), sessionTimeout)
+			defer cancel()
+			session, err := client.SetUpSession(ctx)
+			if err != nil {
+				return err
+			}
+			defer func() {
+				if err := session.CloseSend(); err != nil {
+					grpclog.Error(err)
+				}
+			}()
+			return t.writeTicketsToStream(session, sessionTickets)
+		}(); err != nil {
+			grpclog.Errorf("failed to send resumption tickets to S2A with identity: %v, %v",
+				t.localIdentity, err)
+		}
+		callComplete <- true
+		close(callComplete)
+	}()
+}
+
+// writeTicketsToStream writes the given session tickets to the given stream.
+func (t *ticketSender) writeTicketsToStream(stream ticketStream, sessionTickets [][]byte) error {
+	if err := stream.Send(
+		&s2apb.SessionReq{
+			ReqOneof: &s2apb.SessionReq_ResumptionTicket{
+				ResumptionTicket: &s2apb.ResumptionTicketReq{
+					InBytes:       sessionTickets,
+					ConnectionId:  t.connectionID,
+					LocalIdentity: t.localIdentity,
+				},
+			},
+			AuthMechanisms: t.getAuthMechanisms(),
+		},
+	); err != nil {
+		return err
+	}
+	sessionResp, err := stream.Recv()
+	if err != nil {
+		return err
+	}
+	if sessionResp.GetStatus().GetCode() != uint32(codes.OK) {
+		return fmt.Errorf("s2a session ticket response had error status: %v, %v",
+			sessionResp.GetStatus().GetCode(), sessionResp.GetStatus().GetDetails())
+	}
+	return nil
+}
+
+func (t *ticketSender) getAuthMechanisms() []*s2apb.AuthenticationMechanism {
+	if t.tokenManager == nil {
+		return nil
+	}
+	// First handle the special case when no local identity has been provided
+	// by the application. In this case, an AuthenticationMechanism with no local
+	// identity will be sent.
+	if t.localIdentity == nil {
+		token, err := t.tokenManager.DefaultToken()
+		if err != nil {
+			grpclog.Infof("unable to get token for empty local identity: %v", err)
+			return nil
+		}
+		return []*s2apb.AuthenticationMechanism{
+			{
+				MechanismOneof: &s2apb.AuthenticationMechanism_Token{
+					Token: token,
+				},
+			},
+		}
+	}
+
+	// Next, handle the case where the application (or the S2A) has specified
+	// a local identity.
+	token, err := t.tokenManager.Token(t.localIdentity)
+	if err != nil {
+		grpclog.Infof("unable to get token for local identity %v: %v", t.localIdentity, err)
+		return nil
+	}
+	return []*s2apb.AuthenticationMechanism{
+		{
+			Identity: t.localIdentity,
+			MechanismOneof: &s2apb.AuthenticationMechanism_Token{
+				Token: token,
+			},
+		},
+	}
+}
diff --git a/vendor/github.com/google/s2a-go/internal/tokenmanager/tokenmanager.go b/vendor/github.com/google/s2a-go/internal/tokenmanager/tokenmanager.go
new file mode 100644
index 000000000..ec96ba3b6
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/tokenmanager/tokenmanager.go
@@ -0,0 +1,70 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package tokenmanager provides tokens for authenticating to S2A.
+package tokenmanager
+
+import (
+	"fmt"
+	"os"
+
+	commonpb "github.com/google/s2a-go/internal/proto/common_go_proto"
+)
+
+const (
+	s2aAccessTokenEnvironmentVariable = "S2A_ACCESS_TOKEN"
+)
+
+// AccessTokenManager manages tokens for authenticating to S2A.
+type AccessTokenManager interface {
+	// DefaultToken returns a token that an application with no specified local
+	// identity must use to authenticate to S2A.
+	DefaultToken() (token string, err error)
+	// Token returns a token that an application with local identity equal to
+	// identity must use to authenticate to S2A.
+	Token(identity *commonpb.Identity) (token string, err error)
+}
+
+type singleTokenAccessTokenManager struct {
+	token string
+}
+
+// NewSingleTokenAccessTokenManager returns a new AccessTokenManager instance
+// that will always manage the same token.
+//
+// The token to be managed is read from the s2aAccessTokenEnvironmentVariable
+// environment variable. If this environment variable is not set, then this
+// function returns an error.
+func NewSingleTokenAccessTokenManager() (AccessTokenManager, error) {
+	token, variableExists := os.LookupEnv(s2aAccessTokenEnvironmentVariable)
+	if !variableExists {
+		return nil, fmt.Errorf("%s environment variable is not set", s2aAccessTokenEnvironmentVariable)
+	}
+	return &singleTokenAccessTokenManager{token: token}, nil
+}
+
+// DefaultToken always returns the token managed by the
+// singleTokenAccessTokenManager.
+func (m *singleTokenAccessTokenManager) DefaultToken() (string, error) {
+	return m.token, nil
+}
+
+// Token always returns the token managed by the singleTokenAccessTokenManager.
+func (m *singleTokenAccessTokenManager) Token(*commonpb.Identity) (string, error) {
+	return m.token, nil
+}
diff --git a/vendor/github.com/google/s2a-go/internal/v2/README.md b/vendor/github.com/google/s2a-go/internal/v2/README.md
new file mode 100644
index 000000000..3806d1e9c
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/README.md
@@ -0,0 +1 @@
+**This directory has the implementation of the S2Av2's gRPC-Go client libraries**
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/certverifier.go b/vendor/github.com/google/s2a-go/internal/v2/certverifier/certverifier.go
new file mode 100644
index 000000000..4911d1234
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/certverifier/certverifier.go
@@ -0,0 +1,120 @@
+/*
+ *
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package certverifier offloads verifications to S2Av2.
+package certverifier
+
+import (
+	"crypto/x509"
+	"fmt"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/grpclog"
+
+	s2av2pb "github.com/google/s2a-go/internal/proto/v2/s2a_go_proto"
+)
+
+// VerifyClientCertificateChain builds a SessionReq, sends it to S2Av2 and
+// receives a SessionResp.
+func VerifyClientCertificateChain(verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, cstream s2av2pb.S2AService_SetUpSessionClient) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
+	return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
+		// Offload verification to S2Av2.
+		if grpclog.V(1) {
+			grpclog.Infof("Sending request to S2Av2 for client peer cert chain validation.")
+		}
+		if err := cstream.Send(&s2av2pb.SessionReq{
+			ReqOneof: &s2av2pb.SessionReq_ValidatePeerCertificateChainReq{
+				ValidatePeerCertificateChainReq: &s2av2pb.ValidatePeerCertificateChainReq{
+					Mode: verificationMode,
+					PeerOneof: &s2av2pb.ValidatePeerCertificateChainReq_ClientPeer_{
+						ClientPeer: &s2av2pb.ValidatePeerCertificateChainReq_ClientPeer{
+							CertificateChain: rawCerts,
+						},
+					},
+				},
+			},
+		}); err != nil {
+			grpclog.Infof("Failed to send request to S2Av2 for client peer cert chain validation.")
+			return err
+		}
+
+		// Get the response from S2Av2.
+		resp, err := cstream.Recv()
+		if err != nil {
+			grpclog.Infof("Failed to receive client peer cert chain validation response from S2Av2.")
+			return err
+		}
+
+		// Parse the response.
+		if (resp.GetStatus() != nil) && (resp.GetStatus().Code != uint32(codes.OK)) {
+			return fmt.Errorf("failed to offload client cert verification to S2A: %d, %v", resp.GetStatus().Code, resp.GetStatus().Details)
+
+		}
+
+		if resp.GetValidatePeerCertificateChainResp().ValidationResult != s2av2pb.ValidatePeerCertificateChainResp_SUCCESS {
+			return fmt.Errorf("client cert verification failed: %v", resp.GetValidatePeerCertificateChainResp().ValidationDetails)
+		}
+
+		return nil
+	}
+}
+
+// VerifyServerCertificateChain builds a SessionReq, sends it to S2Av2 and
+// receives a SessionResp.
+func VerifyServerCertificateChain(hostname string, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, cstream s2av2pb.S2AService_SetUpSessionClient) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
+	return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
+		// Offload verification to S2Av2.
+		if grpclog.V(1) {
+			grpclog.Infof("Sending request to S2Av2 for server peer cert chain validation.")
+		}
+		if err := cstream.Send(&s2av2pb.SessionReq{
+			ReqOneof: &s2av2pb.SessionReq_ValidatePeerCertificateChainReq{
+				ValidatePeerCertificateChainReq: &s2av2pb.ValidatePeerCertificateChainReq{
+					Mode: verificationMode,
+					PeerOneof: &s2av2pb.ValidatePeerCertificateChainReq_ServerPeer_{
+						ServerPeer: &s2av2pb.ValidatePeerCertificateChainReq_ServerPeer{
+							CertificateChain: rawCerts,
+							ServerHostname:   hostname,
+						},
+					},
+				},
+			},
+		}); err != nil {
+			grpclog.Infof("Failed to send request to S2Av2 for server peer cert chain validation.")
+			return err
+		}
+
+		// Get the response from S2Av2.
+		resp, err := cstream.Recv()
+		if err != nil {
+			grpclog.Infof("Failed to receive server peer cert chain validation response from S2Av2.")
+			return err
+		}
+
+		// Parse the response.
+		if (resp.GetStatus() != nil) && (resp.GetStatus().Code != uint32(codes.OK)) {
+			return fmt.Errorf("failed to offload server cert verification to S2A: %d, %v", resp.GetStatus().Code, resp.GetStatus().Details)
+		}
+
+		if resp.GetValidatePeerCertificateChainResp().ValidationResult != s2av2pb.ValidatePeerCertificateChainResp_SUCCESS {
+			return fmt.Errorf("server cert verification failed: %v", resp.GetValidatePeerCertificateChainResp().ValidationDetails)
+		}
+
+		return nil
+	}
+}
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_intermediate_cert.der b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_intermediate_cert.der
new file mode 100644
index 000000000..958f3cfad
Binary files /dev/null and b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_intermediate_cert.der differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_leaf_cert.der b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_leaf_cert.der
new file mode 100644
index 000000000..d2817641b
Binary files /dev/null and b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_leaf_cert.der differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_root_cert.der b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_root_cert.der
new file mode 100644
index 000000000..d8c3710c8
Binary files /dev/null and b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/client_root_cert.der differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_intermediate_cert.der b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_intermediate_cert.der
new file mode 100644
index 000000000..dae619c09
Binary files /dev/null and b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_intermediate_cert.der differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_leaf_cert.der b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_leaf_cert.der
new file mode 100644
index 000000000..ce7f8d31d
Binary files /dev/null and b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_leaf_cert.der differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_root_cert.der b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_root_cert.der
new file mode 100644
index 000000000..04b0d7360
Binary files /dev/null and b/vendor/github.com/google/s2a-go/internal/v2/certverifier/testdata/server_root_cert.der differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/remotesigner.go b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/remotesigner.go
new file mode 100644
index 000000000..f23fa0be0
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/remotesigner.go
@@ -0,0 +1,185 @@
+/*
+ *
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package remotesigner offloads private key operations to S2Av2.
+package remotesigner
+
+import (
+	"crypto"
+	"crypto/rsa"
+	"crypto/x509"
+	"fmt"
+	"io"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/grpclog"
+
+	s2av2pb "github.com/google/s2a-go/internal/proto/v2/s2a_go_proto"
+)
+
+// remoteSigner implementes the crypto.Signer interface.
+type remoteSigner struct {
+	leafCert *x509.Certificate
+	cstream  s2av2pb.S2AService_SetUpSessionClient
+}
+
+// New returns an instance of RemoteSigner, an implementation of the
+// crypto.Signer interface.
+func New(leafCert *x509.Certificate, cstream s2av2pb.S2AService_SetUpSessionClient) crypto.Signer {
+	return &remoteSigner{leafCert, cstream}
+}
+
+func (s *remoteSigner) Public() crypto.PublicKey {
+	return s.leafCert.PublicKey
+}
+
+func (s *remoteSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) {
+	signatureAlgorithm, err := getSignatureAlgorithm(opts, s.leafCert)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := getSignReq(signatureAlgorithm, digest)
+	if err != nil {
+		return nil, err
+	}
+	if grpclog.V(1) {
+		grpclog.Infof("Sending request to S2Av2 for signing operation.")
+	}
+	if err := s.cstream.Send(&s2av2pb.SessionReq{
+		ReqOneof: &s2av2pb.SessionReq_OffloadPrivateKeyOperationReq{
+			OffloadPrivateKeyOperationReq: req,
+		},
+	}); err != nil {
+		grpclog.Infof("Failed to send request to S2Av2 for signing operation.")
+		return nil, err
+	}
+
+	resp, err := s.cstream.Recv()
+	if err != nil {
+		grpclog.Infof("Failed to receive signing operation response from S2Av2.")
+		return nil, err
+	}
+
+	if (resp.GetStatus() != nil) && (resp.GetStatus().Code != uint32(codes.OK)) {
+		return nil, fmt.Errorf("failed to offload signing with private key to S2A: %d, %v", resp.GetStatus().Code, resp.GetStatus().Details)
+	}
+
+	return resp.GetOffloadPrivateKeyOperationResp().GetOutBytes(), nil
+}
+
+// getCert returns the leafCert field in s.
+func (s *remoteSigner) getCert() *x509.Certificate {
+	return s.leafCert
+}
+
+// getStream returns the cstream field in s.
+func (s *remoteSigner) getStream() s2av2pb.S2AService_SetUpSessionClient {
+	return s.cstream
+}
+
+func getSignReq(signatureAlgorithm s2av2pb.SignatureAlgorithm, digest []byte) (*s2av2pb.OffloadPrivateKeyOperationReq, error) {
+	if (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA256) || (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256) || (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256) {
+		return &s2av2pb.OffloadPrivateKeyOperationReq{
+			Operation:          s2av2pb.OffloadPrivateKeyOperationReq_SIGN,
+			SignatureAlgorithm: signatureAlgorithm,
+			InBytes: &s2av2pb.OffloadPrivateKeyOperationReq_Sha256Digest{
+				Sha256Digest: digest,
+			},
+		}, nil
+	} else if (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA384) || (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384) || (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384) {
+		return &s2av2pb.OffloadPrivateKeyOperationReq{
+			Operation:          s2av2pb.OffloadPrivateKeyOperationReq_SIGN,
+			SignatureAlgorithm: signatureAlgorithm,
+			InBytes: &s2av2pb.OffloadPrivateKeyOperationReq_Sha384Digest{
+				Sha384Digest: digest,
+			},
+		}, nil
+	} else if (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA512) || (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512) || (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512) || (signatureAlgorithm == s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_ED25519) {
+		return &s2av2pb.OffloadPrivateKeyOperationReq{
+			Operation:          s2av2pb.OffloadPrivateKeyOperationReq_SIGN,
+			SignatureAlgorithm: signatureAlgorithm,
+			InBytes: &s2av2pb.OffloadPrivateKeyOperationReq_Sha512Digest{
+				Sha512Digest: digest,
+			},
+		}, nil
+	} else {
+		return nil, fmt.Errorf("unknown signature algorithm: %v", signatureAlgorithm)
+	}
+}
+
+// getSignatureAlgorithm returns the signature algorithm that S2A must use when
+// performing a signing operation that has been offloaded by an application
+// using the crypto/tls libraries.
+func getSignatureAlgorithm(opts crypto.SignerOpts, leafCert *x509.Certificate) (s2av2pb.SignatureAlgorithm, error) {
+	if opts == nil || leafCert == nil {
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_UNSPECIFIED, fmt.Errorf("unknown signature algorithm")
+	}
+	switch leafCert.PublicKeyAlgorithm {
+	case x509.RSA:
+		if rsaPSSOpts, ok := opts.(*rsa.PSSOptions); ok {
+			return rsaPSSAlgorithm(rsaPSSOpts)
+		}
+		return rsaPPKCS1Algorithm(opts)
+	case x509.ECDSA:
+		return ecdsaAlgorithm(opts)
+	case x509.Ed25519:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_ED25519, nil
+	default:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_UNSPECIFIED, fmt.Errorf("unknown signature algorithm: %q", leafCert.PublicKeyAlgorithm)
+	}
+}
+
+func rsaPSSAlgorithm(opts *rsa.PSSOptions) (s2av2pb.SignatureAlgorithm, error) {
+	switch opts.HashFunc() {
+	case crypto.SHA256:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256, nil
+	case crypto.SHA384:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384, nil
+	case crypto.SHA512:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512, nil
+	default:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_UNSPECIFIED, fmt.Errorf("unknown signature algorithm")
+	}
+}
+
+func rsaPPKCS1Algorithm(opts crypto.SignerOpts) (s2av2pb.SignatureAlgorithm, error) {
+	switch opts.HashFunc() {
+	case crypto.SHA256:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA256, nil
+	case crypto.SHA384:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA384, nil
+	case crypto.SHA512:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA512, nil
+	default:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_UNSPECIFIED, fmt.Errorf("unknown signature algorithm")
+	}
+}
+
+func ecdsaAlgorithm(opts crypto.SignerOpts) (s2av2pb.SignatureAlgorithm, error) {
+	switch opts.HashFunc() {
+	case crypto.SHA256:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256, nil
+	case crypto.SHA384:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384, nil
+	case crypto.SHA512:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512, nil
+	default:
+		return s2av2pb.SignatureAlgorithm_S2A_SSL_SIGN_UNSPECIFIED, fmt.Errorf("unknown signature algorithm")
+	}
+}
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_cert.der b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_cert.der
new file mode 100644
index 000000000..d8c3710c8
Binary files /dev/null and b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_cert.der differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_cert.pem b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_cert.pem
new file mode 100644
index 000000000..493a5a264
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIUKXNlBRVe6UepjQUijIFPZBd/4qYwDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
+YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
+AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
+MjIwNTMxMjAwMzE1WhcNNDIwNTI2MjAwMzE1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
+ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
+KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOOFuIucH7XXfohGxKd3uR/ihUA/LdduR9I8kfpUEbq5BOt8xZe5/Yn9
+a1ozEHVW6cOAbHbnwAR8tkSgZ/t42QIA2k77HWU1Jh2xiEIsJivo3imm4/kZWuR0
+OqPh7MhzxpR/hvNwpI5mJsAVBWFMa5KtecFZLnyZtwHylrRN1QXzuLrOxuKFufK3
+RKbTABScn5RbZL976H/jgfSeXrbt242NrIoBnVe6fRbekbq2DQ6zFArbQMUgHjHK
+P0UqBgdr1QmHfi9KytFyx9BTP3gXWnWIu+bY7/v7qKJMHFwGETo+dCLWYevJL316
+HnLfhApDMfP8U+Yv/y1N/YvgaSOSlEcCAwEAAaNTMFEwHQYDVR0OBBYEFKhAU4nu
+0h/lrnggbIGvx4ej0WklMB8GA1UdIwQYMBaAFKhAU4nu0h/lrnggbIGvx4ej0Wkl
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAE/6NghzQ5fu6yR6
+EHKbj/YMrFdT7aGn5n2sAf7wJ33LIhiFHkpWBsVlm7rDtZtwhe891ZK/P60anlg9
+/P0Ua53tSRVRmCvTnEbXWOVMN4is6MsR7BlmzUxl4AtIn7jbeifEwRL7B4xDYmdA
+QrQnsqoz45dLgS5xK4WDqXATP09Q91xQDuhud/b+A4jrvgwFASmL7rMIZbp4f1JQ
+nlnl/9VoTBQBvJiWkDUtQDMpRLtauddEkv4AGz75p5IspXWD6cOemuh2iQec11xD
+X20rs2WZbAcAiUa3nmy8OKYw435vmpj8gp39WYbX/Yx9TymrFFbVY92wYn+quTco
+pKklVz0=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_key.pem b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_key.pem
new file mode 100644
index 000000000..55a7f10c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/client_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA44W4i5wftdd+iEbEp3e5H+KFQD8t125H0jyR+lQRurkE63zF
+l7n9if1rWjMQdVbpw4BsdufABHy2RKBn+3jZAgDaTvsdZTUmHbGIQiwmK+jeKabj
++Rla5HQ6o+HsyHPGlH+G83CkjmYmwBUFYUxrkq15wVkufJm3AfKWtE3VBfO4us7G
+4oW58rdEptMAFJyflFtkv3vof+OB9J5etu3bjY2sigGdV7p9Ft6RurYNDrMUCttA
+xSAeMco/RSoGB2vVCYd+L0rK0XLH0FM/eBdadYi75tjv+/uookwcXAYROj50ItZh
+68kvfXoect+ECkMx8/xT5i//LU39i+BpI5KURwIDAQABAoIBABgyjo/6iLzUMFbZ
+/+w3pW6orrdIgN2akvTfED9pVYFgUA+jc3hRhY95bkNnjuaL2cy7Cc4Tk65mfRQL
+Y0OxdJLr+EvSFSxAXM9npDA1ddHRsF8JqtFBSxNk8R+g1Yf0GDiO35Fgd3/ViWWA
+VtQkRoSRApP3oiQKTRZd8H04keFR+PvmDk/Lq11l3Kc24A1PevKIPX1oI990ggw9
+9i4uSV+cnuMxmcI9xxJtgwdDFdjr39l2arLOHr4s6LGoV2IOdXHNlv5xRqWUZ0FH
+MDHowkLgwDrdSTnNeaVNkce14Gqx+bd4hNaLCdKXMpedBTEmrut3f3hdV1kKjaKt
+aqRYr8ECgYEA/YDGZY2jvFoHHBywlqmEMFrrCvQGH51m5R1Ntpkzr+Rh3YCmrpvq
+xgwJXING0PUw3dz+xrH5lJICrfNE5Kt3fPu1rAEy+13mYsNowghtUq2Rtu0Hsjjx
+2E3Bf8vEB6RNBMmGkUpTTIAroGF5tpJoRvfnWax+k4pFdrKYFtyZdNcCgYEA5cNv
+EPltvOobjTXlUmtVP3n27KZN2aXexTcagLzRxE9CV4cYySENl3KuOMmccaZpIl6z
+aHk6BT4X+M0LqElNUczrInfVqI+SGAFLGy7W6CJaqSr6cpyFUP/fosKpm6wKGgLq
+udHfpvz5rckhKd8kJxFLvhGOK9yN5qpzih0gfhECgYAJfwRvk3G5wYmYpP58dlcs
+VIuPenqsPoI3PPTHTU/hW+XKnWIhElgmGRdUrto9Q6IT/Y5RtSMLTLjq+Tzwb/fm
+56rziYv2XJsfwgAvnI8z1Kqrto9ePsHYf3krJ1/thVsZPc9bq/QY3ohD1sLvcuaT
+GgBBnLOVJU3a12/ZE2RwOwKBgF0csWMAoj8/5IB6if+3ral2xOGsl7oPZVMo/J2V
+Z7EVqb4M6rd/pKFugTpUQgkwtkSOekhpcGD1hAN5HTNK2YG/+L5UMAsKe9sskwJm
+HgOfAHy0BSDzW3ey6i9skg2bT9Cww+0gJ3Hl7U1HSCBO5LjMYpSZSrNtwzfqdb5Q
+BX3xAoGARZdR28Ej3+/+0+fz47Yu2h4z0EI/EbrudLOWY936jIeAVwHckI3+BuqH
+qR4poj1gfbnMxNuI9UzIXzjEmGewx9kDZ7IYnvloZKqoVQODO5GlKF2ja6IcMNlh
+GCNdD6PSAS6HcmalmWo9sj+1YMkrl+GJikKZqVBHrHNwMGAG67w=
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_cert.der b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_cert.der
new file mode 100644
index 000000000..04b0d7360
Binary files /dev/null and b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_cert.der differ
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_cert.pem b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_cert.pem
new file mode 100644
index 000000000..0f98322c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIUKCoDuLtiZXvhsBY2RoDm0ugizJ8wDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
+YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
+AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
+MjIwNTMxMjAwODI1WhcNNDIwNTI2MjAwODI1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
+ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
+KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKK1++PXQ+M3hjYH/v0K4UEYl5ljzpNM1i52eQM+gFooojT87PDSaphT
+fs0PXy/PTAjHBEvPhWpOpmQXfJNYzjwcCvg66hbqkv++/VTZiFLAsHagzkEz+FRJ
+qT5Eq7G5FLyw1izX1uxyPN7tAEWEEg7eqsiaXD3Cq8+TYN9cjirPeF7RZF8yFCYE
+xqvbo+Yc6RL6xw19iXVTfctRgQe581KQuIY5/LXo3dWDEilFdsADAe8XAEcO64es
+Ow0g1UvXLnpXSE151kXBFb3sKH/ZjCecDYMCIMEb4sWLSblkSxJ5sNSmXIG4wtr2
+Qnii7CXZgnVYraQE/Jyh+NMQANuoSdMCAwEAAaNTMFEwHQYDVR0OBBYEFAyQQQuM
+ab+YUQqjK8dVVOoHVFmXMB8GA1UdIwQYMBaAFAyQQQuMab+YUQqjK8dVVOoHVFmX
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADj0vQ6ykWhicoqR
+e6VZMwlEJV7/DSvWWKBd9MUjfKye0A4565ya5lmnzP3DiD3nqGe3miqmLsXKDs+X
+POqlPXTWIamP7D4MJ32XtSLwZB4ru+I+Ao/P/VngPepoRPQoBnzHe7jww0rokqxl
+AZERjlbTUwUAy/BPWPSzSJZ2j0tcs6ZLDNyYzpK4ao8R9/1VmQ92Tcp3feJs1QTg
+odRQc3om/AkWOwsll+oyX0UbJeHkFHiLanUPXbdh+/BkSvZJ8ynL+feSDdaurPe+
+PSfnqLtQft9/neecGRdEaQzzzSFVQUVQzTdK1Q7hA7b55b2HvIa3ktDiks+sJsYN
+Dhm6uZM=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_key.pem b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_key.pem
new file mode 100644
index 000000000..81afea783
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/remotesigner/testdata/server_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAorX749dD4zeGNgf+/QrhQRiXmWPOk0zWLnZ5Az6AWiiiNPzs
+8NJqmFN+zQ9fL89MCMcES8+Fak6mZBd8k1jOPBwK+DrqFuqS/779VNmIUsCwdqDO
+QTP4VEmpPkSrsbkUvLDWLNfW7HI83u0ARYQSDt6qyJpcPcKrz5Ng31yOKs94XtFk
+XzIUJgTGq9uj5hzpEvrHDX2JdVN9y1GBB7nzUpC4hjn8tejd1YMSKUV2wAMB7xcA
+Rw7rh6w7DSDVS9cueldITXnWRcEVvewof9mMJ5wNgwIgwRvixYtJuWRLEnmw1KZc
+gbjC2vZCeKLsJdmCdVitpAT8nKH40xAA26hJ0wIDAQABAoIBACaNR+lsD8G+XiZf
+LqN1+HkcAo9tfnyYMAdCOtnx7SdviT9Uzi8hK/B7mAeuJLeHPlS2EuaDfPD7QaFl
+jza6S+MiIdc+3kgfvESsVAnOoOY6kZUJ9NSuI6CU82y1iJjLaYZrv9NQMLRFPPb0
+4KOX709mosB1EnXvshW0rbc+jtDFhrm1SxMt+k9TuzmMxjbOeW4LOLXPgU8X1T3Q
+Xy0hMZZtcgBs9wFIo8yCtmOixax9pnFE8rRltgDxTodn9LLdz1FieyntNgDksZ0P
+nt4kV7Mqly7ELaea+Foaj244mKsesic2e3GhAlMRLun/VSunSf7mOCxfpITB8dp1
+drDhOYECgYEA19151dVxRcviuovN6Dar+QszMTnU8pDJ8BjLFjXjP/hNBBwMTHDE
+duMuWk2qnwZqMooI/shxrF/ufmTgS0CFrh2+ANBZu27vWConJNXcyNtdigI4wt50
+L0Y2qcZn2mg67qFXHwoR3QNwrwnPwEjRXA09at9CSRZzcwDQ0ETXhYsCgYEAwPaG
+06QdK8Zyly7TTzZJwxzv9uGiqzodmGtX6NEKjgij2JaCxHpukqZBJoqa0jKeK1cm
+eNVkOvT5ff9TMzarSHQLr3pZen2/oVLb5gaFkbcJt/klv9Fd+ZRilHY3i6QwS6pD
+uMiPOWS4DrLHDRVoVlAZTDjT1RVwwTs+P2NhJdkCgYEAsriXysbxBYyMp05gqEW7
+lHIFbFgpSrs9th+Q5U6wW6JEgYaHWDJ1NslY80MiZI93FWjbkbZ7BvBWESeL3EIL
+a+EMErht0pVCbIhZ6FF4foPAqia0wAJVx14mm+G80kNBp5jE/NnleEsE3KcO7nBb
+hg8gLn+x7bk81JZ0TDrzBYkCgYEAuQKluv47SeF3tSScTfKLPpvcKCWmxe1uutkQ
+7JShPhVioyOMNb39jnYBOWbjkm4d4QgqRuiytSR0oi3QI+Ziy5EYMyNn713qAk9j
+r2TJZDDPDKnBW+zt4YI4EohWMXk3JRUW4XDKggjjwJQA7bZ812TtHHvP/xoThfG7
+eSNb3eECgYBw6ssgCtMrdvQiEmjKVX/9yI38mvC2kSGyzbrQnGUfgqRGomRpeZuD
+B5E3kysA4td5pT5lvcLgSW0TbOz+YbiriXjwOihPIelCvc9gE2eOUI71/byUWPFz
+7u5F/xQ4NaGr5suLF+lBC6h7pSbM4El9lIHQAQadpuEdzHqrw+hs3g==
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/s2av2.go b/vendor/github.com/google/s2a-go/internal/v2/s2av2.go
new file mode 100644
index 000000000..54cffee88
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/s2av2.go
@@ -0,0 +1,311 @@
+/*
+ *
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package v2 provides the S2Av2 transport credentials used by a gRPC
+// application.
+package v2
+
+import (
+	"context"
+	"crypto/tls"
+	"errors"
+	"flag"
+	"net"
+	"time"
+
+	"github.com/golang/protobuf/proto"
+	"github.com/google/s2a-go/fallback"
+	"github.com/google/s2a-go/internal/handshaker/service"
+	"github.com/google/s2a-go/internal/tokenmanager"
+	"github.com/google/s2a-go/internal/v2/tlsconfigstore"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/grpclog"
+
+	commonpbv1 "github.com/google/s2a-go/internal/proto/common_go_proto"
+	s2av2pb "github.com/google/s2a-go/internal/proto/v2/s2a_go_proto"
+)
+
+const (
+	s2aSecurityProtocol = "tls"
+)
+
+var S2ATimeout = flag.Duration("s2a_timeout", 3*time.Second, "Timeout enforced on the connection to the S2A service for handshake.")
+
+type s2av2TransportCreds struct {
+	info         *credentials.ProtocolInfo
+	isClient     bool
+	serverName   string
+	s2av2Address string
+	tokenManager *tokenmanager.AccessTokenManager
+	// localIdentity should only be used by the client.
+	localIdentity *commonpbv1.Identity
+	// localIdentities should only be used by the server.
+	localIdentities         []*commonpbv1.Identity
+	verificationMode        s2av2pb.ValidatePeerCertificateChainReq_VerificationMode
+	fallbackClientHandshake fallback.ClientHandshake
+}
+
+// NewClientCreds returns a client-side transport credentials object that uses
+// the S2Av2 to establish a secure connection with a server.
+func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, fallbackClientHandshakeFunc fallback.ClientHandshake) (credentials.TransportCredentials, error) {
+	// Create an AccessTokenManager instance to use to authenticate to S2Av2.
+	accessTokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
+
+	creds := &s2av2TransportCreds{
+		info: &credentials.ProtocolInfo{
+			SecurityProtocol: s2aSecurityProtocol,
+		},
+		isClient:                true,
+		serverName:              "",
+		s2av2Address:            s2av2Address,
+		localIdentity:           localIdentity,
+		verificationMode:        verificationMode,
+		fallbackClientHandshake: fallbackClientHandshakeFunc,
+	}
+	if err != nil {
+		creds.tokenManager = nil
+	} else {
+		creds.tokenManager = &accessTokenManager
+	}
+	if grpclog.V(1) {
+		grpclog.Info("Created client S2Av2 transport credentials.")
+	}
+	return creds, nil
+}
+
+// NewServerCreds returns a server-side transport credentials object that uses
+// the S2Av2 to establish a secure connection with a client.
+func NewServerCreds(s2av2Address string, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode) (credentials.TransportCredentials, error) {
+	// Create an AccessTokenManager instance to use to authenticate to S2Av2.
+	accessTokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
+	creds := &s2av2TransportCreds{
+		info: &credentials.ProtocolInfo{
+			SecurityProtocol: s2aSecurityProtocol,
+		},
+		isClient:         false,
+		s2av2Address:     s2av2Address,
+		localIdentities:  localIdentities,
+		verificationMode: verificationMode,
+	}
+	if err != nil {
+		creds.tokenManager = nil
+	} else {
+		creds.tokenManager = &accessTokenManager
+	}
+	if grpclog.V(1) {
+		grpclog.Info("Created server S2Av2 transport credentials.")
+	}
+	return creds, nil
+}
+
+// ClientHandshake performs a client-side mTLS handshake using the S2Av2.
+func (c *s2av2TransportCreds) ClientHandshake(ctx context.Context, serverAuthority string, rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) {
+	if !c.isClient {
+		return nil, nil, errors.New("client handshake called using server transport credentials")
+	}
+	// Remove the port from serverAuthority.
+	serverName := removeServerNamePort(serverAuthority)
+	timeoutCtx, cancel := context.WithTimeout(ctx, *S2ATimeout)
+	defer cancel()
+	cstream, err := createStream(timeoutCtx, c.s2av2Address)
+	if err != nil {
+		grpclog.Infof("Failed to connect to S2Av2: %v", err)
+		if c.fallbackClientHandshake != nil {
+			return c.fallbackClientHandshake(ctx, serverAuthority, rawConn, err)
+		}
+		return nil, nil, err
+	}
+	defer cstream.CloseSend()
+	if grpclog.V(1) {
+		grpclog.Infof("Connected to S2Av2.")
+	}
+	var config *tls.Config
+
+	var tokenManager tokenmanager.AccessTokenManager
+	if c.tokenManager == nil {
+		tokenManager = nil
+	} else {
+		tokenManager = *c.tokenManager
+	}
+
+	if c.serverName == "" {
+		config, err = tlsconfigstore.GetTLSConfigurationForClient(serverName, cstream, tokenManager, c.localIdentity, c.verificationMode)
+		if err != nil {
+			grpclog.Info("Failed to get client TLS config from S2Av2: %v", err)
+			if c.fallbackClientHandshake != nil {
+				return c.fallbackClientHandshake(ctx, serverAuthority, rawConn, err)
+			}
+			return nil, nil, err
+		}
+	} else {
+		config, err = tlsconfigstore.GetTLSConfigurationForClient(c.serverName, cstream, tokenManager, c.localIdentity, c.verificationMode)
+		if err != nil {
+			grpclog.Info("Failed to get client TLS config from S2Av2: %v", err)
+			if c.fallbackClientHandshake != nil {
+				return c.fallbackClientHandshake(ctx, serverAuthority, rawConn, err)
+			}
+			return nil, nil, err
+		}
+	}
+	if grpclog.V(1) {
+		grpclog.Infof("Got client TLS config from S2Av2.")
+	}
+	creds := credentials.NewTLS(config)
+
+	conn, authInfo, err := creds.ClientHandshake(ctx, serverName, rawConn)
+	if err != nil {
+		grpclog.Infof("Failed to do client handshake using S2Av2: %v", err)
+		if c.fallbackClientHandshake != nil {
+			return c.fallbackClientHandshake(ctx, serverAuthority, rawConn, err)
+		}
+		return nil, nil, err
+	}
+	grpclog.Infof("Successfully done client handshake using S2Av2 to: %s", serverName)
+
+	return conn, authInfo, err
+}
+
+// ServerHandshake performs a server-side mTLS handshake using the S2Av2.
+func (c *s2av2TransportCreds) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) {
+	if c.isClient {
+		return nil, nil, errors.New("server handshake called using client transport credentials")
+	}
+	ctx, cancel := context.WithTimeout(context.Background(), *S2ATimeout)
+	defer cancel()
+	cstream, err := createStream(ctx, c.s2av2Address)
+	if err != nil {
+		grpclog.Infof("Failed to connect to S2Av2: %v", err)
+		return nil, nil, err
+	}
+	defer cstream.CloseSend()
+	if grpclog.V(1) {
+		grpclog.Infof("Connected to S2Av2.")
+	}
+
+	var tokenManager tokenmanager.AccessTokenManager
+	if c.tokenManager == nil {
+		tokenManager = nil
+	} else {
+		tokenManager = *c.tokenManager
+	}
+
+	config, err := tlsconfigstore.GetTLSConfigurationForServer(cstream, tokenManager, c.localIdentities, c.verificationMode)
+	if err != nil {
+		grpclog.Infof("Failed to get server TLS config from S2Av2: %v", err)
+		return nil, nil, err
+	}
+	if grpclog.V(1) {
+		grpclog.Infof("Got server TLS config from S2Av2.")
+	}
+	creds := credentials.NewTLS(config)
+	return creds.ServerHandshake(rawConn)
+}
+
+// Info returns protocol info of s2av2TransportCreds.
+func (c *s2av2TransportCreds) Info() credentials.ProtocolInfo {
+	return *c.info
+}
+
+// Clone makes a deep copy of s2av2TransportCreds.
+func (c *s2av2TransportCreds) Clone() credentials.TransportCredentials {
+	info := *c.info
+	serverName := c.serverName
+	fallbackClientHandshake := c.fallbackClientHandshake
+
+	s2av2Address := c.s2av2Address
+	var tokenManager tokenmanager.AccessTokenManager
+	if c.tokenManager == nil {
+		tokenManager = nil
+	} else {
+		tokenManager = *c.tokenManager
+	}
+	verificationMode := c.verificationMode
+	var localIdentity *commonpbv1.Identity
+	if c.localIdentity != nil {
+		localIdentity = proto.Clone(c.localIdentity).(*commonpbv1.Identity)
+	}
+	var localIdentities []*commonpbv1.Identity
+	if c.localIdentities != nil {
+		localIdentities = make([]*commonpbv1.Identity, len(c.localIdentities))
+		for i, localIdentity := range c.localIdentities {
+			localIdentities[i] = proto.Clone(localIdentity).(*commonpbv1.Identity)
+		}
+	}
+	creds := &s2av2TransportCreds{
+		info:                    &info,
+		isClient:                c.isClient,
+		serverName:              serverName,
+		fallbackClientHandshake: fallbackClientHandshake,
+		s2av2Address:            s2av2Address,
+		localIdentity:           localIdentity,
+		localIdentities:         localIdentities,
+		verificationMode:        verificationMode,
+	}
+	if c.tokenManager == nil {
+		creds.tokenManager = nil
+	} else {
+		creds.tokenManager = &tokenManager
+	}
+	return creds
+}
+
+// NewClientTLSConfig returns a tls.Config instance that uses S2Av2 to establish a TLS connection as
+// a client. The tls.Config MUST only be used to establish a single TLS connection.
+func NewClientTLSConfig(
+	ctx context.Context,
+	s2av2Address string,
+	tokenManager tokenmanager.AccessTokenManager,
+	verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode,
+	serverName string) (*tls.Config, error) {
+	cstream, err := createStream(ctx, s2av2Address)
+	if err != nil {
+		grpclog.Infof("Failed to connect to S2Av2: %v", err)
+		return nil, err
+	}
+
+	return tlsconfigstore.GetTLSConfigurationForClient(removeServerNamePort(serverName), cstream, tokenManager, nil, verificationMode)
+}
+
+// OverrideServerName sets the ServerName in the s2av2TransportCreds protocol
+// info. The ServerName MUST be a hostname.
+func (c *s2av2TransportCreds) OverrideServerName(serverNameOverride string) error {
+	serverName := removeServerNamePort(serverNameOverride)
+	c.info.ServerName = serverName
+	c.serverName = serverName
+	return nil
+}
+
+// Remove the trailing port from server name.
+func removeServerNamePort(serverName string) string {
+	name, _, err := net.SplitHostPort(serverName)
+	if err != nil {
+		name = serverName
+	}
+	return name
+}
+
+func createStream(ctx context.Context, s2av2Address string) (s2av2pb.S2AService_SetUpSessionClient, error) {
+	// TODO(rmehta19): Consider whether to close the connection to S2Av2.
+	conn, err := service.Dial(s2av2Address)
+	if err != nil {
+		return nil, err
+	}
+	client := s2av2pb.NewS2AServiceClient(conn)
+	return client.SetUpSession(ctx, []grpc.CallOption{}...)
+}
diff --git a/vendor/github.com/google/s2a-go/internal/v2/testdata/client_cert.pem b/vendor/github.com/google/s2a-go/internal/v2/testdata/client_cert.pem
new file mode 100644
index 000000000..493a5a264
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/testdata/client_cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIUKXNlBRVe6UepjQUijIFPZBd/4qYwDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
+YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
+AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
+MjIwNTMxMjAwMzE1WhcNNDIwNTI2MjAwMzE1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
+ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
+KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOOFuIucH7XXfohGxKd3uR/ihUA/LdduR9I8kfpUEbq5BOt8xZe5/Yn9
+a1ozEHVW6cOAbHbnwAR8tkSgZ/t42QIA2k77HWU1Jh2xiEIsJivo3imm4/kZWuR0
+OqPh7MhzxpR/hvNwpI5mJsAVBWFMa5KtecFZLnyZtwHylrRN1QXzuLrOxuKFufK3
+RKbTABScn5RbZL976H/jgfSeXrbt242NrIoBnVe6fRbekbq2DQ6zFArbQMUgHjHK
+P0UqBgdr1QmHfi9KytFyx9BTP3gXWnWIu+bY7/v7qKJMHFwGETo+dCLWYevJL316
+HnLfhApDMfP8U+Yv/y1N/YvgaSOSlEcCAwEAAaNTMFEwHQYDVR0OBBYEFKhAU4nu
+0h/lrnggbIGvx4ej0WklMB8GA1UdIwQYMBaAFKhAU4nu0h/lrnggbIGvx4ej0Wkl
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAE/6NghzQ5fu6yR6
+EHKbj/YMrFdT7aGn5n2sAf7wJ33LIhiFHkpWBsVlm7rDtZtwhe891ZK/P60anlg9
+/P0Ua53tSRVRmCvTnEbXWOVMN4is6MsR7BlmzUxl4AtIn7jbeifEwRL7B4xDYmdA
+QrQnsqoz45dLgS5xK4WDqXATP09Q91xQDuhud/b+A4jrvgwFASmL7rMIZbp4f1JQ
+nlnl/9VoTBQBvJiWkDUtQDMpRLtauddEkv4AGz75p5IspXWD6cOemuh2iQec11xD
+X20rs2WZbAcAiUa3nmy8OKYw435vmpj8gp39WYbX/Yx9TymrFFbVY92wYn+quTco
+pKklVz0=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/testdata/client_key.pem b/vendor/github.com/google/s2a-go/internal/v2/testdata/client_key.pem
new file mode 100644
index 000000000..55a7f10c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/testdata/client_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA44W4i5wftdd+iEbEp3e5H+KFQD8t125H0jyR+lQRurkE63zF
+l7n9if1rWjMQdVbpw4BsdufABHy2RKBn+3jZAgDaTvsdZTUmHbGIQiwmK+jeKabj
++Rla5HQ6o+HsyHPGlH+G83CkjmYmwBUFYUxrkq15wVkufJm3AfKWtE3VBfO4us7G
+4oW58rdEptMAFJyflFtkv3vof+OB9J5etu3bjY2sigGdV7p9Ft6RurYNDrMUCttA
+xSAeMco/RSoGB2vVCYd+L0rK0XLH0FM/eBdadYi75tjv+/uookwcXAYROj50ItZh
+68kvfXoect+ECkMx8/xT5i//LU39i+BpI5KURwIDAQABAoIBABgyjo/6iLzUMFbZ
+/+w3pW6orrdIgN2akvTfED9pVYFgUA+jc3hRhY95bkNnjuaL2cy7Cc4Tk65mfRQL
+Y0OxdJLr+EvSFSxAXM9npDA1ddHRsF8JqtFBSxNk8R+g1Yf0GDiO35Fgd3/ViWWA
+VtQkRoSRApP3oiQKTRZd8H04keFR+PvmDk/Lq11l3Kc24A1PevKIPX1oI990ggw9
+9i4uSV+cnuMxmcI9xxJtgwdDFdjr39l2arLOHr4s6LGoV2IOdXHNlv5xRqWUZ0FH
+MDHowkLgwDrdSTnNeaVNkce14Gqx+bd4hNaLCdKXMpedBTEmrut3f3hdV1kKjaKt
+aqRYr8ECgYEA/YDGZY2jvFoHHBywlqmEMFrrCvQGH51m5R1Ntpkzr+Rh3YCmrpvq
+xgwJXING0PUw3dz+xrH5lJICrfNE5Kt3fPu1rAEy+13mYsNowghtUq2Rtu0Hsjjx
+2E3Bf8vEB6RNBMmGkUpTTIAroGF5tpJoRvfnWax+k4pFdrKYFtyZdNcCgYEA5cNv
+EPltvOobjTXlUmtVP3n27KZN2aXexTcagLzRxE9CV4cYySENl3KuOMmccaZpIl6z
+aHk6BT4X+M0LqElNUczrInfVqI+SGAFLGy7W6CJaqSr6cpyFUP/fosKpm6wKGgLq
+udHfpvz5rckhKd8kJxFLvhGOK9yN5qpzih0gfhECgYAJfwRvk3G5wYmYpP58dlcs
+VIuPenqsPoI3PPTHTU/hW+XKnWIhElgmGRdUrto9Q6IT/Y5RtSMLTLjq+Tzwb/fm
+56rziYv2XJsfwgAvnI8z1Kqrto9ePsHYf3krJ1/thVsZPc9bq/QY3ohD1sLvcuaT
+GgBBnLOVJU3a12/ZE2RwOwKBgF0csWMAoj8/5IB6if+3ral2xOGsl7oPZVMo/J2V
+Z7EVqb4M6rd/pKFugTpUQgkwtkSOekhpcGD1hAN5HTNK2YG/+L5UMAsKe9sskwJm
+HgOfAHy0BSDzW3ey6i9skg2bT9Cww+0gJ3Hl7U1HSCBO5LjMYpSZSrNtwzfqdb5Q
+BX3xAoGARZdR28Ej3+/+0+fz47Yu2h4z0EI/EbrudLOWY936jIeAVwHckI3+BuqH
+qR4poj1gfbnMxNuI9UzIXzjEmGewx9kDZ7IYnvloZKqoVQODO5GlKF2ja6IcMNlh
+GCNdD6PSAS6HcmalmWo9sj+1YMkrl+GJikKZqVBHrHNwMGAG67w=
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/testdata/server_cert.pem b/vendor/github.com/google/s2a-go/internal/v2/testdata/server_cert.pem
new file mode 100644
index 000000000..0f98322c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/testdata/server_cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIUKCoDuLtiZXvhsBY2RoDm0ugizJ8wDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
+YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
+AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
+MjIwNTMxMjAwODI1WhcNNDIwNTI2MjAwODI1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
+ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
+KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKK1++PXQ+M3hjYH/v0K4UEYl5ljzpNM1i52eQM+gFooojT87PDSaphT
+fs0PXy/PTAjHBEvPhWpOpmQXfJNYzjwcCvg66hbqkv++/VTZiFLAsHagzkEz+FRJ
+qT5Eq7G5FLyw1izX1uxyPN7tAEWEEg7eqsiaXD3Cq8+TYN9cjirPeF7RZF8yFCYE
+xqvbo+Yc6RL6xw19iXVTfctRgQe581KQuIY5/LXo3dWDEilFdsADAe8XAEcO64es
+Ow0g1UvXLnpXSE151kXBFb3sKH/ZjCecDYMCIMEb4sWLSblkSxJ5sNSmXIG4wtr2
+Qnii7CXZgnVYraQE/Jyh+NMQANuoSdMCAwEAAaNTMFEwHQYDVR0OBBYEFAyQQQuM
+ab+YUQqjK8dVVOoHVFmXMB8GA1UdIwQYMBaAFAyQQQuMab+YUQqjK8dVVOoHVFmX
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADj0vQ6ykWhicoqR
+e6VZMwlEJV7/DSvWWKBd9MUjfKye0A4565ya5lmnzP3DiD3nqGe3miqmLsXKDs+X
+POqlPXTWIamP7D4MJ32XtSLwZB4ru+I+Ao/P/VngPepoRPQoBnzHe7jww0rokqxl
+AZERjlbTUwUAy/BPWPSzSJZ2j0tcs6ZLDNyYzpK4ao8R9/1VmQ92Tcp3feJs1QTg
+odRQc3om/AkWOwsll+oyX0UbJeHkFHiLanUPXbdh+/BkSvZJ8ynL+feSDdaurPe+
+PSfnqLtQft9/neecGRdEaQzzzSFVQUVQzTdK1Q7hA7b55b2HvIa3ktDiks+sJsYN
+Dhm6uZM=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/testdata/server_key.pem b/vendor/github.com/google/s2a-go/internal/v2/testdata/server_key.pem
new file mode 100644
index 000000000..81afea783
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/testdata/server_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAorX749dD4zeGNgf+/QrhQRiXmWPOk0zWLnZ5Az6AWiiiNPzs
+8NJqmFN+zQ9fL89MCMcES8+Fak6mZBd8k1jOPBwK+DrqFuqS/779VNmIUsCwdqDO
+QTP4VEmpPkSrsbkUvLDWLNfW7HI83u0ARYQSDt6qyJpcPcKrz5Ng31yOKs94XtFk
+XzIUJgTGq9uj5hzpEvrHDX2JdVN9y1GBB7nzUpC4hjn8tejd1YMSKUV2wAMB7xcA
+Rw7rh6w7DSDVS9cueldITXnWRcEVvewof9mMJ5wNgwIgwRvixYtJuWRLEnmw1KZc
+gbjC2vZCeKLsJdmCdVitpAT8nKH40xAA26hJ0wIDAQABAoIBACaNR+lsD8G+XiZf
+LqN1+HkcAo9tfnyYMAdCOtnx7SdviT9Uzi8hK/B7mAeuJLeHPlS2EuaDfPD7QaFl
+jza6S+MiIdc+3kgfvESsVAnOoOY6kZUJ9NSuI6CU82y1iJjLaYZrv9NQMLRFPPb0
+4KOX709mosB1EnXvshW0rbc+jtDFhrm1SxMt+k9TuzmMxjbOeW4LOLXPgU8X1T3Q
+Xy0hMZZtcgBs9wFIo8yCtmOixax9pnFE8rRltgDxTodn9LLdz1FieyntNgDksZ0P
+nt4kV7Mqly7ELaea+Foaj244mKsesic2e3GhAlMRLun/VSunSf7mOCxfpITB8dp1
+drDhOYECgYEA19151dVxRcviuovN6Dar+QszMTnU8pDJ8BjLFjXjP/hNBBwMTHDE
+duMuWk2qnwZqMooI/shxrF/ufmTgS0CFrh2+ANBZu27vWConJNXcyNtdigI4wt50
+L0Y2qcZn2mg67qFXHwoR3QNwrwnPwEjRXA09at9CSRZzcwDQ0ETXhYsCgYEAwPaG
+06QdK8Zyly7TTzZJwxzv9uGiqzodmGtX6NEKjgij2JaCxHpukqZBJoqa0jKeK1cm
+eNVkOvT5ff9TMzarSHQLr3pZen2/oVLb5gaFkbcJt/klv9Fd+ZRilHY3i6QwS6pD
+uMiPOWS4DrLHDRVoVlAZTDjT1RVwwTs+P2NhJdkCgYEAsriXysbxBYyMp05gqEW7
+lHIFbFgpSrs9th+Q5U6wW6JEgYaHWDJ1NslY80MiZI93FWjbkbZ7BvBWESeL3EIL
+a+EMErht0pVCbIhZ6FF4foPAqia0wAJVx14mm+G80kNBp5jE/NnleEsE3KcO7nBb
+hg8gLn+x7bk81JZ0TDrzBYkCgYEAuQKluv47SeF3tSScTfKLPpvcKCWmxe1uutkQ
+7JShPhVioyOMNb39jnYBOWbjkm4d4QgqRuiytSR0oi3QI+Ziy5EYMyNn713qAk9j
+r2TJZDDPDKnBW+zt4YI4EohWMXk3JRUW4XDKggjjwJQA7bZ812TtHHvP/xoThfG7
+eSNb3eECgYBw6ssgCtMrdvQiEmjKVX/9yI38mvC2kSGyzbrQnGUfgqRGomRpeZuD
+B5E3kysA4td5pT5lvcLgSW0TbOz+YbiriXjwOihPIelCvc9gE2eOUI71/byUWPFz
+7u5F/xQ4NaGr5suLF+lBC6h7pSbM4El9lIHQAQadpuEdzHqrw+hs3g==
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/client_cert.pem b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/client_cert.pem
new file mode 100644
index 000000000..493a5a264
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/client_cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIUKXNlBRVe6UepjQUijIFPZBd/4qYwDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
+YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
+AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
+MjIwNTMxMjAwMzE1WhcNNDIwNTI2MjAwMzE1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
+ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
+KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOOFuIucH7XXfohGxKd3uR/ihUA/LdduR9I8kfpUEbq5BOt8xZe5/Yn9
+a1ozEHVW6cOAbHbnwAR8tkSgZ/t42QIA2k77HWU1Jh2xiEIsJivo3imm4/kZWuR0
+OqPh7MhzxpR/hvNwpI5mJsAVBWFMa5KtecFZLnyZtwHylrRN1QXzuLrOxuKFufK3
+RKbTABScn5RbZL976H/jgfSeXrbt242NrIoBnVe6fRbekbq2DQ6zFArbQMUgHjHK
+P0UqBgdr1QmHfi9KytFyx9BTP3gXWnWIu+bY7/v7qKJMHFwGETo+dCLWYevJL316
+HnLfhApDMfP8U+Yv/y1N/YvgaSOSlEcCAwEAAaNTMFEwHQYDVR0OBBYEFKhAU4nu
+0h/lrnggbIGvx4ej0WklMB8GA1UdIwQYMBaAFKhAU4nu0h/lrnggbIGvx4ej0Wkl
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAE/6NghzQ5fu6yR6
+EHKbj/YMrFdT7aGn5n2sAf7wJ33LIhiFHkpWBsVlm7rDtZtwhe891ZK/P60anlg9
+/P0Ua53tSRVRmCvTnEbXWOVMN4is6MsR7BlmzUxl4AtIn7jbeifEwRL7B4xDYmdA
+QrQnsqoz45dLgS5xK4WDqXATP09Q91xQDuhud/b+A4jrvgwFASmL7rMIZbp4f1JQ
+nlnl/9VoTBQBvJiWkDUtQDMpRLtauddEkv4AGz75p5IspXWD6cOemuh2iQec11xD
+X20rs2WZbAcAiUa3nmy8OKYw435vmpj8gp39WYbX/Yx9TymrFFbVY92wYn+quTco
+pKklVz0=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/client_key.pem b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/client_key.pem
new file mode 100644
index 000000000..55a7f10c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/client_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA44W4i5wftdd+iEbEp3e5H+KFQD8t125H0jyR+lQRurkE63zF
+l7n9if1rWjMQdVbpw4BsdufABHy2RKBn+3jZAgDaTvsdZTUmHbGIQiwmK+jeKabj
++Rla5HQ6o+HsyHPGlH+G83CkjmYmwBUFYUxrkq15wVkufJm3AfKWtE3VBfO4us7G
+4oW58rdEptMAFJyflFtkv3vof+OB9J5etu3bjY2sigGdV7p9Ft6RurYNDrMUCttA
+xSAeMco/RSoGB2vVCYd+L0rK0XLH0FM/eBdadYi75tjv+/uookwcXAYROj50ItZh
+68kvfXoect+ECkMx8/xT5i//LU39i+BpI5KURwIDAQABAoIBABgyjo/6iLzUMFbZ
+/+w3pW6orrdIgN2akvTfED9pVYFgUA+jc3hRhY95bkNnjuaL2cy7Cc4Tk65mfRQL
+Y0OxdJLr+EvSFSxAXM9npDA1ddHRsF8JqtFBSxNk8R+g1Yf0GDiO35Fgd3/ViWWA
+VtQkRoSRApP3oiQKTRZd8H04keFR+PvmDk/Lq11l3Kc24A1PevKIPX1oI990ggw9
+9i4uSV+cnuMxmcI9xxJtgwdDFdjr39l2arLOHr4s6LGoV2IOdXHNlv5xRqWUZ0FH
+MDHowkLgwDrdSTnNeaVNkce14Gqx+bd4hNaLCdKXMpedBTEmrut3f3hdV1kKjaKt
+aqRYr8ECgYEA/YDGZY2jvFoHHBywlqmEMFrrCvQGH51m5R1Ntpkzr+Rh3YCmrpvq
+xgwJXING0PUw3dz+xrH5lJICrfNE5Kt3fPu1rAEy+13mYsNowghtUq2Rtu0Hsjjx
+2E3Bf8vEB6RNBMmGkUpTTIAroGF5tpJoRvfnWax+k4pFdrKYFtyZdNcCgYEA5cNv
+EPltvOobjTXlUmtVP3n27KZN2aXexTcagLzRxE9CV4cYySENl3KuOMmccaZpIl6z
+aHk6BT4X+M0LqElNUczrInfVqI+SGAFLGy7W6CJaqSr6cpyFUP/fosKpm6wKGgLq
+udHfpvz5rckhKd8kJxFLvhGOK9yN5qpzih0gfhECgYAJfwRvk3G5wYmYpP58dlcs
+VIuPenqsPoI3PPTHTU/hW+XKnWIhElgmGRdUrto9Q6IT/Y5RtSMLTLjq+Tzwb/fm
+56rziYv2XJsfwgAvnI8z1Kqrto9ePsHYf3krJ1/thVsZPc9bq/QY3ohD1sLvcuaT
+GgBBnLOVJU3a12/ZE2RwOwKBgF0csWMAoj8/5IB6if+3ral2xOGsl7oPZVMo/J2V
+Z7EVqb4M6rd/pKFugTpUQgkwtkSOekhpcGD1hAN5HTNK2YG/+L5UMAsKe9sskwJm
+HgOfAHy0BSDzW3ey6i9skg2bT9Cww+0gJ3Hl7U1HSCBO5LjMYpSZSrNtwzfqdb5Q
+BX3xAoGARZdR28Ej3+/+0+fz47Yu2h4z0EI/EbrudLOWY936jIeAVwHckI3+BuqH
+qR4poj1gfbnMxNuI9UzIXzjEmGewx9kDZ7IYnvloZKqoVQODO5GlKF2ja6IcMNlh
+GCNdD6PSAS6HcmalmWo9sj+1YMkrl+GJikKZqVBHrHNwMGAG67w=
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/server_cert.pem b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/server_cert.pem
new file mode 100644
index 000000000..0f98322c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/server_cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIUKCoDuLtiZXvhsBY2RoDm0ugizJ8wDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
+YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
+AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
+MjIwNTMxMjAwODI1WhcNNDIwNTI2MjAwODI1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
+ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
+KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKK1++PXQ+M3hjYH/v0K4UEYl5ljzpNM1i52eQM+gFooojT87PDSaphT
+fs0PXy/PTAjHBEvPhWpOpmQXfJNYzjwcCvg66hbqkv++/VTZiFLAsHagzkEz+FRJ
+qT5Eq7G5FLyw1izX1uxyPN7tAEWEEg7eqsiaXD3Cq8+TYN9cjirPeF7RZF8yFCYE
+xqvbo+Yc6RL6xw19iXVTfctRgQe581KQuIY5/LXo3dWDEilFdsADAe8XAEcO64es
+Ow0g1UvXLnpXSE151kXBFb3sKH/ZjCecDYMCIMEb4sWLSblkSxJ5sNSmXIG4wtr2
+Qnii7CXZgnVYraQE/Jyh+NMQANuoSdMCAwEAAaNTMFEwHQYDVR0OBBYEFAyQQQuM
+ab+YUQqjK8dVVOoHVFmXMB8GA1UdIwQYMBaAFAyQQQuMab+YUQqjK8dVVOoHVFmX
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADj0vQ6ykWhicoqR
+e6VZMwlEJV7/DSvWWKBd9MUjfKye0A4565ya5lmnzP3DiD3nqGe3miqmLsXKDs+X
+POqlPXTWIamP7D4MJ32XtSLwZB4ru+I+Ao/P/VngPepoRPQoBnzHe7jww0rokqxl
+AZERjlbTUwUAy/BPWPSzSJZ2j0tcs6ZLDNyYzpK4ao8R9/1VmQ92Tcp3feJs1QTg
+odRQc3om/AkWOwsll+oyX0UbJeHkFHiLanUPXbdh+/BkSvZJ8ynL+feSDdaurPe+
+PSfnqLtQft9/neecGRdEaQzzzSFVQUVQzTdK1Q7hA7b55b2HvIa3ktDiks+sJsYN
+Dhm6uZM=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/server_key.pem b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/server_key.pem
new file mode 100644
index 000000000..81afea783
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/testdata/server_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAorX749dD4zeGNgf+/QrhQRiXmWPOk0zWLnZ5Az6AWiiiNPzs
+8NJqmFN+zQ9fL89MCMcES8+Fak6mZBd8k1jOPBwK+DrqFuqS/779VNmIUsCwdqDO
+QTP4VEmpPkSrsbkUvLDWLNfW7HI83u0ARYQSDt6qyJpcPcKrz5Ng31yOKs94XtFk
+XzIUJgTGq9uj5hzpEvrHDX2JdVN9y1GBB7nzUpC4hjn8tejd1YMSKUV2wAMB7xcA
+Rw7rh6w7DSDVS9cueldITXnWRcEVvewof9mMJ5wNgwIgwRvixYtJuWRLEnmw1KZc
+gbjC2vZCeKLsJdmCdVitpAT8nKH40xAA26hJ0wIDAQABAoIBACaNR+lsD8G+XiZf
+LqN1+HkcAo9tfnyYMAdCOtnx7SdviT9Uzi8hK/B7mAeuJLeHPlS2EuaDfPD7QaFl
+jza6S+MiIdc+3kgfvESsVAnOoOY6kZUJ9NSuI6CU82y1iJjLaYZrv9NQMLRFPPb0
+4KOX709mosB1EnXvshW0rbc+jtDFhrm1SxMt+k9TuzmMxjbOeW4LOLXPgU8X1T3Q
+Xy0hMZZtcgBs9wFIo8yCtmOixax9pnFE8rRltgDxTodn9LLdz1FieyntNgDksZ0P
+nt4kV7Mqly7ELaea+Foaj244mKsesic2e3GhAlMRLun/VSunSf7mOCxfpITB8dp1
+drDhOYECgYEA19151dVxRcviuovN6Dar+QszMTnU8pDJ8BjLFjXjP/hNBBwMTHDE
+duMuWk2qnwZqMooI/shxrF/ufmTgS0CFrh2+ANBZu27vWConJNXcyNtdigI4wt50
+L0Y2qcZn2mg67qFXHwoR3QNwrwnPwEjRXA09at9CSRZzcwDQ0ETXhYsCgYEAwPaG
+06QdK8Zyly7TTzZJwxzv9uGiqzodmGtX6NEKjgij2JaCxHpukqZBJoqa0jKeK1cm
+eNVkOvT5ff9TMzarSHQLr3pZen2/oVLb5gaFkbcJt/klv9Fd+ZRilHY3i6QwS6pD
+uMiPOWS4DrLHDRVoVlAZTDjT1RVwwTs+P2NhJdkCgYEAsriXysbxBYyMp05gqEW7
+lHIFbFgpSrs9th+Q5U6wW6JEgYaHWDJ1NslY80MiZI93FWjbkbZ7BvBWESeL3EIL
+a+EMErht0pVCbIhZ6FF4foPAqia0wAJVx14mm+G80kNBp5jE/NnleEsE3KcO7nBb
+hg8gLn+x7bk81JZ0TDrzBYkCgYEAuQKluv47SeF3tSScTfKLPpvcKCWmxe1uutkQ
+7JShPhVioyOMNb39jnYBOWbjkm4d4QgqRuiytSR0oi3QI+Ziy5EYMyNn713qAk9j
+r2TJZDDPDKnBW+zt4YI4EohWMXk3JRUW4XDKggjjwJQA7bZ812TtHHvP/xoThfG7
+eSNb3eECgYBw6ssgCtMrdvQiEmjKVX/9yI38mvC2kSGyzbrQnGUfgqRGomRpeZuD
+B5E3kysA4td5pT5lvcLgSW0TbOz+YbiriXjwOihPIelCvc9gE2eOUI71/byUWPFz
+7u5F/xQ4NaGr5suLF+lBC6h7pSbM4El9lIHQAQadpuEdzHqrw+hs3g==
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/tlsconfigstore.go b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/tlsconfigstore.go
new file mode 100644
index 000000000..dd8edbafd
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/tlsconfigstore.go
@@ -0,0 +1,403 @@
+/*
+ *
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package tlsconfigstore offloads operations to S2Av2.
+package tlsconfigstore
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/pem"
+	"errors"
+	"fmt"
+
+	"github.com/google/s2a-go/internal/tokenmanager"
+	"github.com/google/s2a-go/internal/v2/certverifier"
+	"github.com/google/s2a-go/internal/v2/remotesigner"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/grpclog"
+
+	commonpbv1 "github.com/google/s2a-go/internal/proto/common_go_proto"
+	commonpb "github.com/google/s2a-go/internal/proto/v2/common_go_proto"
+	s2av2pb "github.com/google/s2a-go/internal/proto/v2/s2a_go_proto"
+)
+
+const (
+	// HTTP/2
+	h2 = "h2"
+)
+
+// GetTLSConfigurationForClient returns a tls.Config instance for use by a client application.
+func GetTLSConfigurationForClient(serverHostname string, cstream s2av2pb.S2AService_SetUpSessionClient, tokenManager tokenmanager.AccessTokenManager, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode) (*tls.Config, error) {
+	authMechanisms := getAuthMechanisms(tokenManager, []*commonpbv1.Identity{localIdentity})
+
+	if grpclog.V(1) {
+		grpclog.Infof("Sending request to S2Av2 for client TLS config.")
+	}
+	// Send request to S2Av2 for config.
+	if err := cstream.Send(&s2av2pb.SessionReq{
+		LocalIdentity:            localIdentity,
+		AuthenticationMechanisms: authMechanisms,
+		ReqOneof: &s2av2pb.SessionReq_GetTlsConfigurationReq{
+			GetTlsConfigurationReq: &s2av2pb.GetTlsConfigurationReq{
+				ConnectionSide: commonpb.ConnectionSide_CONNECTION_SIDE_CLIENT,
+			},
+		},
+	}); err != nil {
+		grpclog.Infof("Failed to send request to S2Av2 for client TLS config")
+		return nil, err
+	}
+
+	// Get the response containing config from S2Av2.
+	resp, err := cstream.Recv()
+	if err != nil {
+		grpclog.Infof("Failed to receive client TLS config response from S2Av2.")
+		return nil, err
+	}
+
+	// TODO(rmehta19): Add unit test for this if statement.
+	if (resp.GetStatus() != nil) && (resp.GetStatus().Code != uint32(codes.OK)) {
+		return nil, fmt.Errorf("failed to get TLS configuration from S2A: %d, %v", resp.GetStatus().Code, resp.GetStatus().Details)
+	}
+
+	// Extract TLS configiguration from SessionResp.
+	tlsConfig := resp.GetGetTlsConfigurationResp().GetClientTlsConfiguration()
+
+	var cert tls.Certificate
+	for i, v := range tlsConfig.CertificateChain {
+		// Populate Certificates field.
+		block, _ := pem.Decode([]byte(v))
+		if block == nil {
+			return nil, errors.New("certificate in CertificateChain obtained from S2Av2 is empty")
+		}
+		x509Cert, err := x509.ParseCertificate(block.Bytes)
+		if err != nil {
+			return nil, err
+		}
+		cert.Certificate = append(cert.Certificate, x509Cert.Raw)
+		if i == 0 {
+			cert.Leaf = x509Cert
+		}
+	}
+
+	if len(tlsConfig.CertificateChain) > 0 {
+		cert.PrivateKey = remotesigner.New(cert.Leaf, cstream)
+		if cert.PrivateKey == nil {
+			return nil, errors.New("failed to retrieve Private Key from Remote Signer Library")
+		}
+	}
+
+	minVersion, maxVersion, err := getTLSMinMaxVersionsClient(tlsConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	// Create mTLS credentials for client.
+	config := &tls.Config{
+		VerifyPeerCertificate:  certverifier.VerifyServerCertificateChain(serverHostname, verificationMode, cstream),
+		ServerName:             serverHostname,
+		InsecureSkipVerify:     true, // NOLINT
+		ClientSessionCache:     nil,
+		SessionTicketsDisabled: true,
+		MinVersion:             minVersion,
+		MaxVersion:             maxVersion,
+		NextProtos:             []string{h2},
+	}
+	if len(tlsConfig.CertificateChain) > 0 {
+		config.Certificates = []tls.Certificate{cert}
+	}
+	return config, nil
+}
+
+// GetTLSConfigurationForServer returns a tls.Config instance for use by a server application.
+func GetTLSConfigurationForServer(cstream s2av2pb.S2AService_SetUpSessionClient, tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode) (*tls.Config, error) {
+	return &tls.Config{
+		GetConfigForClient: ClientConfig(tokenManager, localIdentities, verificationMode, cstream),
+	}, nil
+}
+
+// ClientConfig builds a TLS config for a server to establish a secure
+// connection with a client, based on SNI communicated during ClientHello.
+// Ensures that server presents the correct certificate to establish a TLS
+// connection.
+func ClientConfig(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, cstream s2av2pb.S2AService_SetUpSessionClient) func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
+	return func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
+		tlsConfig, err := getServerConfigFromS2Av2(tokenManager, localIdentities, chi.ServerName, cstream)
+		if err != nil {
+			return nil, err
+		}
+
+		var cert tls.Certificate
+		for i, v := range tlsConfig.CertificateChain {
+			// Populate Certificates field.
+			block, _ := pem.Decode([]byte(v))
+			if block == nil {
+				return nil, errors.New("certificate in CertificateChain obtained from S2Av2 is empty")
+			}
+			x509Cert, err := x509.ParseCertificate(block.Bytes)
+			if err != nil {
+				return nil, err
+			}
+			cert.Certificate = append(cert.Certificate, x509Cert.Raw)
+			if i == 0 {
+				cert.Leaf = x509Cert
+			}
+		}
+
+		cert.PrivateKey = remotesigner.New(cert.Leaf, cstream)
+		if cert.PrivateKey == nil {
+			return nil, errors.New("failed to retrieve Private Key from Remote Signer Library")
+		}
+
+		minVersion, maxVersion, err := getTLSMinMaxVersionsServer(tlsConfig)
+		if err != nil {
+			return nil, err
+		}
+
+		clientAuth := getTLSClientAuthType(tlsConfig)
+
+		var cipherSuites []uint16
+		cipherSuites = getCipherSuites(tlsConfig.Ciphersuites)
+
+		// Create mTLS credentials for server.
+		return &tls.Config{
+			Certificates:           []tls.Certificate{cert},
+			VerifyPeerCertificate:  certverifier.VerifyClientCertificateChain(verificationMode, cstream),
+			ClientAuth:             clientAuth,
+			CipherSuites:           cipherSuites,
+			SessionTicketsDisabled: true,
+			MinVersion:             minVersion,
+			MaxVersion:             maxVersion,
+			NextProtos:             []string{h2},
+		}, nil
+	}
+}
+
+func getCipherSuites(tlsConfigCipherSuites []commonpb.Ciphersuite) []uint16 {
+	var tlsGoCipherSuites []uint16
+	for _, v := range tlsConfigCipherSuites {
+		s := getTLSCipherSuite(v)
+		if s != 0xffff {
+			tlsGoCipherSuites = append(tlsGoCipherSuites, s)
+		}
+	}
+	return tlsGoCipherSuites
+}
+
+func getTLSCipherSuite(tlsCipherSuite commonpb.Ciphersuite) uint16 {
+	switch tlsCipherSuite {
+	case commonpb.Ciphersuite_CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+		return tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+	case commonpb.Ciphersuite_CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
+		return tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+	case commonpb.Ciphersuite_CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
+		return tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+	case commonpb.Ciphersuite_CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+		return tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+	case commonpb.Ciphersuite_CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
+		return tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+	case commonpb.Ciphersuite_CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+		return tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+	default:
+		return 0xffff
+	}
+}
+
+func getServerConfigFromS2Av2(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, sni string, cstream s2av2pb.S2AService_SetUpSessionClient) (*s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration, error) {
+	authMechanisms := getAuthMechanisms(tokenManager, localIdentities)
+	var locID *commonpbv1.Identity
+	if localIdentities != nil {
+		locID = localIdentities[0]
+	}
+
+	if err := cstream.Send(&s2av2pb.SessionReq{
+		LocalIdentity:            locID,
+		AuthenticationMechanisms: authMechanisms,
+		ReqOneof: &s2av2pb.SessionReq_GetTlsConfigurationReq{
+			GetTlsConfigurationReq: &s2av2pb.GetTlsConfigurationReq{
+				ConnectionSide: commonpb.ConnectionSide_CONNECTION_SIDE_SERVER,
+				Sni:            sni,
+			},
+		},
+	}); err != nil {
+		return nil, err
+	}
+
+	resp, err := cstream.Recv()
+	if err != nil {
+		return nil, err
+	}
+
+	// TODO(rmehta19): Add unit test for this if statement.
+	if (resp.GetStatus() != nil) && (resp.GetStatus().Code != uint32(codes.OK)) {
+		return nil, fmt.Errorf("failed to get TLS configuration from S2A: %d, %v", resp.GetStatus().Code, resp.GetStatus().Details)
+	}
+
+	return resp.GetGetTlsConfigurationResp().GetServerTlsConfiguration(), nil
+}
+
+func getTLSClientAuthType(tlsConfig *s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration) tls.ClientAuthType {
+	var clientAuth tls.ClientAuthType
+	switch x := tlsConfig.RequestClientCertificate; x {
+	case s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration_DONT_REQUEST_CLIENT_CERTIFICATE:
+		clientAuth = tls.NoClientCert
+	case s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
+		clientAuth = tls.RequestClientCert
+	case s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY:
+		// This case actually maps to tls.VerifyClientCertIfGiven. However this
+		// mapping triggers normal verification, followed by custom verification,
+		// specified in VerifyPeerCertificate. To bypass normal verification, and
+		// only do custom verification we set clientAuth to RequireAnyClientCert or
+		// RequestClientCert. See https://github.com/google/s2a-go/pull/43 for full
+		// discussion.
+		clientAuth = tls.RequireAnyClientCert
+	case s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
+		clientAuth = tls.RequireAnyClientCert
+	case s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY:
+		// This case actually maps to tls.RequireAndVerifyClientCert. However this
+		// mapping triggers normal verification, followed by custom verification,
+		// specified in VerifyPeerCertificate. To bypass normal verification, and
+		// only do custom verification we set clientAuth to RequireAnyClientCert or
+		// RequestClientCert. See https://github.com/google/s2a-go/pull/43 for full
+		// discussion.
+		clientAuth = tls.RequireAnyClientCert
+	default:
+		clientAuth = tls.RequireAnyClientCert
+	}
+	return clientAuth
+}
+
+func getAuthMechanisms(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity) []*s2av2pb.AuthenticationMechanism {
+	if tokenManager == nil {
+		return nil
+	}
+	if len(localIdentities) == 0 {
+		token, err := tokenManager.DefaultToken()
+		if err != nil {
+			grpclog.Infof("Unable to get token for empty local identity: %v", err)
+			return nil
+		}
+		return []*s2av2pb.AuthenticationMechanism{
+			{
+				MechanismOneof: &s2av2pb.AuthenticationMechanism_Token{
+					Token: token,
+				},
+			},
+		}
+	}
+	var authMechanisms []*s2av2pb.AuthenticationMechanism
+	for _, localIdentity := range localIdentities {
+		if localIdentity == nil {
+			token, err := tokenManager.DefaultToken()
+			if err != nil {
+				grpclog.Infof("Unable to get default token for local identity %v: %v", localIdentity, err)
+				continue
+			}
+			authMechanisms = append(authMechanisms, &s2av2pb.AuthenticationMechanism{
+				Identity: localIdentity,
+				MechanismOneof: &s2av2pb.AuthenticationMechanism_Token{
+					Token: token,
+				},
+			})
+		} else {
+			token, err := tokenManager.Token(localIdentity)
+			if err != nil {
+				grpclog.Infof("Unable to get token for local identity %v: %v", localIdentity, err)
+				continue
+			}
+			authMechanisms = append(authMechanisms, &s2av2pb.AuthenticationMechanism{
+				Identity: localIdentity,
+				MechanismOneof: &s2av2pb.AuthenticationMechanism_Token{
+					Token: token,
+				},
+			})
+		}
+	}
+	return authMechanisms
+}
+
+// TODO(rmehta19): refactor switch statements into a helper function.
+func getTLSMinMaxVersionsClient(tlsConfig *s2av2pb.GetTlsConfigurationResp_ClientTlsConfiguration) (uint16, uint16, error) {
+	// Map S2Av2 TLSVersion to consts defined in tls package.
+	var minVersion uint16
+	var maxVersion uint16
+	switch x := tlsConfig.MinTlsVersion; x {
+	case commonpb.TLSVersion_TLS_VERSION_1_0:
+		minVersion = tls.VersionTLS10
+	case commonpb.TLSVersion_TLS_VERSION_1_1:
+		minVersion = tls.VersionTLS11
+	case commonpb.TLSVersion_TLS_VERSION_1_2:
+		minVersion = tls.VersionTLS12
+	case commonpb.TLSVersion_TLS_VERSION_1_3:
+		minVersion = tls.VersionTLS13
+	default:
+		return minVersion, maxVersion, fmt.Errorf("S2Av2 provided invalid MinTlsVersion: %v", x)
+	}
+
+	switch x := tlsConfig.MaxTlsVersion; x {
+	case commonpb.TLSVersion_TLS_VERSION_1_0:
+		maxVersion = tls.VersionTLS10
+	case commonpb.TLSVersion_TLS_VERSION_1_1:
+		maxVersion = tls.VersionTLS11
+	case commonpb.TLSVersion_TLS_VERSION_1_2:
+		maxVersion = tls.VersionTLS12
+	case commonpb.TLSVersion_TLS_VERSION_1_3:
+		maxVersion = tls.VersionTLS13
+	default:
+		return minVersion, maxVersion, fmt.Errorf("S2Av2 provided invalid MaxTlsVersion: %v", x)
+	}
+	if minVersion > maxVersion {
+		return minVersion, maxVersion, errors.New("S2Av2 provided minVersion > maxVersion")
+	}
+	return minVersion, maxVersion, nil
+}
+
+func getTLSMinMaxVersionsServer(tlsConfig *s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration) (uint16, uint16, error) {
+	// Map S2Av2 TLSVersion to consts defined in tls package.
+	var minVersion uint16
+	var maxVersion uint16
+	switch x := tlsConfig.MinTlsVersion; x {
+	case commonpb.TLSVersion_TLS_VERSION_1_0:
+		minVersion = tls.VersionTLS10
+	case commonpb.TLSVersion_TLS_VERSION_1_1:
+		minVersion = tls.VersionTLS11
+	case commonpb.TLSVersion_TLS_VERSION_1_2:
+		minVersion = tls.VersionTLS12
+	case commonpb.TLSVersion_TLS_VERSION_1_3:
+		minVersion = tls.VersionTLS13
+	default:
+		return minVersion, maxVersion, fmt.Errorf("S2Av2 provided invalid MinTlsVersion: %v", x)
+	}
+
+	switch x := tlsConfig.MaxTlsVersion; x {
+	case commonpb.TLSVersion_TLS_VERSION_1_0:
+		maxVersion = tls.VersionTLS10
+	case commonpb.TLSVersion_TLS_VERSION_1_1:
+		maxVersion = tls.VersionTLS11
+	case commonpb.TLSVersion_TLS_VERSION_1_2:
+		maxVersion = tls.VersionTLS12
+	case commonpb.TLSVersion_TLS_VERSION_1_3:
+		maxVersion = tls.VersionTLS13
+	default:
+		return minVersion, maxVersion, fmt.Errorf("S2Av2 provided invalid MaxTlsVersion: %v", x)
+	}
+	if minVersion > maxVersion {
+		return minVersion, maxVersion, errors.New("S2Av2 provided minVersion > maxVersion")
+	}
+	return minVersion, maxVersion, nil
+}
diff --git a/vendor/github.com/google/s2a-go/s2a.go b/vendor/github.com/google/s2a-go/s2a.go
new file mode 100644
index 000000000..d805d372c
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/s2a.go
@@ -0,0 +1,409 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package s2a provides the S2A transport credentials used by a gRPC
+// application.
+package s2a
+
+import (
+	"context"
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"net"
+	"sync"
+	"time"
+
+	"github.com/golang/protobuf/proto"
+	"github.com/google/s2a-go/fallback"
+	"github.com/google/s2a-go/internal/handshaker"
+	"github.com/google/s2a-go/internal/handshaker/service"
+	"github.com/google/s2a-go/internal/tokenmanager"
+	"github.com/google/s2a-go/internal/v2"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/grpclog"
+
+	commonpb "github.com/google/s2a-go/internal/proto/common_go_proto"
+	s2av2pb "github.com/google/s2a-go/internal/proto/v2/s2a_go_proto"
+)
+
+const (
+	s2aSecurityProtocol = "tls"
+	// defaultTimeout specifies the default server handshake timeout.
+	defaultTimeout = 30.0 * time.Second
+)
+
+// s2aTransportCreds are the transport credentials required for establishing
+// a secure connection using the S2A. They implement the
+// credentials.TransportCredentials interface.
+type s2aTransportCreds struct {
+	info          *credentials.ProtocolInfo
+	minTLSVersion commonpb.TLSVersion
+	maxTLSVersion commonpb.TLSVersion
+	// tlsCiphersuites contains the ciphersuites used in the S2A connection.
+	// Note that these are currently unconfigurable.
+	tlsCiphersuites []commonpb.Ciphersuite
+	// localIdentity should only be used by the client.
+	localIdentity *commonpb.Identity
+	// localIdentities should only be used by the server.
+	localIdentities []*commonpb.Identity
+	// targetIdentities should only be used by the client.
+	targetIdentities            []*commonpb.Identity
+	isClient                    bool
+	s2aAddr                     string
+	ensureProcessSessionTickets *sync.WaitGroup
+}
+
+// NewClientCreds returns a client-side transport credentials object that uses
+// the S2A to establish a secure connection with a server.
+func NewClientCreds(opts *ClientOptions) (credentials.TransportCredentials, error) {
+	if opts == nil {
+		return nil, errors.New("nil client options")
+	}
+	var targetIdentities []*commonpb.Identity
+	for _, targetIdentity := range opts.TargetIdentities {
+		protoTargetIdentity, err := toProtoIdentity(targetIdentity)
+		if err != nil {
+			return nil, err
+		}
+		targetIdentities = append(targetIdentities, protoTargetIdentity)
+	}
+	localIdentity, err := toProtoIdentity(opts.LocalIdentity)
+	if err != nil {
+		return nil, err
+	}
+	if opts.EnableLegacyMode {
+		return &s2aTransportCreds{
+			info: &credentials.ProtocolInfo{
+				SecurityProtocol: s2aSecurityProtocol,
+			},
+			minTLSVersion: commonpb.TLSVersion_TLS1_3,
+			maxTLSVersion: commonpb.TLSVersion_TLS1_3,
+			tlsCiphersuites: []commonpb.Ciphersuite{
+				commonpb.Ciphersuite_AES_128_GCM_SHA256,
+				commonpb.Ciphersuite_AES_256_GCM_SHA384,
+				commonpb.Ciphersuite_CHACHA20_POLY1305_SHA256,
+			},
+			localIdentity:               localIdentity,
+			targetIdentities:            targetIdentities,
+			isClient:                    true,
+			s2aAddr:                     opts.S2AAddress,
+			ensureProcessSessionTickets: opts.EnsureProcessSessionTickets,
+		}, nil
+	}
+	verificationMode := getVerificationMode(opts.VerificationMode)
+	var fallbackFunc fallback.ClientHandshake
+	if opts.FallbackOpts != nil && opts.FallbackOpts.FallbackClientHandshakeFunc != nil {
+		fallbackFunc = opts.FallbackOpts.FallbackClientHandshakeFunc
+	}
+	return v2.NewClientCreds(opts.S2AAddress, localIdentity, verificationMode, fallbackFunc)
+}
+
+// NewServerCreds returns a server-side transport credentials object that uses
+// the S2A to establish a secure connection with a client.
+func NewServerCreds(opts *ServerOptions) (credentials.TransportCredentials, error) {
+	if opts == nil {
+		return nil, errors.New("nil server options")
+	}
+	var localIdentities []*commonpb.Identity
+	for _, localIdentity := range opts.LocalIdentities {
+		protoLocalIdentity, err := toProtoIdentity(localIdentity)
+		if err != nil {
+			return nil, err
+		}
+		localIdentities = append(localIdentities, protoLocalIdentity)
+	}
+	if opts.EnableLegacyMode {
+		return &s2aTransportCreds{
+			info: &credentials.ProtocolInfo{
+				SecurityProtocol: s2aSecurityProtocol,
+			},
+			minTLSVersion: commonpb.TLSVersion_TLS1_3,
+			maxTLSVersion: commonpb.TLSVersion_TLS1_3,
+			tlsCiphersuites: []commonpb.Ciphersuite{
+				commonpb.Ciphersuite_AES_128_GCM_SHA256,
+				commonpb.Ciphersuite_AES_256_GCM_SHA384,
+				commonpb.Ciphersuite_CHACHA20_POLY1305_SHA256,
+			},
+			localIdentities: localIdentities,
+			isClient:        false,
+			s2aAddr:         opts.S2AAddress,
+		}, nil
+	}
+	verificationMode := getVerificationMode(opts.VerificationMode)
+	return v2.NewServerCreds(opts.S2AAddress, localIdentities, verificationMode)
+}
+
+// ClientHandshake initiates a client-side TLS handshake using the S2A.
+func (c *s2aTransportCreds) ClientHandshake(ctx context.Context, serverAuthority string, rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) {
+	if !c.isClient {
+		return nil, nil, errors.New("client handshake called using server transport credentials")
+	}
+
+	// Connect to the S2A.
+	hsConn, err := service.Dial(c.s2aAddr)
+	if err != nil {
+		grpclog.Infof("Failed to connect to S2A: %v", err)
+		return nil, nil, err
+	}
+
+	var cancel context.CancelFunc
+	ctx, cancel = context.WithCancel(ctx)
+	defer cancel()
+
+	opts := &handshaker.ClientHandshakerOptions{
+		MinTLSVersion:               c.minTLSVersion,
+		MaxTLSVersion:               c.maxTLSVersion,
+		TLSCiphersuites:             c.tlsCiphersuites,
+		TargetIdentities:            c.targetIdentities,
+		LocalIdentity:               c.localIdentity,
+		TargetName:                  serverAuthority,
+		EnsureProcessSessionTickets: c.ensureProcessSessionTickets,
+	}
+	chs, err := handshaker.NewClientHandshaker(ctx, hsConn, rawConn, c.s2aAddr, opts)
+	if err != nil {
+		grpclog.Infof("Call to handshaker.NewClientHandshaker failed: %v", err)
+		return nil, nil, err
+	}
+	defer func() {
+		if err != nil {
+			if closeErr := chs.Close(); closeErr != nil {
+				grpclog.Infof("Close failed unexpectedly: %v", err)
+				err = fmt.Errorf("%v: close unexpectedly failed: %v", err, closeErr)
+			}
+		}
+	}()
+
+	secConn, authInfo, err := chs.ClientHandshake(context.Background())
+	if err != nil {
+		grpclog.Infof("Handshake failed: %v", err)
+		return nil, nil, err
+	}
+	return secConn, authInfo, nil
+}
+
+// ServerHandshake initiates a server-side TLS handshake using the S2A.
+func (c *s2aTransportCreds) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) {
+	if c.isClient {
+		return nil, nil, errors.New("server handshake called using client transport credentials")
+	}
+
+	// Connect to the S2A.
+	hsConn, err := service.Dial(c.s2aAddr)
+	if err != nil {
+		grpclog.Infof("Failed to connect to S2A: %v", err)
+		return nil, nil, err
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), defaultTimeout)
+	defer cancel()
+
+	opts := &handshaker.ServerHandshakerOptions{
+		MinTLSVersion:   c.minTLSVersion,
+		MaxTLSVersion:   c.maxTLSVersion,
+		TLSCiphersuites: c.tlsCiphersuites,
+		LocalIdentities: c.localIdentities,
+	}
+	shs, err := handshaker.NewServerHandshaker(ctx, hsConn, rawConn, c.s2aAddr, opts)
+	if err != nil {
+		grpclog.Infof("Call to handshaker.NewServerHandshaker failed: %v", err)
+		return nil, nil, err
+	}
+	defer func() {
+		if err != nil {
+			if closeErr := shs.Close(); closeErr != nil {
+				grpclog.Infof("Close failed unexpectedly: %v", err)
+				err = fmt.Errorf("%v: close unexpectedly failed: %v", err, closeErr)
+			}
+		}
+	}()
+
+	secConn, authInfo, err := shs.ServerHandshake(context.Background())
+	if err != nil {
+		grpclog.Infof("Handshake failed: %v", err)
+		return nil, nil, err
+	}
+	return secConn, authInfo, nil
+}
+
+func (c *s2aTransportCreds) Info() credentials.ProtocolInfo {
+	return *c.info
+}
+
+func (c *s2aTransportCreds) Clone() credentials.TransportCredentials {
+	info := *c.info
+	var localIdentity *commonpb.Identity
+	if c.localIdentity != nil {
+		localIdentity = proto.Clone(c.localIdentity).(*commonpb.Identity)
+	}
+	var localIdentities []*commonpb.Identity
+	if c.localIdentities != nil {
+		localIdentities = make([]*commonpb.Identity, len(c.localIdentities))
+		for i, localIdentity := range c.localIdentities {
+			localIdentities[i] = proto.Clone(localIdentity).(*commonpb.Identity)
+		}
+	}
+	var targetIdentities []*commonpb.Identity
+	if c.targetIdentities != nil {
+		targetIdentities = make([]*commonpb.Identity, len(c.targetIdentities))
+		for i, targetIdentity := range c.targetIdentities {
+			targetIdentities[i] = proto.Clone(targetIdentity).(*commonpb.Identity)
+		}
+	}
+	return &s2aTransportCreds{
+		info:             &info,
+		minTLSVersion:    c.minTLSVersion,
+		maxTLSVersion:    c.maxTLSVersion,
+		tlsCiphersuites:  c.tlsCiphersuites,
+		localIdentity:    localIdentity,
+		localIdentities:  localIdentities,
+		targetIdentities: targetIdentities,
+		isClient:         c.isClient,
+		s2aAddr:          c.s2aAddr,
+	}
+}
+
+func (c *s2aTransportCreds) OverrideServerName(serverNameOverride string) error {
+	c.info.ServerName = serverNameOverride
+	return nil
+}
+
+// TLSClientConfigOptions specifies parameters for creating client TLS config.
+type TLSClientConfigOptions struct {
+	// ServerName is required by s2a as the expected name when verifying the hostname found in server's certificate.
+	// 		tlsConfig, _ := factory.Build(ctx, &s2a.TLSClientConfigOptions{
+	//			ServerName: "example.com",
+	//		})
+	ServerName string
+}
+
+// TLSClientConfigFactory defines the interface for a client TLS config factory.
+type TLSClientConfigFactory interface {
+	Build(ctx context.Context, opts *TLSClientConfigOptions) (*tls.Config, error)
+}
+
+// NewTLSClientConfigFactory returns an instance of s2aTLSClientConfigFactory.
+func NewTLSClientConfigFactory(opts *ClientOptions) (TLSClientConfigFactory, error) {
+	if opts == nil {
+		return nil, fmt.Errorf("opts must be non-nil")
+	}
+	if opts.EnableLegacyMode {
+		return nil, fmt.Errorf("NewTLSClientConfigFactory only supports S2Av2")
+	}
+	tokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
+	if err != nil {
+		// The only possible error is: access token not set in the environment,
+		// which is okay in environments other than serverless.
+		grpclog.Infof("Access token manager not initialized: %v", err)
+		return &s2aTLSClientConfigFactory{
+			s2av2Address:     opts.S2AAddress,
+			tokenManager:     nil,
+			verificationMode: getVerificationMode(opts.VerificationMode),
+		}, nil
+	}
+	return &s2aTLSClientConfigFactory{
+		s2av2Address:     opts.S2AAddress,
+		tokenManager:     tokenManager,
+		verificationMode: getVerificationMode(opts.VerificationMode),
+	}, nil
+}
+
+type s2aTLSClientConfigFactory struct {
+	s2av2Address     string
+	tokenManager     tokenmanager.AccessTokenManager
+	verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode
+}
+
+func (f *s2aTLSClientConfigFactory) Build(
+	ctx context.Context, opts *TLSClientConfigOptions) (*tls.Config, error) {
+	serverName := ""
+	if opts != nil && opts.ServerName != "" {
+		serverName = opts.ServerName
+	}
+	return v2.NewClientTLSConfig(ctx, f.s2av2Address, f.tokenManager, f.verificationMode, serverName)
+}
+
+func getVerificationMode(verificationMode VerificationModeType) s2av2pb.ValidatePeerCertificateChainReq_VerificationMode {
+	switch verificationMode {
+	case ConnectToGoogle:
+		return s2av2pb.ValidatePeerCertificateChainReq_CONNECT_TO_GOOGLE
+	case Spiffe:
+		return s2av2pb.ValidatePeerCertificateChainReq_SPIFFE
+	default:
+		return s2av2pb.ValidatePeerCertificateChainReq_UNSPECIFIED
+	}
+}
+
+// NewS2ADialTLSContextFunc returns a dialer which establishes an MTLS connection using S2A.
+// Example use with http.RoundTripper:
+//
+//		dialTLSContext := s2a.NewS2aDialTLSContextFunc(&s2a.ClientOptions{
+//			S2AAddress:         s2aAddress, // required
+//		})
+//	 	transport := http.DefaultTransport
+//	 	transport.DialTLSContext = dialTLSContext
+func NewS2ADialTLSContextFunc(opts *ClientOptions) func(ctx context.Context, network, addr string) (net.Conn, error) {
+
+	return func(ctx context.Context, network, addr string) (net.Conn, error) {
+
+		fallback := func(err error) (net.Conn, error) {
+			if opts.FallbackOpts != nil && opts.FallbackOpts.FallbackDialer != nil &&
+				opts.FallbackOpts.FallbackDialer.Dialer != nil && opts.FallbackOpts.FallbackDialer.ServerAddr != "" {
+				fbDialer := opts.FallbackOpts.FallbackDialer
+				grpclog.Infof("fall back to dial: %s", fbDialer.ServerAddr)
+				fbConn, fbErr := fbDialer.Dialer.DialContext(ctx, network, fbDialer.ServerAddr)
+				if fbErr != nil {
+					return nil, fmt.Errorf("error fallback to %s: %v; S2A error: %w", fbDialer.ServerAddr, fbErr, err)
+				}
+				return fbConn, nil
+			}
+			return nil, err
+		}
+
+		factory, err := NewTLSClientConfigFactory(opts)
+		if err != nil {
+			grpclog.Infof("error creating S2A client config factory: %v", err)
+			return fallback(err)
+		}
+
+		serverName, _, err := net.SplitHostPort(addr)
+		if err != nil {
+			serverName = addr
+		}
+		timeoutCtx, cancel := context.WithTimeout(ctx, *v2.S2ATimeout)
+		defer cancel()
+		s2aTLSConfig, err := factory.Build(timeoutCtx, &TLSClientConfigOptions{
+			ServerName: serverName,
+		})
+		if err != nil {
+			grpclog.Infof("error building S2A TLS config: %v", err)
+			return fallback(err)
+		}
+
+		s2aDialer := &tls.Dialer{
+			Config: s2aTLSConfig,
+		}
+		c, err := s2aDialer.DialContext(ctx, network, addr)
+		if err != nil {
+			grpclog.Infof("error dialing with S2A to %s: %v", addr, err)
+			return fallback(err)
+		}
+		grpclog.Infof("success dialing MTLS to %s with S2A", addr)
+		return c, nil
+	}
+}
diff --git a/vendor/github.com/google/s2a-go/s2a_options.go b/vendor/github.com/google/s2a-go/s2a_options.go
new file mode 100644
index 000000000..74410d5bd
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/s2a_options.go
@@ -0,0 +1,197 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package s2a
+
+import (
+	"crypto/tls"
+	"errors"
+	"sync"
+
+	"github.com/google/s2a-go/fallback"
+
+	s2apb "github.com/google/s2a-go/internal/proto/common_go_proto"
+)
+
+// Identity is the interface for S2A identities.
+type Identity interface {
+	// Name returns the name of the identity.
+	Name() string
+}
+
+type spiffeID struct {
+	spiffeID string
+}
+
+func (s *spiffeID) Name() string { return s.spiffeID }
+
+// NewSpiffeID creates a SPIFFE ID from id.
+func NewSpiffeID(id string) Identity {
+	return &spiffeID{spiffeID: id}
+}
+
+type hostname struct {
+	hostname string
+}
+
+func (h *hostname) Name() string { return h.hostname }
+
+// NewHostname creates a hostname from name.
+func NewHostname(name string) Identity {
+	return &hostname{hostname: name}
+}
+
+type uid struct {
+	uid string
+}
+
+func (h *uid) Name() string { return h.uid }
+
+// NewUID creates a UID from name.
+func NewUID(name string) Identity {
+	return &uid{uid: name}
+}
+
+// VerificationModeType specifies the mode that S2A must use to verify the peer
+// certificate chain.
+type VerificationModeType int
+
+// Three types of verification modes.
+const (
+	Unspecified = iota
+	ConnectToGoogle
+	Spiffe
+)
+
+// ClientOptions contains the client-side options used to establish a secure
+// channel using the S2A handshaker service.
+type ClientOptions struct {
+	// TargetIdentities contains a list of allowed server identities. One of the
+	// target identities should match the peer identity in the handshake
+	// result; otherwise, the handshake fails.
+	TargetIdentities []Identity
+	// LocalIdentity is the local identity of the client application. If none is
+	// provided, then the S2A will choose the default identity, if one exists.
+	LocalIdentity Identity
+	// S2AAddress is the address of the S2A.
+	S2AAddress string
+	// EnsureProcessSessionTickets waits for all session tickets to be sent to
+	// S2A before a process completes.
+	//
+	// This functionality is crucial for processes that complete very soon after
+	// using S2A to establish a TLS connection, but it can be ignored for longer
+	// lived processes.
+	//
+	// Usage example:
+	//   func main() {
+	//     var ensureProcessSessionTickets sync.WaitGroup
+	//     clientOpts := &s2a.ClientOptions{
+	//       EnsureProcessSessionTickets: &ensureProcessSessionTickets,
+	//       // Set other members.
+	//     }
+	//     creds, _ := s2a.NewClientCreds(clientOpts)
+	//     conn, _ := grpc.Dial(serverAddr, grpc.WithTransportCredentials(creds))
+	//     defer conn.Close()
+	//
+	//     // Make RPC call.
+	//
+	//     // The process terminates right after the RPC call ends.
+	//     // ensureProcessSessionTickets can be used to ensure resumption
+	//     // tickets are fully processed. If the process is long-lived, using
+	//     // ensureProcessSessionTickets is not necessary.
+	//     ensureProcessSessionTickets.Wait()
+	//   }
+	EnsureProcessSessionTickets *sync.WaitGroup
+	// If true, enables the use of legacy S2Av1.
+	EnableLegacyMode bool
+	// VerificationMode specifies the mode that S2A must use to verify the
+	// peer certificate chain.
+	VerificationMode VerificationModeType
+
+	// Optional fallback after dialing with S2A fails.
+	FallbackOpts *FallbackOptions
+}
+
+// FallbackOptions prescribes the fallback logic that should be taken if the application fails to connect with S2A.
+type FallbackOptions struct {
+	// FallbackClientHandshakeFunc is used to specify fallback behavior when calling s2a.NewClientCreds().
+	// It will be called by ClientHandshake function, after handshake with S2A fails.
+	// s2a.NewClientCreds() ignores the other FallbackDialer field.
+	FallbackClientHandshakeFunc fallback.ClientHandshake
+
+	// FallbackDialer is used to specify fallback behavior when calling s2a.NewS2aDialTLSContextFunc().
+	// It passes in a custom fallback dialer and server address to use after dialing with S2A fails.
+	// s2a.NewS2aDialTLSContextFunc() ignores the other FallbackClientHandshakeFunc field.
+	FallbackDialer *FallbackDialer
+}
+
+// FallbackDialer contains a fallback tls.Dialer and a server address to connect to.
+type FallbackDialer struct {
+	// Dialer specifies a fallback tls.Dialer.
+	Dialer *tls.Dialer
+	// ServerAddr is used by Dialer to establish fallback connection.
+	ServerAddr string
+}
+
+// DefaultClientOptions returns the default client options.
+func DefaultClientOptions(s2aAddress string) *ClientOptions {
+	return &ClientOptions{
+		S2AAddress:       s2aAddress,
+		VerificationMode: ConnectToGoogle,
+	}
+}
+
+// ServerOptions contains the server-side options used to establish a secure
+// channel using the S2A handshaker service.
+type ServerOptions struct {
+	// LocalIdentities is the list of local identities that may be assumed by
+	// the server. If no local identity is specified, then the S2A chooses a
+	// default local identity, if one exists.
+	LocalIdentities []Identity
+	// S2AAddress is the address of the S2A.
+	S2AAddress string
+	// If true, enables the use of legacy S2Av1.
+	EnableLegacyMode bool
+	// VerificationMode specifies the mode that S2A must use to verify the
+	// peer certificate chain.
+	VerificationMode VerificationModeType
+}
+
+// DefaultServerOptions returns the default server options.
+func DefaultServerOptions(s2aAddress string) *ServerOptions {
+	return &ServerOptions{
+		S2AAddress:       s2aAddress,
+		VerificationMode: ConnectToGoogle,
+	}
+}
+
+func toProtoIdentity(identity Identity) (*s2apb.Identity, error) {
+	if identity == nil {
+		return nil, nil
+	}
+	switch id := identity.(type) {
+	case *spiffeID:
+		return &s2apb.Identity{IdentityOneof: &s2apb.Identity_SpiffeId{SpiffeId: id.Name()}}, nil
+	case *hostname:
+		return &s2apb.Identity{IdentityOneof: &s2apb.Identity_Hostname{Hostname: id.Name()}}, nil
+	case *uid:
+		return &s2apb.Identity{IdentityOneof: &s2apb.Identity_Uid{Uid: id.Name()}}, nil
+	default:
+		return nil, errors.New("unrecognized identity type")
+	}
+}
diff --git a/vendor/github.com/google/s2a-go/s2a_utils.go b/vendor/github.com/google/s2a-go/s2a_utils.go
new file mode 100644
index 000000000..d649cc461
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/s2a_utils.go
@@ -0,0 +1,79 @@
+/*
+ *
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package s2a
+
+import (
+	"context"
+	"errors"
+
+	commonpb "github.com/google/s2a-go/internal/proto/common_go_proto"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/peer"
+)
+
+// AuthInfo exposes security information from the S2A to the application.
+type AuthInfo interface {
+	// AuthType returns the authentication type.
+	AuthType() string
+	// ApplicationProtocol returns the application protocol, e.g. "grpc".
+	ApplicationProtocol() string
+	// TLSVersion returns the TLS version negotiated during the handshake.
+	TLSVersion() commonpb.TLSVersion
+	// Ciphersuite returns the ciphersuite negotiated during the handshake.
+	Ciphersuite() commonpb.Ciphersuite
+	// PeerIdentity returns the authenticated identity of the peer.
+	PeerIdentity() *commonpb.Identity
+	// LocalIdentity returns the local identity of the application used during
+	// session setup.
+	LocalIdentity() *commonpb.Identity
+	// PeerCertFingerprint returns the SHA256 hash of the peer certificate used in
+	// the S2A handshake.
+	PeerCertFingerprint() []byte
+	// LocalCertFingerprint returns the SHA256 hash of the local certificate used
+	// in the S2A handshake.
+	LocalCertFingerprint() []byte
+	// IsHandshakeResumed returns true if a cached session was used to resume
+	// the handshake.
+	IsHandshakeResumed() bool
+	// SecurityLevel returns the security level of the connection.
+	SecurityLevel() credentials.SecurityLevel
+}
+
+// AuthInfoFromPeer extracts the authinfo.S2AAuthInfo object from the given
+// peer, if it exists. This API should be used by gRPC clients after
+// obtaining a peer object using the grpc.Peer() CallOption.
+func AuthInfoFromPeer(p *peer.Peer) (AuthInfo, error) {
+	s2aAuthInfo, ok := p.AuthInfo.(AuthInfo)
+	if !ok {
+		return nil, errors.New("no S2AAuthInfo found in Peer")
+	}
+	return s2aAuthInfo, nil
+}
+
+// AuthInfoFromContext extracts the authinfo.S2AAuthInfo object from the given
+// context, if it exists. This API should be used by gRPC server RPC handlers
+// to get information about the peer. On the client-side, use the grpc.Peer()
+// CallOption and the AuthInfoFromPeer function.
+func AuthInfoFromContext(ctx context.Context) (AuthInfo, error) {
+	p, ok := peer.FromContext(ctx)
+	if !ok {
+		return nil, errors.New("no Peer found in Context")
+	}
+	return AuthInfoFromPeer(p)
+}
diff --git a/vendor/github.com/google/s2a-go/testdata/client_cert.pem b/vendor/github.com/google/s2a-go/testdata/client_cert.pem
new file mode 100644
index 000000000..493a5a264
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/client_cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIUKXNlBRVe6UepjQUijIFPZBd/4qYwDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
+YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
+AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
+MjIwNTMxMjAwMzE1WhcNNDIwNTI2MjAwMzE1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
+ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
+KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOOFuIucH7XXfohGxKd3uR/ihUA/LdduR9I8kfpUEbq5BOt8xZe5/Yn9
+a1ozEHVW6cOAbHbnwAR8tkSgZ/t42QIA2k77HWU1Jh2xiEIsJivo3imm4/kZWuR0
+OqPh7MhzxpR/hvNwpI5mJsAVBWFMa5KtecFZLnyZtwHylrRN1QXzuLrOxuKFufK3
+RKbTABScn5RbZL976H/jgfSeXrbt242NrIoBnVe6fRbekbq2DQ6zFArbQMUgHjHK
+P0UqBgdr1QmHfi9KytFyx9BTP3gXWnWIu+bY7/v7qKJMHFwGETo+dCLWYevJL316
+HnLfhApDMfP8U+Yv/y1N/YvgaSOSlEcCAwEAAaNTMFEwHQYDVR0OBBYEFKhAU4nu
+0h/lrnggbIGvx4ej0WklMB8GA1UdIwQYMBaAFKhAU4nu0h/lrnggbIGvx4ej0Wkl
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAE/6NghzQ5fu6yR6
+EHKbj/YMrFdT7aGn5n2sAf7wJ33LIhiFHkpWBsVlm7rDtZtwhe891ZK/P60anlg9
+/P0Ua53tSRVRmCvTnEbXWOVMN4is6MsR7BlmzUxl4AtIn7jbeifEwRL7B4xDYmdA
+QrQnsqoz45dLgS5xK4WDqXATP09Q91xQDuhud/b+A4jrvgwFASmL7rMIZbp4f1JQ
+nlnl/9VoTBQBvJiWkDUtQDMpRLtauddEkv4AGz75p5IspXWD6cOemuh2iQec11xD
+X20rs2WZbAcAiUa3nmy8OKYw435vmpj8gp39WYbX/Yx9TymrFFbVY92wYn+quTco
+pKklVz0=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/testdata/client_key.pem b/vendor/github.com/google/s2a-go/testdata/client_key.pem
new file mode 100644
index 000000000..55a7f10c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/client_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA44W4i5wftdd+iEbEp3e5H+KFQD8t125H0jyR+lQRurkE63zF
+l7n9if1rWjMQdVbpw4BsdufABHy2RKBn+3jZAgDaTvsdZTUmHbGIQiwmK+jeKabj
++Rla5HQ6o+HsyHPGlH+G83CkjmYmwBUFYUxrkq15wVkufJm3AfKWtE3VBfO4us7G
+4oW58rdEptMAFJyflFtkv3vof+OB9J5etu3bjY2sigGdV7p9Ft6RurYNDrMUCttA
+xSAeMco/RSoGB2vVCYd+L0rK0XLH0FM/eBdadYi75tjv+/uookwcXAYROj50ItZh
+68kvfXoect+ECkMx8/xT5i//LU39i+BpI5KURwIDAQABAoIBABgyjo/6iLzUMFbZ
+/+w3pW6orrdIgN2akvTfED9pVYFgUA+jc3hRhY95bkNnjuaL2cy7Cc4Tk65mfRQL
+Y0OxdJLr+EvSFSxAXM9npDA1ddHRsF8JqtFBSxNk8R+g1Yf0GDiO35Fgd3/ViWWA
+VtQkRoSRApP3oiQKTRZd8H04keFR+PvmDk/Lq11l3Kc24A1PevKIPX1oI990ggw9
+9i4uSV+cnuMxmcI9xxJtgwdDFdjr39l2arLOHr4s6LGoV2IOdXHNlv5xRqWUZ0FH
+MDHowkLgwDrdSTnNeaVNkce14Gqx+bd4hNaLCdKXMpedBTEmrut3f3hdV1kKjaKt
+aqRYr8ECgYEA/YDGZY2jvFoHHBywlqmEMFrrCvQGH51m5R1Ntpkzr+Rh3YCmrpvq
+xgwJXING0PUw3dz+xrH5lJICrfNE5Kt3fPu1rAEy+13mYsNowghtUq2Rtu0Hsjjx
+2E3Bf8vEB6RNBMmGkUpTTIAroGF5tpJoRvfnWax+k4pFdrKYFtyZdNcCgYEA5cNv
+EPltvOobjTXlUmtVP3n27KZN2aXexTcagLzRxE9CV4cYySENl3KuOMmccaZpIl6z
+aHk6BT4X+M0LqElNUczrInfVqI+SGAFLGy7W6CJaqSr6cpyFUP/fosKpm6wKGgLq
+udHfpvz5rckhKd8kJxFLvhGOK9yN5qpzih0gfhECgYAJfwRvk3G5wYmYpP58dlcs
+VIuPenqsPoI3PPTHTU/hW+XKnWIhElgmGRdUrto9Q6IT/Y5RtSMLTLjq+Tzwb/fm
+56rziYv2XJsfwgAvnI8z1Kqrto9ePsHYf3krJ1/thVsZPc9bq/QY3ohD1sLvcuaT
+GgBBnLOVJU3a12/ZE2RwOwKBgF0csWMAoj8/5IB6if+3ral2xOGsl7oPZVMo/J2V
+Z7EVqb4M6rd/pKFugTpUQgkwtkSOekhpcGD1hAN5HTNK2YG/+L5UMAsKe9sskwJm
+HgOfAHy0BSDzW3ey6i9skg2bT9Cww+0gJ3Hl7U1HSCBO5LjMYpSZSrNtwzfqdb5Q
+BX3xAoGARZdR28Ej3+/+0+fz47Yu2h4z0EI/EbrudLOWY936jIeAVwHckI3+BuqH
+qR4poj1gfbnMxNuI9UzIXzjEmGewx9kDZ7IYnvloZKqoVQODO5GlKF2ja6IcMNlh
+GCNdD6PSAS6HcmalmWo9sj+1YMkrl+GJikKZqVBHrHNwMGAG67w=
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/testdata/server_cert.pem b/vendor/github.com/google/s2a-go/testdata/server_cert.pem
new file mode 100644
index 000000000..0f98322c7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/server_cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIUKCoDuLtiZXvhsBY2RoDm0ugizJ8wDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2
+YWxlMRAwDgYDVQQKDAdDb21wYW55MREwDwYDVQQLDAhEaXZpc2lvbjEWMBQGA1UE
+AwwNczJhX3Rlc3RfY2VydDEaMBgGCSqGSIb3DQEJARYLeHl6QHh5ei5jb20wHhcN
+MjIwNTMxMjAwODI1WhcNNDIwNTI2MjAwODI1WjCBhzELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEDAOBgNVBAoMB0NvbXBhbnkx
+ETAPBgNVBAsMCERpdmlzaW9uMRYwFAYDVQQDDA1zMmFfdGVzdF9jZXJ0MRowGAYJ
+KoZIhvcNAQkBFgt4eXpAeHl6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKK1++PXQ+M3hjYH/v0K4UEYl5ljzpNM1i52eQM+gFooojT87PDSaphT
+fs0PXy/PTAjHBEvPhWpOpmQXfJNYzjwcCvg66hbqkv++/VTZiFLAsHagzkEz+FRJ
+qT5Eq7G5FLyw1izX1uxyPN7tAEWEEg7eqsiaXD3Cq8+TYN9cjirPeF7RZF8yFCYE
+xqvbo+Yc6RL6xw19iXVTfctRgQe581KQuIY5/LXo3dWDEilFdsADAe8XAEcO64es
+Ow0g1UvXLnpXSE151kXBFb3sKH/ZjCecDYMCIMEb4sWLSblkSxJ5sNSmXIG4wtr2
+Qnii7CXZgnVYraQE/Jyh+NMQANuoSdMCAwEAAaNTMFEwHQYDVR0OBBYEFAyQQQuM
+ab+YUQqjK8dVVOoHVFmXMB8GA1UdIwQYMBaAFAyQQQuMab+YUQqjK8dVVOoHVFmX
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADj0vQ6ykWhicoqR
+e6VZMwlEJV7/DSvWWKBd9MUjfKye0A4565ya5lmnzP3DiD3nqGe3miqmLsXKDs+X
+POqlPXTWIamP7D4MJ32XtSLwZB4ru+I+Ao/P/VngPepoRPQoBnzHe7jww0rokqxl
+AZERjlbTUwUAy/BPWPSzSJZ2j0tcs6ZLDNyYzpK4ao8R9/1VmQ92Tcp3feJs1QTg
+odRQc3om/AkWOwsll+oyX0UbJeHkFHiLanUPXbdh+/BkSvZJ8ynL+feSDdaurPe+
+PSfnqLtQft9/neecGRdEaQzzzSFVQUVQzTdK1Q7hA7b55b2HvIa3ktDiks+sJsYN
+Dhm6uZM=
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/testdata/server_key.pem b/vendor/github.com/google/s2a-go/testdata/server_key.pem
new file mode 100644
index 000000000..81afea783
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/server_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAorX749dD4zeGNgf+/QrhQRiXmWPOk0zWLnZ5Az6AWiiiNPzs
+8NJqmFN+zQ9fL89MCMcES8+Fak6mZBd8k1jOPBwK+DrqFuqS/779VNmIUsCwdqDO
+QTP4VEmpPkSrsbkUvLDWLNfW7HI83u0ARYQSDt6qyJpcPcKrz5Ng31yOKs94XtFk
+XzIUJgTGq9uj5hzpEvrHDX2JdVN9y1GBB7nzUpC4hjn8tejd1YMSKUV2wAMB7xcA
+Rw7rh6w7DSDVS9cueldITXnWRcEVvewof9mMJ5wNgwIgwRvixYtJuWRLEnmw1KZc
+gbjC2vZCeKLsJdmCdVitpAT8nKH40xAA26hJ0wIDAQABAoIBACaNR+lsD8G+XiZf
+LqN1+HkcAo9tfnyYMAdCOtnx7SdviT9Uzi8hK/B7mAeuJLeHPlS2EuaDfPD7QaFl
+jza6S+MiIdc+3kgfvESsVAnOoOY6kZUJ9NSuI6CU82y1iJjLaYZrv9NQMLRFPPb0
+4KOX709mosB1EnXvshW0rbc+jtDFhrm1SxMt+k9TuzmMxjbOeW4LOLXPgU8X1T3Q
+Xy0hMZZtcgBs9wFIo8yCtmOixax9pnFE8rRltgDxTodn9LLdz1FieyntNgDksZ0P
+nt4kV7Mqly7ELaea+Foaj244mKsesic2e3GhAlMRLun/VSunSf7mOCxfpITB8dp1
+drDhOYECgYEA19151dVxRcviuovN6Dar+QszMTnU8pDJ8BjLFjXjP/hNBBwMTHDE
+duMuWk2qnwZqMooI/shxrF/ufmTgS0CFrh2+ANBZu27vWConJNXcyNtdigI4wt50
+L0Y2qcZn2mg67qFXHwoR3QNwrwnPwEjRXA09at9CSRZzcwDQ0ETXhYsCgYEAwPaG
+06QdK8Zyly7TTzZJwxzv9uGiqzodmGtX6NEKjgij2JaCxHpukqZBJoqa0jKeK1cm
+eNVkOvT5ff9TMzarSHQLr3pZen2/oVLb5gaFkbcJt/klv9Fd+ZRilHY3i6QwS6pD
+uMiPOWS4DrLHDRVoVlAZTDjT1RVwwTs+P2NhJdkCgYEAsriXysbxBYyMp05gqEW7
+lHIFbFgpSrs9th+Q5U6wW6JEgYaHWDJ1NslY80MiZI93FWjbkbZ7BvBWESeL3EIL
+a+EMErht0pVCbIhZ6FF4foPAqia0wAJVx14mm+G80kNBp5jE/NnleEsE3KcO7nBb
+hg8gLn+x7bk81JZ0TDrzBYkCgYEAuQKluv47SeF3tSScTfKLPpvcKCWmxe1uutkQ
+7JShPhVioyOMNb39jnYBOWbjkm4d4QgqRuiytSR0oi3QI+Ziy5EYMyNn713qAk9j
+r2TJZDDPDKnBW+zt4YI4EohWMXk3JRUW4XDKggjjwJQA7bZ812TtHHvP/xoThfG7
+eSNb3eECgYBw6ssgCtMrdvQiEmjKVX/9yI38mvC2kSGyzbrQnGUfgqRGomRpeZuD
+B5E3kysA4td5pT5lvcLgSW0TbOz+YbiriXjwOihPIelCvc9gE2eOUI71/byUWPFz
+7u5F/xQ4NaGr5suLF+lBC6h7pSbM4El9lIHQAQadpuEdzHqrw+hs3g==
+-----END RSA PRIVATE KEY-----
diff --git a/vendor/github.com/klauspost/compress/README.md b/vendor/github.com/klauspost/compress/README.md
index 55c8ca447..efab55e65 100644
--- a/vendor/github.com/klauspost/compress/README.md
+++ b/vendor/github.com/klauspost/compress/README.md
@@ -16,6 +16,15 @@ This package provides various compression algorithms.
 
 # changelog
 
+* Apr 5, 2023 - [v1.16.4](https://github.com/klauspost/compress/releases/tag/v1.16.4)
+	* zstd: Improve zstd best efficiency by @greatroar and @klauspost in https://github.com/klauspost/compress/pull/784
+	* zstd: Respect WithAllLitEntropyCompression https://github.com/klauspost/compress/pull/792
+	* zstd: Fix amd64 not always detecting corrupt data https://github.com/klauspost/compress/pull/785
+	* zstd: Various minor improvements by @greatroar in https://github.com/klauspost/compress/pull/788 https://github.com/klauspost/compress/pull/794 https://github.com/klauspost/compress/pull/795
+	* s2: Fix huge block overflow https://github.com/klauspost/compress/pull/779
+	* s2: Allow CustomEncoder fallback https://github.com/klauspost/compress/pull/780
+	* gzhttp: Suppport ResponseWriter Unwrap() in gzhttp handler by @jgimenez in https://github.com/klauspost/compress/pull/799
+
 * Mar 13, 2023 - [v1.16.1](https://github.com/klauspost/compress/releases/tag/v1.16.1)
 	* zstd: Speed up + improve best encoder by @greatroar in https://github.com/klauspost/compress/pull/776
 	* gzhttp: Add optional [BREACH mitigation](https://github.com/klauspost/compress/tree/master/gzhttp#breach-mitigation). https://github.com/klauspost/compress/pull/762 https://github.com/klauspost/compress/pull/768 https://github.com/klauspost/compress/pull/769 https://github.com/klauspost/compress/pull/770 https://github.com/klauspost/compress/pull/767
diff --git a/vendor/github.com/klauspost/compress/gzip/gunzip.go b/vendor/github.com/klauspost/compress/gzip/gunzip.go
index 66fe5ddf7..6d630c390 100644
--- a/vendor/github.com/klauspost/compress/gzip/gunzip.go
+++ b/vendor/github.com/klauspost/compress/gzip/gunzip.go
@@ -288,10 +288,35 @@ func (z *Reader) Read(p []byte) (n int, err error) {
 	return n, nil
 }
 
-// Support the io.WriteTo interface for io.Copy and friends.
+type crcer interface {
+	io.Writer
+	Sum32() uint32
+	Reset()
+}
+type crcUpdater struct {
+	z *Reader
+}
+
+func (c *crcUpdater) Write(p []byte) (int, error) {
+	c.z.digest = crc32.Update(c.z.digest, crc32.IEEETable, p)
+	return len(p), nil
+}
+
+func (c *crcUpdater) Sum32() uint32 {
+	return c.z.digest
+}
+
+func (c *crcUpdater) Reset() {
+	c.z.digest = 0
+}
+
+// WriteTo support the io.WriteTo interface for io.Copy and friends.
 func (z *Reader) WriteTo(w io.Writer) (int64, error) {
 	total := int64(0)
-	crcWriter := crc32.NewIEEE()
+	crcWriter := crcer(crc32.NewIEEE())
+	if z.digest != 0 {
+		crcWriter = &crcUpdater{z: z}
+	}
 	for {
 		if z.err != nil {
 			if z.err == io.EOF {
diff --git a/vendor/github.com/klauspost/compress/zstd/bytebuf.go b/vendor/github.com/klauspost/compress/zstd/bytebuf.go
index 512ffe5b9..55a388553 100644
--- a/vendor/github.com/klauspost/compress/zstd/bytebuf.go
+++ b/vendor/github.com/klauspost/compress/zstd/bytebuf.go
@@ -109,7 +109,7 @@ func (r *readerWrapper) readBig(n int, dst []byte) ([]byte, error) {
 }
 
 func (r *readerWrapper) readByte() (byte, error) {
-	n2, err := r.r.Read(r.tmp[:1])
+	n2, err := io.ReadFull(r.r, r.tmp[:1])
 	if err != nil {
 		if err == io.EOF {
 			err = io.ErrUnexpectedEOF
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/counter.go b/vendor/github.com/prometheus/client_golang/prometheus/counter.go
index a912b75a0..62de4dc59 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/counter.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/counter.go
@@ -59,6 +59,18 @@ type ExemplarAdder interface {
 // CounterOpts is an alias for Opts. See there for doc comments.
 type CounterOpts Opts
 
+// CounterVecOpts bundles the options to create a CounterVec metric.
+// It is mandatory to set CounterOpts, see there for mandatory fields. VariableLabels
+// is optional and can safely be left to its default value.
+type CounterVecOpts struct {
+	CounterOpts
+
+	// VariableLabels are used to partition the metric vector by the given set
+	// of labels. Each label value will be constrained with the optional Contraint
+	// function, if provided.
+	VariableLabels ConstrainableLabels
+}
+
 // NewCounter creates a new Counter based on the provided CounterOpts.
 //
 // The returned implementation also implements ExemplarAdder. It is safe to
@@ -174,16 +186,24 @@ type CounterVec struct {
 // NewCounterVec creates a new CounterVec based on the provided CounterOpts and
 // partitioned by the given label names.
 func NewCounterVec(opts CounterOpts, labelNames []string) *CounterVec {
-	desc := NewDesc(
+	return V2.NewCounterVec(CounterVecOpts{
+		CounterOpts:    opts,
+		VariableLabels: UnconstrainedLabels(labelNames),
+	})
+}
+
+// NewCounterVec creates a new CounterVec based on the provided CounterVecOpts.
+func (v2) NewCounterVec(opts CounterVecOpts) *CounterVec {
+	desc := V2.NewDesc(
 		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
 		opts.Help,
-		labelNames,
+		opts.VariableLabels,
 		opts.ConstLabels,
 	)
 	return &CounterVec{
 		MetricVec: NewMetricVec(desc, func(lvs ...string) Metric {
 			if len(lvs) != len(desc.variableLabels) {
-				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels, lvs))
+				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), lvs))
 			}
 			result := &counter{desc: desc, labelPairs: MakeLabelPairs(desc, lvs), now: time.Now}
 			result.init(result) // Init self-collection.
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/desc.go b/vendor/github.com/prometheus/client_golang/prometheus/desc.go
index 8bc5e44e2..12331542d 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/desc.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/desc.go
@@ -14,20 +14,16 @@
 package prometheus
 
 import (
-	"errors"
 	"fmt"
 	"sort"
 	"strings"
 
-	"github.com/cespare/xxhash/v2"
-
 	"github.com/prometheus/client_golang/prometheus/internal"
 
-	//nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/golang/protobuf/proto"
-	"github.com/prometheus/common/model"
-
+	"github.com/cespare/xxhash/v2"
 	dto "github.com/prometheus/client_model/go"
+	"github.com/prometheus/common/model"
+	"google.golang.org/protobuf/proto"
 )
 
 // Desc is the descriptor used by every Prometheus Metric. It is essentially
@@ -54,9 +50,9 @@ type Desc struct {
 	// constLabelPairs contains precalculated DTO label pairs based on
 	// the constant labels.
 	constLabelPairs []*dto.LabelPair
-	// variableLabels contains names of labels for which the metric
-	// maintains variable values.
-	variableLabels []string
+	// variableLabels contains names of labels and normalization function for
+	// which the metric maintains variable values.
+	variableLabels ConstrainedLabels
 	// id is a hash of the values of the ConstLabels and fqName. This
 	// must be unique among all registered descriptors and can therefore be
 	// used as an identifier of the descriptor.
@@ -80,10 +76,24 @@ type Desc struct {
 // For constLabels, the label values are constant. Therefore, they are fully
 // specified in the Desc. See the Collector example for a usage pattern.
 func NewDesc(fqName, help string, variableLabels []string, constLabels Labels) *Desc {
+	return V2.NewDesc(fqName, help, UnconstrainedLabels(variableLabels), constLabels)
+}
+
+// NewDesc allocates and initializes a new Desc. Errors are recorded in the Desc
+// and will be reported on registration time. variableLabels and constLabels can
+// be nil if no such labels should be set. fqName must not be empty.
+//
+// variableLabels only contain the label names and normalization functions. Their
+// label values are variable and therefore not part of the Desc. (They are managed
+// within the Metric.)
+//
+// For constLabels, the label values are constant. Therefore, they are fully
+// specified in the Desc. See the Collector example for a usage pattern.
+func (v2) NewDesc(fqName, help string, variableLabels ConstrainableLabels, constLabels Labels) *Desc {
 	d := &Desc{
 		fqName:         fqName,
 		help:           help,
-		variableLabels: variableLabels,
+		variableLabels: variableLabels.constrainedLabels(),
 	}
 	if !model.IsValidMetricName(model.LabelValue(fqName)) {
 		d.err = fmt.Errorf("%q is not a valid metric name", fqName)
@@ -93,7 +103,7 @@ func NewDesc(fqName, help string, variableLabels []string, constLabels Labels) *
 	// their sorted label names) plus the fqName (at position 0).
 	labelValues := make([]string, 1, len(constLabels)+1)
 	labelValues[0] = fqName
-	labelNames := make([]string, 0, len(constLabels)+len(variableLabels))
+	labelNames := make([]string, 0, len(constLabels)+len(d.variableLabels))
 	labelNameSet := map[string]struct{}{}
 	// First add only the const label names and sort them...
 	for labelName := range constLabels {
@@ -118,16 +128,16 @@ func NewDesc(fqName, help string, variableLabels []string, constLabels Labels) *
 	// Now add the variable label names, but prefix them with something that
 	// cannot be in a regular label name. That prevents matching the label
 	// dimension with a different mix between preset and variable labels.
-	for _, labelName := range variableLabels {
-		if !checkLabelName(labelName) {
-			d.err = fmt.Errorf("%q is not a valid label name for metric %q", labelName, fqName)
+	for _, label := range d.variableLabels {
+		if !checkLabelName(label.Name) {
+			d.err = fmt.Errorf("%q is not a valid label name for metric %q", label.Name, fqName)
 			return d
 		}
-		labelNames = append(labelNames, "$"+labelName)
-		labelNameSet[labelName] = struct{}{}
+		labelNames = append(labelNames, "$"+label.Name)
+		labelNameSet[label.Name] = struct{}{}
 	}
 	if len(labelNames) != len(labelNameSet) {
-		d.err = errors.New("duplicate label names")
+		d.err = fmt.Errorf("duplicate label names in constant and variable labels for metric %q", fqName)
 		return d
 	}
 
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/doc.go b/vendor/github.com/prometheus/client_golang/prometheus/doc.go
index 811072cbd..962608f02 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/doc.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/doc.go
@@ -37,35 +37,35 @@
 //
 //	type metrics struct {
 //		cpuTemp  prometheus.Gauge
-//	  hdFailures *prometheus.CounterVec
+//		hdFailures *prometheus.CounterVec
 //	}
 //
 //	func NewMetrics(reg prometheus.Registerer) *metrics {
-//	  m := &metrics{
-//	    cpuTemp: prometheus.NewGauge(prometheus.GaugeOpts{
-//	      Name: "cpu_temperature_celsius",
-//	      Help: "Current temperature of the CPU.",
-//	    }),
-//	    hdFailures: prometheus.NewCounterVec(
-//	      prometheus.CounterOpts{
-//	        Name: "hd_errors_total",
-//	        Help: "Number of hard-disk errors.",
-//	      },
-//	      []string{"device"},
-//	    ),
-//	  }
-//	  reg.MustRegister(m.cpuTemp)
-//	  reg.MustRegister(m.hdFailures)
-//	  return m
+//		m := &metrics{
+//			cpuTemp: prometheus.NewGauge(prometheus.GaugeOpts{
+//				Name: "cpu_temperature_celsius",
+//				Help: "Current temperature of the CPU.",
+//			}),
+//			hdFailures: prometheus.NewCounterVec(
+//				prometheus.CounterOpts{
+//					Name: "hd_errors_total",
+//					Help: "Number of hard-disk errors.",
+//				},
+//				[]string{"device"},
+//			),
+//		}
+//		reg.MustRegister(m.cpuTemp)
+//		reg.MustRegister(m.hdFailures)
+//		return m
 //	}
 //
 //	func main() {
-//	  // Create a non-global registry.
-//	  reg := prometheus.NewRegistry()
+//		// Create a non-global registry.
+//		reg := prometheus.NewRegistry()
 //
-//	  // Create new metrics and register them using the custom registry.
-//	  m := NewMetrics(reg)
-//	  // Set values for the new created metrics.
+//		// Create new metrics and register them using the custom registry.
+//		m := NewMetrics(reg)
+//		// Set values for the new created metrics.
 //		m.cpuTemp.Set(65.3)
 //		m.hdFailures.With(prometheus.Labels{"device":"/dev/sda"}).Inc()
 //
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/gauge.go b/vendor/github.com/prometheus/client_golang/prometheus/gauge.go
index 21271a5bb..f1ea6c76f 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/gauge.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/gauge.go
@@ -55,6 +55,18 @@ type Gauge interface {
 // GaugeOpts is an alias for Opts. See there for doc comments.
 type GaugeOpts Opts
 
+// GaugeVecOpts bundles the options to create a GaugeVec metric.
+// It is mandatory to set GaugeOpts, see there for mandatory fields. VariableLabels
+// is optional and can safely be left to its default value.
+type GaugeVecOpts struct {
+	GaugeOpts
+
+	// VariableLabels are used to partition the metric vector by the given set
+	// of labels. Each label value will be constrained with the optional Contraint
+	// function, if provided.
+	VariableLabels ConstrainableLabels
+}
+
 // NewGauge creates a new Gauge based on the provided GaugeOpts.
 //
 // The returned implementation is optimized for a fast Set method. If you have a
@@ -138,16 +150,24 @@ type GaugeVec struct {
 // NewGaugeVec creates a new GaugeVec based on the provided GaugeOpts and
 // partitioned by the given label names.
 func NewGaugeVec(opts GaugeOpts, labelNames []string) *GaugeVec {
-	desc := NewDesc(
+	return V2.NewGaugeVec(GaugeVecOpts{
+		GaugeOpts:      opts,
+		VariableLabels: UnconstrainedLabels(labelNames),
+	})
+}
+
+// NewGaugeVec creates a new GaugeVec based on the provided GaugeVecOpts.
+func (v2) NewGaugeVec(opts GaugeVecOpts) *GaugeVec {
+	desc := V2.NewDesc(
 		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
 		opts.Help,
-		labelNames,
+		opts.VariableLabels,
 		opts.ConstLabels,
 	)
 	return &GaugeVec{
 		MetricVec: NewMetricVec(desc, func(lvs ...string) Metric {
 			if len(lvs) != len(desc.variableLabels) {
-				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels, lvs))
+				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), lvs))
 			}
 			result := &gauge{desc: desc, labelPairs: MakeLabelPairs(desc, lvs)}
 			result.init(result) // Init self-collection.
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/go_collector_latest.go b/vendor/github.com/prometheus/client_golang/prometheus/go_collector_latest.go
index 3a2d55e84..2d8d9f64f 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/go_collector_latest.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/go_collector_latest.go
@@ -23,11 +23,10 @@ import (
 	"strings"
 	"sync"
 
-	//nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/golang/protobuf/proto"
-	dto "github.com/prometheus/client_model/go"
-
 	"github.com/prometheus/client_golang/prometheus/internal"
+
+	dto "github.com/prometheus/client_model/go"
+	"google.golang.org/protobuf/proto"
 )
 
 const (
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/histogram.go b/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
index 4c873a01c..5b69965b2 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
@@ -22,10 +22,9 @@ import (
 	"sync/atomic"
 	"time"
 
-	//nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/golang/protobuf/proto"
-
 	dto "github.com/prometheus/client_model/go"
+
+	"google.golang.org/protobuf/proto"
 )
 
 // nativeHistogramBounds for the frac of observed values. Only relevant for
@@ -469,6 +468,18 @@ type HistogramOpts struct {
 	NativeHistogramMaxZeroThreshold float64
 }
 
+// HistogramVecOpts bundles the options to create a HistogramVec metric.
+// It is mandatory to set HistogramOpts, see there for mandatory fields. VariableLabels
+// is optional and can safely be left to its default value.
+type HistogramVecOpts struct {
+	HistogramOpts
+
+	// VariableLabels are used to partition the metric vector by the given set
+	// of labels. Each label value will be constrained with the optional Contraint
+	// function, if provided.
+	VariableLabels ConstrainableLabels
+}
+
 // NewHistogram creates a new Histogram based on the provided HistogramOpts. It
 // panics if the buckets in HistogramOpts are not in strictly increasing order.
 //
@@ -489,11 +500,11 @@ func NewHistogram(opts HistogramOpts) Histogram {
 
 func newHistogram(desc *Desc, opts HistogramOpts, labelValues ...string) Histogram {
 	if len(desc.variableLabels) != len(labelValues) {
-		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels, labelValues))
+		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), labelValues))
 	}
 
 	for _, n := range desc.variableLabels {
-		if n == bucketLabel {
+		if n.Name == bucketLabel {
 			panic(errBucketLabelNotAllowed)
 		}
 	}
@@ -544,16 +555,12 @@ func newHistogram(desc *Desc, opts HistogramOpts, labelValues ...string) Histogr
 	}
 	// Finally we know the final length of h.upperBounds and can make buckets
 	// for both counts as well as exemplars:
-	h.counts[0] = &histogramCounts{
-		buckets:                          make([]uint64, len(h.upperBounds)),
-		nativeHistogramZeroThresholdBits: math.Float64bits(h.nativeHistogramZeroThreshold),
-		nativeHistogramSchema:            h.nativeHistogramSchema,
-	}
-	h.counts[1] = &histogramCounts{
-		buckets:                          make([]uint64, len(h.upperBounds)),
-		nativeHistogramZeroThresholdBits: math.Float64bits(h.nativeHistogramZeroThreshold),
-		nativeHistogramSchema:            h.nativeHistogramSchema,
-	}
+	h.counts[0] = &histogramCounts{buckets: make([]uint64, len(h.upperBounds))}
+	atomic.StoreUint64(&h.counts[0].nativeHistogramZeroThresholdBits, math.Float64bits(h.nativeHistogramZeroThreshold))
+	atomic.StoreInt32(&h.counts[0].nativeHistogramSchema, h.nativeHistogramSchema)
+	h.counts[1] = &histogramCounts{buckets: make([]uint64, len(h.upperBounds))}
+	atomic.StoreUint64(&h.counts[1].nativeHistogramZeroThresholdBits, math.Float64bits(h.nativeHistogramZeroThreshold))
+	atomic.StoreInt32(&h.counts[1].nativeHistogramSchema, h.nativeHistogramSchema)
 	h.exemplars = make([]atomic.Value, len(h.upperBounds)+1)
 
 	h.init(h) // Init self-collection.
@@ -1034,15 +1041,23 @@ type HistogramVec struct {
 // NewHistogramVec creates a new HistogramVec based on the provided HistogramOpts and
 // partitioned by the given label names.
 func NewHistogramVec(opts HistogramOpts, labelNames []string) *HistogramVec {
-	desc := NewDesc(
+	return V2.NewHistogramVec(HistogramVecOpts{
+		HistogramOpts:  opts,
+		VariableLabels: UnconstrainedLabels(labelNames),
+	})
+}
+
+// NewHistogramVec creates a new HistogramVec based on the provided HistogramVecOpts.
+func (v2) NewHistogramVec(opts HistogramVecOpts) *HistogramVec {
+	desc := V2.NewDesc(
 		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
 		opts.Help,
-		labelNames,
+		opts.VariableLabels,
 		opts.ConstLabels,
 	)
 	return &HistogramVec{
 		MetricVec: NewMetricVec(desc, func(lvs ...string) Metric {
-			return newHistogram(desc, opts, lvs...)
+			return newHistogram(desc, opts.HistogramOpts, lvs...)
 		}),
 	}
 }
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/labels.go b/vendor/github.com/prometheus/client_golang/prometheus/labels.go
index c1b8fad36..63ff8683c 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/labels.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/labels.go
@@ -32,6 +32,78 @@ import (
 // create a Desc.
 type Labels map[string]string
 
+// ConstrainedLabels represents a label name and its constrain function
+// to normalize label values. This type is commonly used when constructing
+// metric vector Collectors.
+type ConstrainedLabel struct {
+	Name       string
+	Constraint func(string) string
+}
+
+func (cl ConstrainedLabel) Constrain(v string) string {
+	if cl.Constraint == nil {
+		return v
+	}
+	return cl.Constraint(v)
+}
+
+// ConstrainableLabels is an interface that allows creating of labels that can
+// be optionally constrained.
+//
+//	prometheus.V2().NewCounterVec(CounterVecOpts{
+//	  CounterOpts: {...}, // Usual CounterOpts fields
+//	  VariableLabels: []ConstrainedLabels{
+//	    {Name: "A"},
+//	    {Name: "B", Constraint: func(v string) string { ... }},
+//	  },
+//	})
+type ConstrainableLabels interface {
+	constrainedLabels() ConstrainedLabels
+	labelNames() []string
+}
+
+// ConstrainedLabels represents a collection of label name -> constrain function
+// to normalize label values. This type is commonly used when constructing
+// metric vector Collectors.
+type ConstrainedLabels []ConstrainedLabel
+
+func (cls ConstrainedLabels) constrainedLabels() ConstrainedLabels {
+	return cls
+}
+
+func (cls ConstrainedLabels) labelNames() []string {
+	names := make([]string, len(cls))
+	for i, label := range cls {
+		names[i] = label.Name
+	}
+	return names
+}
+
+// UnconstrainedLabels represents collection of label without any constraint on
+// their value. Thus, it is simply a collection of label names.
+//
+//	UnconstrainedLabels([]string{ "A", "B" })
+//
+// is equivalent to
+//
+//	ConstrainedLabels {
+//	  { Name: "A" },
+//	  { Name: "B" },
+//	}
+type UnconstrainedLabels []string
+
+func (uls UnconstrainedLabels) constrainedLabels() ConstrainedLabels {
+	constrainedLabels := make([]ConstrainedLabel, len(uls))
+	for i, l := range uls {
+		constrainedLabels[i] = ConstrainedLabel{Name: l}
+	}
+	return constrainedLabels
+}
+
+func (uls UnconstrainedLabels) labelNames() []string {
+	return uls
+}
+
 // reservedLabelPrefix is a prefix which is not legal in user-supplied
 // label names.
 const reservedLabelPrefix = "__"
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/metric.go b/vendor/github.com/prometheus/client_golang/prometheus/metric.go
index b5119c504..07bbc9d76 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/metric.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/metric.go
@@ -20,11 +20,9 @@ import (
 	"strings"
 	"time"
 
-	//nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/golang/protobuf/proto"
-	"github.com/prometheus/common/model"
-
 	dto "github.com/prometheus/client_model/go"
+	"github.com/prometheus/common/model"
+	"google.golang.org/protobuf/proto"
 )
 
 var separatorByteSlice = []byte{model.SeparatorByte} // For convenient use with xxhash.
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promauto/auto.go b/vendor/github.com/prometheus/client_golang/prometheus/promauto/auto.go
index 8031e8704..fa9011592 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/promauto/auto.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/promauto/auto.go
@@ -28,30 +28,30 @@
 //	package main
 //
 //	import (
-//	        "math/rand"
-//	        "net/http"
+//		"math/rand"
+//		"net/http"
 //
-//	        "github.com/prometheus/client_golang/prometheus"
-//	        "github.com/prometheus/client_golang/prometheus/promauto"
-//	        "github.com/prometheus/client_golang/prometheus/promhttp"
+//		"github.com/prometheus/client_golang/prometheus"
+//		"github.com/prometheus/client_golang/prometheus/promauto"
+//		"github.com/prometheus/client_golang/prometheus/promhttp"
 //	)
 //
 //	var histogram = promauto.NewHistogram(prometheus.HistogramOpts{
-//	        Name:    "random_numbers",
-//	        Help:    "A histogram of normally distributed random numbers.",
-//	        Buckets: prometheus.LinearBuckets(-3, .1, 61),
+//		Name:    "random_numbers",
+//		Help:    "A histogram of normally distributed random numbers.",
+//		Buckets: prometheus.LinearBuckets(-3, .1, 61),
 //	})
 //
 //	func Random() {
-//	        for {
-//	                histogram.Observe(rand.NormFloat64())
-//	        }
+//		for {
+//			histogram.Observe(rand.NormFloat64())
+//		}
 //	}
 //
 //	func main() {
-//	        go Random()
-//	        http.Handle("/metrics", promhttp.Handler())
-//	        http.ListenAndServe(":1971", nil)
+//		go Random()
+//		http.Handle("/metrics", promhttp.Handler())
+//		http.ListenAndServe(":1971", nil)
 //	}
 //
 // Prometheus's version of a minimal hello-world program:
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/registry.go b/vendor/github.com/prometheus/client_golang/prometheus/registry.go
index 09e34d307..44da9433b 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/registry.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/registry.go
@@ -21,18 +21,17 @@ import (
 	"path/filepath"
 	"runtime"
 	"sort"
+	"strconv"
 	"strings"
 	"sync"
 	"unicode/utf8"
 
-	"github.com/cespare/xxhash/v2"
-	//nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/golang/protobuf/proto"
-	"github.com/prometheus/common/expfmt"
-
-	dto "github.com/prometheus/client_model/go"
-
 	"github.com/prometheus/client_golang/prometheus/internal"
+
+	"github.com/cespare/xxhash/v2"
+	dto "github.com/prometheus/client_model/go"
+	"github.com/prometheus/common/expfmt"
+	"google.golang.org/protobuf/proto"
 )
 
 const (
@@ -933,6 +932,10 @@ func checkMetricConsistency(
 		h.WriteString(lp.GetValue())
 		h.Write(separatorByteSlice)
 	}
+	if dtoMetric.TimestampMs != nil {
+		h.WriteString(strconv.FormatInt(*(dtoMetric.TimestampMs), 10))
+		h.Write(separatorByteSlice)
+	}
 	hSum := h.Sum64()
 	if _, exists := metricHashes[hSum]; exists {
 		return fmt.Errorf(
@@ -962,7 +965,7 @@ func checkDescConsistency(
 	copy(lpsFromDesc, desc.constLabelPairs)
 	for _, l := range desc.variableLabels {
 		lpsFromDesc = append(lpsFromDesc, &dto.LabelPair{
-			Name: proto.String(l),
+			Name: proto.String(l.Name),
 		})
 	}
 	if len(lpsFromDesc) != len(dtoMetric.Label) {
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/summary.go b/vendor/github.com/prometheus/client_golang/prometheus/summary.go
index 7bc448a89..dd359264e 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/summary.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/summary.go
@@ -22,11 +22,10 @@ import (
 	"sync/atomic"
 	"time"
 
-	"github.com/beorn7/perks/quantile"
-	//nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/golang/protobuf/proto"
-
 	dto "github.com/prometheus/client_model/go"
+
+	"github.com/beorn7/perks/quantile"
+	"google.golang.org/protobuf/proto"
 )
 
 // quantileLabel is used for the label that defines the quantile in a
@@ -148,6 +147,18 @@ type SummaryOpts struct {
 	BufCap uint32
 }
 
+// SummaryVecOpts bundles the options to create a SummaryVec metric.
+// It is mandatory to set SummaryOpts, see there for mandatory fields. VariableLabels
+// is optional and can safely be left to its default value.
+type SummaryVecOpts struct {
+	SummaryOpts
+
+	// VariableLabels are used to partition the metric vector by the given set
+	// of labels. Each label value will be constrained with the optional Contraint
+	// function, if provided.
+	VariableLabels ConstrainableLabels
+}
+
 // Problem with the sliding-window decay algorithm... The Merge method of
 // perk/quantile is actually not working as advertised - and it might be
 // unfixable, as the underlying algorithm is apparently not capable of merging
@@ -178,11 +189,11 @@ func NewSummary(opts SummaryOpts) Summary {
 
 func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
 	if len(desc.variableLabels) != len(labelValues) {
-		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels, labelValues))
+		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), labelValues))
 	}
 
 	for _, n := range desc.variableLabels {
-		if n == quantileLabel {
+		if n.Name == quantileLabel {
 			panic(errQuantileLabelNotAllowed)
 		}
 	}
@@ -530,20 +541,28 @@ type SummaryVec struct {
 // it is handled by the Prometheus server internally, “quantile” is an illegal
 // label name. NewSummaryVec will panic if this label name is used.
 func NewSummaryVec(opts SummaryOpts, labelNames []string) *SummaryVec {
-	for _, ln := range labelNames {
+	return V2.NewSummaryVec(SummaryVecOpts{
+		SummaryOpts:    opts,
+		VariableLabels: UnconstrainedLabels(labelNames),
+	})
+}
+
+// NewSummaryVec creates a new SummaryVec based on the provided SummaryVecOpts.
+func (v2) NewSummaryVec(opts SummaryVecOpts) *SummaryVec {
+	for _, ln := range opts.VariableLabels.labelNames() {
 		if ln == quantileLabel {
 			panic(errQuantileLabelNotAllowed)
 		}
 	}
-	desc := NewDesc(
+	desc := V2.NewDesc(
 		BuildFQName(opts.Namespace, opts.Subsystem, opts.Name),
 		opts.Help,
-		labelNames,
+		opts.VariableLabels,
 		opts.ConstLabels,
 	)
 	return &SummaryVec{
 		MetricVec: NewMetricVec(desc, func(lvs ...string) Metric {
-			return newSummary(desc, opts, lvs...)
+			return newSummary(desc, opts.SummaryOpts, lvs...)
 		}),
 	}
 }
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/testutil/testutil.go b/vendor/github.com/prometheus/client_golang/prometheus/testutil/testutil.go
index 91b83b528..82d4a5436 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/testutil/testutil.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/testutil/testutil.go
@@ -238,6 +238,7 @@ func convertReaderToMetricFamily(reader io.Reader) ([]*dto.MetricFamily, error)
 func compareMetricFamilies(got, expected []*dto.MetricFamily, metricNames ...string) error {
 	if metricNames != nil {
 		got = filterMetrics(got, metricNames)
+		expected = filterMetrics(expected, metricNames)
 	}
 
 	return compare(got, expected)
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/timer.go b/vendor/github.com/prometheus/client_golang/prometheus/timer.go
index f28a76f3a..52344fef5 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/timer.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/timer.go
@@ -23,7 +23,9 @@ type Timer struct {
 }
 
 // NewTimer creates a new Timer. The provided Observer is used to observe a
-// duration in seconds. Timer is usually used to time a function call in the
+// duration in seconds. If the Observer implements ExemplarObserver, passing exemplar
+// later on will be also supported.
+// Timer is usually used to time a function call in the
 // following way:
 //
 //	func TimeMe() {
@@ -31,6 +33,14 @@ type Timer struct {
 //	    defer timer.ObserveDuration()
 //	    // Do actual work.
 //	}
+//
+// or
+//
+//	func TimeMeWithExemplar() {
+//		    timer := NewTimer(myHistogram)
+//		    defer timer.ObserveDurationWithExemplar(exemplar)
+//		    // Do actual work.
+//		}
 func NewTimer(o Observer) *Timer {
 	return &Timer{
 		begin:    time.Now(),
@@ -53,3 +63,19 @@ func (t *Timer) ObserveDuration() time.Duration {
 	}
 	return d
 }
+
+// ObserveDurationWithExemplar is like ObserveDuration, but it will also
+// observe exemplar with the duration unless exemplar is nil or provided Observer can't
+// be casted to ExemplarObserver.
+func (t *Timer) ObserveDurationWithExemplar(exemplar Labels) time.Duration {
+	d := time.Since(t.begin)
+	eo, ok := t.observer.(ExemplarObserver)
+	if ok && exemplar != nil {
+		eo.ObserveWithExemplar(d.Seconds(), exemplar)
+		return d
+	}
+	if t.observer != nil {
+		t.observer.Observe(d.Seconds())
+	}
+	return d
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/value.go b/vendor/github.com/prometheus/client_golang/prometheus/value.go
index 2d3abc1cb..5f6bb8001 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/value.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/value.go
@@ -19,13 +19,11 @@ import (
 	"time"
 	"unicode/utf8"
 
-	//nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/golang/protobuf/proto"
-	"google.golang.org/protobuf/types/known/timestamppb"
-
 	"github.com/prometheus/client_golang/prometheus/internal"
 
 	dto "github.com/prometheus/client_model/go"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
 // ValueType is an enumeration of metric types that represent a simple value.
@@ -188,9 +186,9 @@ func MakeLabelPairs(desc *Desc, labelValues []string) []*dto.LabelPair {
 		return desc.constLabelPairs
 	}
 	labelPairs := make([]*dto.LabelPair, 0, totalLen)
-	for i, n := range desc.variableLabels {
+	for i, l := range desc.variableLabels {
 		labelPairs = append(labelPairs, &dto.LabelPair{
-			Name:  proto.String(n),
+			Name:  proto.String(l.Name),
 			Value: proto.String(labelValues[i]),
 		})
 	}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/vec.go b/vendor/github.com/prometheus/client_golang/prometheus/vec.go
index 7ae322590..386fb2d23 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/vec.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/vec.go
@@ -72,6 +72,7 @@ func NewMetricVec(desc *Desc, newMetric func(lvs ...string) Metric) *MetricVec {
 // with a performance overhead (for creating and processing the Labels map).
 // See also the CounterVec example.
 func (m *MetricVec) DeleteLabelValues(lvs ...string) bool {
+	lvs = constrainLabelValues(m.desc, lvs, m.curry)
 	h, err := m.hashLabelValues(lvs)
 	if err != nil {
 		return false
@@ -91,6 +92,7 @@ func (m *MetricVec) DeleteLabelValues(lvs ...string) bool {
 // This method is used for the same purpose as DeleteLabelValues(...string). See
 // there for pros and cons of the two methods.
 func (m *MetricVec) Delete(labels Labels) bool {
+	labels = constrainLabels(m.desc, labels)
 	h, err := m.hashLabels(labels)
 	if err != nil {
 		return false
@@ -106,6 +108,7 @@ func (m *MetricVec) Delete(labels Labels) bool {
 // Note that curried labels will never be matched if deleting from the curried vector.
 // To match curried labels with DeletePartialMatch, it must be called on the base vector.
 func (m *MetricVec) DeletePartialMatch(labels Labels) int {
+	labels = constrainLabels(m.desc, labels)
 	return m.metricMap.deleteByLabels(labels, m.curry)
 }
 
@@ -145,10 +148,10 @@ func (m *MetricVec) CurryWith(labels Labels) (*MetricVec, error) {
 		iCurry   int
 	)
 	for i, label := range m.desc.variableLabels {
-		val, ok := labels[label]
+		val, ok := labels[label.Name]
 		if iCurry < len(oldCurry) && oldCurry[iCurry].index == i {
 			if ok {
-				return nil, fmt.Errorf("label name %q is already curried", label)
+				return nil, fmt.Errorf("label name %q is already curried", label.Name)
 			}
 			newCurry = append(newCurry, oldCurry[iCurry])
 			iCurry++
@@ -156,7 +159,7 @@ func (m *MetricVec) CurryWith(labels Labels) (*MetricVec, error) {
 			if !ok {
 				continue // Label stays uncurried.
 			}
-			newCurry = append(newCurry, curriedLabelValue{i, val})
+			newCurry = append(newCurry, curriedLabelValue{i, label.Constrain(val)})
 		}
 	}
 	if l := len(oldCurry) + len(labels) - len(newCurry); l > 0 {
@@ -199,6 +202,7 @@ func (m *MetricVec) CurryWith(labels Labels) (*MetricVec, error) {
 // a wrapper around MetricVec, implementing a vector for a specific Metric
 // implementation, for example GaugeVec.
 func (m *MetricVec) GetMetricWithLabelValues(lvs ...string) (Metric, error) {
+	lvs = constrainLabelValues(m.desc, lvs, m.curry)
 	h, err := m.hashLabelValues(lvs)
 	if err != nil {
 		return nil, err
@@ -224,6 +228,7 @@ func (m *MetricVec) GetMetricWithLabelValues(lvs ...string) (Metric, error) {
 // around MetricVec, implementing a vector for a specific Metric implementation,
 // for example GaugeVec.
 func (m *MetricVec) GetMetricWith(labels Labels) (Metric, error) {
+	labels = constrainLabels(m.desc, labels)
 	h, err := m.hashLabels(labels)
 	if err != nil {
 		return nil, err
@@ -266,16 +271,16 @@ func (m *MetricVec) hashLabels(labels Labels) (uint64, error) {
 		iCurry int
 	)
 	for i, label := range m.desc.variableLabels {
-		val, ok := labels[label]
+		val, ok := labels[label.Name]
 		if iCurry < len(curry) && curry[iCurry].index == i {
 			if ok {
-				return 0, fmt.Errorf("label name %q is already curried", label)
+				return 0, fmt.Errorf("label name %q is already curried", label.Name)
 			}
 			h = m.hashAdd(h, curry[iCurry].value)
 			iCurry++
 		} else {
 			if !ok {
-				return 0, fmt.Errorf("label name %q missing in label map", label)
+				return 0, fmt.Errorf("label name %q missing in label map", label.Name)
 			}
 			h = m.hashAdd(h, val)
 		}
@@ -453,7 +458,7 @@ func valueMatchesVariableOrCurriedValue(targetValue string, index int, values []
 func matchPartialLabels(desc *Desc, values []string, labels Labels, curry []curriedLabelValue) bool {
 	for l, v := range labels {
 		// Check if the target label exists in our metrics and get the index.
-		varLabelIndex, validLabel := indexOf(l, desc.variableLabels)
+		varLabelIndex, validLabel := indexOf(l, desc.variableLabels.labelNames())
 		if validLabel {
 			// Check the value of that label against the target value.
 			// We don't consider curried values in partial matches.
@@ -605,7 +610,7 @@ func matchLabels(desc *Desc, values []string, labels Labels, curry []curriedLabe
 			iCurry++
 			continue
 		}
-		if values[i] != labels[k] {
+		if values[i] != labels[k.Name] {
 			return false
 		}
 	}
@@ -621,7 +626,7 @@ func extractLabelValues(desc *Desc, labels Labels, curry []curriedLabelValue) []
 			iCurry++
 			continue
 		}
-		labelValues[i] = labels[k]
+		labelValues[i] = labels[k.Name]
 	}
 	return labelValues
 }
@@ -640,3 +645,34 @@ func inlineLabelValues(lvs []string, curry []curriedLabelValue) []string {
 	}
 	return labelValues
 }
+
+func constrainLabels(desc *Desc, labels Labels) Labels {
+	constrainedValues := make(Labels, len(labels))
+	for l, v := range labels {
+		if i, ok := indexOf(l, desc.variableLabels.labelNames()); ok {
+			constrainedValues[l] = desc.variableLabels[i].Constrain(v)
+			continue
+		}
+		constrainedValues[l] = v
+	}
+	return constrainedValues
+}
+
+func constrainLabelValues(desc *Desc, lvs []string, curry []curriedLabelValue) []string {
+	constrainedValues := make([]string, len(lvs))
+	var iCurry, iLVs int
+	for i := 0; i < len(lvs)+len(curry); i++ {
+		if iCurry < len(curry) && curry[iCurry].index == i {
+			iCurry++
+			continue
+		}
+
+		if i < len(desc.variableLabels) {
+			constrainedValues[iLVs] = desc.variableLabels[i].Constrain(lvs[iLVs])
+		} else {
+			constrainedValues[iLVs] = lvs[iLVs]
+		}
+		iLVs++
+	}
+	return constrainedValues
+}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/vnext.go b/vendor/github.com/prometheus/client_golang/prometheus/vnext.go
new file mode 100644
index 000000000..42bc3a8f0
--- /dev/null
+++ b/vendor/github.com/prometheus/client_golang/prometheus/vnext.go
@@ -0,0 +1,23 @@
+// Copyright 2022 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package prometheus
+
+type v2 struct{}
+
+// V2 is a struct that can be referenced to access experimental API that might
+// be present in v2 of client golang someday. It offers extended functionality
+// of v1 with slightly changed API. It is acceptable to use some pieces from v1
+// and e.g `prometheus.NewGauge` and some from v2 e.g. `prometheus.V2.NewDesc`
+// in the same codebase.
+var V2 = v2{}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/wrap.go b/vendor/github.com/prometheus/client_golang/prometheus/wrap.go
index 1498ee144..25da157f1 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/wrap.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/wrap.go
@@ -17,12 +17,10 @@ import (
 	"fmt"
 	"sort"
 
-	//nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
-	"github.com/golang/protobuf/proto"
+	"github.com/prometheus/client_golang/prometheus/internal"
 
 	dto "github.com/prometheus/client_model/go"
-
-	"github.com/prometheus/client_golang/prometheus/internal"
+	"google.golang.org/protobuf/proto"
 )
 
 // WrapRegistererWith returns a Registerer wrapping the provided
@@ -206,7 +204,7 @@ func wrapDesc(desc *Desc, prefix string, labels Labels) *Desc {
 		constLabels[ln] = lv
 	}
 	// NewDesc will do remaining validations.
-	newDesc := NewDesc(prefix+desc.fqName, desc.help, desc.variableLabels, constLabels)
+	newDesc := V2.NewDesc(prefix+desc.fqName, desc.help, desc.variableLabels, constLabels)
 	// Propagate errors if there was any. This will override any errer
 	// created by NewDesc above, i.e. earlier errors get precedence.
 	if desc.err != nil {
diff --git a/vendor/github.com/prometheus/client_model/go/metrics.pb.go b/vendor/github.com/prometheus/client_model/go/metrics.pb.go
index 35904ea19..2b5bca4b9 100644
--- a/vendor/github.com/prometheus/client_model/go/metrics.pb.go
+++ b/vendor/github.com/prometheus/client_model/go/metrics.pb.go
@@ -1,25 +1,38 @@
+// Copyright 2013 Prometheus Team
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 // Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.30.0
+// 	protoc        v3.20.3
 // source: io/prometheus/client/metrics.proto
 
 package io_prometheus_client
 
 import (
-	fmt "fmt"
-	proto "github.com/golang/protobuf/proto"
-	timestamp "github.com/golang/protobuf/ptypes/timestamp"
-	math "math"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
+	reflect "reflect"
+	sync "sync"
 )
 
-// Reference imports to suppress errors if they are not otherwise used.
-var _ = proto.Marshal
-var _ = fmt.Errorf
-var _ = math.Inf
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the proto package it is being compiled against.
-// A compilation error at this line likely means your copy of the
-// proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
 
 type MetricType int32
 
@@ -38,23 +51,25 @@ const (
 	MetricType_GAUGE_HISTOGRAM MetricType = 5
 )
 
-var MetricType_name = map[int32]string{
-	0: "COUNTER",
-	1: "GAUGE",
-	2: "SUMMARY",
-	3: "UNTYPED",
-	4: "HISTOGRAM",
-	5: "GAUGE_HISTOGRAM",
-}
-
-var MetricType_value = map[string]int32{
-	"COUNTER":         0,
-	"GAUGE":           1,
-	"SUMMARY":         2,
-	"UNTYPED":         3,
-	"HISTOGRAM":       4,
-	"GAUGE_HISTOGRAM": 5,
-}
+// Enum value maps for MetricType.
+var (
+	MetricType_name = map[int32]string{
+		0: "COUNTER",
+		1: "GAUGE",
+		2: "SUMMARY",
+		3: "UNTYPED",
+		4: "HISTOGRAM",
+		5: "GAUGE_HISTOGRAM",
+	}
+	MetricType_value = map[string]int32{
+		"COUNTER":         0,
+		"GAUGE":           1,
+		"SUMMARY":         2,
+		"UNTYPED":         3,
+		"HISTOGRAM":       4,
+		"GAUGE_HISTOGRAM": 5,
+	}
+)
 
 func (x MetricType) Enum() *MetricType {
 	p := new(MetricType)
@@ -63,449 +78,519 @@ func (x MetricType) Enum() *MetricType {
 }
 
 func (x MetricType) String() string {
-	return proto.EnumName(MetricType_name, int32(x))
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
 }
 
-func (x *MetricType) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(MetricType_value, data, "MetricType")
+func (MetricType) Descriptor() protoreflect.EnumDescriptor {
+	return file_io_prometheus_client_metrics_proto_enumTypes[0].Descriptor()
+}
+
+func (MetricType) Type() protoreflect.EnumType {
+	return &file_io_prometheus_client_metrics_proto_enumTypes[0]
+}
+
+func (x MetricType) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Do not use.
+func (x *MetricType) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
 	if err != nil {
 		return err
 	}
-	*x = MetricType(value)
+	*x = MetricType(num)
 	return nil
 }
 
+// Deprecated: Use MetricType.Descriptor instead.
 func (MetricType) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_d1e5ddb18987a258, []int{0}
+	return file_io_prometheus_client_metrics_proto_rawDescGZIP(), []int{0}
 }
 
 type LabelPair struct {
-	Name                 *string  `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
-	Value                *string  `protobuf:"bytes,2,opt,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name  *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	Value *string `protobuf:"bytes,2,opt,name=value" json:"value,omitempty"`
 }
 
-func (m *LabelPair) Reset()         { *m = LabelPair{} }
-func (m *LabelPair) String() string { return proto.CompactTextString(m) }
-func (*LabelPair) ProtoMessage()    {}
+func (x *LabelPair) Reset() {
+	*x = LabelPair{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_io_prometheus_client_metrics_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *LabelPair) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*LabelPair) ProtoMessage() {}
+
+func (x *LabelPair) ProtoReflect() protoreflect.Message {
+	mi := &file_io_prometheus_client_metrics_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use LabelPair.ProtoReflect.Descriptor instead.
 func (*LabelPair) Descriptor() ([]byte, []int) {
-	return fileDescriptor_d1e5ddb18987a258, []int{0}
+	return file_io_prometheus_client_metrics_proto_rawDescGZIP(), []int{0}
 }
 
-func (m *LabelPair) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_LabelPair.Unmarshal(m, b)
-}
-func (m *LabelPair) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_LabelPair.Marshal(b, m, deterministic)
-}
-func (m *LabelPair) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_LabelPair.Merge(m, src)
-}
-func (m *LabelPair) XXX_Size() int {
-	return xxx_messageInfo_LabelPair.Size(m)
-}
-func (m *LabelPair) XXX_DiscardUnknown() {
-	xxx_messageInfo_LabelPair.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_LabelPair proto.InternalMessageInfo
-
-func (m *LabelPair) GetName() string {
-	if m != nil && m.Name != nil {
-		return *m.Name
+func (x *LabelPair) GetName() string {
+	if x != nil && x.Name != nil {
+		return *x.Name
 	}
 	return ""
 }
 
-func (m *LabelPair) GetValue() string {
-	if m != nil && m.Value != nil {
-		return *m.Value
+func (x *LabelPair) GetValue() string {
+	if x != nil && x.Value != nil {
+		return *x.Value
 	}
 	return ""
 }
 
 type Gauge struct {
-	Value                *float64 `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Value *float64 `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
 }
 
-func (m *Gauge) Reset()         { *m = Gauge{} }
-func (m *Gauge) String() string { return proto.CompactTextString(m) }
-func (*Gauge) ProtoMessage()    {}
+func (x *Gauge) Reset() {
+	*x = Gauge{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_io_prometheus_client_metrics_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Gauge) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Gauge) ProtoMessage() {}
+
+func (x *Gauge) ProtoReflect() protoreflect.Message {
+	mi := &file_io_prometheus_client_metrics_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Gauge.ProtoReflect.Descriptor instead.
 func (*Gauge) Descriptor() ([]byte, []int) {
-	return fileDescriptor_d1e5ddb18987a258, []int{1}
+	return file_io_prometheus_client_metrics_proto_rawDescGZIP(), []int{1}
 }
 
-func (m *Gauge) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Gauge.Unmarshal(m, b)
-}
-func (m *Gauge) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Gauge.Marshal(b, m, deterministic)
-}
-func (m *Gauge) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Gauge.Merge(m, src)
-}
-func (m *Gauge) XXX_Size() int {
-	return xxx_messageInfo_Gauge.Size(m)
-}
-func (m *Gauge) XXX_DiscardUnknown() {
-	xxx_messageInfo_Gauge.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Gauge proto.InternalMessageInfo
-
-func (m *Gauge) GetValue() float64 {
-	if m != nil && m.Value != nil {
-		return *m.Value
+func (x *Gauge) GetValue() float64 {
+	if x != nil && x.Value != nil {
+		return *x.Value
 	}
 	return 0
 }
 
 type Counter struct {
-	Value                *float64  `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
-	Exemplar             *Exemplar `protobuf:"bytes,2,opt,name=exemplar" json:"exemplar,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
-	XXX_unrecognized     []byte    `json:"-"`
-	XXX_sizecache        int32     `json:"-"`
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Value    *float64  `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
+	Exemplar *Exemplar `protobuf:"bytes,2,opt,name=exemplar" json:"exemplar,omitempty"`
 }
 
-func (m *Counter) Reset()         { *m = Counter{} }
-func (m *Counter) String() string { return proto.CompactTextString(m) }
-func (*Counter) ProtoMessage()    {}
+func (x *Counter) Reset() {
+	*x = Counter{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_io_prometheus_client_metrics_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Counter) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Counter) ProtoMessage() {}
+
+func (x *Counter) ProtoReflect() protoreflect.Message {
+	mi := &file_io_prometheus_client_metrics_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Counter.ProtoReflect.Descriptor instead.
 func (*Counter) Descriptor() ([]byte, []int) {
-	return fileDescriptor_d1e5ddb18987a258, []int{2}
+	return file_io_prometheus_client_metrics_proto_rawDescGZIP(), []int{2}
 }
 
-func (m *Counter) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Counter.Unmarshal(m, b)
-}
-func (m *Counter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Counter.Marshal(b, m, deterministic)
-}
-func (m *Counter) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Counter.Merge(m, src)
-}
-func (m *Counter) XXX_Size() int {
-	return xxx_messageInfo_Counter.Size(m)
-}
-func (m *Counter) XXX_DiscardUnknown() {
-	xxx_messageInfo_Counter.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Counter proto.InternalMessageInfo
-
-func (m *Counter) GetValue() float64 {
-	if m != nil && m.Value != nil {
-		return *m.Value
+func (x *Counter) GetValue() float64 {
+	if x != nil && x.Value != nil {
+		return *x.Value
 	}
 	return 0
 }
 
-func (m *Counter) GetExemplar() *Exemplar {
-	if m != nil {
-		return m.Exemplar
+func (x *Counter) GetExemplar() *Exemplar {
+	if x != nil {
+		return x.Exemplar
 	}
 	return nil
 }
 
 type Quantile struct {
-	Quantile             *float64 `protobuf:"fixed64,1,opt,name=quantile" json:"quantile,omitempty"`
-	Value                *float64 `protobuf:"fixed64,2,opt,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Quantile *float64 `protobuf:"fixed64,1,opt,name=quantile" json:"quantile,omitempty"`
+	Value    *float64 `protobuf:"fixed64,2,opt,name=value" json:"value,omitempty"`
 }
 
-func (m *Quantile) Reset()         { *m = Quantile{} }
-func (m *Quantile) String() string { return proto.CompactTextString(m) }
-func (*Quantile) ProtoMessage()    {}
+func (x *Quantile) Reset() {
+	*x = Quantile{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_io_prometheus_client_metrics_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Quantile) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Quantile) ProtoMessage() {}
+
+func (x *Quantile) ProtoReflect() protoreflect.Message {
+	mi := &file_io_prometheus_client_metrics_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Quantile.ProtoReflect.Descriptor instead.
 func (*Quantile) Descriptor() ([]byte, []int) {
-	return fileDescriptor_d1e5ddb18987a258, []int{3}
+	return file_io_prometheus_client_metrics_proto_rawDescGZIP(), []int{3}
 }
 
-func (m *Quantile) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Quantile.Unmarshal(m, b)
-}
-func (m *Quantile) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Quantile.Marshal(b, m, deterministic)
-}
-func (m *Quantile) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Quantile.Merge(m, src)
-}
-func (m *Quantile) XXX_Size() int {
-	return xxx_messageInfo_Quantile.Size(m)
-}
-func (m *Quantile) XXX_DiscardUnknown() {
-	xxx_messageInfo_Quantile.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Quantile proto.InternalMessageInfo
-
-func (m *Quantile) GetQuantile() float64 {
-	if m != nil && m.Quantile != nil {
-		return *m.Quantile
+func (x *Quantile) GetQuantile() float64 {
+	if x != nil && x.Quantile != nil {
+		return *x.Quantile
 	}
 	return 0
 }
 
-func (m *Quantile) GetValue() float64 {
-	if m != nil && m.Value != nil {
-		return *m.Value
+func (x *Quantile) GetValue() float64 {
+	if x != nil && x.Value != nil {
+		return *x.Value
 	}
 	return 0
 }
 
 type Summary struct {
-	SampleCount          *uint64     `protobuf:"varint,1,opt,name=sample_count,json=sampleCount" json:"sample_count,omitempty"`
-	SampleSum            *float64    `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"`
-	Quantile             []*Quantile `protobuf:"bytes,3,rep,name=quantile" json:"quantile,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
-	XXX_unrecognized     []byte      `json:"-"`
-	XXX_sizecache        int32       `json:"-"`
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	SampleCount *uint64     `protobuf:"varint,1,opt,name=sample_count,json=sampleCount" json:"sample_count,omitempty"`
+	SampleSum   *float64    `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"`
+	Quantile    []*Quantile `protobuf:"bytes,3,rep,name=quantile" json:"quantile,omitempty"`
 }
 
-func (m *Summary) Reset()         { *m = Summary{} }
-func (m *Summary) String() string { return proto.CompactTextString(m) }
-func (*Summary) ProtoMessage()    {}
+func (x *Summary) Reset() {
+	*x = Summary{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_io_prometheus_client_metrics_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Summary) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Summary) ProtoMessage() {}
+
+func (x *Summary) ProtoReflect() protoreflect.Message {
+	mi := &file_io_prometheus_client_metrics_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Summary.ProtoReflect.Descriptor instead.
 func (*Summary) Descriptor() ([]byte, []int) {
-	return fileDescriptor_d1e5ddb18987a258, []int{4}
+	return file_io_prometheus_client_metrics_proto_rawDescGZIP(), []int{4}
 }
 
-func (m *Summary) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Summary.Unmarshal(m, b)
-}
-func (m *Summary) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Summary.Marshal(b, m, deterministic)
-}
-func (m *Summary) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Summary.Merge(m, src)
-}
-func (m *Summary) XXX_Size() int {
-	return xxx_messageInfo_Summary.Size(m)
-}
-func (m *Summary) XXX_DiscardUnknown() {
-	xxx_messageInfo_Summary.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Summary proto.InternalMessageInfo
-
-func (m *Summary) GetSampleCount() uint64 {
-	if m != nil && m.SampleCount != nil {
-		return *m.SampleCount
+func (x *Summary) GetSampleCount() uint64 {
+	if x != nil && x.SampleCount != nil {
+		return *x.SampleCount
 	}
 	return 0
 }
 
-func (m *Summary) GetSampleSum() float64 {
-	if m != nil && m.SampleSum != nil {
-		return *m.SampleSum
+func (x *Summary) GetSampleSum() float64 {
+	if x != nil && x.SampleSum != nil {
+		return *x.SampleSum
 	}
 	return 0
 }
 
-func (m *Summary) GetQuantile() []*Quantile {
-	if m != nil {
-		return m.Quantile
+func (x *Summary) GetQuantile() []*Quantile {
+	if x != nil {
+		return x.Quantile
 	}
 	return nil
 }
 
 type Untyped struct {
-	Value                *float64 `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Value *float64 `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
 }
 
-func (m *Untyped) Reset()         { *m = Untyped{} }
-func (m *Untyped) String() string { return proto.CompactTextString(m) }
-func (*Untyped) ProtoMessage()    {}
+func (x *Untyped) Reset() {
+	*x = Untyped{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_io_prometheus_client_metrics_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Untyped) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Untyped) ProtoMessage() {}
+
+func (x *Untyped) ProtoReflect() protoreflect.Message {
+	mi := &file_io_prometheus_client_metrics_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Untyped.ProtoReflect.Descriptor instead.
 func (*Untyped) Descriptor() ([]byte, []int) {
-	return fileDescriptor_d1e5ddb18987a258, []int{5}
+	return file_io_prometheus_client_metrics_proto_rawDescGZIP(), []int{5}
 }
 
-func (m *Untyped) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Untyped.Unmarshal(m, b)
-}
-func (m *Untyped) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Untyped.Marshal(b, m, deterministic)
-}
-func (m *Untyped) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Untyped.Merge(m, src)
-}
-func (m *Untyped) XXX_Size() int {
-	return xxx_messageInfo_Untyped.Size(m)
-}
-func (m *Untyped) XXX_DiscardUnknown() {
-	xxx_messageInfo_Untyped.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Untyped proto.InternalMessageInfo
-
-func (m *Untyped) GetValue() float64 {
-	if m != nil && m.Value != nil {
-		return *m.Value
+func (x *Untyped) GetValue() float64 {
+	if x != nil && x.Value != nil {
+		return *x.Value
 	}
 	return 0
 }
 
 type Histogram struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
 	SampleCount      *uint64  `protobuf:"varint,1,opt,name=sample_count,json=sampleCount" json:"sample_count,omitempty"`
-	SampleCountFloat *float64 `protobuf:"fixed64,4,opt,name=sample_count_float,json=sampleCountFloat" json:"sample_count_float,omitempty"`
+	SampleCountFloat *float64 `protobuf:"fixed64,4,opt,name=sample_count_float,json=sampleCountFloat" json:"sample_count_float,omitempty"` // Overrides sample_count if > 0.
 	SampleSum        *float64 `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"`
 	// Buckets for the conventional histogram.
-	Bucket []*Bucket `protobuf:"bytes,3,rep,name=bucket" json:"bucket,omitempty"`
+	Bucket []*Bucket `protobuf:"bytes,3,rep,name=bucket" json:"bucket,omitempty"` // Ordered in increasing order of upper_bound, +Inf bucket is optional.
 	// schema defines the bucket schema. Currently, valid numbers are -4 <= n <= 8.
 	// They are all for base-2 bucket schemas, where 1 is a bucket boundary in each case, and
 	// then each power of two is divided into 2^n logarithmic buckets.
 	// Or in other words, each bucket boundary is the previous boundary times 2^(2^-n).
 	// In the future, more bucket schemas may be added using numbers < -4 or > 8.
 	Schema         *int32   `protobuf:"zigzag32,5,opt,name=schema" json:"schema,omitempty"`
-	ZeroThreshold  *float64 `protobuf:"fixed64,6,opt,name=zero_threshold,json=zeroThreshold" json:"zero_threshold,omitempty"`
-	ZeroCount      *uint64  `protobuf:"varint,7,opt,name=zero_count,json=zeroCount" json:"zero_count,omitempty"`
-	ZeroCountFloat *float64 `protobuf:"fixed64,8,opt,name=zero_count_float,json=zeroCountFloat" json:"zero_count_float,omitempty"`
+	ZeroThreshold  *float64 `protobuf:"fixed64,6,opt,name=zero_threshold,json=zeroThreshold" json:"zero_threshold,omitempty"`      // Breadth of the zero bucket.
+	ZeroCount      *uint64  `protobuf:"varint,7,opt,name=zero_count,json=zeroCount" json:"zero_count,omitempty"`                   // Count in zero bucket.
+	ZeroCountFloat *float64 `protobuf:"fixed64,8,opt,name=zero_count_float,json=zeroCountFloat" json:"zero_count_float,omitempty"` // Overrides sb_zero_count if > 0.
 	// Negative buckets for the native histogram.
 	NegativeSpan []*BucketSpan `protobuf:"bytes,9,rep,name=negative_span,json=negativeSpan" json:"negative_span,omitempty"`
 	// Use either "negative_delta" or "negative_count", the former for
 	// regular histograms with integer counts, the latter for float
 	// histograms.
-	NegativeDelta []int64   `protobuf:"zigzag64,10,rep,name=negative_delta,json=negativeDelta" json:"negative_delta,omitempty"`
-	NegativeCount []float64 `protobuf:"fixed64,11,rep,name=negative_count,json=negativeCount" json:"negative_count,omitempty"`
+	NegativeDelta []int64   `protobuf:"zigzag64,10,rep,name=negative_delta,json=negativeDelta" json:"negative_delta,omitempty"` // Count delta of each bucket compared to previous one (or to zero for 1st bucket).
+	NegativeCount []float64 `protobuf:"fixed64,11,rep,name=negative_count,json=negativeCount" json:"negative_count,omitempty"`  // Absolute count of each bucket.
 	// Positive buckets for the native histogram.
 	PositiveSpan []*BucketSpan `protobuf:"bytes,12,rep,name=positive_span,json=positiveSpan" json:"positive_span,omitempty"`
 	// Use either "positive_delta" or "positive_count", the former for
 	// regular histograms with integer counts, the latter for float
 	// histograms.
-	PositiveDelta        []int64   `protobuf:"zigzag64,13,rep,name=positive_delta,json=positiveDelta" json:"positive_delta,omitempty"`
-	PositiveCount        []float64 `protobuf:"fixed64,14,rep,name=positive_count,json=positiveCount" json:"positive_count,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
-	XXX_unrecognized     []byte    `json:"-"`
-	XXX_sizecache        int32     `json:"-"`
+	PositiveDelta []int64   `protobuf:"zigzag64,13,rep,name=positive_delta,json=positiveDelta" json:"positive_delta,omitempty"` // Count delta of each bucket compared to previous one (or to zero for 1st bucket).
+	PositiveCount []float64 `protobuf:"fixed64,14,rep,name=positive_count,json=positiveCount" json:"positive_count,omitempty"`  // Absolute count of each bucket.
 }
 
-func (m *Histogram) Reset()         { *m = Histogram{} }
-func (m *Histogram) String() string { return proto.CompactTextString(m) }
-func (*Histogram) ProtoMessage()    {}
+func (x *Histogram) Reset() {
+	*x = Histogram{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_io_prometheus_client_metrics_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Histogram) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Histogram) ProtoMessage() {}
+
+func (x *Histogram) ProtoReflect() protoreflect.Message {
+	mi := &file_io_prometheus_client_metrics_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Histogram.ProtoReflect.Descriptor instead.
 func (*Histogram) Descriptor() ([]byte, []int) {
-	return fileDescriptor_d1e5ddb18987a258, []int{6}
+	return file_io_prometheus_client_metrics_proto_rawDescGZIP(), []int{6}
 }
 
-func (m *Histogram) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Histogram.Unmarshal(m, b)
-}
-func (m *Histogram) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Histogram.Marshal(b, m, deterministic)
-}
-func (m *Histogram) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Histogram.Merge(m, src)
-}
-func (m *Histogram) XXX_Size() int {
-	return xxx_messageInfo_Histogram.Size(m)
-}
-func (m *Histogram) XXX_DiscardUnknown() {
-	xxx_messageInfo_Histogram.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Histogram proto.InternalMessageInfo
-
-func (m *Histogram) GetSampleCount() uint64 {
-	if m != nil && m.SampleCount != nil {
-		return *m.SampleCount
+func (x *Histogram) GetSampleCount() uint64 {
+	if x != nil && x.SampleCount != nil {
+		return *x.SampleCount
 	}
 	return 0
 }
 
-func (m *Histogram) GetSampleCountFloat() float64 {
-	if m != nil && m.SampleCountFloat != nil {
-		return *m.SampleCountFloat
+func (x *Histogram) GetSampleCountFloat() float64 {
+	if x != nil && x.SampleCountFloat != nil {
+		return *x.SampleCountFloat
 	}
 	return 0
 }
 
-func (m *Histogram) GetSampleSum() float64 {
-	if m != nil && m.SampleSum != nil {
-		return *m.SampleSum
+func (x *Histogram) GetSampleSum() float64 {
+	if x != nil && x.SampleSum != nil {
+		return *x.SampleSum
 	}
 	return 0
 }
 
-func (m *Histogram) GetBucket() []*Bucket {
-	if m != nil {
-		return m.Bucket
+func (x *Histogram) GetBucket() []*Bucket {
+	if x != nil {
+		return x.Bucket
 	}
 	return nil
 }
 
-func (m *Histogram) GetSchema() int32 {
-	if m != nil && m.Schema != nil {
-		return *m.Schema
+func (x *Histogram) GetSchema() int32 {
+	if x != nil && x.Schema != nil {
+		return *x.Schema
 	}
 	return 0
 }
 
-func (m *Histogram) GetZeroThreshold() float64 {
-	if m != nil && m.ZeroThreshold != nil {
-		return *m.ZeroThreshold
+func (x *Histogram) GetZeroThreshold() float64 {
+	if x != nil && x.ZeroThreshold != nil {
+		return *x.ZeroThreshold
 	}
 	return 0
 }
 
-func (m *Histogram) GetZeroCount() uint64 {
-	if m != nil && m.ZeroCount != nil {
-		return *m.ZeroCount
+func (x *Histogram) GetZeroCount() uint64 {
+	if x != nil && x.ZeroCount != nil {
+		return *x.ZeroCount
 	}
 	return 0
 }
 
-func (m *Histogram) GetZeroCountFloat() float64 {
-	if m != nil && m.ZeroCountFloat != nil {
-		return *m.ZeroCountFloat
+func (x *Histogram) GetZeroCountFloat() float64 {
+	if x != nil && x.ZeroCountFloat != nil {
+		return *x.ZeroCountFloat
 	}
 	return 0
 }
 
-func (m *Histogram) GetNegativeSpan() []*BucketSpan {
-	if m != nil {
-		return m.NegativeSpan
+func (x *Histogram) GetNegativeSpan() []*BucketSpan {
+	if x != nil {
+		return x.NegativeSpan
 	}
 	return nil
 }
 
-func (m *Histogram) GetNegativeDelta() []int64 {
-	if m != nil {
-		return m.NegativeDelta
+func (x *Histogram) GetNegativeDelta() []int64 {
+	if x != nil {
+		return x.NegativeDelta
 	}
 	return nil
 }
 
-func (m *Histogram) GetNegativeCount() []float64 {
-	if m != nil {
-		return m.NegativeCount
+func (x *Histogram) GetNegativeCount() []float64 {
+	if x != nil {
+		return x.NegativeCount
 	}
 	return nil
 }
 
-func (m *Histogram) GetPositiveSpan() []*BucketSpan {
-	if m != nil {
-		return m.PositiveSpan
+func (x *Histogram) GetPositiveSpan() []*BucketSpan {
+	if x != nil {
+		return x.PositiveSpan
 	}
 	return nil
 }
 
-func (m *Histogram) GetPositiveDelta() []int64 {
-	if m != nil {
-		return m.PositiveDelta
+func (x *Histogram) GetPositiveDelta() []int64 {
+	if x != nil {
+		return x.PositiveDelta
 	}
 	return nil
 }
 
-func (m *Histogram) GetPositiveCount() []float64 {
-	if m != nil {
-		return m.PositiveCount
+func (x *Histogram) GetPositiveCount() []float64 {
+	if x != nil {
+		return x.PositiveCount
 	}
 	return nil
 }
@@ -513,64 +598,72 @@ func (m *Histogram) GetPositiveCount() []float64 {
 // A Bucket of a conventional histogram, each of which is treated as
 // an individual counter-like time series by Prometheus.
 type Bucket struct {
-	CumulativeCount      *uint64   `protobuf:"varint,1,opt,name=cumulative_count,json=cumulativeCount" json:"cumulative_count,omitempty"`
-	CumulativeCountFloat *float64  `protobuf:"fixed64,4,opt,name=cumulative_count_float,json=cumulativeCountFloat" json:"cumulative_count_float,omitempty"`
-	UpperBound           *float64  `protobuf:"fixed64,2,opt,name=upper_bound,json=upperBound" json:"upper_bound,omitempty"`
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	CumulativeCount      *uint64   `protobuf:"varint,1,opt,name=cumulative_count,json=cumulativeCount" json:"cumulative_count,omitempty"`                   // Cumulative in increasing order.
+	CumulativeCountFloat *float64  `protobuf:"fixed64,4,opt,name=cumulative_count_float,json=cumulativeCountFloat" json:"cumulative_count_float,omitempty"` // Overrides cumulative_count if > 0.
+	UpperBound           *float64  `protobuf:"fixed64,2,opt,name=upper_bound,json=upperBound" json:"upper_bound,omitempty"`                                 // Inclusive.
 	Exemplar             *Exemplar `protobuf:"bytes,3,opt,name=exemplar" json:"exemplar,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
-	XXX_unrecognized     []byte    `json:"-"`
-	XXX_sizecache        int32     `json:"-"`
 }
 
-func (m *Bucket) Reset()         { *m = Bucket{} }
-func (m *Bucket) String() string { return proto.CompactTextString(m) }
-func (*Bucket) ProtoMessage()    {}
+func (x *Bucket) Reset() {
+	*x = Bucket{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_io_prometheus_client_metrics_proto_msgTypes[7]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Bucket) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Bucket) ProtoMessage() {}
+
+func (x *Bucket) ProtoReflect() protoreflect.Message {
+	mi := &file_io_prometheus_client_metrics_proto_msgTypes[7]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Bucket.ProtoReflect.Descriptor instead.
 func (*Bucket) Descriptor() ([]byte, []int) {
-	return fileDescriptor_d1e5ddb18987a258, []int{7}
+	return file_io_prometheus_client_metrics_proto_rawDescGZIP(), []int{7}
 }
 
-func (m *Bucket) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Bucket.Unmarshal(m, b)
-}
-func (m *Bucket) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Bucket.Marshal(b, m, deterministic)
-}
-func (m *Bucket) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Bucket.Merge(m, src)
-}
-func (m *Bucket) XXX_Size() int {
-	return xxx_messageInfo_Bucket.Size(m)
-}
-func (m *Bucket) XXX_DiscardUnknown() {
-	xxx_messageInfo_Bucket.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Bucket proto.InternalMessageInfo
-
-func (m *Bucket) GetCumulativeCount() uint64 {
-	if m != nil && m.CumulativeCount != nil {
-		return *m.CumulativeCount
+func (x *Bucket) GetCumulativeCount() uint64 {
+	if x != nil && x.CumulativeCount != nil {
+		return *x.CumulativeCount
 	}
 	return 0
 }
 
-func (m *Bucket) GetCumulativeCountFloat() float64 {
-	if m != nil && m.CumulativeCountFloat != nil {
-		return *m.CumulativeCountFloat
+func (x *Bucket) GetCumulativeCountFloat() float64 {
+	if x != nil && x.CumulativeCountFloat != nil {
+		return *x.CumulativeCountFloat
 	}
 	return 0
 }
 
-func (m *Bucket) GetUpperBound() float64 {
-	if m != nil && m.UpperBound != nil {
-		return *m.UpperBound
+func (x *Bucket) GetUpperBound() float64 {
+	if x != nil && x.UpperBound != nil {
+		return *x.UpperBound
 	}
 	return 0
 }
 
-func (m *Bucket) GetExemplar() *Exemplar {
-	if m != nil {
-		return m.Exemplar
+func (x *Bucket) GetExemplar() *Exemplar {
+	if x != nil {
+		return x.Exemplar
 	}
 	return nil
 }
@@ -582,333 +675,658 @@ func (m *Bucket) GetExemplar() *Exemplar {
 // structured here (with all the buckets in a single array separate
 // from the Spans).
 type BucketSpan struct {
-	Offset               *int32   `protobuf:"zigzag32,1,opt,name=offset" json:"offset,omitempty"`
-	Length               *uint32  `protobuf:"varint,2,opt,name=length" json:"length,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Offset *int32  `protobuf:"zigzag32,1,opt,name=offset" json:"offset,omitempty"` // Gap to previous span, or starting point for 1st span (which can be negative).
+	Length *uint32 `protobuf:"varint,2,opt,name=length" json:"length,omitempty"`   // Length of consecutive buckets.
 }
 
-func (m *BucketSpan) Reset()         { *m = BucketSpan{} }
-func (m *BucketSpan) String() string { return proto.CompactTextString(m) }
-func (*BucketSpan) ProtoMessage()    {}
+func (x *BucketSpan) Reset() {
+	*x = BucketSpan{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_io_prometheus_client_metrics_proto_msgTypes[8]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *BucketSpan) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*BucketSpan) ProtoMessage() {}
+
+func (x *BucketSpan) ProtoReflect() protoreflect.Message {
+	mi := &file_io_prometheus_client_metrics_proto_msgTypes[8]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use BucketSpan.ProtoReflect.Descriptor instead.
 func (*BucketSpan) Descriptor() ([]byte, []int) {
-	return fileDescriptor_d1e5ddb18987a258, []int{8}
+	return file_io_prometheus_client_metrics_proto_rawDescGZIP(), []int{8}
 }
 
-func (m *BucketSpan) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_BucketSpan.Unmarshal(m, b)
-}
-func (m *BucketSpan) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_BucketSpan.Marshal(b, m, deterministic)
-}
-func (m *BucketSpan) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_BucketSpan.Merge(m, src)
-}
-func (m *BucketSpan) XXX_Size() int {
-	return xxx_messageInfo_BucketSpan.Size(m)
-}
-func (m *BucketSpan) XXX_DiscardUnknown() {
-	xxx_messageInfo_BucketSpan.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_BucketSpan proto.InternalMessageInfo
-
-func (m *BucketSpan) GetOffset() int32 {
-	if m != nil && m.Offset != nil {
-		return *m.Offset
+func (x *BucketSpan) GetOffset() int32 {
+	if x != nil && x.Offset != nil {
+		return *x.Offset
 	}
 	return 0
 }
 
-func (m *BucketSpan) GetLength() uint32 {
-	if m != nil && m.Length != nil {
-		return *m.Length
+func (x *BucketSpan) GetLength() uint32 {
+	if x != nil && x.Length != nil {
+		return *x.Length
 	}
 	return 0
 }
 
 type Exemplar struct {
-	Label                []*LabelPair         `protobuf:"bytes,1,rep,name=label" json:"label,omitempty"`
-	Value                *float64             `protobuf:"fixed64,2,opt,name=value" json:"value,omitempty"`
-	Timestamp            *timestamp.Timestamp `protobuf:"bytes,3,opt,name=timestamp" json:"timestamp,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
-	XXX_unrecognized     []byte               `json:"-"`
-	XXX_sizecache        int32                `json:"-"`
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Label     []*LabelPair           `protobuf:"bytes,1,rep,name=label" json:"label,omitempty"`
+	Value     *float64               `protobuf:"fixed64,2,opt,name=value" json:"value,omitempty"`
+	Timestamp *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=timestamp" json:"timestamp,omitempty"` // OpenMetrics-style.
 }
 
-func (m *Exemplar) Reset()         { *m = Exemplar{} }
-func (m *Exemplar) String() string { return proto.CompactTextString(m) }
-func (*Exemplar) ProtoMessage()    {}
+func (x *Exemplar) Reset() {
+	*x = Exemplar{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_io_prometheus_client_metrics_proto_msgTypes[9]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Exemplar) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Exemplar) ProtoMessage() {}
+
+func (x *Exemplar) ProtoReflect() protoreflect.Message {
+	mi := &file_io_prometheus_client_metrics_proto_msgTypes[9]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Exemplar.ProtoReflect.Descriptor instead.
 func (*Exemplar) Descriptor() ([]byte, []int) {
-	return fileDescriptor_d1e5ddb18987a258, []int{9}
+	return file_io_prometheus_client_metrics_proto_rawDescGZIP(), []int{9}
 }
 
-func (m *Exemplar) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Exemplar.Unmarshal(m, b)
-}
-func (m *Exemplar) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Exemplar.Marshal(b, m, deterministic)
-}
-func (m *Exemplar) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Exemplar.Merge(m, src)
-}
-func (m *Exemplar) XXX_Size() int {
-	return xxx_messageInfo_Exemplar.Size(m)
-}
-func (m *Exemplar) XXX_DiscardUnknown() {
-	xxx_messageInfo_Exemplar.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Exemplar proto.InternalMessageInfo
-
-func (m *Exemplar) GetLabel() []*LabelPair {
-	if m != nil {
-		return m.Label
+func (x *Exemplar) GetLabel() []*LabelPair {
+	if x != nil {
+		return x.Label
 	}
 	return nil
 }
 
-func (m *Exemplar) GetValue() float64 {
-	if m != nil && m.Value != nil {
-		return *m.Value
+func (x *Exemplar) GetValue() float64 {
+	if x != nil && x.Value != nil {
+		return *x.Value
 	}
 	return 0
 }
 
-func (m *Exemplar) GetTimestamp() *timestamp.Timestamp {
-	if m != nil {
-		return m.Timestamp
+func (x *Exemplar) GetTimestamp() *timestamppb.Timestamp {
+	if x != nil {
+		return x.Timestamp
 	}
 	return nil
 }
 
 type Metric struct {
-	Label                []*LabelPair `protobuf:"bytes,1,rep,name=label" json:"label,omitempty"`
-	Gauge                *Gauge       `protobuf:"bytes,2,opt,name=gauge" json:"gauge,omitempty"`
-	Counter              *Counter     `protobuf:"bytes,3,opt,name=counter" json:"counter,omitempty"`
-	Summary              *Summary     `protobuf:"bytes,4,opt,name=summary" json:"summary,omitempty"`
-	Untyped              *Untyped     `protobuf:"bytes,5,opt,name=untyped" json:"untyped,omitempty"`
-	Histogram            *Histogram   `protobuf:"bytes,7,opt,name=histogram" json:"histogram,omitempty"`
-	TimestampMs          *int64       `protobuf:"varint,6,opt,name=timestamp_ms,json=timestampMs" json:"timestamp_ms,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Label       []*LabelPair `protobuf:"bytes,1,rep,name=label" json:"label,omitempty"`
+	Gauge       *Gauge       `protobuf:"bytes,2,opt,name=gauge" json:"gauge,omitempty"`
+	Counter     *Counter     `protobuf:"bytes,3,opt,name=counter" json:"counter,omitempty"`
+	Summary     *Summary     `protobuf:"bytes,4,opt,name=summary" json:"summary,omitempty"`
+	Untyped     *Untyped     `protobuf:"bytes,5,opt,name=untyped" json:"untyped,omitempty"`
+	Histogram   *Histogram   `protobuf:"bytes,7,opt,name=histogram" json:"histogram,omitempty"`
+	TimestampMs *int64       `protobuf:"varint,6,opt,name=timestamp_ms,json=timestampMs" json:"timestamp_ms,omitempty"`
 }
 
-func (m *Metric) Reset()         { *m = Metric{} }
-func (m *Metric) String() string { return proto.CompactTextString(m) }
-func (*Metric) ProtoMessage()    {}
+func (x *Metric) Reset() {
+	*x = Metric{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_io_prometheus_client_metrics_proto_msgTypes[10]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Metric) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Metric) ProtoMessage() {}
+
+func (x *Metric) ProtoReflect() protoreflect.Message {
+	mi := &file_io_prometheus_client_metrics_proto_msgTypes[10]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Metric.ProtoReflect.Descriptor instead.
 func (*Metric) Descriptor() ([]byte, []int) {
-	return fileDescriptor_d1e5ddb18987a258, []int{10}
+	return file_io_prometheus_client_metrics_proto_rawDescGZIP(), []int{10}
 }
 
-func (m *Metric) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Metric.Unmarshal(m, b)
-}
-func (m *Metric) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Metric.Marshal(b, m, deterministic)
-}
-func (m *Metric) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Metric.Merge(m, src)
-}
-func (m *Metric) XXX_Size() int {
-	return xxx_messageInfo_Metric.Size(m)
-}
-func (m *Metric) XXX_DiscardUnknown() {
-	xxx_messageInfo_Metric.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Metric proto.InternalMessageInfo
-
-func (m *Metric) GetLabel() []*LabelPair {
-	if m != nil {
-		return m.Label
+func (x *Metric) GetLabel() []*LabelPair {
+	if x != nil {
+		return x.Label
 	}
 	return nil
 }
 
-func (m *Metric) GetGauge() *Gauge {
-	if m != nil {
-		return m.Gauge
+func (x *Metric) GetGauge() *Gauge {
+	if x != nil {
+		return x.Gauge
 	}
 	return nil
 }
 
-func (m *Metric) GetCounter() *Counter {
-	if m != nil {
-		return m.Counter
+func (x *Metric) GetCounter() *Counter {
+	if x != nil {
+		return x.Counter
 	}
 	return nil
 }
 
-func (m *Metric) GetSummary() *Summary {
-	if m != nil {
-		return m.Summary
+func (x *Metric) GetSummary() *Summary {
+	if x != nil {
+		return x.Summary
 	}
 	return nil
 }
 
-func (m *Metric) GetUntyped() *Untyped {
-	if m != nil {
-		return m.Untyped
+func (x *Metric) GetUntyped() *Untyped {
+	if x != nil {
+		return x.Untyped
 	}
 	return nil
 }
 
-func (m *Metric) GetHistogram() *Histogram {
-	if m != nil {
-		return m.Histogram
+func (x *Metric) GetHistogram() *Histogram {
+	if x != nil {
+		return x.Histogram
 	}
 	return nil
 }
 
-func (m *Metric) GetTimestampMs() int64 {
-	if m != nil && m.TimestampMs != nil {
-		return *m.TimestampMs
+func (x *Metric) GetTimestampMs() int64 {
+	if x != nil && x.TimestampMs != nil {
+		return *x.TimestampMs
 	}
 	return 0
 }
 
 type MetricFamily struct {
-	Name                 *string     `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
-	Help                 *string     `protobuf:"bytes,2,opt,name=help" json:"help,omitempty"`
-	Type                 *MetricType `protobuf:"varint,3,opt,name=type,enum=io.prometheus.client.MetricType" json:"type,omitempty"`
-	Metric               []*Metric   `protobuf:"bytes,4,rep,name=metric" json:"metric,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}    `json:"-"`
-	XXX_unrecognized     []byte      `json:"-"`
-	XXX_sizecache        int32       `json:"-"`
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name   *string     `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	Help   *string     `protobuf:"bytes,2,opt,name=help" json:"help,omitempty"`
+	Type   *MetricType `protobuf:"varint,3,opt,name=type,enum=io.prometheus.client.MetricType" json:"type,omitempty"`
+	Metric []*Metric   `protobuf:"bytes,4,rep,name=metric" json:"metric,omitempty"`
 }
 
-func (m *MetricFamily) Reset()         { *m = MetricFamily{} }
-func (m *MetricFamily) String() string { return proto.CompactTextString(m) }
-func (*MetricFamily) ProtoMessage()    {}
+func (x *MetricFamily) Reset() {
+	*x = MetricFamily{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_io_prometheus_client_metrics_proto_msgTypes[11]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *MetricFamily) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*MetricFamily) ProtoMessage() {}
+
+func (x *MetricFamily) ProtoReflect() protoreflect.Message {
+	mi := &file_io_prometheus_client_metrics_proto_msgTypes[11]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use MetricFamily.ProtoReflect.Descriptor instead.
 func (*MetricFamily) Descriptor() ([]byte, []int) {
-	return fileDescriptor_d1e5ddb18987a258, []int{11}
+	return file_io_prometheus_client_metrics_proto_rawDescGZIP(), []int{11}
 }
 
-func (m *MetricFamily) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_MetricFamily.Unmarshal(m, b)
-}
-func (m *MetricFamily) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_MetricFamily.Marshal(b, m, deterministic)
-}
-func (m *MetricFamily) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_MetricFamily.Merge(m, src)
-}
-func (m *MetricFamily) XXX_Size() int {
-	return xxx_messageInfo_MetricFamily.Size(m)
-}
-func (m *MetricFamily) XXX_DiscardUnknown() {
-	xxx_messageInfo_MetricFamily.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_MetricFamily proto.InternalMessageInfo
-
-func (m *MetricFamily) GetName() string {
-	if m != nil && m.Name != nil {
-		return *m.Name
+func (x *MetricFamily) GetName() string {
+	if x != nil && x.Name != nil {
+		return *x.Name
 	}
 	return ""
 }
 
-func (m *MetricFamily) GetHelp() string {
-	if m != nil && m.Help != nil {
-		return *m.Help
+func (x *MetricFamily) GetHelp() string {
+	if x != nil && x.Help != nil {
+		return *x.Help
 	}
 	return ""
 }
 
-func (m *MetricFamily) GetType() MetricType {
-	if m != nil && m.Type != nil {
-		return *m.Type
+func (x *MetricFamily) GetType() MetricType {
+	if x != nil && x.Type != nil {
+		return *x.Type
 	}
 	return MetricType_COUNTER
 }
 
-func (m *MetricFamily) GetMetric() []*Metric {
-	if m != nil {
-		return m.Metric
+func (x *MetricFamily) GetMetric() []*Metric {
+	if x != nil {
+		return x.Metric
 	}
 	return nil
 }
 
-func init() {
-	proto.RegisterEnum("io.prometheus.client.MetricType", MetricType_name, MetricType_value)
-	proto.RegisterType((*LabelPair)(nil), "io.prometheus.client.LabelPair")
-	proto.RegisterType((*Gauge)(nil), "io.prometheus.client.Gauge")
-	proto.RegisterType((*Counter)(nil), "io.prometheus.client.Counter")
-	proto.RegisterType((*Quantile)(nil), "io.prometheus.client.Quantile")
-	proto.RegisterType((*Summary)(nil), "io.prometheus.client.Summary")
-	proto.RegisterType((*Untyped)(nil), "io.prometheus.client.Untyped")
-	proto.RegisterType((*Histogram)(nil), "io.prometheus.client.Histogram")
-	proto.RegisterType((*Bucket)(nil), "io.prometheus.client.Bucket")
-	proto.RegisterType((*BucketSpan)(nil), "io.prometheus.client.BucketSpan")
-	proto.RegisterType((*Exemplar)(nil), "io.prometheus.client.Exemplar")
-	proto.RegisterType((*Metric)(nil), "io.prometheus.client.Metric")
-	proto.RegisterType((*MetricFamily)(nil), "io.prometheus.client.MetricFamily")
+var File_io_prometheus_client_metrics_proto protoreflect.FileDescriptor
+
+var file_io_prometheus_client_metrics_proto_rawDesc = []byte{
+	0x0a, 0x22, 0x69, 0x6f, 0x2f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2f,
+	0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2f, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x12, 0x14, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68,
+	0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65,
+	0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x35, 0x0a, 0x09, 0x4c,
+	0x61, 0x62, 0x65, 0x6c, 0x50, 0x61, 0x69, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c,
+	0x75, 0x65, 0x22, 0x1d, 0x0a, 0x05, 0x47, 0x61, 0x75, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76,
+	0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x22, 0x5b, 0x0a, 0x07, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c,
+	0x75, 0x65, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74,
+	0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x78, 0x65, 0x6d,
+	0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x22, 0x3c,
+	0x0a, 0x08, 0x51, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x71, 0x75,
+	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x08, 0x71, 0x75,
+	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x87, 0x01, 0x0a,
+	0x07, 0x53, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70,
+	0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b,
+	0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73,
+	0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x73, 0x75, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52,
+	0x09, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x53, 0x75, 0x6d, 0x12, 0x3a, 0x0a, 0x08, 0x71, 0x75,
+	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69,
+	0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69,
+	0x65, 0x6e, 0x74, 0x2e, 0x51, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x52, 0x08, 0x71, 0x75,
+	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x22, 0x1f, 0x0a, 0x07, 0x55, 0x6e, 0x74, 0x79, 0x70, 0x65,
+	0x64, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01,
+	0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xe3, 0x04, 0x0a, 0x09, 0x48, 0x69, 0x73, 0x74,
+	0x6f, 0x67, 0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f,
+	0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x61, 0x6d,
+	0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x73, 0x61, 0x6d, 0x70,
+	0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x04,
+	0x20, 0x01, 0x28, 0x01, 0x52, 0x10, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e,
+	0x74, 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65,
+	0x5f, 0x73, 0x75, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x09, 0x73, 0x61, 0x6d, 0x70,
+	0x6c, 0x65, 0x53, 0x75, 0x6d, 0x12, 0x34, 0x0a, 0x06, 0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x18,
+	0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65,
+	0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x42, 0x75, 0x63,
+	0x6b, 0x65, 0x74, 0x52, 0x06, 0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73,
+	0x63, 0x68, 0x65, 0x6d, 0x61, 0x18, 0x05, 0x20, 0x01, 0x28, 0x11, 0x52, 0x06, 0x73, 0x63, 0x68,
+	0x65, 0x6d, 0x61, 0x12, 0x25, 0x0a, 0x0e, 0x7a, 0x65, 0x72, 0x6f, 0x5f, 0x74, 0x68, 0x72, 0x65,
+	0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0d, 0x7a, 0x65, 0x72,
+	0x6f, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x7a, 0x65,
+	0x72, 0x6f, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09,
+	0x7a, 0x65, 0x72, 0x6f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x7a, 0x65, 0x72,
+	0x6f, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x08, 0x20,
+	0x01, 0x28, 0x01, 0x52, 0x0e, 0x7a, 0x65, 0x72, 0x6f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c,
+	0x6f, 0x61, 0x74, 0x12, 0x45, 0x0a, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f,
+	0x73, 0x70, 0x61, 0x6e, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x6f, 0x2e,
+	0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e,
+	0x74, 0x2e, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e, 0x52, 0x0c, 0x6e, 0x65,
+	0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x65,
+	0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x18, 0x0a, 0x20, 0x03,
+	0x28, 0x12, 0x52, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x44, 0x65, 0x6c, 0x74,
+	0x61, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f,
+	0x75, 0x6e, 0x74, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74,
+	0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x45, 0x0a, 0x0d, 0x70, 0x6f, 0x73, 0x69,
+	0x74, 0x69, 0x76, 0x65, 0x5f, 0x73, 0x70, 0x61, 0x6e, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x20, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e,
+	0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61,
+	0x6e, 0x52, 0x0c, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x12,
+	0x25, 0x0a, 0x0e, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74,
+	0x61, 0x18, 0x0d, 0x20, 0x03, 0x28, 0x12, 0x52, 0x0d, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76,
+	0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69,
+	0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d,
+	0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0xc6, 0x01,
+	0x0a, 0x06, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x75, 0x6d, 0x75,
+	0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x04, 0x52, 0x0f, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f,
+	0x75, 0x6e, 0x74, 0x12, 0x34, 0x0a, 0x16, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76,
+	0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x01, 0x52, 0x14, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43,
+	0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x75, 0x70, 0x70,
+	0x65, 0x72, 0x5f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0a,
+	0x75, 0x70, 0x70, 0x65, 0x72, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78,
+	0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69,
+	0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69,
+	0x65, 0x6e, 0x74, 0x2e, 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78,
+	0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x22, 0x3c, 0x0a, 0x0a, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74,
+	0x53, 0x70, 0x61, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x11, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06,
+	0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6c, 0x65,
+	0x6e, 0x67, 0x74, 0x68, 0x22, 0x91, 0x01, 0x0a, 0x08, 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61,
+	0x72, 0x12, 0x35, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
+	0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50, 0x61, 0x69,
+	0x72, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x38,
+	0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74,
+	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0xff, 0x02, 0x0a, 0x06, 0x4d, 0x65, 0x74,
+	0x72, 0x69, 0x63, 0x12, 0x35, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65,
+	0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50,
+	0x61, 0x69, 0x72, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x31, 0x0a, 0x05, 0x67, 0x61,
+	0x75, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x6f, 0x2e, 0x70,
+	0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
+	0x2e, 0x47, 0x61, 0x75, 0x67, 0x65, 0x52, 0x05, 0x67, 0x61, 0x75, 0x67, 0x65, 0x12, 0x37, 0x0a,
+	0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d,
+	0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63,
+	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x52, 0x07, 0x63,
+	0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x37, 0x0a, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72,
+	0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f,
+	0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x53,
+	0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x52, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x12,
+	0x37, 0x0a, 0x07, 0x75, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
+	0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x55, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x52,
+	0x07, 0x75, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x12, 0x3d, 0x0a, 0x09, 0x68, 0x69, 0x73, 0x74,
+	0x6f, 0x67, 0x72, 0x61, 0x6d, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f,
+	0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65,
+	0x6e, 0x74, 0x2e, 0x48, 0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x52, 0x09, 0x68, 0x69,
+	0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x73,
+	0x74, 0x61, 0x6d, 0x70, 0x5f, 0x6d, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x74,
+	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x4d, 0x73, 0x22, 0xa2, 0x01, 0x0a, 0x0c, 0x4d,
+	0x65, 0x74, 0x72, 0x69, 0x63, 0x46, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+	0x12, 0x0a, 0x04, 0x68, 0x65, 0x6c, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68,
+	0x65, 0x6c, 0x70, 0x12, 0x34, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x0e, 0x32, 0x20, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75,
+	0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x54,
+	0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x6d, 0x65, 0x74,
+	0x72, 0x69, 0x63, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70,
+	0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
+	0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x2a,
+	0x62, 0x0a, 0x0a, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a,
+	0x07, 0x43, 0x4f, 0x55, 0x4e, 0x54, 0x45, 0x52, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x47, 0x41,
+	0x55, 0x47, 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x55, 0x4d, 0x4d, 0x41, 0x52, 0x59,
+	0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x54, 0x59, 0x50, 0x45, 0x44, 0x10, 0x03, 0x12,
+	0x0d, 0x0a, 0x09, 0x48, 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x10, 0x04, 0x12, 0x13,
+	0x0a, 0x0f, 0x47, 0x41, 0x55, 0x47, 0x45, 0x5f, 0x48, 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41,
+	0x4d, 0x10, 0x05, 0x42, 0x52, 0x0a, 0x14, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74,
+	0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5a, 0x3a, 0x67, 0x69, 0x74,
+	0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65,
+	0x75, 0x73, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x2f,
+	0x67, 0x6f, 0x3b, 0x69, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
+	0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
 }
 
-func init() {
-	proto.RegisterFile("io/prometheus/client/metrics.proto", fileDescriptor_d1e5ddb18987a258)
+var (
+	file_io_prometheus_client_metrics_proto_rawDescOnce sync.Once
+	file_io_prometheus_client_metrics_proto_rawDescData = file_io_prometheus_client_metrics_proto_rawDesc
+)
+
+func file_io_prometheus_client_metrics_proto_rawDescGZIP() []byte {
+	file_io_prometheus_client_metrics_proto_rawDescOnce.Do(func() {
+		file_io_prometheus_client_metrics_proto_rawDescData = protoimpl.X.CompressGZIP(file_io_prometheus_client_metrics_proto_rawDescData)
+	})
+	return file_io_prometheus_client_metrics_proto_rawDescData
 }
 
-var fileDescriptor_d1e5ddb18987a258 = []byte{
-	// 896 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x56, 0xdd, 0x8e, 0xdb, 0x44,
-	0x18, 0xc5, 0x9b, 0x5f, 0x7f, 0xd9, 0x6c, 0xd3, 0x61, 0x55, 0x59, 0x0b, 0xcb, 0x06, 0x4b, 0x48,
-	0x0b, 0x42, 0x8e, 0x40, 0x5b, 0x81, 0x0a, 0x5c, 0xec, 0xb6, 0xe9, 0x16, 0x89, 0xb4, 0x65, 0x92,
-	0x5c, 0x14, 0x2e, 0xac, 0x49, 0x32, 0xeb, 0x58, 0x78, 0x3c, 0xc6, 0x1e, 0x57, 0x2c, 0x2f, 0xc0,
-	0x35, 0xaf, 0xc0, 0xc3, 0xf0, 0x22, 0x3c, 0x08, 0x68, 0xfe, 0xec, 0xdd, 0xe2, 0x94, 0xd2, 0x3b,
-	0x7f, 0x67, 0xce, 0xf7, 0xcd, 0x39, 0xe3, 0xc9, 0x71, 0xc0, 0x8f, 0xf9, 0x24, 0xcb, 0x39, 0xa3,
-	0x62, 0x4b, 0xcb, 0x62, 0xb2, 0x4e, 0x62, 0x9a, 0x8a, 0x09, 0xa3, 0x22, 0x8f, 0xd7, 0x45, 0x90,
-	0xe5, 0x5c, 0x70, 0x74, 0x18, 0xf3, 0xa0, 0xe6, 0x04, 0x9a, 0x73, 0x74, 0x12, 0x71, 0x1e, 0x25,
-	0x74, 0xa2, 0x38, 0xab, 0xf2, 0x6a, 0x22, 0x62, 0x46, 0x0b, 0x41, 0x58, 0xa6, 0xdb, 0xfc, 0xfb,
-	0xe0, 0x7e, 0x47, 0x56, 0x34, 0x79, 0x4e, 0xe2, 0x1c, 0x21, 0x68, 0xa7, 0x84, 0x51, 0xcf, 0x19,
-	0x3b, 0xa7, 0x2e, 0x56, 0xcf, 0xe8, 0x10, 0x3a, 0x2f, 0x49, 0x52, 0x52, 0x6f, 0x4f, 0x81, 0xba,
-	0xf0, 0x8f, 0xa1, 0x73, 0x49, 0xca, 0xe8, 0xc6, 0xb2, 0xec, 0x71, 0xec, 0xf2, 0x8f, 0xd0, 0x7b,
-	0xc8, 0xcb, 0x54, 0xd0, 0xbc, 0x99, 0x80, 0x1e, 0x40, 0x9f, 0xfe, 0x42, 0x59, 0x96, 0x90, 0x5c,
-	0x0d, 0x1e, 0x7c, 0xfe, 0x41, 0xd0, 0x64, 0x20, 0x98, 0x1a, 0x16, 0xae, 0xf8, 0xfe, 0xd7, 0xd0,
-	0xff, 0xbe, 0x24, 0xa9, 0x88, 0x13, 0x8a, 0x8e, 0xa0, 0xff, 0xb3, 0x79, 0x36, 0x1b, 0x54, 0xf5,
-	0x6d, 0xe5, 0x95, 0xb4, 0xdf, 0x1c, 0xe8, 0xcd, 0x4b, 0xc6, 0x48, 0x7e, 0x8d, 0x3e, 0x84, 0xfd,
-	0x82, 0xb0, 0x2c, 0xa1, 0xe1, 0x5a, 0xaa, 0x55, 0x13, 0xda, 0x78, 0xa0, 0x31, 0x65, 0x00, 0x1d,
-	0x03, 0x18, 0x4a, 0x51, 0x32, 0x33, 0xc9, 0xd5, 0xc8, 0xbc, 0x64, 0xd2, 0x47, 0xb5, 0x7f, 0x6b,
-	0xdc, 0xda, 0xed, 0xc3, 0x2a, 0xae, 0xf5, 0xf9, 0x27, 0xd0, 0x5b, 0xa6, 0xe2, 0x3a, 0xa3, 0x9b,
-	0x1d, 0xa7, 0xf8, 0x57, 0x1b, 0xdc, 0x27, 0x71, 0x21, 0x78, 0x94, 0x13, 0xf6, 0x26, 0x62, 0x3f,
-	0x05, 0x74, 0x93, 0x12, 0x5e, 0x25, 0x9c, 0x08, 0xaf, 0xad, 0x66, 0x8e, 0x6e, 0x10, 0x1f, 0x4b,
-	0xfc, 0xbf, 0xac, 0x9d, 0x41, 0x77, 0x55, 0xae, 0x7f, 0xa2, 0xc2, 0x18, 0x7b, 0xbf, 0xd9, 0xd8,
-	0x85, 0xe2, 0x60, 0xc3, 0x45, 0xf7, 0xa0, 0x5b, 0xac, 0xb7, 0x94, 0x11, 0xaf, 0x33, 0x76, 0x4e,
-	0xef, 0x62, 0x53, 0xa1, 0x8f, 0xe0, 0xe0, 0x57, 0x9a, 0xf3, 0x50, 0x6c, 0x73, 0x5a, 0x6c, 0x79,
-	0xb2, 0xf1, 0xba, 0x6a, 0xc3, 0xa1, 0x44, 0x17, 0x16, 0x94, 0x9a, 0x14, 0x4d, 0x5b, 0xec, 0x29,
-	0x8b, 0xae, 0x44, 0xb4, 0xc1, 0x53, 0x18, 0xd5, 0xcb, 0xc6, 0x5e, 0x5f, 0xcd, 0x39, 0xa8, 0x48,
-	0xda, 0xdc, 0x14, 0x86, 0x29, 0x8d, 0x88, 0x88, 0x5f, 0xd2, 0xb0, 0xc8, 0x48, 0xea, 0xb9, 0xca,
-	0xc4, 0xf8, 0x75, 0x26, 0xe6, 0x19, 0x49, 0xf1, 0xbe, 0x6d, 0x93, 0x95, 0x94, 0x5d, 0x8d, 0xd9,
-	0xd0, 0x44, 0x10, 0x0f, 0xc6, 0xad, 0x53, 0x84, 0xab, 0xe1, 0x8f, 0x24, 0x78, 0x8b, 0xa6, 0xa5,
-	0x0f, 0xc6, 0x2d, 0xe9, 0xce, 0xa2, 0x5a, 0xfe, 0x14, 0x86, 0x19, 0x2f, 0xe2, 0x5a, 0xd4, 0xfe,
-	0x9b, 0x8a, 0xb2, 0x6d, 0x56, 0x54, 0x35, 0x46, 0x8b, 0x1a, 0x6a, 0x51, 0x16, 0xad, 0x44, 0x55,
-	0x34, 0x2d, 0xea, 0x40, 0x8b, 0xb2, 0xa8, 0x12, 0xe5, 0xff, 0xe9, 0x40, 0x57, 0x6f, 0x85, 0x3e,
-	0x86, 0xd1, 0xba, 0x64, 0x65, 0x72, 0xd3, 0x88, 0xbe, 0x66, 0x77, 0x6a, 0x5c, 0x5b, 0x39, 0x83,
-	0x7b, 0xaf, 0x52, 0x6f, 0x5d, 0xb7, 0xc3, 0x57, 0x1a, 0xf4, 0x5b, 0x39, 0x81, 0x41, 0x99, 0x65,
-	0x34, 0x0f, 0x57, 0xbc, 0x4c, 0x37, 0xe6, 0xce, 0x81, 0x82, 0x2e, 0x24, 0x72, 0x2b, 0x17, 0x5a,
-	0xff, 0x3b, 0x17, 0xa0, 0x3e, 0x32, 0x79, 0x11, 0xf9, 0xd5, 0x55, 0x41, 0xb5, 0x83, 0xbb, 0xd8,
-	0x54, 0x12, 0x4f, 0x68, 0x1a, 0x89, 0xad, 0xda, 0x7d, 0x88, 0x4d, 0xe5, 0xff, 0xee, 0x40, 0xdf,
-	0x0e, 0x45, 0xf7, 0xa1, 0x93, 0xc8, 0x54, 0xf4, 0x1c, 0xf5, 0x82, 0x4e, 0x9a, 0x35, 0x54, 0xc1,
-	0x89, 0x35, 0xbb, 0x39, 0x71, 0xd0, 0x97, 0xe0, 0x56, 0xa9, 0x6b, 0x4c, 0x1d, 0x05, 0x3a, 0x97,
-	0x03, 0x9b, 0xcb, 0xc1, 0xc2, 0x32, 0x70, 0x4d, 0xf6, 0xff, 0xde, 0x83, 0xee, 0x4c, 0xa5, 0xfc,
-	0xdb, 0x2a, 0xfa, 0x0c, 0x3a, 0x91, 0xcc, 0x69, 0x13, 0xb2, 0xef, 0x35, 0xb7, 0xa9, 0x28, 0xc7,
-	0x9a, 0x89, 0xbe, 0x80, 0xde, 0x5a, 0x67, 0xb7, 0x11, 0x7b, 0xdc, 0xdc, 0x64, 0x02, 0x1e, 0x5b,
-	0xb6, 0x6c, 0x2c, 0x74, 0xb0, 0xaa, 0x3b, 0xb0, 0xb3, 0xd1, 0xa4, 0x2f, 0xb6, 0x6c, 0xd9, 0x58,
-	0xea, 0x20, 0x54, 0xa1, 0xb1, 0xb3, 0xd1, 0xa4, 0x25, 0xb6, 0x6c, 0xf4, 0x0d, 0xb8, 0x5b, 0x9b,
-	0x8f, 0x2a, 0x2c, 0x76, 0x1e, 0x4c, 0x15, 0xa3, 0xb8, 0xee, 0x90, 0x89, 0x5a, 0x9d, 0x75, 0xc8,
-	0x0a, 0x95, 0x48, 0x2d, 0x3c, 0xa8, 0xb0, 0x59, 0xe1, 0xff, 0xe1, 0xc0, 0xbe, 0x7e, 0x03, 0x8f,
-	0x09, 0x8b, 0x93, 0xeb, 0xc6, 0x4f, 0x24, 0x82, 0xf6, 0x96, 0x26, 0x99, 0xf9, 0x42, 0xaa, 0x67,
-	0x74, 0x06, 0x6d, 0xa9, 0x51, 0x1d, 0xe1, 0xc1, 0xae, 0x5f, 0xb8, 0x9e, 0xbc, 0xb8, 0xce, 0x28,
-	0x56, 0x6c, 0x99, 0xb9, 0xfa, 0xab, 0xee, 0xb5, 0x5f, 0x97, 0xb9, 0xba, 0x0f, 0x1b, 0xee, 0x27,
-	0x2b, 0x80, 0x7a, 0x12, 0x1a, 0x40, 0xef, 0xe1, 0xb3, 0xe5, 0xd3, 0xc5, 0x14, 0x8f, 0xde, 0x41,
-	0x2e, 0x74, 0x2e, 0xcf, 0x97, 0x97, 0xd3, 0x91, 0x23, 0xf1, 0xf9, 0x72, 0x36, 0x3b, 0xc7, 0x2f,
-	0x46, 0x7b, 0xb2, 0x58, 0x3e, 0x5d, 0xbc, 0x78, 0x3e, 0x7d, 0x34, 0x6a, 0xa1, 0x21, 0xb8, 0x4f,
-	0xbe, 0x9d, 0x2f, 0x9e, 0x5d, 0xe2, 0xf3, 0xd9, 0xa8, 0x8d, 0xde, 0x85, 0x3b, 0xaa, 0x27, 0xac,
-	0xc1, 0xce, 0x05, 0x86, 0xc6, 0x3f, 0x18, 0x3f, 0x3c, 0x88, 0x62, 0xb1, 0x2d, 0x57, 0xc1, 0x9a,
-	0xb3, 0x7f, 0xff, 0x45, 0x09, 0x19, 0xdf, 0xd0, 0x64, 0x12, 0xf1, 0xaf, 0x62, 0x1e, 0xd6, 0xab,
-	0xa1, 0x5e, 0xfd, 0x27, 0x00, 0x00, 0xff, 0xff, 0x16, 0x77, 0x81, 0x98, 0xd7, 0x08, 0x00, 0x00,
+var file_io_prometheus_client_metrics_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_io_prometheus_client_metrics_proto_msgTypes = make([]protoimpl.MessageInfo, 12)
+var file_io_prometheus_client_metrics_proto_goTypes = []interface{}{
+	(MetricType)(0),               // 0: io.prometheus.client.MetricType
+	(*LabelPair)(nil),             // 1: io.prometheus.client.LabelPair
+	(*Gauge)(nil),                 // 2: io.prometheus.client.Gauge
+	(*Counter)(nil),               // 3: io.prometheus.client.Counter
+	(*Quantile)(nil),              // 4: io.prometheus.client.Quantile
+	(*Summary)(nil),               // 5: io.prometheus.client.Summary
+	(*Untyped)(nil),               // 6: io.prometheus.client.Untyped
+	(*Histogram)(nil),             // 7: io.prometheus.client.Histogram
+	(*Bucket)(nil),                // 8: io.prometheus.client.Bucket
+	(*BucketSpan)(nil),            // 9: io.prometheus.client.BucketSpan
+	(*Exemplar)(nil),              // 10: io.prometheus.client.Exemplar
+	(*Metric)(nil),                // 11: io.prometheus.client.Metric
+	(*MetricFamily)(nil),          // 12: io.prometheus.client.MetricFamily
+	(*timestamppb.Timestamp)(nil), // 13: google.protobuf.Timestamp
+}
+var file_io_prometheus_client_metrics_proto_depIdxs = []int32{
+	10, // 0: io.prometheus.client.Counter.exemplar:type_name -> io.prometheus.client.Exemplar
+	4,  // 1: io.prometheus.client.Summary.quantile:type_name -> io.prometheus.client.Quantile
+	8,  // 2: io.prometheus.client.Histogram.bucket:type_name -> io.prometheus.client.Bucket
+	9,  // 3: io.prometheus.client.Histogram.negative_span:type_name -> io.prometheus.client.BucketSpan
+	9,  // 4: io.prometheus.client.Histogram.positive_span:type_name -> io.prometheus.client.BucketSpan
+	10, // 5: io.prometheus.client.Bucket.exemplar:type_name -> io.prometheus.client.Exemplar
+	1,  // 6: io.prometheus.client.Exemplar.label:type_name -> io.prometheus.client.LabelPair
+	13, // 7: io.prometheus.client.Exemplar.timestamp:type_name -> google.protobuf.Timestamp
+	1,  // 8: io.prometheus.client.Metric.label:type_name -> io.prometheus.client.LabelPair
+	2,  // 9: io.prometheus.client.Metric.gauge:type_name -> io.prometheus.client.Gauge
+	3,  // 10: io.prometheus.client.Metric.counter:type_name -> io.prometheus.client.Counter
+	5,  // 11: io.prometheus.client.Metric.summary:type_name -> io.prometheus.client.Summary
+	6,  // 12: io.prometheus.client.Metric.untyped:type_name -> io.prometheus.client.Untyped
+	7,  // 13: io.prometheus.client.Metric.histogram:type_name -> io.prometheus.client.Histogram
+	0,  // 14: io.prometheus.client.MetricFamily.type:type_name -> io.prometheus.client.MetricType
+	11, // 15: io.prometheus.client.MetricFamily.metric:type_name -> io.prometheus.client.Metric
+	16, // [16:16] is the sub-list for method output_type
+	16, // [16:16] is the sub-list for method input_type
+	16, // [16:16] is the sub-list for extension type_name
+	16, // [16:16] is the sub-list for extension extendee
+	0,  // [0:16] is the sub-list for field type_name
+}
+
+func init() { file_io_prometheus_client_metrics_proto_init() }
+func file_io_prometheus_client_metrics_proto_init() {
+	if File_io_prometheus_client_metrics_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_io_prometheus_client_metrics_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*LabelPair); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_io_prometheus_client_metrics_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Gauge); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_io_prometheus_client_metrics_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Counter); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_io_prometheus_client_metrics_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Quantile); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_io_prometheus_client_metrics_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Summary); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_io_prometheus_client_metrics_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Untyped); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_io_prometheus_client_metrics_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Histogram); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_io_prometheus_client_metrics_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Bucket); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_io_prometheus_client_metrics_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*BucketSpan); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_io_prometheus_client_metrics_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Exemplar); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_io_prometheus_client_metrics_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Metric); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_io_prometheus_client_metrics_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*MetricFamily); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_io_prometheus_client_metrics_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   12,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_io_prometheus_client_metrics_proto_goTypes,
+		DependencyIndexes: file_io_prometheus_client_metrics_proto_depIdxs,
+		EnumInfos:         file_io_prometheus_client_metrics_proto_enumTypes,
+		MessageInfos:      file_io_prometheus_client_metrics_proto_msgTypes,
+	}.Build()
+	File_io_prometheus_client_metrics_proto = out.File
+	file_io_prometheus_client_metrics_proto_rawDesc = nil
+	file_io_prometheus_client_metrics_proto_goTypes = nil
+	file_io_prometheus_client_metrics_proto_depIdxs = nil
 }
diff --git a/vendor/github.com/prometheus/common/expfmt/decode.go b/vendor/github.com/prometheus/common/expfmt/decode.go
index f4fc88455..906397815 100644
--- a/vendor/github.com/prometheus/common/expfmt/decode.go
+++ b/vendor/github.com/prometheus/common/expfmt/decode.go
@@ -132,7 +132,10 @@ func (d *textDecoder) Decode(v *dto.MetricFamily) error {
 	}
 	// Pick off one MetricFamily per Decode until there's nothing left.
 	for key, fam := range d.fams {
-		*v = *fam
+		v.Name = fam.Name
+		v.Help = fam.Help
+		v.Type = fam.Type
+		v.Metric = fam.Metric
 		delete(d.fams, key)
 		return nil
 	}
diff --git a/vendor/github.com/prometheus/common/expfmt/encode.go b/vendor/github.com/prometheus/common/expfmt/encode.go
index 64dc0eb40..7f611ffaa 100644
--- a/vendor/github.com/prometheus/common/expfmt/encode.go
+++ b/vendor/github.com/prometheus/common/expfmt/encode.go
@@ -18,9 +18,9 @@ import (
 	"io"
 	"net/http"
 
-	"github.com/golang/protobuf/proto" //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
 	"github.com/matttproud/golang_protobuf_extensions/pbutil"
 	"github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg"
+	"google.golang.org/protobuf/encoding/prototext"
 
 	dto "github.com/prometheus/client_model/go"
 )
@@ -99,8 +99,11 @@ func NegotiateIncludingOpenMetrics(h http.Header) Format {
 		if ac.Type == "text" && ac.SubType == "plain" && (ver == TextVersion || ver == "") {
 			return FmtText
 		}
-		if ac.Type+"/"+ac.SubType == OpenMetricsType && (ver == OpenMetricsVersion || ver == "") {
-			return FmtOpenMetrics
+		if ac.Type+"/"+ac.SubType == OpenMetricsType && (ver == OpenMetricsVersion_0_0_1 || ver == OpenMetricsVersion_1_0_0 || ver == "") {
+			if ver == OpenMetricsVersion_1_0_0 {
+				return FmtOpenMetrics_1_0_0
+			}
+			return FmtOpenMetrics_0_0_1
 		}
 	}
 	return FmtText
@@ -133,7 +136,7 @@ func NewEncoder(w io.Writer, format Format) Encoder {
 	case FmtProtoText:
 		return encoderCloser{
 			encode: func(v *dto.MetricFamily) error {
-				_, err := fmt.Fprintln(w, proto.MarshalTextString(v))
+				_, err := fmt.Fprintln(w, prototext.Format(v))
 				return err
 			},
 			close: func() error { return nil },
@@ -146,7 +149,7 @@ func NewEncoder(w io.Writer, format Format) Encoder {
 			},
 			close: func() error { return nil },
 		}
-	case FmtOpenMetrics:
+	case FmtOpenMetrics_0_0_1, FmtOpenMetrics_1_0_0:
 		return encoderCloser{
 			encode: func(v *dto.MetricFamily) error {
 				_, err := MetricFamilyToOpenMetrics(w, v)
diff --git a/vendor/github.com/prometheus/common/expfmt/expfmt.go b/vendor/github.com/prometheus/common/expfmt/expfmt.go
index 0f176fa64..c4cb20f0d 100644
--- a/vendor/github.com/prometheus/common/expfmt/expfmt.go
+++ b/vendor/github.com/prometheus/common/expfmt/expfmt.go
@@ -19,20 +19,22 @@ type Format string
 
 // Constants to assemble the Content-Type values for the different wire protocols.
 const (
-	TextVersion        = "0.0.4"
-	ProtoType          = `application/vnd.google.protobuf`
-	ProtoProtocol      = `io.prometheus.client.MetricFamily`
-	ProtoFmt           = ProtoType + "; proto=" + ProtoProtocol + ";"
-	OpenMetricsType    = `application/openmetrics-text`
-	OpenMetricsVersion = "0.0.1"
+	TextVersion              = "0.0.4"
+	ProtoType                = `application/vnd.google.protobuf`
+	ProtoProtocol            = `io.prometheus.client.MetricFamily`
+	ProtoFmt                 = ProtoType + "; proto=" + ProtoProtocol + ";"
+	OpenMetricsType          = `application/openmetrics-text`
+	OpenMetricsVersion_0_0_1 = "0.0.1"
+	OpenMetricsVersion_1_0_0 = "1.0.0"
 
 	// The Content-Type values for the different wire protocols.
-	FmtUnknown      Format = `<unknown>`
-	FmtText         Format = `text/plain; version=` + TextVersion + `; charset=utf-8`
-	FmtProtoDelim   Format = ProtoFmt + ` encoding=delimited`
-	FmtProtoText    Format = ProtoFmt + ` encoding=text`
-	FmtProtoCompact Format = ProtoFmt + ` encoding=compact-text`
-	FmtOpenMetrics  Format = OpenMetricsType + `; version=` + OpenMetricsVersion + `; charset=utf-8`
+	FmtUnknown           Format = `<unknown>`
+	FmtText              Format = `text/plain; version=` + TextVersion + `; charset=utf-8`
+	FmtProtoDelim        Format = ProtoFmt + ` encoding=delimited`
+	FmtProtoText         Format = ProtoFmt + ` encoding=text`
+	FmtProtoCompact      Format = ProtoFmt + ` encoding=compact-text`
+	FmtOpenMetrics_1_0_0 Format = OpenMetricsType + `; version=` + OpenMetricsVersion_1_0_0 + `; charset=utf-8`
+	FmtOpenMetrics_0_0_1 Format = OpenMetricsType + `; version=` + OpenMetricsVersion_0_0_1 + `; charset=utf-8`
 )
 
 const (
diff --git a/vendor/github.com/prometheus/common/expfmt/text_parse.go b/vendor/github.com/prometheus/common/expfmt/text_parse.go
index ac2482782..35db1cc9d 100644
--- a/vendor/github.com/prometheus/common/expfmt/text_parse.go
+++ b/vendor/github.com/prometheus/common/expfmt/text_parse.go
@@ -24,8 +24,8 @@ import (
 
 	dto "github.com/prometheus/client_model/go"
 
-	"github.com/golang/protobuf/proto" //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility.
 	"github.com/prometheus/common/model"
+	"google.golang.org/protobuf/proto"
 )
 
 // A stateFn is a function that represents a state in a state machine. By
diff --git a/vendor/github.com/prometheus/prometheus/config/config.go b/vendor/github.com/prometheus/prometheus/config/config.go
index a29c98eed..5c51d5a0d 100644
--- a/vendor/github.com/prometheus/prometheus/config/config.go
+++ b/vendor/github.com/prometheus/prometheus/config/config.go
@@ -173,16 +173,16 @@ var (
 
 	// DefaultQueueConfig is the default remote queue configuration.
 	DefaultQueueConfig = QueueConfig{
-		// With a maximum of 200 shards, assuming an average of 100ms remote write
-		// time and 500 samples per batch, we will be able to push 1M samples/s.
-		MaxShards:         200,
+		// With a maximum of 50 shards, assuming an average of 100ms remote write
+		// time and 2000 samples per batch, we will be able to push 1M samples/s.
+		MaxShards:         50,
 		MinShards:         1,
-		MaxSamplesPerSend: 500,
+		MaxSamplesPerSend: 2000,
 
-		// Each shard will have a max of 2500 samples pending in its channel, plus the pending
-		// samples that have been enqueued. Theoretically we should only ever have about 3000 samples
-		// per shard pending. At 200 shards that's 600k.
-		Capacity:          2500,
+		// Each shard will have a max of 10,000 samples pending in its channel, plus the pending
+		// samples that have been enqueued. Theoretically we should only ever have about 12,000 samples
+		// per shard pending. At 50 shards that's 600k.
+		Capacity:          10000,
 		BatchSendDeadline: model.Duration(5 * time.Second),
 
 		// Backoff times for retrying a batch of samples on recoverable errors.
@@ -194,7 +194,7 @@ var (
 	DefaultMetadataConfig = MetadataConfig{
 		Send:              true,
 		SendInterval:      model.Duration(1 * time.Minute),
-		MaxSamplesPerSend: 500,
+		MaxSamplesPerSend: 2000,
 	}
 
 	// DefaultRemoteReadConfig is the default remote read configuration.
diff --git a/vendor/github.com/prometheus/prometheus/discovery/registry.go b/vendor/github.com/prometheus/prometheus/discovery/registry.go
index 8274628c2..13168a07a 100644
--- a/vendor/github.com/prometheus/prometheus/discovery/registry.go
+++ b/vendor/github.com/prometheus/prometheus/discovery/registry.go
@@ -253,7 +253,7 @@ func replaceYAMLTypeError(err error, oldTyp, newTyp reflect.Type) error {
 		oldStr := oldTyp.String()
 		newStr := newTyp.String()
 		for i, s := range e.Errors {
-			e.Errors[i] = strings.Replace(s, oldStr, newStr, -1)
+			e.Errors[i] = strings.ReplaceAll(s, oldStr, newStr)
 		}
 	}
 	return err
diff --git a/vendor/github.com/prometheus/prometheus/model/histogram/float_histogram.go b/vendor/github.com/prometheus/prometheus/model/histogram/float_histogram.go
index 256679a8c..f95f0051c 100644
--- a/vendor/github.com/prometheus/prometheus/model/histogram/float_histogram.go
+++ b/vendor/github.com/prometheus/prometheus/model/histogram/float_histogram.go
@@ -192,6 +192,30 @@ func (h *FloatHistogram) Scale(factor float64) *FloatHistogram {
 //
 // This method returns a pointer to the receiving histogram for convenience.
 func (h *FloatHistogram) Add(other *FloatHistogram) *FloatHistogram {
+	switch {
+	case other.CounterResetHint == h.CounterResetHint:
+		// Adding apples to apples, all good. No need to change anything.
+	case h.CounterResetHint == GaugeType:
+		// Adding something else to a gauge. That's probably OK. Outcome is a gauge.
+		// Nothing to do since the receiver is already marked as gauge.
+	case other.CounterResetHint == GaugeType:
+		// Similar to before, but this time the receiver is "something else" and we have to change it to gauge.
+		h.CounterResetHint = GaugeType
+	case h.CounterResetHint == UnknownCounterReset:
+		// With the receiver's CounterResetHint being "unknown", this could still be legitimate
+		// if the caller knows what they are doing. Outcome is then again "unknown".
+		// No need to do anything since the receiver's CounterResetHint is already "unknown".
+	case other.CounterResetHint == UnknownCounterReset:
+		// Similar to before, but now we have to set the receiver's CounterResetHint to "unknown".
+		h.CounterResetHint = UnknownCounterReset
+	default:
+		// All other cases shouldn't actually happen.
+		// They are a direct collision of CounterReset and NotCounterReset.
+		// Conservatively set the CounterResetHint to "unknown" and isse a warning.
+		h.CounterResetHint = UnknownCounterReset
+		// TODO(trevorwhitney): Actually issue the warning as soon as the plumbing for it is in place
+	}
+
 	otherZeroCount := h.reconcileZeroBuckets(other)
 	h.ZeroCount += otherZeroCount
 	h.Count += other.Count
@@ -414,6 +438,10 @@ func (h *FloatHistogram) Compact(maxEmptyBuckets int) *FloatHistogram {
 // of observations, but NOT the sum of observations) is smaller in the receiving
 // histogram compared to the previous histogram. Otherwise, it returns false.
 //
+// This method will shortcut to true if a CounterReset is detected, and shortcut
+// to false if NotCounterReset is detected. Otherwise it will do the work to detect
+// a reset.
+//
 // Special behavior in case the Schema or the ZeroThreshold are not the same in
 // both histograms:
 //
@@ -432,12 +460,23 @@ func (h *FloatHistogram) Compact(maxEmptyBuckets int) *FloatHistogram {
 //   - Upon a decrease of the Schema, the buckets of the previous histogram are
 //     merged so that they match the new, lower-resolution schema (again without
 //     mutating the provided previous histogram).
-//
-// Note that this kind of reset detection is quite expensive. Ideally, resets
-// are detected at ingest time and stored in the TSDB, so that the reset
-// information can be read directly from there rather than be detected each time
-// again.
 func (h *FloatHistogram) DetectReset(previous *FloatHistogram) bool {
+	if h.CounterResetHint == CounterReset {
+		return true
+	}
+	if h.CounterResetHint == NotCounterReset {
+		return false
+	}
+	// In all other cases of CounterResetHint (UnknownCounterReset and GaugeType),
+	// we go on as we would otherwise, for reasons explained below.
+	//
+	// If the CounterResetHint is UnknownCounterReset, we do not know yet if this histogram comes
+	// with a counter reset. Therefore, we have to do all the detailed work to find out if there
+	// is a counter reset or not.
+	// We do the same if the CounterResetHint is GaugeType, which should not happen, but PromQL still
+	// allows the user to apply functions to gauge histograms that are only meant for counter histograms.
+	// In this case, we treat the gauge histograms as a counter histograms
+	// (and we plan to return a warning about it to the user).
 	if h.Count < previous.Count {
 		return true
 	}
@@ -785,10 +824,11 @@ mergeLoop: // Merge together all buckets from the original schema that fall into
 			origIdx += span.Offset
 		}
 		currIdx := i.targetIdx(origIdx)
-		if firstPass {
+		switch {
+		case firstPass:
 			i.currIdx = currIdx
 			firstPass = false
-		} else if currIdx != i.currIdx {
+		case currIdx != i.currIdx:
 			// Reached next bucket in targetSchema.
 			// Do not actually forward to the next bucket, but break out.
 			break mergeLoop
diff --git a/vendor/github.com/prometheus/prometheus/model/labels/labels.go b/vendor/github.com/prometheus/prometheus/model/labels/labels.go
index 6de001c3c..9ac0e5b53 100644
--- a/vendor/github.com/prometheus/prometheus/model/labels/labels.go
+++ b/vendor/github.com/prometheus/prometheus/model/labels/labels.go
@@ -169,11 +169,12 @@ func (ls Labels) HashForLabels(b []byte, names ...string) (uint64, []byte) {
 	b = b[:0]
 	i, j := 0, 0
 	for i < len(ls) && j < len(names) {
-		if names[j] < ls[i].Name {
+		switch {
+		case names[j] < ls[i].Name:
 			j++
-		} else if ls[i].Name < names[j] {
+		case ls[i].Name < names[j]:
 			i++
-		} else {
+		default:
 			b = append(b, ls[i].Name...)
 			b = append(b, seps[0])
 			b = append(b, ls[i].Value...)
@@ -213,11 +214,12 @@ func (ls Labels) BytesWithLabels(buf []byte, names ...string) []byte {
 	b.WriteByte(labelSep)
 	i, j := 0, 0
 	for i < len(ls) && j < len(names) {
-		if names[j] < ls[i].Name {
+		switch {
+		case names[j] < ls[i].Name:
 			j++
-		} else if ls[i].Name < names[j] {
+		case ls[i].Name < names[j]:
 			i++
-		} else {
+		default:
 			if b.Len() > 1 {
 				b.WriteByte(seps[0])
 			}
@@ -531,24 +533,23 @@ func (b *Builder) Set(n, v string) *Builder {
 }
 
 func (b *Builder) Get(n string) string {
-	for _, d := range b.del {
-		if d == n {
-			return ""
-		}
-	}
+	// Del() removes entries from .add but Set() does not remove from .del, so check .add first.
 	for _, a := range b.add {
 		if a.Name == n {
 			return a.Value
 		}
 	}
+	if slices.Contains(b.del, n) {
+		return ""
+	}
 	return b.base.Get(n)
 }
 
 // Range calls f on each label in the Builder.
 func (b *Builder) Range(f func(l Label)) {
 	// Stack-based arrays to avoid heap allocation in most cases.
-	var addStack [1024]Label
-	var delStack [1024]string
+	var addStack [128]Label
+	var delStack [128]string
 	// Take a copy of add and del, so they are unaffected by calls to Set() or Del().
 	origAdd, origDel := append(addStack[:0], b.add...), append(delStack[:0], b.del...)
 	b.base.Range(func(l Label) {
@@ -570,24 +571,18 @@ func contains(s []Label, n string) bool {
 	return false
 }
 
-// Labels returns the labels from the builder, adding them to res if non-nil.
-// Argument res can be the same as b.base, if caller wants to overwrite that slice.
+// Labels returns the labels from the builder.
 // If no modifications were made, the original labels are returned.
-func (b *Builder) Labels(res Labels) Labels {
+func (b *Builder) Labels() Labels {
 	if len(b.del) == 0 && len(b.add) == 0 {
 		return b.base
 	}
 
-	if res == nil {
-		// In the general case, labels are removed, modified or moved
-		// rather than added.
-		res = make(Labels, 0, len(b.base))
-	} else {
-		res = res[:0]
+	expectedSize := len(b.base) + len(b.add) - len(b.del)
+	if expectedSize < 1 {
+		expectedSize = 1
 	}
-	// Justification that res can be the same slice as base: in this loop
-	// we move forward through base, and either skip an element or assign
-	// it to res at its current position or an earlier position.
+	res := make(Labels, 0, expectedSize)
 	for _, l := range b.base {
 		if slices.Contains(b.del, l.Name) || contains(b.add, l.Name) {
 			continue
@@ -637,3 +632,9 @@ func (b *ScratchBuilder) Labels() Labels {
 	// Copy the slice, so the next use of ScratchBuilder doesn't overwrite.
 	return append([]Label{}, b.add...)
 }
+
+// Write the newly-built Labels out to ls.
+// Callers must ensure that there are no other references to ls, or any strings fetched from it.
+func (b *ScratchBuilder) Overwrite(ls *Labels) {
+	*ls = append((*ls)[:0], b.add...)
+}
diff --git a/vendor/github.com/prometheus/prometheus/model/labels/labels_string.go b/vendor/github.com/prometheus/prometheus/model/labels/labels_string.go
index 98db29d25..6d54e98ab 100644
--- a/vendor/github.com/prometheus/prometheus/model/labels/labels_string.go
+++ b/vendor/github.com/prometheus/prometheus/model/labels/labels_string.go
@@ -56,8 +56,14 @@ func (ls labelSlice) Swap(i, j int)      { ls[i], ls[j] = ls[j], ls[i] }
 func (ls labelSlice) Less(i, j int) bool { return ls[i].Name < ls[j].Name }
 
 func decodeSize(data string, index int) (int, int) {
-	var size int
-	for shift := uint(0); ; shift += 7 {
+	// Fast-path for common case of a single byte, value 0..127.
+	b := data[index]
+	index++
+	if b < 0x80 {
+		return int(b), index
+	}
+	size := int(b & 0x7F)
+	for shift := uint(7); ; shift += 7 {
 		// Just panic if we go of the end of data, since all Labels strings are constructed internally and
 		// malformed data indicates a bug, or memory corruption.
 		b := data[index]
@@ -158,7 +164,7 @@ func (ls Labels) MatchLabels(on bool, names ...string) Labels {
 		b.Del(MetricName)
 		b.Del(names...)
 	}
-	return b.Labels(EmptyLabels())
+	return b.Labels()
 }
 
 // Hash returns a hash value for the label set.
@@ -587,22 +593,23 @@ func (b *Builder) Set(n, v string) *Builder {
 }
 
 func (b *Builder) Get(n string) string {
-	if slices.Contains(b.del, n) {
-		return ""
-	}
+	// Del() removes entries from .add but Set() does not remove from .del, so check .add first.
 	for _, a := range b.add {
 		if a.Name == n {
 			return a.Value
 		}
 	}
+	if slices.Contains(b.del, n) {
+		return ""
+	}
 	return b.base.Get(n)
 }
 
 // Range calls f on each label in the Builder.
 func (b *Builder) Range(f func(l Label)) {
 	// Stack-based arrays to avoid heap allocation in most cases.
-	var addStack [1024]Label
-	var delStack [1024]string
+	var addStack [128]Label
+	var delStack [128]string
 	// Take a copy of add and del, so they are unaffected by calls to Set() or Del().
 	origAdd, origDel := append(addStack[:0], b.add...), append(delStack[:0], b.del...)
 	b.base.Range(func(l Label) {
@@ -624,10 +631,9 @@ func contains(s []Label, n string) bool {
 	return false
 }
 
-// Labels returns the labels from the builder, adding them to res if non-nil.
-// Argument res can be the same as b.base, if caller wants to overwrite that slice.
+// Labels returns the labels from the builder.
 // If no modifications were made, the original labels are returned.
-func (b *Builder) Labels(res Labels) Labels {
+func (b *Builder) Labels() Labels {
 	if len(b.del) == 0 && len(b.add) == 0 {
 		return b.base
 	}
@@ -637,7 +643,7 @@ func (b *Builder) Labels(res Labels) Labels {
 	a, d := 0, 0
 
 	bufSize := len(b.base.data) + labelsSize(b.add)
-	buf := make([]byte, 0, bufSize) // TODO: see if we can re-use the buffer from res.
+	buf := make([]byte, 0, bufSize)
 	for pos := 0; pos < len(b.base.data); {
 		oldPos := pos
 		var lName string
@@ -812,7 +818,7 @@ func (b *ScratchBuilder) Labels() Labels {
 }
 
 // Write the newly-built Labels out to ls, reusing an internal buffer.
-// Callers must ensure that there are no other references to ls.
+// Callers must ensure that there are no other references to ls, or any strings fetched from it.
 func (b *ScratchBuilder) Overwrite(ls *Labels) {
 	size := labelsSize(b.add)
 	if size <= cap(b.overwriteBuffer) {
diff --git a/vendor/github.com/prometheus/prometheus/model/relabel/relabel.go b/vendor/github.com/prometheus/prometheus/model/relabel/relabel.go
index 5ef79b4a7..5027c3963 100644
--- a/vendor/github.com/prometheus/prometheus/model/relabel/relabel.go
+++ b/vendor/github.com/prometheus/prometheus/model/relabel/relabel.go
@@ -211,7 +211,7 @@ func Process(lbls labels.Labels, cfgs ...*Config) (ret labels.Labels, keep bool)
 	if !ProcessBuilder(lb, cfgs...) {
 		return labels.EmptyLabels(), false
 	}
-	return lb.Labels(lbls), true
+	return lb.Labels(), true
 }
 
 // ProcessBuilder is like Process, but the caller passes a labels.Builder
diff --git a/vendor/github.com/prometheus/prometheus/model/textparse/promparse.go b/vendor/github.com/prometheus/prometheus/model/textparse/promparse.go
index 2c981f050..94338a666 100644
--- a/vendor/github.com/prometheus/prometheus/model/textparse/promparse.go
+++ b/vendor/github.com/prometheus/prometheus/model/textparse/promparse.go
@@ -238,9 +238,10 @@ func (p *PromParser) Metric(l *labels.Labels) string {
 	return s
 }
 
-// Exemplar writes the exemplar of the current sample into the passed
-// exemplar. It returns if an exemplar exists.
-func (p *PromParser) Exemplar(e *exemplar.Exemplar) bool {
+// Exemplar implements the Parser interface. However, since the classic
+// Prometheus text format does not support exemplars, this implementation simply
+// returns false and does nothing else.
+func (p *PromParser) Exemplar(*exemplar.Exemplar) bool {
 	return false
 }
 
diff --git a/vendor/github.com/prometheus/prometheus/prompb/custom.go b/vendor/github.com/prometheus/prometheus/prompb/custom.go
index 4b07187bd..13d6e0f0c 100644
--- a/vendor/github.com/prometheus/prometheus/prompb/custom.go
+++ b/vendor/github.com/prometheus/prometheus/prompb/custom.go
@@ -20,6 +20,11 @@ import (
 func (m Sample) T() int64   { return m.Timestamp }
 func (m Sample) V() float64 { return m.Value }
 
+func (h Histogram) IsFloatHistogram() bool {
+	_, ok := h.GetCount().(*Histogram_CountFloat)
+	return ok
+}
+
 func (r *ChunkedReadResponse) PooledMarshal(p *sync.Pool) ([]byte, error) {
 	size := r.Size()
 	data, ok := p.Get().(*[]byte)
diff --git a/vendor/github.com/prometheus/prometheus/prompb/types.pb.go b/vendor/github.com/prometheus/prometheus/prompb/types.pb.go
index e78e48809..125f868e9 100644
--- a/vendor/github.com/prometheus/prometheus/prompb/types.pb.go
+++ b/vendor/github.com/prometheus/prometheus/prompb/types.pb.go
@@ -134,21 +134,24 @@ func (LabelMatcher_Type) EnumDescriptor() ([]byte, []int) {
 type Chunk_Encoding int32
 
 const (
-	Chunk_UNKNOWN   Chunk_Encoding = 0
-	Chunk_XOR       Chunk_Encoding = 1
-	Chunk_HISTOGRAM Chunk_Encoding = 2
+	Chunk_UNKNOWN         Chunk_Encoding = 0
+	Chunk_XOR             Chunk_Encoding = 1
+	Chunk_HISTOGRAM       Chunk_Encoding = 2
+	Chunk_FLOAT_HISTOGRAM Chunk_Encoding = 3
 )
 
 var Chunk_Encoding_name = map[int32]string{
 	0: "UNKNOWN",
 	1: "XOR",
 	2: "HISTOGRAM",
+	3: "FLOAT_HISTOGRAM",
 }
 
 var Chunk_Encoding_value = map[string]int32{
-	"UNKNOWN":   0,
-	"XOR":       1,
-	"HISTOGRAM": 2,
+	"UNKNOWN":         0,
+	"XOR":             1,
+	"HISTOGRAM":       2,
+	"FLOAT_HISTOGRAM": 3,
 }
 
 func (x Chunk_Encoding) String() string {
@@ -1143,75 +1146,76 @@ func init() {
 func init() { proto.RegisterFile("types.proto", fileDescriptor_d938547f84707355) }
 
 var fileDescriptor_d938547f84707355 = []byte{
-	// 1081 bytes of a gzipped FileDescriptorProto
+	// 1092 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x56, 0xdb, 0x6e, 0xdb, 0x46,
-	0x13, 0x36, 0x49, 0x89, 0x12, 0x47, 0x87, 0xd0, 0x0b, 0x27, 0x3f, 0xff, 0xa0, 0x71, 0x54, 0x02,
-	0x69, 0x85, 0xa2, 0x90, 0x91, 0xb4, 0x17, 0x0d, 0x1a, 0x14, 0xb0, 0x5d, 0xf9, 0x80, 0x46, 0x12,
-	0xb2, 0x92, 0xd1, 0xa6, 0x37, 0xc2, 0x5a, 0x5a, 0x4b, 0x44, 0x78, 0x2a, 0x77, 0x15, 0x58, 0x7d,
-	0x8f, 0xde, 0xf5, 0x25, 0x7a, 0xdf, 0x07, 0x08, 0xd0, 0x9b, 0x3e, 0x41, 0x51, 0xf8, 0xaa, 0x8f,
-	0x51, 0xec, 0x90, 0x14, 0xa9, 0x38, 0x05, 0x9a, 0xde, 0xed, 0x7c, 0xf3, 0xcd, 0xec, 0xc7, 0xdd,
-	0x99, 0x59, 0x42, 0x43, 0xae, 0x63, 0x2e, 0x7a, 0x71, 0x12, 0xc9, 0x88, 0x40, 0x9c, 0x44, 0x01,
-	0x97, 0x4b, 0xbe, 0x12, 0xf7, 0xf7, 0x16, 0xd1, 0x22, 0x42, 0xf8, 0x40, 0xad, 0x52, 0x86, 0xfb,
-	0xb3, 0x0e, 0xed, 0x01, 0x97, 0x89, 0x37, 0x1b, 0x70, 0xc9, 0xe6, 0x4c, 0x32, 0xf2, 0x14, 0x2a,
-	0x2a, 0x87, 0xa3, 0x75, 0xb4, 0x6e, 0xfb, 0xc9, 0xa3, 0x5e, 0x91, 0xa3, 0xb7, 0xcd, 0xcc, 0xcc,
-	0xc9, 0x3a, 0xe6, 0x14, 0x43, 0xc8, 0xa7, 0x40, 0x02, 0xc4, 0xa6, 0x57, 0x2c, 0xf0, 0xfc, 0xf5,
-	0x34, 0x64, 0x01, 0x77, 0xf4, 0x8e, 0xd6, 0xb5, 0xa8, 0x9d, 0x7a, 0x4e, 0xd0, 0x31, 0x64, 0x01,
-	0x27, 0x04, 0x2a, 0x4b, 0xee, 0xc7, 0x4e, 0x05, 0xfd, 0xb8, 0x56, 0xd8, 0x2a, 0xf4, 0xa4, 0x53,
-	0x4d, 0x31, 0xb5, 0x76, 0xd7, 0x00, 0xc5, 0x4e, 0xa4, 0x01, 0xb5, 0x8b, 0xe1, 0x37, 0xc3, 0xd1,
-	0xb7, 0x43, 0x7b, 0x47, 0x19, 0xc7, 0xa3, 0x8b, 0xe1, 0xa4, 0x4f, 0x6d, 0x8d, 0x58, 0x50, 0x3d,
-	0x3d, 0xbc, 0x38, 0xed, 0xdb, 0x3a, 0x69, 0x81, 0x75, 0x76, 0x3e, 0x9e, 0x8c, 0x4e, 0xe9, 0xe1,
-	0xc0, 0x36, 0x08, 0x81, 0x36, 0x7a, 0x0a, 0xac, 0xa2, 0x42, 0xc7, 0x17, 0x83, 0xc1, 0x21, 0x7d,
-	0x69, 0x57, 0x49, 0x1d, 0x2a, 0xe7, 0xc3, 0x93, 0x91, 0x6d, 0x92, 0x26, 0xd4, 0xc7, 0x93, 0xc3,
-	0x49, 0x7f, 0xdc, 0x9f, 0xd8, 0x35, 0xf7, 0x19, 0x98, 0x63, 0x16, 0xc4, 0x3e, 0x27, 0x7b, 0x50,
-	0x7d, 0xcd, 0xfc, 0x55, 0x7a, 0x2c, 0x1a, 0x4d, 0x0d, 0xf2, 0x01, 0x58, 0xd2, 0x0b, 0xb8, 0x90,
-	0x2c, 0x88, 0xf1, 0x3b, 0x0d, 0x5a, 0x00, 0x6e, 0x04, 0xf5, 0xfe, 0x35, 0x0f, 0x62, 0x9f, 0x25,
-	0xe4, 0x00, 0x4c, 0x9f, 0x5d, 0x72, 0x5f, 0x38, 0x5a, 0xc7, 0xe8, 0x36, 0x9e, 0xec, 0x96, 0xcf,
-	0xf5, 0xb9, 0xf2, 0x1c, 0x55, 0xde, 0xfc, 0xf1, 0x70, 0x87, 0x66, 0xb4, 0x62, 0x43, 0xfd, 0x1f,
-	0x37, 0x34, 0xde, 0xde, 0xf0, 0xb7, 0x2a, 0x58, 0x67, 0x9e, 0x90, 0xd1, 0x22, 0x61, 0x01, 0x79,
-	0x00, 0xd6, 0x2c, 0x5a, 0x85, 0x72, 0xea, 0x85, 0x12, 0x65, 0x57, 0xce, 0x76, 0x68, 0x1d, 0xa1,
-	0xf3, 0x50, 0x92, 0x0f, 0xa1, 0x91, 0xba, 0xaf, 0xfc, 0x88, 0xc9, 0x74, 0x9b, 0xb3, 0x1d, 0x0a,
-	0x08, 0x9e, 0x28, 0x8c, 0xd8, 0x60, 0x88, 0x55, 0x80, 0xfb, 0x68, 0x54, 0x2d, 0xc9, 0x3d, 0x30,
-	0xc5, 0x6c, 0xc9, 0x03, 0x86, 0xb7, 0xb6, 0x4b, 0x33, 0x8b, 0x3c, 0x82, 0xf6, 0x8f, 0x3c, 0x89,
-	0xa6, 0x72, 0x99, 0x70, 0xb1, 0x8c, 0xfc, 0x39, 0xde, 0xa0, 0x46, 0x5b, 0x0a, 0x9d, 0xe4, 0x20,
-	0xf9, 0x28, 0xa3, 0x15, 0xba, 0x4c, 0xd4, 0xa5, 0xd1, 0xa6, 0xc2, 0x8f, 0x73, 0x6d, 0x9f, 0x80,
-	0x5d, 0xe2, 0xa5, 0x02, 0x6b, 0x28, 0x50, 0xa3, 0xed, 0x0d, 0x33, 0x15, 0x79, 0x0c, 0xed, 0x90,
-	0x2f, 0x98, 0xf4, 0x5e, 0xf3, 0xa9, 0x88, 0x59, 0x28, 0x9c, 0x3a, 0x9e, 0xf0, 0xbd, 0xf2, 0x09,
-	0x1f, 0xad, 0x66, 0xaf, 0xb8, 0x1c, 0xc7, 0x2c, 0xcc, 0x8e, 0xb9, 0x95, 0xc7, 0x28, 0x4c, 0x90,
-	0x8f, 0xe1, 0xce, 0x26, 0xc9, 0x9c, 0xfb, 0x92, 0x09, 0xc7, 0xea, 0x18, 0x5d, 0x42, 0x37, 0xb9,
-	0xbf, 0x46, 0x74, 0x8b, 0x88, 0xea, 0x84, 0x03, 0x1d, 0xa3, 0xab, 0x15, 0x44, 0x94, 0x26, 0x94,
-	0xac, 0x38, 0x12, 0x5e, 0x49, 0x56, 0xe3, 0xdf, 0xc8, 0xca, 0x63, 0x36, 0xb2, 0x36, 0x49, 0x32,
-	0x59, 0xcd, 0x54, 0x56, 0x0e, 0x17, 0xb2, 0x36, 0xc4, 0x4c, 0x56, 0x2b, 0x95, 0x95, 0xc3, 0x99,
-	0xac, 0xaf, 0x00, 0x12, 0x2e, 0xb8, 0x9c, 0x2e, 0xd5, 0xe9, 0xb7, 0xb1, 0xc7, 0x1f, 0x96, 0x25,
-	0x6d, 0xea, 0xa7, 0x47, 0x15, 0xef, 0xcc, 0x0b, 0x25, 0xb5, 0x92, 0x7c, 0xb9, 0x5d, 0x80, 0x77,
-	0xde, 0x2e, 0xc0, 0xcf, 0xc1, 0xda, 0x44, 0x6d, 0x77, 0x6a, 0x0d, 0x8c, 0x97, 0xfd, 0xb1, 0xad,
-	0x11, 0x13, 0xf4, 0xe1, 0xc8, 0xd6, 0x8b, 0x6e, 0x35, 0x8e, 0x6a, 0x50, 0x45, 0xcd, 0x47, 0x4d,
-	0x80, 0xe2, 0xda, 0xdd, 0x67, 0x00, 0xc5, 0xf9, 0xa8, 0xca, 0x8b, 0xae, 0xae, 0x04, 0x4f, 0x4b,
-	0x79, 0x97, 0x66, 0x96, 0xc2, 0x7d, 0x1e, 0x2e, 0xe4, 0x12, 0x2b, 0xb8, 0x45, 0x33, 0xcb, 0xfd,
-	0x4b, 0x03, 0x98, 0x78, 0x01, 0x1f, 0xf3, 0xc4, 0xe3, 0xe2, 0xfd, 0xfb, 0xef, 0x09, 0xd4, 0x04,
-	0xb6, 0xbe, 0x70, 0x74, 0x8c, 0x20, 0xe5, 0x88, 0x74, 0x2a, 0x64, 0x21, 0x39, 0x91, 0x7c, 0x01,
-	0x16, 0xcf, 0x1a, 0x5e, 0x38, 0x06, 0x46, 0xed, 0x95, 0xa3, 0xf2, 0x69, 0x90, 0xc5, 0x15, 0x64,
-	0xf2, 0x25, 0xc0, 0x32, 0x3f, 0x78, 0xe1, 0x54, 0x30, 0xf4, 0xee, 0x3b, 0xaf, 0x25, 0x8b, 0x2d,
-	0xd1, 0xdd, 0xc7, 0x50, 0xc5, 0x2f, 0x50, 0xd3, 0x13, 0x27, 0xae, 0x96, 0x4e, 0x4f, 0xb5, 0xde,
-	0x9e, 0x23, 0x56, 0x36, 0x47, 0xdc, 0xa7, 0x60, 0x3e, 0x4f, 0xbf, 0xf3, 0x7d, 0x0f, 0xc6, 0xfd,
-	0x49, 0x83, 0x26, 0xe2, 0x03, 0x26, 0x67, 0x4b, 0x9e, 0x90, 0xc7, 0x5b, 0x0f, 0xc6, 0x83, 0x5b,
-	0xf1, 0x19, 0xaf, 0x57, 0x7a, 0x28, 0x72, 0xa1, 0xfa, 0xbb, 0x84, 0x1a, 0x65, 0xa1, 0x5d, 0xa8,
-	0xe0, 0xd8, 0x37, 0x41, 0xef, 0xbf, 0x48, 0xeb, 0x68, 0xd8, 0x7f, 0x91, 0xd6, 0x11, 0x55, 0xa3,
-	0x5e, 0x01, 0xb4, 0x6f, 0x1b, 0xee, 0x2f, 0x9a, 0x2a, 0x3e, 0x36, 0x57, 0xb5, 0x27, 0xc8, 0xff,
-	0xa0, 0x26, 0x24, 0x8f, 0xa7, 0x81, 0x40, 0x5d, 0x06, 0x35, 0x95, 0x39, 0x10, 0x6a, 0xeb, 0xab,
-	0x55, 0x38, 0xcb, 0xb7, 0x56, 0x6b, 0xf2, 0x7f, 0xa8, 0x0b, 0xc9, 0x12, 0xa9, 0xd8, 0xe9, 0x50,
-	0xad, 0xa1, 0x3d, 0x10, 0xe4, 0x2e, 0x98, 0x3c, 0x9c, 0x4f, 0xf1, 0x52, 0x94, 0xa3, 0xca, 0xc3,
-	0xf9, 0x40, 0x90, 0xfb, 0x50, 0x5f, 0x24, 0xd1, 0x2a, 0xf6, 0xc2, 0x85, 0x53, 0xed, 0x18, 0x5d,
-	0x8b, 0x6e, 0x6c, 0xd2, 0x06, 0xfd, 0x72, 0x8d, 0x83, 0xad, 0x4e, 0xf5, 0xcb, 0xb5, 0xca, 0x9e,
-	0xb0, 0x70, 0xc1, 0x55, 0x92, 0x5a, 0x9a, 0x1d, 0xed, 0x81, 0x70, 0x7f, 0xd5, 0xa0, 0x7a, 0xbc,
-	0x5c, 0x85, 0xaf, 0xc8, 0x3e, 0x34, 0x02, 0x2f, 0x9c, 0xaa, 0x56, 0x2a, 0x34, 0x5b, 0x81, 0x17,
-	0xaa, 0x1a, 0x1e, 0x08, 0xf4, 0xb3, 0xeb, 0x8d, 0x3f, 0x7b, 0x6b, 0x02, 0x76, 0x9d, 0xf9, 0x7b,
-	0xd9, 0x25, 0x18, 0x78, 0x09, 0xf7, 0xcb, 0x97, 0x80, 0x1b, 0xf4, 0xfa, 0xe1, 0x2c, 0x9a, 0x7b,
-	0xe1, 0xa2, 0xb8, 0x01, 0xf5, 0x86, 0xe3, 0x57, 0x35, 0x29, 0xae, 0xdd, 0x03, 0xa8, 0xe7, 0xac,
-	0x5b, 0xcd, 0xfb, 0xdd, 0x48, 0x3d, 0xb1, 0x5b, 0xef, 0xaa, 0xee, 0xfe, 0x00, 0x2d, 0x4c, 0xce,
-	0xe7, 0xff, 0xb5, 0xcb, 0x0e, 0xc0, 0x9c, 0xa9, 0x0c, 0x79, 0x93, 0xed, 0xde, 0x12, 0x9e, 0x07,
-	0xa4, 0xb4, 0xa3, 0xbd, 0x37, 0x37, 0xfb, 0xda, 0xef, 0x37, 0xfb, 0xda, 0x9f, 0x37, 0xfb, 0xda,
-	0xf7, 0xa6, 0x62, 0xc7, 0x97, 0x97, 0x26, 0xfe, 0xcd, 0x7c, 0xf6, 0x77, 0x00, 0x00, 0x00, 0xff,
-	0xff, 0x53, 0x09, 0xe5, 0x37, 0xfe, 0x08, 0x00, 0x00,
+	0x13, 0x36, 0x49, 0x89, 0x12, 0x47, 0x87, 0xd0, 0xfb, 0x3b, 0xf9, 0x59, 0xa3, 0x71, 0x54, 0x02,
+	0x69, 0x85, 0xa2, 0x90, 0x11, 0xb7, 0x17, 0x0d, 0x1a, 0x14, 0xb0, 0x1d, 0xf9, 0x80, 0x5a, 0x12,
+	0xb2, 0x92, 0xd1, 0xa6, 0x37, 0xc2, 0x5a, 0x5a, 0x4b, 0x44, 0xc4, 0x43, 0xb9, 0xab, 0xc0, 0xea,
+	0x7b, 0xf4, 0xae, 0x2f, 0xd1, 0xb7, 0x08, 0xd0, 0x9b, 0xf6, 0x05, 0x8a, 0xc2, 0x57, 0x7d, 0x8c,
+	0x62, 0x87, 0xa4, 0x48, 0xc5, 0x29, 0xd0, 0xf4, 0x6e, 0xe7, 0x9b, 0x6f, 0x76, 0x3e, 0xee, 0xce,
+	0xcc, 0x12, 0x6a, 0x72, 0x15, 0x71, 0xd1, 0x89, 0xe2, 0x50, 0x86, 0x04, 0xa2, 0x38, 0xf4, 0xb9,
+	0x9c, 0xf3, 0xa5, 0xd8, 0xdd, 0x99, 0x85, 0xb3, 0x10, 0xe1, 0x7d, 0xb5, 0x4a, 0x18, 0xee, 0xcf,
+	0x3a, 0x34, 0x7b, 0x5c, 0xc6, 0xde, 0xa4, 0xc7, 0x25, 0x9b, 0x32, 0xc9, 0xc8, 0x53, 0x28, 0xa9,
+	0x3d, 0x1c, 0xad, 0xa5, 0xb5, 0x9b, 0x07, 0x8f, 0x3b, 0xf9, 0x1e, 0x9d, 0x4d, 0x66, 0x6a, 0x8e,
+	0x56, 0x11, 0xa7, 0x18, 0x42, 0x3e, 0x03, 0xe2, 0x23, 0x36, 0xbe, 0x66, 0xbe, 0xb7, 0x58, 0x8d,
+	0x03, 0xe6, 0x73, 0x47, 0x6f, 0x69, 0x6d, 0x8b, 0xda, 0x89, 0xe7, 0x04, 0x1d, 0x7d, 0xe6, 0x73,
+	0x42, 0xa0, 0x34, 0xe7, 0x8b, 0xc8, 0x29, 0xa1, 0x1f, 0xd7, 0x0a, 0x5b, 0x06, 0x9e, 0x74, 0xca,
+	0x09, 0xa6, 0xd6, 0xee, 0x0a, 0x20, 0xcf, 0x44, 0x6a, 0x50, 0xb9, 0xec, 0x7f, 0xd3, 0x1f, 0x7c,
+	0xdb, 0xb7, 0xb7, 0x94, 0x71, 0x3c, 0xb8, 0xec, 0x8f, 0xba, 0xd4, 0xd6, 0x88, 0x05, 0xe5, 0xd3,
+	0xc3, 0xcb, 0xd3, 0xae, 0xad, 0x93, 0x06, 0x58, 0x67, 0xe7, 0xc3, 0xd1, 0xe0, 0x94, 0x1e, 0xf6,
+	0x6c, 0x83, 0x10, 0x68, 0xa2, 0x27, 0xc7, 0x4a, 0x2a, 0x74, 0x78, 0xd9, 0xeb, 0x1d, 0xd2, 0x97,
+	0x76, 0x99, 0x54, 0xa1, 0x74, 0xde, 0x3f, 0x19, 0xd8, 0x26, 0xa9, 0x43, 0x75, 0x38, 0x3a, 0x1c,
+	0x75, 0x87, 0xdd, 0x91, 0x5d, 0x71, 0x9f, 0x81, 0x39, 0x64, 0x7e, 0xb4, 0xe0, 0x64, 0x07, 0xca,
+	0xaf, 0xd9, 0x62, 0x99, 0x1c, 0x8b, 0x46, 0x13, 0x83, 0x7c, 0x08, 0x96, 0xf4, 0x7c, 0x2e, 0x24,
+	0xf3, 0x23, 0xfc, 0x4e, 0x83, 0xe6, 0x80, 0x1b, 0x42, 0xb5, 0x7b, 0xc3, 0xfd, 0x68, 0xc1, 0x62,
+	0xb2, 0x0f, 0xe6, 0x82, 0x5d, 0xf1, 0x85, 0x70, 0xb4, 0x96, 0xd1, 0xae, 0x1d, 0x6c, 0x17, 0xcf,
+	0xf5, 0x42, 0x79, 0x8e, 0x4a, 0x6f, 0xfe, 0x78, 0xb4, 0x45, 0x53, 0x5a, 0x9e, 0x50, 0xff, 0xc7,
+	0x84, 0xc6, 0xdb, 0x09, 0x7f, 0x2d, 0x83, 0x75, 0xe6, 0x09, 0x19, 0xce, 0x62, 0xe6, 0x93, 0x87,
+	0x60, 0x4d, 0xc2, 0x65, 0x20, 0xc7, 0x5e, 0x20, 0x51, 0x76, 0xe9, 0x6c, 0x8b, 0x56, 0x11, 0x3a,
+	0x0f, 0x24, 0xf9, 0x08, 0x6a, 0x89, 0xfb, 0x7a, 0x11, 0x32, 0x99, 0xa4, 0x39, 0xdb, 0xa2, 0x80,
+	0xe0, 0x89, 0xc2, 0x88, 0x0d, 0x86, 0x58, 0xfa, 0x98, 0x47, 0xa3, 0x6a, 0x49, 0x1e, 0x80, 0x29,
+	0x26, 0x73, 0xee, 0x33, 0xbc, 0xb5, 0x6d, 0x9a, 0x5a, 0xe4, 0x31, 0x34, 0x7f, 0xe4, 0x71, 0x38,
+	0x96, 0xf3, 0x98, 0x8b, 0x79, 0xb8, 0x98, 0xe2, 0x0d, 0x6a, 0xb4, 0xa1, 0xd0, 0x51, 0x06, 0x92,
+	0x8f, 0x53, 0x5a, 0xae, 0xcb, 0x44, 0x5d, 0x1a, 0xad, 0x2b, 0xfc, 0x38, 0xd3, 0xf6, 0x29, 0xd8,
+	0x05, 0x5e, 0x22, 0xb0, 0x82, 0x02, 0x35, 0xda, 0x5c, 0x33, 0x13, 0x91, 0xc7, 0xd0, 0x0c, 0xf8,
+	0x8c, 0x49, 0xef, 0x35, 0x1f, 0x8b, 0x88, 0x05, 0xc2, 0xa9, 0xe2, 0x09, 0x3f, 0x28, 0x9e, 0xf0,
+	0xd1, 0x72, 0xf2, 0x8a, 0xcb, 0x61, 0xc4, 0x82, 0xf4, 0x98, 0x1b, 0x59, 0x8c, 0xc2, 0x04, 0xf9,
+	0x04, 0xee, 0xad, 0x37, 0x99, 0xf2, 0x85, 0x64, 0xc2, 0xb1, 0x5a, 0x46, 0x9b, 0xd0, 0xf5, 0xde,
+	0xcf, 0x11, 0xdd, 0x20, 0xa2, 0x3a, 0xe1, 0x40, 0xcb, 0x68, 0x6b, 0x39, 0x11, 0xa5, 0x09, 0x25,
+	0x2b, 0x0a, 0x85, 0x57, 0x90, 0x55, 0xfb, 0x37, 0xb2, 0xb2, 0x98, 0xb5, 0xac, 0xf5, 0x26, 0xa9,
+	0xac, 0x7a, 0x22, 0x2b, 0x83, 0x73, 0x59, 0x6b, 0x62, 0x2a, 0xab, 0x91, 0xc8, 0xca, 0xe0, 0x54,
+	0xd6, 0xd7, 0x00, 0x31, 0x17, 0x5c, 0x8e, 0xe7, 0xea, 0xf4, 0x9b, 0xd8, 0xe3, 0x8f, 0x8a, 0x92,
+	0xd6, 0xf5, 0xd3, 0xa1, 0x8a, 0x77, 0xe6, 0x05, 0x92, 0x5a, 0x71, 0xb6, 0xdc, 0x2c, 0xc0, 0x7b,
+	0x6f, 0x17, 0xe0, 0x17, 0x60, 0xad, 0xa3, 0x36, 0x3b, 0xb5, 0x02, 0xc6, 0xcb, 0xee, 0xd0, 0xd6,
+	0x88, 0x09, 0x7a, 0x7f, 0x60, 0xeb, 0x79, 0xb7, 0x1a, 0x47, 0x15, 0x28, 0xa3, 0xe6, 0xa3, 0x3a,
+	0x40, 0x7e, 0xed, 0xee, 0x33, 0x80, 0xfc, 0x7c, 0x54, 0xe5, 0x85, 0xd7, 0xd7, 0x82, 0x27, 0xa5,
+	0xbc, 0x4d, 0x53, 0x4b, 0xe1, 0x0b, 0x1e, 0xcc, 0xe4, 0x1c, 0x2b, 0xb8, 0x41, 0x53, 0xcb, 0xfd,
+	0x4b, 0x03, 0x18, 0x79, 0x3e, 0x1f, 0xf2, 0xd8, 0xe3, 0xe2, 0xfd, 0xfb, 0xef, 0x00, 0x2a, 0x02,
+	0x5b, 0x5f, 0x38, 0x3a, 0x46, 0x90, 0x62, 0x44, 0x32, 0x15, 0xd2, 0x90, 0x8c, 0x48, 0xbe, 0x04,
+	0x8b, 0xa7, 0x0d, 0x2f, 0x1c, 0x03, 0xa3, 0x76, 0x8a, 0x51, 0xd9, 0x34, 0x48, 0xe3, 0x72, 0x32,
+	0xf9, 0x0a, 0x60, 0x9e, 0x1d, 0xbc, 0x70, 0x4a, 0x18, 0x7a, 0xff, 0x9d, 0xd7, 0x92, 0xc6, 0x16,
+	0xe8, 0xee, 0x13, 0x28, 0xe3, 0x17, 0xa8, 0xe9, 0x89, 0x13, 0x57, 0x4b, 0xa6, 0xa7, 0x5a, 0x6f,
+	0xce, 0x11, 0x2b, 0x9d, 0x23, 0xee, 0x53, 0x30, 0x2f, 0x92, 0xef, 0x7c, 0xdf, 0x83, 0x71, 0x7f,
+	0xd2, 0xa0, 0x8e, 0x78, 0x8f, 0xc9, 0xc9, 0x9c, 0xc7, 0xe4, 0xc9, 0xc6, 0x83, 0xf1, 0xf0, 0x4e,
+	0x7c, 0xca, 0xeb, 0x14, 0x1e, 0x8a, 0x4c, 0xa8, 0xfe, 0x2e, 0xa1, 0x46, 0x51, 0x68, 0x1b, 0x4a,
+	0x38, 0xf6, 0x4d, 0xd0, 0xbb, 0x2f, 0x92, 0x3a, 0xea, 0x77, 0x5f, 0x24, 0x75, 0x44, 0xd5, 0xa8,
+	0x57, 0x00, 0xed, 0xda, 0x86, 0xfb, 0x8b, 0xa6, 0x8a, 0x8f, 0x4d, 0x55, 0xed, 0x09, 0xf2, 0x7f,
+	0xa8, 0x08, 0xc9, 0xa3, 0xb1, 0x2f, 0x50, 0x97, 0x41, 0x4d, 0x65, 0xf6, 0x84, 0x4a, 0x7d, 0xbd,
+	0x0c, 0x26, 0x59, 0x6a, 0xb5, 0x26, 0x1f, 0x40, 0x55, 0x48, 0x16, 0x4b, 0xc5, 0x4e, 0x86, 0x6a,
+	0x05, 0xed, 0x9e, 0x20, 0xf7, 0xc1, 0xe4, 0xc1, 0x74, 0x8c, 0x97, 0xa2, 0x1c, 0x65, 0x1e, 0x4c,
+	0x7b, 0x82, 0xec, 0x42, 0x75, 0x16, 0x87, 0xcb, 0xc8, 0x0b, 0x66, 0x4e, 0xb9, 0x65, 0xb4, 0x2d,
+	0xba, 0xb6, 0x49, 0x13, 0xf4, 0xab, 0x15, 0x0e, 0xb6, 0x2a, 0xd5, 0xaf, 0x56, 0x6a, 0xf7, 0x98,
+	0x05, 0x33, 0xae, 0x36, 0xa9, 0x24, 0xbb, 0xa3, 0xdd, 0x13, 0xee, 0xef, 0x1a, 0x94, 0x8f, 0xe7,
+	0xcb, 0xe0, 0x15, 0xd9, 0x83, 0x9a, 0xef, 0x05, 0x63, 0xd5, 0x4a, 0xb9, 0x66, 0xcb, 0xf7, 0x02,
+	0x55, 0xc3, 0x3d, 0x81, 0x7e, 0x76, 0xb3, 0xf6, 0xa7, 0x6f, 0x8d, 0xcf, 0x6e, 0x52, 0x7f, 0x27,
+	0xbd, 0x04, 0x03, 0x2f, 0x61, 0xb7, 0x78, 0x09, 0x98, 0xa0, 0xd3, 0x0d, 0x26, 0xe1, 0xd4, 0x0b,
+	0x66, 0xf9, 0x0d, 0xa8, 0x37, 0x1c, 0xbf, 0xaa, 0x4e, 0x71, 0xed, 0x3e, 0x87, 0x6a, 0xc6, 0xba,
+	0xd3, 0xbc, 0xdf, 0x0d, 0xd4, 0x13, 0xbb, 0xf1, 0xae, 0xea, 0xe4, 0x7f, 0x70, 0xef, 0xe4, 0x62,
+	0x70, 0x38, 0x1a, 0x17, 0x1e, 0x5b, 0xf7, 0x07, 0x68, 0x60, 0x46, 0x3e, 0xfd, 0xaf, 0xad, 0xb7,
+	0x0f, 0xe6, 0x44, 0xed, 0x90, 0x75, 0xde, 0xf6, 0x9d, 0xaf, 0xc9, 0x02, 0x12, 0xda, 0xd1, 0xce,
+	0x9b, 0xdb, 0x3d, 0xed, 0xb7, 0xdb, 0x3d, 0xed, 0xcf, 0xdb, 0x3d, 0xed, 0x7b, 0x53, 0xb1, 0xa3,
+	0xab, 0x2b, 0x13, 0x7f, 0x71, 0x3e, 0xff, 0x3b, 0x00, 0x00, 0xff, 0xff, 0xfb, 0x5f, 0xf2, 0x4d,
+	0x13, 0x09, 0x00, 0x00,
 }
 
 func (m *MetricMetadata) Marshal() (dAtA []byte, err error) {
diff --git a/vendor/github.com/prometheus/prometheus/prompb/types.proto b/vendor/github.com/prometheus/prometheus/prompb/types.proto
index 57216b81d..aa322515c 100644
--- a/vendor/github.com/prometheus/prometheus/prompb/types.proto
+++ b/vendor/github.com/prometheus/prometheus/prompb/types.proto
@@ -169,9 +169,10 @@ message Chunk {
 
   // We require this to match chunkenc.Encoding.
   enum Encoding {
-    UNKNOWN   = 0;
-    XOR       = 1;
-    HISTOGRAM = 2;
+    UNKNOWN         = 0;
+    XOR             = 1;
+    HISTOGRAM       = 2;
+    FLOAT_HISTOGRAM = 3;
   }
   Encoding type  = 3;
   bytes data     = 4;
diff --git a/vendor/github.com/prometheus/prometheus/scrape/manager.go b/vendor/github.com/prometheus/prometheus/scrape/manager.go
index 69a0eaa1f..d75fe30cf 100644
--- a/vendor/github.com/prometheus/prometheus/scrape/manager.go
+++ b/vendor/github.com/prometheus/prometheus/scrape/manager.go
@@ -288,10 +288,11 @@ func (m *Manager) ApplyConfig(cfg *config.Config) error {
 	// Cleanup and reload pool if the configuration has changed.
 	var failed bool
 	for name, sp := range m.scrapePools {
-		if cfg, ok := m.scrapeConfigs[name]; !ok {
+		switch cfg, ok := m.scrapeConfigs[name]; {
+		case !ok:
 			sp.stop()
 			delete(m.scrapePools, name)
-		} else if !reflect.DeepEqual(sp.config, cfg) {
+		case !reflect.DeepEqual(sp.config, cfg):
 			err := sp.reload(cfg)
 			if err != nil {
 				level.Error(m.logger).Log("msg", "error reloading scrape pool", "err", err, "scrape_pool", name)
diff --git a/vendor/github.com/prometheus/prometheus/scrape/scrape.go b/vendor/github.com/prometheus/prometheus/scrape/scrape.go
index 3fce6f9dd..5c649e729 100644
--- a/vendor/github.com/prometheus/prometheus/scrape/scrape.go
+++ b/vendor/github.com/prometheus/prometheus/scrape/scrape.go
@@ -500,9 +500,13 @@ func (sp *scrapePool) Sync(tgs []*targetgroup.Group) {
 		}
 		targetSyncFailed.WithLabelValues(sp.config.JobName).Add(float64(len(failures)))
 		for _, t := range targets {
-			if !t.Labels().IsEmpty() {
+			// Replicate .Labels().IsEmpty() with a loop here to avoid generating garbage.
+			nonEmpty := false
+			t.LabelsRange(func(l labels.Label) { nonEmpty = true })
+			switch {
+			case nonEmpty:
 				all = append(all, t)
-			} else if !t.DiscoveredLabels().IsEmpty() {
+			case !t.discoveredLabels.IsEmpty():
 				sp.droppedTargets = append(sp.droppedTargets, t)
 			}
 		}
@@ -637,7 +641,7 @@ func verifyLabelLimits(lset labels.Labels, limits *labelLimits) error {
 	met := lset.Get(labels.MetricName)
 	if limits.labelLimit > 0 {
 		nbLabels := lset.Len()
-		if nbLabels > int(limits.labelLimit) {
+		if nbLabels > limits.labelLimit {
 			return fmt.Errorf("label_limit exceeded (metric: %.50s, number of labels: %d, limit: %d)", met, nbLabels, limits.labelLimit)
 		}
 	}
@@ -649,14 +653,14 @@ func verifyLabelLimits(lset labels.Labels, limits *labelLimits) error {
 	return lset.Validate(func(l labels.Label) error {
 		if limits.labelNameLengthLimit > 0 {
 			nameLength := len(l.Name)
-			if nameLength > int(limits.labelNameLengthLimit) {
+			if nameLength > limits.labelNameLengthLimit {
 				return fmt.Errorf("label_name_length_limit exceeded (metric: %.50s, label name: %.50s, length: %d, limit: %d)", met, l.Name, nameLength, limits.labelNameLengthLimit)
 			}
 		}
 
 		if limits.labelValueLengthLimit > 0 {
 			valueLength := len(l.Value)
-			if valueLength > int(limits.labelValueLengthLimit) {
+			if valueLength > limits.labelValueLengthLimit {
 				return fmt.Errorf("label_value_length_limit exceeded (metric: %.50s, label name: %.50s, value: %.50q, length: %d, limit: %d)", met, l.Name, l.Value, valueLength, limits.labelValueLengthLimit)
 			}
 		}
@@ -666,17 +670,16 @@ func verifyLabelLimits(lset labels.Labels, limits *labelLimits) error {
 
 func mutateSampleLabels(lset labels.Labels, target *Target, honor bool, rc []*relabel.Config) labels.Labels {
 	lb := labels.NewBuilder(lset)
-	targetLabels := target.Labels()
 
 	if honor {
-		targetLabels.Range(func(l labels.Label) {
+		target.LabelsRange(func(l labels.Label) {
 			if !lset.Has(l.Name) {
 				lb.Set(l.Name, l.Value)
 			}
 		})
 	} else {
 		var conflictingExposedLabels []labels.Label
-		targetLabels.Range(func(l labels.Label) {
+		target.LabelsRange(func(l labels.Label) {
 			existingValue := lset.Get(l.Name)
 			if existingValue != "" {
 				conflictingExposedLabels = append(conflictingExposedLabels, labels.Label{Name: l.Name, Value: existingValue})
@@ -686,11 +689,11 @@ func mutateSampleLabels(lset labels.Labels, target *Target, honor bool, rc []*re
 		})
 
 		if len(conflictingExposedLabels) > 0 {
-			resolveConflictingExposedLabels(lb, lset, targetLabels, conflictingExposedLabels)
+			resolveConflictingExposedLabels(lb, conflictingExposedLabels)
 		}
 	}
 
-	res := lb.Labels(labels.EmptyLabels())
+	res := lb.Labels()
 
 	if len(rc) > 0 {
 		res, _ = relabel.Process(res, rc...)
@@ -699,47 +702,32 @@ func mutateSampleLabels(lset labels.Labels, target *Target, honor bool, rc []*re
 	return res
 }
 
-func resolveConflictingExposedLabels(lb *labels.Builder, exposedLabels, targetLabels labels.Labels, conflictingExposedLabels []labels.Label) {
+func resolveConflictingExposedLabels(lb *labels.Builder, conflictingExposedLabels []labels.Label) {
 	sort.SliceStable(conflictingExposedLabels, func(i, j int) bool {
 		return len(conflictingExposedLabels[i].Name) < len(conflictingExposedLabels[j].Name)
 	})
 
-	for i, l := range conflictingExposedLabels {
+	for _, l := range conflictingExposedLabels {
 		newName := l.Name
 		for {
 			newName = model.ExportedLabelPrefix + newName
-			if !exposedLabels.Has(newName) &&
-				!targetLabels.Has(newName) &&
-				!labelSliceHas(conflictingExposedLabels[:i], newName) {
-				conflictingExposedLabels[i].Name = newName
+			if lb.Get(newName) == "" {
+				lb.Set(newName, l.Value)
 				break
 			}
 		}
 	}
-
-	for _, l := range conflictingExposedLabels {
-		lb.Set(l.Name, l.Value)
-	}
-}
-
-func labelSliceHas(lbls []labels.Label, name string) bool {
-	for _, l := range lbls {
-		if l.Name == name {
-			return true
-		}
-	}
-	return false
 }
 
 func mutateReportSampleLabels(lset labels.Labels, target *Target) labels.Labels {
 	lb := labels.NewBuilder(lset)
 
-	target.Labels().Range(func(l labels.Label) {
+	target.LabelsRange(func(l labels.Label) {
 		lb.Set(model.ExportedLabelPrefix+l.Name, lset.Get(l.Name))
 		lb.Set(l.Name, l.Value)
 	})
 
-	return lb.Labels(labels.EmptyLabels())
+	return lb.Labels()
 }
 
 // appender returns an appender for ingested samples from the target.
@@ -959,9 +947,10 @@ func (c *scrapeCache) iterDone(flushCache bool) {
 	count := len(c.series) + len(c.droppedSeries) + len(c.metadata)
 	c.metaMtx.Unlock()
 
-	if flushCache {
+	switch {
+	case flushCache:
 		c.successfulCount = count
-	} else if count > c.successfulCount*2+1000 {
+	case count > c.successfulCount*2+1000:
 		// If a target had varying labels in scrapes that ultimately failed,
 		// the caches would grow indefinitely. Force a flush when this happens.
 		// We use the heuristic that this is a doubling of the cache size
diff --git a/vendor/github.com/prometheus/prometheus/scrape/target.go b/vendor/github.com/prometheus/prometheus/scrape/target.go
index ae952b420..6c4703118 100644
--- a/vendor/github.com/prometheus/prometheus/scrape/target.go
+++ b/vendor/github.com/prometheus/prometheus/scrape/target.go
@@ -181,6 +181,15 @@ func (t *Target) Labels() labels.Labels {
 	return b.Labels()
 }
 
+// LabelsRange calls f on each public label of the target.
+func (t *Target) LabelsRange(f func(l labels.Label)) {
+	t.labels.Range(func(l labels.Label) {
+		if !strings.HasPrefix(l.Name, model.ReservedLabelPrefix) {
+			f(l)
+		}
+	})
+}
+
 // DiscoveredLabels returns a copy of the target's labels before any processing.
 func (t *Target) DiscoveredLabels() labels.Labels {
 	t.mtx.Lock()
@@ -371,7 +380,7 @@ func PopulateLabels(lb *labels.Builder, cfg *config.ScrapeConfig, noDefaultPort
 		}
 	}
 
-	preRelabelLabels := lb.Labels(labels.EmptyLabels())
+	preRelabelLabels := lb.Labels()
 	keep := relabel.ProcessBuilder(lb, cfg.RelabelConfigs...)
 
 	// Check if the target was dropped.
@@ -404,9 +413,9 @@ func PopulateLabels(lb *labels.Builder, cfg *config.ScrapeConfig, noDefaultPort
 		// Addresses reaching this point are already wrapped in [] if necessary.
 		switch scheme {
 		case "http", "":
-			addr = addr + ":80"
+			addr += ":80"
 		case "https":
-			addr = addr + ":443"
+			addr += ":443"
 		default:
 			return labels.EmptyLabels(), labels.EmptyLabels(), errors.Errorf("invalid scheme: %q", cfg.Scheme)
 		}
@@ -467,7 +476,7 @@ func PopulateLabels(lb *labels.Builder, cfg *config.ScrapeConfig, noDefaultPort
 		lb.Set(model.InstanceLabel, addr)
 	}
 
-	res = lb.Labels(labels.EmptyLabels())
+	res = lb.Labels()
 	err = res.Validate(func(l labels.Label) error {
 		// Check label values are valid, drop the target if not.
 		if !model.LabelValue(l.Value).IsValid() {
diff --git a/vendor/github.com/prometheus/prometheus/storage/buffer.go b/vendor/github.com/prometheus/prometheus/storage/buffer.go
index 92767cdd7..38f559103 100644
--- a/vendor/github.com/prometheus/prometheus/storage/buffer.go
+++ b/vendor/github.com/prometheus/prometheus/storage/buffer.go
@@ -19,6 +19,7 @@ import (
 
 	"github.com/prometheus/prometheus/model/histogram"
 	"github.com/prometheus/prometheus/tsdb/chunkenc"
+	"github.com/prometheus/prometheus/tsdb/tsdbutil"
 )
 
 // BufferedSeriesIterator wraps an iterator with a look-back buffer.
@@ -43,7 +44,7 @@ func NewBuffer(delta int64) *BufferedSeriesIterator {
 func NewBufferIterator(it chunkenc.Iterator, delta int64) *BufferedSeriesIterator {
 	// TODO(codesome): based on encoding, allocate different buffer.
 	bit := &BufferedSeriesIterator{
-		buf:   newSampleRing(delta, 16),
+		buf:   newSampleRing(delta, 0, chunkenc.ValNone),
 		delta: delta,
 	}
 	bit.Reset(it)
@@ -68,11 +69,8 @@ func (b *BufferedSeriesIterator) ReduceDelta(delta int64) bool {
 
 // PeekBack returns the nth previous element of the iterator. If there is none buffered,
 // ok is false.
-func (b *BufferedSeriesIterator) PeekBack(n int) (
-	t int64, v float64, h *histogram.Histogram, fh *histogram.FloatHistogram, ok bool,
-) {
-	s, ok := b.buf.nthLast(n)
-	return s.t, s.v, s.h, s.fh, ok
+func (b *BufferedSeriesIterator) PeekBack(n int) (sample tsdbutil.Sample, ok bool) {
+	return b.buf.nthLast(n)
 }
 
 // Buffer returns an iterator over the buffered data. Invalidates previously
@@ -122,14 +120,14 @@ func (b *BufferedSeriesIterator) Next() chunkenc.ValueType {
 	case chunkenc.ValNone:
 		return chunkenc.ValNone
 	case chunkenc.ValFloat:
-		t, v := b.it.At()
-		b.buf.add(sample{t: t, v: v})
+		t, f := b.it.At()
+		b.buf.addF(fSample{t: t, f: f})
 	case chunkenc.ValHistogram:
 		t, h := b.it.AtHistogram()
-		b.buf.add(sample{t: t, h: h})
+		b.buf.addH(hSample{t: t, h: h})
 	case chunkenc.ValFloatHistogram:
 		t, fh := b.it.AtFloatHistogram()
-		b.buf.add(sample{t: t, fh: fh})
+		b.buf.addFH(fhSample{t: t, fh: fh})
 	default:
 		panic(fmt.Errorf("BufferedSeriesIterator: unknown value type %v", b.valueType))
 	}
@@ -166,56 +164,133 @@ func (b *BufferedSeriesIterator) Err() error {
 	return b.it.Err()
 }
 
-// TODO(beorn7): Consider having different sample types for different value types.
-type sample struct {
-	t  int64
-	v  float64
-	h  *histogram.Histogram
-	fh *histogram.FloatHistogram
+type fSample struct {
+	t int64
+	f float64
 }
 
-func (s sample) T() int64 {
+func (s fSample) T() int64 {
 	return s.t
 }
 
-func (s sample) V() float64 {
-	return s.v
+func (s fSample) F() float64 {
+	return s.f
 }
 
-func (s sample) H() *histogram.Histogram {
+func (s fSample) H() *histogram.Histogram {
+	panic("H() called for fSample")
+}
+
+func (s fSample) FH() *histogram.FloatHistogram {
+	panic("FH() called for fSample")
+}
+
+func (s fSample) Type() chunkenc.ValueType {
+	return chunkenc.ValFloat
+}
+
+type hSample struct {
+	t int64
+	h *histogram.Histogram
+}
+
+func (s hSample) T() int64 {
+	return s.t
+}
+
+func (s hSample) F() float64 {
+	panic("F() called for hSample")
+}
+
+func (s hSample) H() *histogram.Histogram {
 	return s.h
 }
 
-func (s sample) FH() *histogram.FloatHistogram {
+func (s hSample) FH() *histogram.FloatHistogram {
+	return s.h.ToFloat()
+}
+
+func (s hSample) Type() chunkenc.ValueType {
+	return chunkenc.ValHistogram
+}
+
+type fhSample struct {
+	t  int64
+	fh *histogram.FloatHistogram
+}
+
+func (s fhSample) T() int64 {
+	return s.t
+}
+
+func (s fhSample) F() float64 {
+	panic("F() called for fhSample")
+}
+
+func (s fhSample) H() *histogram.Histogram {
+	panic("H() called for fhSample")
+}
+
+func (s fhSample) FH() *histogram.FloatHistogram {
 	return s.fh
 }
 
-func (s sample) Type() chunkenc.ValueType {
-	switch {
-	case s.h != nil:
-		return chunkenc.ValHistogram
-	case s.fh != nil:
-		return chunkenc.ValFloatHistogram
-	default:
-		return chunkenc.ValFloat
-	}
+func (s fhSample) Type() chunkenc.ValueType {
+	return chunkenc.ValFloatHistogram
 }
 
 type sampleRing struct {
 	delta int64
 
-	buf []sample // lookback buffer
-	i   int      // position of most recent element in ring buffer
-	f   int      // position of first element in ring buffer
-	l   int      // number of elements in buffer
+	// Lookback buffers. We use iBuf for mixed samples, but one of the three
+	// concrete ones for homogenous samples. (Only one of the four bufs is
+	// allowed to be populated!) This avoids the overhead of the interface
+	// wrapper for the happy (and by far most common) case of homogenous
+	// samples.
+	iBuf     []tsdbutil.Sample
+	fBuf     []fSample
+	hBuf     []hSample
+	fhBuf    []fhSample
+	bufInUse bufType
+
+	i int // Position of most recent element in ring buffer.
+	f int // Position of first element in ring buffer.
+	l int // Number of elements in buffer.
 
 	it sampleRingIterator
 }
 
-func newSampleRing(delta int64, sz int) *sampleRing {
-	r := &sampleRing{delta: delta, buf: make([]sample, sz)}
-	r.reset()
+type bufType int
 
+const (
+	noBuf bufType = iota // Nothing yet stored in sampleRing.
+	iBuf
+	fBuf
+	hBuf
+	fhBuf
+)
+
+// newSampleRing creates a new sampleRing. If you do not know the prefereed
+// value type yet, use a size of 0 (in which case the provided typ doesn't
+// matter). On the first add, a buffer of size 16 will be allocated with the
+// preferred type being the type of the first added sample.
+func newSampleRing(delta int64, size int, typ chunkenc.ValueType) *sampleRing {
+	r := &sampleRing{delta: delta}
+	r.reset()
+	if size <= 0 {
+		// Will initialize on first add.
+		return r
+	}
+	switch typ {
+	case chunkenc.ValFloat:
+		r.fBuf = make([]fSample, size)
+	case chunkenc.ValHistogram:
+		r.hBuf = make([]hSample, size)
+	case chunkenc.ValFloatHistogram:
+		r.fhBuf = make([]fhSample, size)
+	default:
+		r.iBuf = make([]tsdbutil.Sample, size)
+	}
 	return r
 }
 
@@ -223,6 +298,7 @@ func (r *sampleRing) reset() {
 	r.l = 0
 	r.i = -1
 	r.f = 0
+	r.bufInUse = noBuf
 }
 
 // Returns the current iterator. Invalidates previously returned iterators.
@@ -236,7 +312,7 @@ type sampleRingIterator struct {
 	r  *sampleRing
 	i  int
 	t  int64
-	v  float64
+	f  float64
 	h  *histogram.Histogram
 	fh *histogram.FloatHistogram
 }
@@ -246,17 +322,36 @@ func (it *sampleRingIterator) Next() chunkenc.ValueType {
 	if it.i >= it.r.l {
 		return chunkenc.ValNone
 	}
-	s := it.r.at(it.i)
-	it.t = s.t
-	switch {
-	case s.h != nil:
+	switch it.r.bufInUse {
+	case fBuf:
+		s := it.r.atF(it.i)
+		it.t = s.t
+		it.f = s.f
+		return chunkenc.ValFloat
+	case hBuf:
+		s := it.r.atH(it.i)
+		it.t = s.t
 		it.h = s.h
 		return chunkenc.ValHistogram
-	case s.fh != nil:
+	case fhBuf:
+		s := it.r.atFH(it.i)
+		it.t = s.t
 		it.fh = s.fh
 		return chunkenc.ValFloatHistogram
+	}
+	s := it.r.at(it.i)
+	it.t = s.T()
+	switch s.Type() {
+	case chunkenc.ValHistogram:
+		it.h = s.H()
+		it.fh = nil
+		return chunkenc.ValHistogram
+	case chunkenc.ValFloatHistogram:
+		it.fh = s.FH()
+		it.h = nil
+		return chunkenc.ValFloatHistogram
 	default:
-		it.v = s.v
+		it.f = s.F()
 		return chunkenc.ValFloat
 	}
 }
@@ -270,7 +365,7 @@ func (it *sampleRingIterator) Err() error {
 }
 
 func (it *sampleRingIterator) At() (int64, float64) {
-	return it.t, it.v
+	return it.t, it.f
 }
 
 func (it *sampleRingIterator) AtHistogram() (int64, *histogram.Histogram) {
@@ -288,22 +383,204 @@ func (it *sampleRingIterator) AtT() int64 {
 	return it.t
 }
 
-func (r *sampleRing) at(i int) sample {
-	j := (r.f + i) % len(r.buf)
-	return r.buf[j]
+func (r *sampleRing) at(i int) tsdbutil.Sample {
+	j := (r.f + i) % len(r.iBuf)
+	return r.iBuf[j]
 }
 
-// add adds a sample to the ring buffer and frees all samples that fall
-// out of the delta range.
-func (r *sampleRing) add(s sample) {
-	l := len(r.buf)
-	// Grow the ring buffer if it fits no more elements.
-	if l == r.l {
-		buf := make([]sample, 2*l)
-		copy(buf[l+r.f:], r.buf[r.f:])
-		copy(buf, r.buf[:r.f])
+func (r *sampleRing) atF(i int) fSample {
+	j := (r.f + i) % len(r.fBuf)
+	return r.fBuf[j]
+}
 
-		r.buf = buf
+func (r *sampleRing) atH(i int) hSample {
+	j := (r.f + i) % len(r.hBuf)
+	return r.hBuf[j]
+}
+
+func (r *sampleRing) atFH(i int) fhSample {
+	j := (r.f + i) % len(r.fhBuf)
+	return r.fhBuf[j]
+}
+
+// add adds a sample to the ring buffer and frees all samples that fall out of
+// the delta range. Note that this method works for any sample
+// implementation. If you know you are dealing with one of the implementations
+// from this package (fSample, hSample, fhSample), call one of the specialized
+// methods addF, addH, or addFH for better performance.
+func (r *sampleRing) add(s tsdbutil.Sample) {
+	if r.bufInUse == noBuf {
+		// First sample.
+		switch s := s.(type) {
+		case fSample:
+			r.bufInUse = fBuf
+			r.fBuf = addF(s, r.fBuf, r)
+		case hSample:
+			r.bufInUse = hBuf
+			r.hBuf = addH(s, r.hBuf, r)
+		case fhSample:
+			r.bufInUse = fhBuf
+			r.fhBuf = addFH(s, r.fhBuf, r)
+		}
+		return
+	}
+	if r.bufInUse != iBuf {
+		// Nothing added to the interface buf yet. Let's check if we can
+		// stay specialized.
+		switch s := s.(type) {
+		case fSample:
+			if r.bufInUse == fBuf {
+				r.fBuf = addF(s, r.fBuf, r)
+				return
+			}
+		case hSample:
+			if r.bufInUse == hBuf {
+				r.hBuf = addH(s, r.hBuf, r)
+				return
+			}
+		case fhSample:
+			if r.bufInUse == fhBuf {
+				r.fhBuf = addFH(s, r.fhBuf, r)
+				return
+			}
+		}
+		// The new sample isn't a fit for the already existing
+		// ones. Copy the latter into the interface buffer where needed.
+		switch r.bufInUse {
+		case fBuf:
+			for _, s := range r.fBuf {
+				r.iBuf = append(r.iBuf, s)
+			}
+			r.fBuf = nil
+		case hBuf:
+			for _, s := range r.hBuf {
+				r.iBuf = append(r.iBuf, s)
+			}
+			r.hBuf = nil
+		case fhBuf:
+			for _, s := range r.fhBuf {
+				r.iBuf = append(r.iBuf, s)
+			}
+			r.fhBuf = nil
+		}
+		r.bufInUse = iBuf
+	}
+	r.iBuf = addSample(s, r.iBuf, r)
+}
+
+// addF is a version of the add method specialized for fSample.
+func (r *sampleRing) addF(s fSample) {
+	switch r.bufInUse {
+	case fBuf: // Add to existing fSamples.
+		r.fBuf = addF(s, r.fBuf, r)
+	case noBuf: // Add first sample.
+		r.fBuf = addF(s, r.fBuf, r)
+		r.bufInUse = fBuf
+	case iBuf: // Already have interface samples. Add to the interface buf.
+		r.iBuf = addSample(s, r.iBuf, r)
+	default:
+		// Already have specialized samples that are not fSamples.
+		// Need to call the checked add method for conversion.
+		r.add(s)
+	}
+}
+
+// addH is a version of the add method specialized for hSample.
+func (r *sampleRing) addH(s hSample) {
+	switch r.bufInUse {
+	case hBuf: // Add to existing hSamples.
+		r.hBuf = addH(s, r.hBuf, r)
+	case noBuf: // Add first sample.
+		r.hBuf = addH(s, r.hBuf, r)
+		r.bufInUse = hBuf
+	case iBuf: // Already have interface samples. Add to the interface buf.
+		r.iBuf = addSample(s, r.iBuf, r)
+	default:
+		// Already have specialized samples that are not hSamples.
+		// Need to call the checked add method for conversion.
+		r.add(s)
+	}
+}
+
+// addFH is a version of the add method specialized for fhSample.
+func (r *sampleRing) addFH(s fhSample) {
+	switch r.bufInUse {
+	case fhBuf: // Add to existing fhSamples.
+		r.fhBuf = addFH(s, r.fhBuf, r)
+	case noBuf: // Add first sample.
+		r.fhBuf = addFH(s, r.fhBuf, r)
+		r.bufInUse = fhBuf
+	case iBuf: // Already have interface samples. Add to the interface buf.
+		r.iBuf = addSample(s, r.iBuf, r)
+	default:
+		// Already have specialized samples that are not fhSamples.
+		// Need to call the checked add method for conversion.
+		r.add(s)
+	}
+}
+
+// genericAdd is a generic implementation of adding a tsdbutil.Sample
+// implementation to a buffer of a sample ring. However, the Go compiler
+// currently (go1.20) decides to not expand the code during compile time, but
+// creates dynamic code to handle the different types. That has a significant
+// overhead during runtime, noticeable in PromQL benchmarks. For example, the
+// "RangeQuery/expr=rate(a_hundred[1d]),steps=.*" benchmarks show about 7%
+// longer runtime, 9% higher allocation size, and 10% more allocations.
+// Therefore, genericAdd has been manually implemented for all the types
+// (addSample, addF, addH, addFH) below.
+//
+// func genericAdd[T tsdbutil.Sample](s T, buf []T, r *sampleRing) []T {
+// 	l := len(buf)
+// 	// Grow the ring buffer if it fits no more elements.
+// 	if l == 0 {
+// 		buf = make([]T, 16)
+// 		l = 16
+// 	}
+// 	if l == r.l {
+// 		newBuf := make([]T, 2*l)
+// 		copy(newBuf[l+r.f:], buf[r.f:])
+// 		copy(newBuf, buf[:r.f])
+//
+// 		buf = newBuf
+// 		r.i = r.f
+// 		r.f += l
+// 		l = 2 * l
+// 	} else {
+// 		r.i++
+// 		if r.i >= l {
+// 			r.i -= l
+// 		}
+// 	}
+//
+// 	buf[r.i] = s
+// 	r.l++
+//
+// 	// Free head of the buffer of samples that just fell out of the range.
+// 	tmin := s.T() - r.delta
+// 	for buf[r.f].T() < tmin {
+// 		r.f++
+// 		if r.f >= l {
+// 			r.f -= l
+// 		}
+// 		r.l--
+// 	}
+// 	return buf
+// }
+
+// addSample is a handcoded specialization of genericAdd (see above).
+func addSample(s tsdbutil.Sample, buf []tsdbutil.Sample, r *sampleRing) []tsdbutil.Sample {
+	l := len(buf)
+	// Grow the ring buffer if it fits no more elements.
+	if l == 0 {
+		buf = make([]tsdbutil.Sample, 16)
+		l = 16
+	}
+	if l == r.l {
+		newBuf := make([]tsdbutil.Sample, 2*l)
+		copy(newBuf[l+r.f:], buf[r.f:])
+		copy(newBuf, buf[:r.f])
+
+		buf = newBuf
 		r.i = r.f
 		r.f += l
 		l = 2 * l
@@ -314,18 +591,136 @@ func (r *sampleRing) add(s sample) {
 		}
 	}
 
-	r.buf[r.i] = s
+	buf[r.i] = s
 	r.l++
 
 	// Free head of the buffer of samples that just fell out of the range.
-	tmin := s.t - r.delta
-	for r.buf[r.f].t < tmin {
+	tmin := s.T() - r.delta
+	for buf[r.f].T() < tmin {
 		r.f++
 		if r.f >= l {
 			r.f -= l
 		}
 		r.l--
 	}
+	return buf
+}
+
+// addF is a handcoded specialization of genericAdd (see above).
+func addF(s fSample, buf []fSample, r *sampleRing) []fSample {
+	l := len(buf)
+	// Grow the ring buffer if it fits no more elements.
+	if l == 0 {
+		buf = make([]fSample, 16)
+		l = 16
+	}
+	if l == r.l {
+		newBuf := make([]fSample, 2*l)
+		copy(newBuf[l+r.f:], buf[r.f:])
+		copy(newBuf, buf[:r.f])
+
+		buf = newBuf
+		r.i = r.f
+		r.f += l
+		l = 2 * l
+	} else {
+		r.i++
+		if r.i >= l {
+			r.i -= l
+		}
+	}
+
+	buf[r.i] = s
+	r.l++
+
+	// Free head of the buffer of samples that just fell out of the range.
+	tmin := s.T() - r.delta
+	for buf[r.f].T() < tmin {
+		r.f++
+		if r.f >= l {
+			r.f -= l
+		}
+		r.l--
+	}
+	return buf
+}
+
+// addH is a handcoded specialization of genericAdd (see above).
+func addH(s hSample, buf []hSample, r *sampleRing) []hSample {
+	l := len(buf)
+	// Grow the ring buffer if it fits no more elements.
+	if l == 0 {
+		buf = make([]hSample, 16)
+		l = 16
+	}
+	if l == r.l {
+		newBuf := make([]hSample, 2*l)
+		copy(newBuf[l+r.f:], buf[r.f:])
+		copy(newBuf, buf[:r.f])
+
+		buf = newBuf
+		r.i = r.f
+		r.f += l
+		l = 2 * l
+	} else {
+		r.i++
+		if r.i >= l {
+			r.i -= l
+		}
+	}
+
+	buf[r.i] = s
+	r.l++
+
+	// Free head of the buffer of samples that just fell out of the range.
+	tmin := s.T() - r.delta
+	for buf[r.f].T() < tmin {
+		r.f++
+		if r.f >= l {
+			r.f -= l
+		}
+		r.l--
+	}
+	return buf
+}
+
+// addFH is a handcoded specialization of genericAdd (see above).
+func addFH(s fhSample, buf []fhSample, r *sampleRing) []fhSample {
+	l := len(buf)
+	// Grow the ring buffer if it fits no more elements.
+	if l == 0 {
+		buf = make([]fhSample, 16)
+		l = 16
+	}
+	if l == r.l {
+		newBuf := make([]fhSample, 2*l)
+		copy(newBuf[l+r.f:], buf[r.f:])
+		copy(newBuf, buf[:r.f])
+
+		buf = newBuf
+		r.i = r.f
+		r.f += l
+		l = 2 * l
+	} else {
+		r.i++
+		if r.i >= l {
+			r.i -= l
+		}
+	}
+
+	buf[r.i] = s
+	r.l++
+
+	// Free head of the buffer of samples that just fell out of the range.
+	tmin := s.T() - r.delta
+	for buf[r.f].T() < tmin {
+		r.f++
+		if r.f >= l {
+			r.f -= l
+		}
+		r.l--
+	}
+	return buf
 }
 
 // reduceDelta lowers the buffered time delta, dropping any samples that are
@@ -340,39 +735,98 @@ func (r *sampleRing) reduceDelta(delta int64) bool {
 		return true
 	}
 
+	switch r.bufInUse {
+	case fBuf:
+		genericReduceDelta(r.fBuf, r)
+	case hBuf:
+		genericReduceDelta(r.hBuf, r)
+	case fhBuf:
+		genericReduceDelta(r.fhBuf, r)
+	default:
+		genericReduceDelta(r.iBuf, r)
+	}
+	return true
+}
+
+func genericReduceDelta[T tsdbutil.Sample](buf []T, r *sampleRing) {
 	// Free head of the buffer of samples that just fell out of the range.
-	l := len(r.buf)
-	tmin := r.buf[r.i].t - delta
-	for r.buf[r.f].t < tmin {
+	l := len(buf)
+	tmin := buf[r.i].T() - r.delta
+	for buf[r.f].T() < tmin {
 		r.f++
 		if r.f >= l {
 			r.f -= l
 		}
 		r.l--
 	}
-	return true
 }
 
 // nthLast returns the nth most recent element added to the ring.
-func (r *sampleRing) nthLast(n int) (sample, bool) {
+func (r *sampleRing) nthLast(n int) (tsdbutil.Sample, bool) {
 	if n > r.l {
-		return sample{}, false
+		return fSample{}, false
+	}
+	i := r.l - n
+	switch r.bufInUse {
+	case fBuf:
+		return r.atF(i), true
+	case hBuf:
+		return r.atH(i), true
+	case fhBuf:
+		return r.atFH(i), true
+	default:
+		return r.at(i), true
 	}
-	return r.at(r.l - n), true
 }
 
-func (r *sampleRing) samples() []sample {
-	res := make([]sample, r.l)
+func (r *sampleRing) samples() []tsdbutil.Sample {
+	res := make([]tsdbutil.Sample, r.l)
 
 	k := r.f + r.l
 	var j int
-	if k > len(r.buf) {
-		k = len(r.buf)
-		j = r.l - k + r.f
-	}
 
-	n := copy(res, r.buf[r.f:k])
-	copy(res[n:], r.buf[:j])
+	switch r.bufInUse {
+	case iBuf:
+		if k > len(r.iBuf) {
+			k = len(r.iBuf)
+			j = r.l - k + r.f
+		}
+		n := copy(res, r.iBuf[r.f:k])
+		copy(res[n:], r.iBuf[:j])
+	case fBuf:
+		if k > len(r.fBuf) {
+			k = len(r.fBuf)
+			j = r.l - k + r.f
+		}
+		resF := make([]fSample, r.l)
+		n := copy(resF, r.fBuf[r.f:k])
+		copy(resF[n:], r.fBuf[:j])
+		for i, s := range resF {
+			res[i] = s
+		}
+	case hBuf:
+		if k > len(r.hBuf) {
+			k = len(r.hBuf)
+			j = r.l - k + r.f
+		}
+		resH := make([]hSample, r.l)
+		n := copy(resH, r.hBuf[r.f:k])
+		copy(resH[n:], r.hBuf[:j])
+		for i, s := range resH {
+			res[i] = s
+		}
+	case fhBuf:
+		if k > len(r.fhBuf) {
+			k = len(r.fhBuf)
+			j = r.l - k + r.f
+		}
+		resFH := make([]fhSample, r.l)
+		n := copy(resFH, r.fhBuf[r.f:k])
+		copy(resFH[n:], r.fhBuf[:j])
+		for i, s := range resFH {
+			res[i] = s
+		}
+	}
 
 	return res
 }
diff --git a/vendor/github.com/prometheus/prometheus/storage/fanout.go b/vendor/github.com/prometheus/prometheus/storage/fanout.go
index 4f995afba..a9db4f628 100644
--- a/vendor/github.com/prometheus/prometheus/storage/fanout.go
+++ b/vendor/github.com/prometheus/prometheus/storage/fanout.go
@@ -222,9 +222,10 @@ func (f *fanoutAppender) Rollback() (err error) {
 
 	for _, appender := range f.secondaries {
 		rollbackErr := appender.Rollback()
-		if err == nil {
+		switch {
+		case err == nil:
 			err = rollbackErr
-		} else if rollbackErr != nil {
+		case rollbackErr != nil:
 			level.Error(f.logger).Log("msg", "Squashed rollback error on rollback", "err", rollbackErr)
 		}
 	}
diff --git a/vendor/github.com/prometheus/prometheus/storage/interface.go b/vendor/github.com/prometheus/prometheus/storage/interface.go
index 5cf70a351..b282f1fc6 100644
--- a/vendor/github.com/prometheus/prometheus/storage/interface.go
+++ b/vendor/github.com/prometheus/prometheus/storage/interface.go
@@ -99,7 +99,7 @@ type MockQueryable struct {
 	MockQuerier Querier
 }
 
-func (q *MockQueryable) Querier(ctx context.Context, mint, maxt int64) (Querier, error) {
+func (q *MockQueryable) Querier(context.Context, int64, int64) (Querier, error) {
 	return q.MockQuerier, nil
 }
 
@@ -118,11 +118,11 @@ type MockQuerier struct {
 	SelectMockFunction func(sortSeries bool, hints *SelectHints, matchers ...*labels.Matcher) SeriesSet
 }
 
-func (q *MockQuerier) LabelValues(name string, matchers ...*labels.Matcher) ([]string, Warnings, error) {
+func (q *MockQuerier) LabelValues(string, ...*labels.Matcher) ([]string, Warnings, error) {
 	return nil, nil, nil
 }
 
-func (q *MockQuerier) LabelNames(matchers ...*labels.Matcher) ([]string, Warnings, error) {
+func (q *MockQuerier) LabelNames(...*labels.Matcher) ([]string, Warnings, error) {
 	return nil, nil, nil
 }
 
diff --git a/vendor/github.com/prometheus/prometheus/storage/merge.go b/vendor/github.com/prometheus/prometheus/storage/merge.go
index 8db1f7ae8..c0665d720 100644
--- a/vendor/github.com/prometheus/prometheus/storage/merge.go
+++ b/vendor/github.com/prometheus/prometheus/storage/merge.go
@@ -197,13 +197,14 @@ func mergeStrings(a, b []string) []string {
 	res := make([]string, 0, maxl*10/9)
 
 	for len(a) > 0 && len(b) > 0 {
-		if a[0] == b[0] {
+		switch {
+		case a[0] == b[0]:
 			res = append(res, a[0])
 			a, b = a[1:], b[1:]
-		} else if a[0] < b[0] {
+		case a[0] < b[0]:
 			res = append(res, a[0])
 			a = a[1:]
-		} else {
+		default:
 			res = append(res, b[0])
 			b = b[1:]
 		}
@@ -722,12 +723,11 @@ func (c *compactChunkIterator) Next() bool {
 			break
 		}
 
-		if next.MinTime == prev.MinTime &&
-			next.MaxTime == prev.MaxTime &&
-			bytes.Equal(next.Chunk.Bytes(), prev.Chunk.Bytes()) {
-			// 1:1 duplicates, skip it.
-		} else {
-			// We operate on same series, so labels does not matter here.
+		// Only do something if it is not a perfect duplicate.
+		if next.MinTime != prev.MinTime ||
+			next.MaxTime != prev.MaxTime ||
+			!bytes.Equal(next.Chunk.Bytes(), prev.Chunk.Bytes()) {
+			// We operate on same series, so labels do not matter here.
 			overlapping = append(overlapping, newChunkToSeriesDecoder(labels.EmptyLabels(), next))
 			if next.MaxTime > oMaxTime {
 				oMaxTime = next.MaxTime
diff --git a/vendor/github.com/prometheus/prometheus/storage/remote/client.go b/vendor/github.com/prometheus/prometheus/storage/remote/client.go
index 92666cd1d..1625c9918 100644
--- a/vendor/github.com/prometheus/prometheus/storage/remote/client.go
+++ b/vendor/github.com/prometheus/prometheus/storage/remote/client.go
@@ -80,7 +80,7 @@ func init() {
 // Client allows reading and writing from/to a remote HTTP endpoint.
 type Client struct {
 	remoteName string // Used to differentiate clients in metrics.
-	url        *config_util.URL
+	urlString  string // url.String()
 	Client     *http.Client
 	timeout    time.Duration
 
@@ -122,7 +122,7 @@ func NewReadClient(name string, conf *ClientConfig) (ReadClient, error) {
 
 	return &Client{
 		remoteName:          name,
-		url:                 conf.URL,
+		urlString:           conf.URL.String(),
 		Client:              httpClient,
 		timeout:             time.Duration(conf.Timeout),
 		readQueries:         remoteReadQueries.WithLabelValues(name, conf.URL.String()),
@@ -154,7 +154,7 @@ func NewWriteClient(name string, conf *ClientConfig) (WriteClient, error) {
 
 	return &Client{
 		remoteName:       name,
-		url:              conf.URL,
+		urlString:        conf.URL.String(),
 		Client:           httpClient,
 		retryOnRateLimit: conf.RetryOnRateLimit,
 		timeout:          time.Duration(conf.Timeout),
@@ -187,7 +187,7 @@ type RecoverableError struct {
 // Store sends a batch of samples to the HTTP endpoint, the request is the proto marshalled
 // and encoded bytes from codec.go.
 func (c *Client) Store(ctx context.Context, req []byte) error {
-	httpReq, err := http.NewRequest("POST", c.url.String(), bytes.NewReader(req))
+	httpReq, err := http.NewRequest("POST", c.urlString, bytes.NewReader(req))
 	if err != nil {
 		// Errors from NewRequest are from unparsable URLs, so are not
 		// recoverable.
@@ -255,7 +255,7 @@ func (c Client) Name() string {
 
 // Endpoint is the remote read or write endpoint.
 func (c Client) Endpoint() string {
-	return c.url.String()
+	return c.urlString
 }
 
 // Read reads from a remote endpoint.
@@ -276,7 +276,7 @@ func (c *Client) Read(ctx context.Context, query *prompb.Query) (*prompb.QueryRe
 	}
 
 	compressed := snappy.Encode(nil, data)
-	httpReq, err := http.NewRequest("POST", c.url.String(), bytes.NewReader(compressed))
+	httpReq, err := http.NewRequest("POST", c.urlString, bytes.NewReader(compressed))
 	if err != nil {
 		return nil, fmt.Errorf("unable to create request: %w", err)
 	}
@@ -310,7 +310,7 @@ func (c *Client) Read(ctx context.Context, query *prompb.Query) (*prompb.QueryRe
 	}
 
 	if httpResp.StatusCode/100 != 2 {
-		return nil, fmt.Errorf("remote server %s returned HTTP status %s: %s", c.url.String(), httpResp.Status, strings.TrimSpace(string(compressed)))
+		return nil, fmt.Errorf("remote server %s returned HTTP status %s: %s", c.urlString, httpResp.Status, strings.TrimSpace(string(compressed)))
 	}
 
 	uncompressed, err := snappy.Decode(nil, compressed)
diff --git a/vendor/github.com/prometheus/prometheus/storage/remote/codec.go b/vendor/github.com/prometheus/prometheus/storage/remote/codec.go
index e3ef58c35..6a58ec4ac 100644
--- a/vendor/github.com/prometheus/prometheus/storage/remote/codec.go
+++ b/vendor/github.com/prometheus/prometheus/storage/remote/codec.go
@@ -17,6 +17,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"math"
 	"net/http"
 	"sort"
 	"strings"
@@ -120,10 +121,13 @@ func ToQueryResult(ss storage.SeriesSet, sampleLimit int) (*prompb.QueryResult,
 	for ss.Next() {
 		series := ss.At()
 		iter = series.Iterator(iter)
-		samples := []prompb.Sample{}
 
-		for iter.Next() == chunkenc.ValFloat {
-			// TODO(beorn7): Add Histogram support.
+		var (
+			samples    []prompb.Sample
+			histograms []prompb.Histogram
+		)
+
+		for valType := iter.Next(); valType != chunkenc.ValNone; valType = iter.Next() {
 			numSamples++
 			if sampleLimit > 0 && numSamples > sampleLimit {
 				return nil, ss.Warnings(), HTTPError{
@@ -131,19 +135,32 @@ func ToQueryResult(ss storage.SeriesSet, sampleLimit int) (*prompb.QueryResult,
 					status: http.StatusBadRequest,
 				}
 			}
-			ts, val := iter.At()
-			samples = append(samples, prompb.Sample{
-				Timestamp: ts,
-				Value:     val,
-			})
+
+			switch valType {
+			case chunkenc.ValFloat:
+				ts, val := iter.At()
+				samples = append(samples, prompb.Sample{
+					Timestamp: ts,
+					Value:     val,
+				})
+			case chunkenc.ValHistogram:
+				ts, h := iter.AtHistogram()
+				histograms = append(histograms, HistogramToHistogramProto(ts, h))
+			case chunkenc.ValFloatHistogram:
+				ts, fh := iter.AtFloatHistogram()
+				histograms = append(histograms, FloatHistogramToHistogramProto(ts, fh))
+			default:
+				return nil, ss.Warnings(), fmt.Errorf("unrecognized value type: %s", valType)
+			}
 		}
 		if err := iter.Err(); err != nil {
 			return nil, ss.Warnings(), err
 		}
 
 		resp.Timeseries = append(resp.Timeseries, &prompb.TimeSeries{
-			Labels:  labelsToLabelsProto(series.Labels(), nil),
-			Samples: samples,
+			Labels:     labelsToLabelsProto(series.Labels(), nil),
+			Samples:    samples,
+			Histograms: histograms,
 		})
 	}
 	return resp, ss.Warnings(), ss.Err()
@@ -157,7 +174,7 @@ func FromQueryResult(sortSeries bool, res *prompb.QueryResult) storage.SeriesSet
 			return errSeriesSet{err: err}
 		}
 		lbls := labelProtosToLabels(ts.Labels)
-		series = append(series, &concreteSeries{labels: lbls, samples: ts.Samples})
+		series = append(series, &concreteSeries{labels: lbls, floats: ts.Samples, histograms: ts.Histograms})
 	}
 
 	if sortSeries {
@@ -274,13 +291,14 @@ func MergeLabels(primary, secondary []prompb.Label) []prompb.Label {
 	result := make([]prompb.Label, 0, len(primary)+len(secondary))
 	i, j := 0, 0
 	for i < len(primary) && j < len(secondary) {
-		if primary[i].Name < secondary[j].Name {
+		switch {
+		case primary[i].Name < secondary[j].Name:
 			result = append(result, primary[i])
 			i++
-		} else if primary[i].Name > secondary[j].Name {
+		case primary[i].Name > secondary[j].Name:
 			result = append(result, secondary[j])
 			j++
-		} else {
+		default:
 			result = append(result, primary[i])
 			i++
 			j++
@@ -343,8 +361,9 @@ func (c *concreteSeriesSet) Warnings() storage.Warnings { return nil }
 
 // concreteSeries implements storage.Series.
 type concreteSeries struct {
-	labels  labels.Labels
-	samples []prompb.Sample
+	labels     labels.Labels
+	floats     []prompb.Sample
+	histograms []prompb.Histogram
 }
 
 func (c *concreteSeries) Labels() labels.Labels {
@@ -356,84 +375,165 @@ func (c *concreteSeries) Iterator(it chunkenc.Iterator) chunkenc.Iterator {
 		csi.reset(c)
 		return csi
 	}
-	return newConcreteSeriersIterator(c)
+	return newConcreteSeriesIterator(c)
 }
 
 // concreteSeriesIterator implements storage.SeriesIterator.
 type concreteSeriesIterator struct {
-	cur    int
-	series *concreteSeries
+	floatsCur     int
+	histogramsCur int
+	curValType    chunkenc.ValueType
+	series        *concreteSeries
 }
 
-func newConcreteSeriersIterator(series *concreteSeries) chunkenc.Iterator {
+func newConcreteSeriesIterator(series *concreteSeries) chunkenc.Iterator {
 	return &concreteSeriesIterator{
-		cur:    -1,
-		series: series,
+		floatsCur:     -1,
+		histogramsCur: -1,
+		curValType:    chunkenc.ValNone,
+		series:        series,
 	}
 }
 
 func (c *concreteSeriesIterator) reset(series *concreteSeries) {
-	c.cur = -1
+	c.floatsCur = -1
+	c.histogramsCur = -1
+	c.curValType = chunkenc.ValNone
 	c.series = series
 }
 
 // Seek implements storage.SeriesIterator.
 func (c *concreteSeriesIterator) Seek(t int64) chunkenc.ValueType {
-	if c.cur == -1 {
-		c.cur = 0
+	if c.floatsCur == -1 {
+		c.floatsCur = 0
 	}
-	if c.cur >= len(c.series.samples) {
+	if c.histogramsCur == -1 {
+		c.histogramsCur = 0
+	}
+	if c.floatsCur >= len(c.series.floats) && c.histogramsCur >= len(c.series.histograms) {
 		return chunkenc.ValNone
 	}
+
 	// No-op check.
-	if s := c.series.samples[c.cur]; s.Timestamp >= t {
-		return chunkenc.ValFloat
+	if (c.curValType == chunkenc.ValFloat && c.series.floats[c.floatsCur].Timestamp >= t) ||
+		((c.curValType == chunkenc.ValHistogram || c.curValType == chunkenc.ValFloatHistogram) && c.series.histograms[c.histogramsCur].Timestamp >= t) {
+		return c.curValType
 	}
-	// Do binary search between current position and end.
-	c.cur += sort.Search(len(c.series.samples)-c.cur, func(n int) bool {
-		return c.series.samples[n+c.cur].Timestamp >= t
+
+	c.curValType = chunkenc.ValNone
+
+	// Binary search between current position and end for both float and histograms samples.
+	c.floatsCur += sort.Search(len(c.series.floats)-c.floatsCur, func(n int) bool {
+		return c.series.floats[n+c.floatsCur].Timestamp >= t
 	})
-	if c.cur < len(c.series.samples) {
-		return chunkenc.ValFloat
+	c.histogramsCur += sort.Search(len(c.series.histograms)-c.histogramsCur, func(n int) bool {
+		return c.series.histograms[n+c.histogramsCur].Timestamp >= t
+	})
+	switch {
+	case c.floatsCur < len(c.series.floats) && c.histogramsCur < len(c.series.histograms):
+		// If float samples and histogram samples have overlapping timestamps prefer the float samples.
+		if c.series.floats[c.floatsCur].Timestamp <= c.series.histograms[c.histogramsCur].Timestamp {
+			c.curValType = chunkenc.ValFloat
+		} else {
+			c.curValType = getHistogramValType(&c.series.histograms[c.histogramsCur])
+		}
+		// When the timestamps do not overlap the cursor for the non-selected sample type has advanced too
+		// far; we decrement it back down here.
+		if c.series.floats[c.floatsCur].Timestamp != c.series.histograms[c.histogramsCur].Timestamp {
+			if c.curValType == chunkenc.ValFloat {
+				c.histogramsCur--
+			} else {
+				c.floatsCur--
+			}
+		}
+	case c.floatsCur < len(c.series.floats):
+		c.curValType = chunkenc.ValFloat
+	case c.histogramsCur < len(c.series.histograms):
+		c.curValType = getHistogramValType(&c.series.histograms[c.histogramsCur])
 	}
-	return chunkenc.ValNone
-	// TODO(beorn7): Add histogram support.
+	return c.curValType
+}
+
+func getHistogramValType(h *prompb.Histogram) chunkenc.ValueType {
+	if h.IsFloatHistogram() {
+		return chunkenc.ValFloatHistogram
+	}
+	return chunkenc.ValHistogram
 }
 
 // At implements chunkenc.Iterator.
 func (c *concreteSeriesIterator) At() (t int64, v float64) {
-	s := c.series.samples[c.cur]
+	if c.curValType != chunkenc.ValFloat {
+		panic("iterator is not on a float sample")
+	}
+	s := c.series.floats[c.floatsCur]
 	return s.Timestamp, s.Value
 }
 
-// AtHistogram always returns (0, nil) because there is no support for histogram
-// values yet.
-// TODO(beorn7): Fix that for histogram support in remote storage.
+// AtHistogram implements chunkenc.Iterator
 func (c *concreteSeriesIterator) AtHistogram() (int64, *histogram.Histogram) {
-	return 0, nil
+	if c.curValType != chunkenc.ValHistogram {
+		panic("iterator is not on an integer histogram sample")
+	}
+	h := c.series.histograms[c.histogramsCur]
+	return h.Timestamp, HistogramProtoToHistogram(h)
 }
 
-// AtFloatHistogram always returns (0, nil) because there is no support for histogram
-// values yet.
-// TODO(beorn7): Fix that for histogram support in remote storage.
+// AtFloatHistogram implements chunkenc.Iterator
 func (c *concreteSeriesIterator) AtFloatHistogram() (int64, *histogram.FloatHistogram) {
-	return 0, nil
+	switch c.curValType {
+	case chunkenc.ValHistogram:
+		fh := c.series.histograms[c.histogramsCur]
+		return fh.Timestamp, HistogramProtoToFloatHistogram(fh)
+	case chunkenc.ValFloatHistogram:
+		fh := c.series.histograms[c.histogramsCur]
+		return fh.Timestamp, FloatHistogramProtoToFloatHistogram(fh)
+	default:
+		panic("iterator is not on a histogram sample")
+	}
 }
 
 // AtT implements chunkenc.Iterator.
 func (c *concreteSeriesIterator) AtT() int64 {
-	s := c.series.samples[c.cur]
-	return s.Timestamp
+	if c.curValType == chunkenc.ValHistogram || c.curValType == chunkenc.ValFloatHistogram {
+		return c.series.histograms[c.histogramsCur].Timestamp
+	}
+	return c.series.floats[c.floatsCur].Timestamp
 }
 
+const noTS = int64(math.MaxInt64)
+
 // Next implements chunkenc.Iterator.
 func (c *concreteSeriesIterator) Next() chunkenc.ValueType {
-	c.cur++
-	if c.cur < len(c.series.samples) {
-		return chunkenc.ValFloat
+	peekFloatTS := noTS
+	if c.floatsCur+1 < len(c.series.floats) {
+		peekFloatTS = c.series.floats[c.floatsCur+1].Timestamp
 	}
-	return chunkenc.ValNone
-	// TODO(beorn7): Add histogram support.
+	peekHistTS := noTS
+	if c.histogramsCur+1 < len(c.series.histograms) {
+		peekHistTS = c.series.histograms[c.histogramsCur+1].Timestamp
+	}
+	c.curValType = chunkenc.ValNone
+	switch {
+	case peekFloatTS < peekHistTS:
+		c.floatsCur++
+		c.curValType = chunkenc.ValFloat
+	case peekHistTS < peekFloatTS:
+		c.histogramsCur++
+		c.curValType = chunkenc.ValHistogram
+	case peekFloatTS == noTS && peekHistTS == noTS:
+		// This only happens when the iterator is exhausted; we set the cursors off the end to prevent
+		// Seek() from returning anything afterwards.
+		c.floatsCur = len(c.series.floats)
+		c.histogramsCur = len(c.series.histograms)
+	default:
+		// Prefer float samples to histogram samples if there's a conflict. We advance the cursor for histograms
+		// anyway otherwise the histogram sample will get selected on the next call to Next().
+		c.floatsCur++
+		c.histogramsCur++
+		c.curValType = chunkenc.ValFloat
+	}
+	return c.curValType
 }
 
 // Err implements chunkenc.Iterator.
@@ -525,8 +625,11 @@ func exemplarProtoToExemplar(ep prompb.Exemplar) exemplar.Exemplar {
 
 // HistogramProtoToHistogram extracts a (normal integer) Histogram from the
 // provided proto message. The caller has to make sure that the proto message
-// represents an integer histogram and not a float histogram.
+// represents an integer histogram and not a float histogram, or it panics.
 func HistogramProtoToHistogram(hp prompb.Histogram) *histogram.Histogram {
+	if hp.IsFloatHistogram() {
+		panic("HistogramProtoToHistogram called with a float histogram")
+	}
 	return &histogram.Histogram{
 		CounterResetHint: histogram.CounterResetHint(hp.ResetHint),
 		Schema:           hp.Schema,
@@ -541,10 +644,14 @@ func HistogramProtoToHistogram(hp prompb.Histogram) *histogram.Histogram {
 	}
 }
 
-// HistogramProtoToFloatHistogram extracts a (normal integer) Histogram from the
+// FloatHistogramProtoToFloatHistogram extracts a float Histogram from the
 // provided proto message to a Float Histogram. The caller has to make sure that
-// the proto message represents an float histogram and not a integer histogram.
-func HistogramProtoToFloatHistogram(hp prompb.Histogram) *histogram.FloatHistogram {
+// the proto message represents a float histogram and not an integer histogram,
+// or it panics.
+func FloatHistogramProtoToFloatHistogram(hp prompb.Histogram) *histogram.FloatHistogram {
+	if !hp.IsFloatHistogram() {
+		panic("FloatHistogramProtoToFloatHistogram called with an integer histogram")
+	}
 	return &histogram.FloatHistogram{
 		CounterResetHint: histogram.CounterResetHint(hp.ResetHint),
 		Schema:           hp.Schema,
@@ -559,6 +666,27 @@ func HistogramProtoToFloatHistogram(hp prompb.Histogram) *histogram.FloatHistogr
 	}
 }
 
+// HistogramProtoToFloatHistogram extracts and converts a (normal integer) histogram from the provided proto message
+// to a float histogram. The caller has to make sure that the proto message represents an integer histogram and not a
+// float histogram, or it panics.
+func HistogramProtoToFloatHistogram(hp prompb.Histogram) *histogram.FloatHistogram {
+	if hp.IsFloatHistogram() {
+		panic("HistogramProtoToFloatHistogram called with a float histogram")
+	}
+	return &histogram.FloatHistogram{
+		CounterResetHint: histogram.CounterResetHint(hp.ResetHint),
+		Schema:           hp.Schema,
+		ZeroThreshold:    hp.ZeroThreshold,
+		ZeroCount:        float64(hp.GetZeroCountInt()),
+		Count:            float64(hp.GetCountInt()),
+		Sum:              hp.Sum,
+		PositiveSpans:    spansProtoToSpans(hp.GetPositiveSpans()),
+		PositiveBuckets:  deltasToCounts(hp.GetPositiveDeltas()),
+		NegativeSpans:    spansProtoToSpans(hp.GetNegativeSpans()),
+		NegativeBuckets:  deltasToCounts(hp.GetNegativeDeltas()),
+	}
+}
+
 func spansProtoToSpans(s []prompb.BucketSpan) []histogram.Span {
 	spans := make([]histogram.Span, len(s))
 	for i := 0; i < len(s); i++ {
@@ -568,6 +696,16 @@ func spansProtoToSpans(s []prompb.BucketSpan) []histogram.Span {
 	return spans
 }
 
+func deltasToCounts(deltas []int64) []float64 {
+	counts := make([]float64, len(deltas))
+	var cur float64
+	for i, d := range deltas {
+		cur += float64(d)
+		counts[i] = cur
+	}
+	return counts
+}
+
 func HistogramToHistogramProto(timestamp int64, h *histogram.Histogram) prompb.Histogram {
 	return prompb.Histogram{
 		Count:          &prompb.Histogram_CountInt{CountInt: h.Count},
diff --git a/vendor/github.com/prometheus/prometheus/storage/remote/ewma.go b/vendor/github.com/prometheus/prometheus/storage/remote/ewma.go
index c7fb0289b..ea4472c49 100644
--- a/vendor/github.com/prometheus/prometheus/storage/remote/ewma.go
+++ b/vendor/github.com/prometheus/prometheus/storage/remote/ewma.go
@@ -55,9 +55,10 @@ func (r *ewmaRate) tick() {
 	r.mutex.Lock()
 	defer r.mutex.Unlock()
 
-	if r.init {
+	switch {
+	case r.init:
 		r.lastRate += r.alpha * (instantRate - r.lastRate)
-	} else if newEvents > 0 {
+	case newEvents > 0:
 		r.init = true
 		r.lastRate = instantRate
 	}
diff --git a/vendor/github.com/prometheus/prometheus/storage/remote/queue_manager.go b/vendor/github.com/prometheus/prometheus/storage/remote/queue_manager.go
index 62bd17a66..3edd31b91 100644
--- a/vendor/github.com/prometheus/prometheus/storage/remote/queue_manager.go
+++ b/vendor/github.com/prometheus/prometheus/storage/remote/queue_manager.go
@@ -609,7 +609,7 @@ outer:
 
 			t.metrics.enqueueRetriesTotal.Inc()
 			time.Sleep(time.Duration(backoff))
-			backoff = backoff * 2
+			backoff *= 2
 			// It is reasonable to use t.cfg.MaxBackoff here, as if we have hit
 			// the full backoff we are likely waiting for external resources.
 			if backoff > t.cfg.MaxBackoff {
@@ -660,7 +660,7 @@ outer:
 
 			t.metrics.enqueueRetriesTotal.Inc()
 			time.Sleep(time.Duration(backoff))
-			backoff = backoff * 2
+			backoff *= 2
 			if backoff > t.cfg.MaxBackoff {
 				backoff = t.cfg.MaxBackoff
 			}
@@ -707,7 +707,7 @@ outer:
 
 			t.metrics.enqueueRetriesTotal.Inc()
 			time.Sleep(time.Duration(backoff))
-			backoff = backoff * 2
+			backoff *= 2
 			if backoff > t.cfg.MaxBackoff {
 				backoff = t.cfg.MaxBackoff
 			}
@@ -754,7 +754,7 @@ outer:
 
 			t.metrics.enqueueRetriesTotal.Inc()
 			time.Sleep(time.Duration(backoff))
-			backoff = backoff * 2
+			backoff *= 2
 			if backoff > t.cfg.MaxBackoff {
 				backoff = t.cfg.MaxBackoff
 			}
@@ -1030,9 +1030,10 @@ func (t *QueueManager) calculateDesiredShards() int {
 		return t.numShards
 	}
 
-	if numShards > t.cfg.MaxShards {
+	switch {
+	case numShards > t.cfg.MaxShards:
 		numShards = t.cfg.MaxShards
-	} else if numShards < t.cfg.MinShards {
+	case numShards < t.cfg.MinShards:
 		numShards = t.cfg.MinShards
 	}
 	return numShards
@@ -1575,10 +1576,11 @@ func sendWriteRequestWithBackoff(ctx context.Context, cfg config.QueueConfig, l
 		}
 
 		sleepDuration = backoff
-		if backoffErr.retryAfter > 0 {
+		switch {
+		case backoffErr.retryAfter > 0:
 			sleepDuration = backoffErr.retryAfter
 			level.Info(l).Log("msg", "Retrying after duration specified by Retry-After header", "duration", sleepDuration)
-		} else if backoffErr.retryAfter < 0 {
+		case backoffErr.retryAfter < 0:
 			level.Debug(l).Log("msg", "retry-after cannot be in past, retrying using default backoff mechanism")
 		}
 
diff --git a/vendor/github.com/prometheus/prometheus/storage/remote/read.go b/vendor/github.com/prometheus/prometheus/storage/remote/read.go
index 21524d70d..af61334f4 100644
--- a/vendor/github.com/prometheus/prometheus/storage/remote/read.go
+++ b/vendor/github.com/prometheus/prometheus/storage/remote/read.go
@@ -278,5 +278,5 @@ func (sf seriesFilter) Labels() labels.Labels {
 	b := labels.NewBuilder(sf.Series.Labels())
 	// todo: check if this is too inefficient.
 	b.Del(sf.toFilter...)
-	return b.Labels(labels.EmptyLabels())
+	return b.Labels()
 }
diff --git a/vendor/github.com/prometheus/prometheus/storage/remote/write_handler.go b/vendor/github.com/prometheus/prometheus/storage/remote/write_handler.go
index 45304c43c..1f4c43e59 100644
--- a/vendor/github.com/prometheus/prometheus/storage/remote/write_handler.go
+++ b/vendor/github.com/prometheus/prometheus/storage/remote/write_handler.go
@@ -125,8 +125,8 @@ func (h *writeHandler) write(ctx context.Context, req *prompb.WriteRequest) (err
 		}
 
 		for _, hp := range ts.Histograms {
-			if hp.GetCountFloat() > 0 || hp.GetZeroCountFloat() > 0 { // It is a float histogram.
-				fhs := HistogramProtoToFloatHistogram(hp)
+			if hp.IsFloatHistogram() {
+				fhs := FloatHistogramProtoToFloatHistogram(hp)
 				_, err = app.AppendHistogram(0, labels, hp.Timestamp, nil, fhs)
 			} else {
 				hs := HistogramProtoToHistogram(hp)
diff --git a/vendor/github.com/prometheus/prometheus/storage/series.go b/vendor/github.com/prometheus/prometheus/storage/series.go
index dcb6dd82e..f609df3f0 100644
--- a/vendor/github.com/prometheus/prometheus/storage/series.go
+++ b/vendor/github.com/prometheus/prometheus/storage/series.go
@@ -109,7 +109,7 @@ func (it *listSeriesIterator) Reset(samples Samples) {
 
 func (it *listSeriesIterator) At() (int64, float64) {
 	s := it.samples.Get(it.idx)
-	return s.T(), s.V()
+	return s.T(), s.F()
 }
 
 func (it *listSeriesIterator) AtHistogram() (int64, *histogram.Histogram) {
@@ -376,10 +376,17 @@ func (e errChunksIterator) Err() error      { return e.err }
 // ExpandSamples iterates over all samples in the iterator, buffering all in slice.
 // Optionally it takes samples constructor, useful when you want to compare sample slices with different
 // sample implementations. if nil, sample type from this package will be used.
-func ExpandSamples(iter chunkenc.Iterator, newSampleFn func(t int64, v float64, h *histogram.Histogram, fh *histogram.FloatHistogram) tsdbutil.Sample) ([]tsdbutil.Sample, error) {
+func ExpandSamples(iter chunkenc.Iterator, newSampleFn func(t int64, f float64, h *histogram.Histogram, fh *histogram.FloatHistogram) tsdbutil.Sample) ([]tsdbutil.Sample, error) {
 	if newSampleFn == nil {
-		newSampleFn = func(t int64, v float64, h *histogram.Histogram, fh *histogram.FloatHistogram) tsdbutil.Sample {
-			return sample{t, v, h, fh}
+		newSampleFn = func(t int64, f float64, h *histogram.Histogram, fh *histogram.FloatHistogram) tsdbutil.Sample {
+			switch {
+			case h != nil:
+				return hSample{t, h}
+			case fh != nil:
+				return fhSample{t, fh}
+			default:
+				return fSample{t, f}
+			}
 		}
 	}
 
@@ -389,12 +396,12 @@ func ExpandSamples(iter chunkenc.Iterator, newSampleFn func(t int64, v float64,
 		case chunkenc.ValNone:
 			return result, iter.Err()
 		case chunkenc.ValFloat:
-			t, v := iter.At()
+			t, f := iter.At()
 			// NaNs can't be compared normally, so substitute for another value.
-			if math.IsNaN(v) {
-				v = -42
+			if math.IsNaN(f) {
+				f = -42
 			}
-			result = append(result, newSampleFn(t, v, nil, nil))
+			result = append(result, newSampleFn(t, f, nil, nil))
 		case chunkenc.ValHistogram:
 			t, h := iter.AtHistogram()
 			result = append(result, newSampleFn(t, 0, h, nil))
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/bstream.go b/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/bstream.go
index 60531023b..7b17f4686 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/bstream.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/bstream.go
@@ -182,7 +182,7 @@ func (b *bstreamReader) readBits(nbits uint8) (uint64, error) {
 	}
 
 	bitmask = (uint64(1) << nbits) - 1
-	v = v | ((b.buffer >> (b.valid - nbits)) & bitmask)
+	v |= ((b.buffer >> (b.valid - nbits)) & bitmask)
 	b.valid -= nbits
 
 	return v, nil
@@ -242,13 +242,13 @@ func (b *bstreamReader) loadNextBuffer(nbits uint8) bool {
 	if b.streamOffset+nbytes == len(b.stream) {
 		// There can be concurrent writes happening on the very last byte
 		// of the stream, so use the copy we took at initialization time.
-		buffer = buffer | uint64(b.last)
+		buffer |= uint64(b.last)
 		// Read up to the byte before
 		skip = 1
 	}
 
 	for i := 0; i < nbytes-skip; i++ {
-		buffer = buffer | (uint64(b.stream[b.streamOffset+i]) << uint(8*(nbytes-i-1)))
+		buffer |= (uint64(b.stream[b.streamOffset+i]) << uint(8*(nbytes-i-1)))
 	}
 
 	b.buffer = buffer
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/chunk.go b/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/chunk.go
index b7d240123..1ebef3eb1 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/chunk.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/chunk.go
@@ -47,20 +47,9 @@ func (e Encoding) String() string {
 	return "<unknown>"
 }
 
-// Chunk encodings for out-of-order chunks.
-// These encodings must be only used by the Head block for its internal bookkeeping.
-const (
-	OutOfOrderMask = 0b10000000
-	EncOOOXOR      = EncXOR | OutOfOrderMask
-)
-
-func IsOutOfOrderChunk(e Encoding) bool {
-	return (e & OutOfOrderMask) != 0
-}
-
 // IsValidEncoding returns true for supported encodings.
 func IsValidEncoding(e Encoding) bool {
-	return e == EncXOR || e == EncOOOXOR || e == EncHistogram || e == EncFloatHistogram
+	return e == EncXOR || e == EncHistogram || e == EncFloatHistogram
 }
 
 // Chunk holds a sequence of sample pairs that can be iterated over and appended to.
@@ -107,7 +96,7 @@ type Iterator interface {
 	// timestamp equal or greater than t. If the current sample found by a
 	// previous `Next` or `Seek` operation already has this property, Seek
 	// has no effect. If a sample has been found, Seek returns the type of
-	// its value. Otherwise, it returns ValNone, after with the iterator is
+	// its value. Otherwise, it returns ValNone, after which the iterator is
 	// exhausted.
 	Seek(t int64) ValueType
 	// At returns the current timestamp/value pair if the value is a float.
@@ -262,7 +251,7 @@ func NewPool() Pool {
 
 func (p *pool) Get(e Encoding, b []byte) (Chunk, error) {
 	switch e {
-	case EncXOR, EncOOOXOR:
+	case EncXOR:
 		c := p.xor.Get().(*XORChunk)
 		c.b.stream = b
 		c.b.count = 0
@@ -283,7 +272,7 @@ func (p *pool) Get(e Encoding, b []byte) (Chunk, error) {
 
 func (p *pool) Put(c Chunk) error {
 	switch c.Encoding() {
-	case EncXOR, EncOOOXOR:
+	case EncXOR:
 		xc, ok := c.(*XORChunk)
 		// This may happen often with wrapped chunks. Nothing we can really do about
 		// it but returning an error would cause a lot of allocations again. Thus,
@@ -327,7 +316,7 @@ func (p *pool) Put(c Chunk) error {
 // bytes.
 func FromData(e Encoding, d []byte) (Chunk, error) {
 	switch e {
-	case EncXOR, EncOOOXOR:
+	case EncXOR:
 		return &XORChunk{b: bstream{count: 0, stream: d}}, nil
 	case EncHistogram:
 		return &HistogramChunk{b: bstream{count: 0, stream: d}}, nil
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/float_histogram.go b/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/float_histogram.go
index b462c6d9f..0349de9ab 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/float_histogram.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/float_histogram.go
@@ -107,7 +107,7 @@ func (c *FloatHistogramChunk) Appender() (Appender, error) {
 	// To get an appender, we must know the state it would have if we had
 	// appended all existing data from scratch. We iterate through the end
 	// and populate via the iterator's state.
-	for it.Next() == ValFloatHistogram {
+	for it.Next() == ValFloatHistogram { // nolint:revive
 	}
 	if err := it.Err(); err != nil {
 		return nil, err
@@ -785,7 +785,7 @@ func (it *floatHistogramIterator) Next() ValueType {
 		it.err = err
 		return ValNone
 	}
-	it.tDelta = it.tDelta + tDod
+	it.tDelta += tDod
 	it.t += it.tDelta
 
 	if ok := it.readXor(&it.cnt.value, &it.cnt.leading, &it.cnt.trailing); !ok {
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/histogram.go b/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/histogram.go
index 7b6a9cacb..f9a63d18f 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/histogram.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/histogram.go
@@ -126,7 +126,7 @@ func (c *HistogramChunk) Appender() (Appender, error) {
 	// To get an appender, we must know the state it would have if we had
 	// appended all existing data from scratch. We iterate through the end
 	// and populate via the iterator's state.
-	for it.Next() == ValHistogram {
+	for it.Next() == ValHistogram { // nolint:revive
 	}
 	if err := it.Err(); err != nil {
 		return nil, err
@@ -875,7 +875,7 @@ func (it *histogramIterator) Next() ValueType {
 		it.err = err
 		return ValNone
 	}
-	it.tDelta = it.tDelta + tDod
+	it.tDelta += tDod
 	it.t += it.tDelta
 
 	cntDod, err := readVarbitInt(&it.br)
@@ -883,7 +883,7 @@ func (it *histogramIterator) Next() ValueType {
 		it.err = err
 		return ValNone
 	}
-	it.cntDelta = it.cntDelta + cntDod
+	it.cntDelta += cntDod
 	it.cnt = uint64(int64(it.cnt) + it.cntDelta)
 
 	zcntDod, err := readVarbitInt(&it.br)
@@ -891,7 +891,7 @@ func (it *histogramIterator) Next() ValueType {
 		it.err = err
 		return ValNone
 	}
-	it.zCntDelta = it.zCntDelta + zcntDod
+	it.zCntDelta += zcntDod
 	it.zCnt = uint64(int64(it.zCnt) + it.zCntDelta)
 
 	ok := it.readSum()
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/varbit.go b/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/varbit.go
index b3b14cf41..449f9fbac 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/varbit.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/varbit.go
@@ -122,7 +122,7 @@ func readVarbitInt(b *bstreamReader) (int64, error) {
 		}
 		if bits > (1 << (sz - 1)) {
 			// Or something.
-			bits = bits - (1 << sz)
+			bits -= (1 << sz)
 		}
 		val = int64(bits)
 	}
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/xor.go b/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/xor.go
index 62e90cbaa..aa6b689a7 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/xor.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/chunkenc/xor.go
@@ -99,7 +99,7 @@ func (c *XORChunk) Appender() (Appender, error) {
 	// To get an appender we must know the state it would have if we had
 	// appended all existing data from scratch.
 	// We iterate through the end and populate via the iterator's state.
-	for it.Next() != ValNone {
+	for it.Next() != ValNone { // nolint:revive
 	}
 	if err := it.Err(); err != nil {
 		return nil, err
@@ -152,26 +152,25 @@ type xorAppender struct {
 	trailing uint8
 }
 
-func (a *xorAppender) AppendHistogram(t int64, h *histogram.Histogram) {
+func (a *xorAppender) AppendHistogram(int64, *histogram.Histogram) {
 	panic("appended a histogram to an xor chunk")
 }
 
-func (a *xorAppender) AppendFloatHistogram(t int64, h *histogram.FloatHistogram) {
+func (a *xorAppender) AppendFloatHistogram(int64, *histogram.FloatHistogram) {
 	panic("appended a float histogram to an xor chunk")
 }
 
 func (a *xorAppender) Append(t int64, v float64) {
 	var tDelta uint64
 	num := binary.BigEndian.Uint16(a.b.bytes())
-
-	if num == 0 {
+	switch num {
+	case 0:
 		buf := make([]byte, binary.MaxVarintLen64)
 		for _, b := range buf[:binary.PutVarint(buf, t)] {
 			a.b.writeByte(b)
 		}
 		a.b.writeBits(math.Float64bits(v), 64)
-
-	} else if num == 1 {
+	case 1:
 		tDelta = uint64(t - a.t)
 
 		buf := make([]byte, binary.MaxVarintLen64)
@@ -181,7 +180,7 @@ func (a *xorAppender) Append(t int64, v float64) {
 
 		a.writeVDelta(v)
 
-	} else {
+	default:
 		tDelta = uint64(t - a.t)
 		dod := int64(tDelta - a.tDelta)
 
@@ -321,7 +320,7 @@ func (it *xorIterator) Next() ValueType {
 			return ValNone
 		}
 		it.tDelta = tDelta
-		it.t = it.t + int64(it.tDelta)
+		it.t += int64(it.tDelta)
 
 		return it.readValue()
 	}
@@ -384,7 +383,7 @@ func (it *xorIterator) Next() ValueType {
 	}
 
 	it.tDelta = uint64(int64(it.tDelta) + dod)
-	it.t = it.t + int64(it.tDelta)
+	it.t += int64(it.tDelta)
 
 	return it.readValue()
 }
@@ -506,12 +505,3 @@ func xorRead(br *bstreamReader, value *float64, leading, trailing *uint8) error
 	*value = math.Float64frombits(vbits)
 	return nil
 }
-
-// OOOXORChunk holds a XORChunk and overrides the Encoding() method.
-type OOOXORChunk struct {
-	*XORChunk
-}
-
-func (c *OOOXORChunk) Encoding() Encoding {
-	return EncOOOXOR
-}
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/chunks/chunk_write_queue.go b/vendor/github.com/prometheus/prometheus/tsdb/chunks/chunk_write_queue.go
index ab34eb06c..6d2dc743b 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/chunks/chunk_write_queue.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/chunks/chunk_write_queue.go
@@ -42,6 +42,7 @@ type chunkWriteJob struct {
 	maxt      int64
 	chk       chunkenc.Chunk
 	ref       ChunkDiskMapperRef
+	isOOO     bool
 	callback  func(error)
 }
 
@@ -76,7 +77,7 @@ type chunkWriteQueue struct {
 }
 
 // writeChunkF is a function which writes chunks, it is dynamic to allow mocking in tests.
-type writeChunkF func(HeadSeriesRef, int64, int64, chunkenc.Chunk, ChunkDiskMapperRef, bool) error
+type writeChunkF func(HeadSeriesRef, int64, int64, chunkenc.Chunk, ChunkDiskMapperRef, bool, bool) error
 
 func newChunkWriteQueue(reg prometheus.Registerer, size int, writeChunk writeChunkF) *chunkWriteQueue {
 	counters := prometheus.NewCounterVec(
@@ -133,7 +134,7 @@ func (c *chunkWriteQueue) start() {
 }
 
 func (c *chunkWriteQueue) processJob(job chunkWriteJob) {
-	err := c.writeChunk(job.seriesRef, job.mint, job.maxt, job.chk, job.ref, job.cutFile)
+	err := c.writeChunk(job.seriesRef, job.mint, job.maxt, job.chk, job.ref, job.isOOO, job.cutFile)
 	if job.callback != nil {
 		job.callback(err)
 	}
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/chunks/head_chunks.go b/vendor/github.com/prometheus/prometheus/tsdb/chunks/head_chunks.go
index a0bd735b8..bcdab2125 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/chunks/head_chunks.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/chunks/head_chunks.go
@@ -273,6 +273,26 @@ func NewChunkDiskMapper(reg prometheus.Registerer, dir string, pool chunkenc.Poo
 	return m, m.openMMapFiles()
 }
 
+// Chunk encodings for out-of-order chunks.
+// These encodings must be only used by the Head block for its internal bookkeeping.
+const (
+	OutOfOrderMask = uint8(0b10000000)
+)
+
+func (cdm *ChunkDiskMapper) ApplyOutOfOrderMask(sourceEncoding chunkenc.Encoding) chunkenc.Encoding {
+	enc := uint8(sourceEncoding) | OutOfOrderMask
+	return chunkenc.Encoding(enc)
+}
+
+func (cdm *ChunkDiskMapper) IsOutOfOrderChunk(e chunkenc.Encoding) bool {
+	return (uint8(e) & OutOfOrderMask) != 0
+}
+
+func (cdm *ChunkDiskMapper) RemoveMasks(sourceEncoding chunkenc.Encoding) chunkenc.Encoding {
+	restored := uint8(sourceEncoding) & (^OutOfOrderMask)
+	return chunkenc.Encoding(restored)
+}
+
 // openMMapFiles opens all files within dir for mmapping.
 func (cdm *ChunkDiskMapper) openMMapFiles() (returnErr error) {
 	cdm.mmappedChunkFiles = map[int]*mmappedChunkFile{}
@@ -403,17 +423,17 @@ func repairLastChunkFile(files map[int]string) (_ map[int]string, returnErr erro
 
 // WriteChunk writes the chunk to the disk.
 // The returned chunk ref is the reference from where the chunk encoding starts for the chunk.
-func (cdm *ChunkDiskMapper) WriteChunk(seriesRef HeadSeriesRef, mint, maxt int64, chk chunkenc.Chunk, callback func(err error)) (chkRef ChunkDiskMapperRef) {
+func (cdm *ChunkDiskMapper) WriteChunk(seriesRef HeadSeriesRef, mint, maxt int64, chk chunkenc.Chunk, isOOO bool, callback func(err error)) (chkRef ChunkDiskMapperRef) {
 	// cdm.evtlPosMtx must be held to serialize the calls to cdm.evtlPos.getNextChunkRef() and the writing of the chunk (either with or without queue).
 	cdm.evtlPosMtx.Lock()
 	defer cdm.evtlPosMtx.Unlock()
 	ref, cutFile := cdm.evtlPos.getNextChunkRef(chk)
 
 	if cdm.writeQueue != nil {
-		return cdm.writeChunkViaQueue(ref, cutFile, seriesRef, mint, maxt, chk, callback)
+		return cdm.writeChunkViaQueue(ref, isOOO, cutFile, seriesRef, mint, maxt, chk, callback)
 	}
 
-	err := cdm.writeChunk(seriesRef, mint, maxt, chk, ref, cutFile)
+	err := cdm.writeChunk(seriesRef, mint, maxt, chk, ref, isOOO, cutFile)
 	if callback != nil {
 		callback(err)
 	}
@@ -421,7 +441,7 @@ func (cdm *ChunkDiskMapper) WriteChunk(seriesRef HeadSeriesRef, mint, maxt int64
 	return ref
 }
 
-func (cdm *ChunkDiskMapper) writeChunkViaQueue(ref ChunkDiskMapperRef, cutFile bool, seriesRef HeadSeriesRef, mint, maxt int64, chk chunkenc.Chunk, callback func(err error)) (chkRef ChunkDiskMapperRef) {
+func (cdm *ChunkDiskMapper) writeChunkViaQueue(ref ChunkDiskMapperRef, isOOO, cutFile bool, seriesRef HeadSeriesRef, mint, maxt int64, chk chunkenc.Chunk, callback func(err error)) (chkRef ChunkDiskMapperRef) {
 	var err error
 	if callback != nil {
 		defer func() {
@@ -438,13 +458,14 @@ func (cdm *ChunkDiskMapper) writeChunkViaQueue(ref ChunkDiskMapperRef, cutFile b
 		maxt:      maxt,
 		chk:       chk,
 		ref:       ref,
+		isOOO:     isOOO,
 		callback:  callback,
 	})
 
 	return ref
 }
 
-func (cdm *ChunkDiskMapper) writeChunk(seriesRef HeadSeriesRef, mint, maxt int64, chk chunkenc.Chunk, ref ChunkDiskMapperRef, cutFile bool) (err error) {
+func (cdm *ChunkDiskMapper) writeChunk(seriesRef HeadSeriesRef, mint, maxt int64, chk chunkenc.Chunk, ref ChunkDiskMapperRef, isOOO, cutFile bool) (err error) {
 	cdm.writePathMtx.Lock()
 	defer cdm.writePathMtx.Unlock()
 
@@ -476,7 +497,11 @@ func (cdm *ChunkDiskMapper) writeChunk(seriesRef HeadSeriesRef, mint, maxt int64
 	bytesWritten += MintMaxtSize
 	binary.BigEndian.PutUint64(cdm.byteBuf[bytesWritten:], uint64(maxt))
 	bytesWritten += MintMaxtSize
-	cdm.byteBuf[bytesWritten] = byte(chk.Encoding())
+	enc := chk.Encoding()
+	if isOOO {
+		enc = cdm.ApplyOutOfOrderMask(enc)
+	}
+	cdm.byteBuf[bytesWritten] = byte(enc)
 	bytesWritten += ChunkEncodingSize
 	n := binary.PutUvarint(cdm.byteBuf[bytesWritten:], uint64(len(chk.Bytes())))
 	bytesWritten += n
@@ -696,7 +721,9 @@ func (cdm *ChunkDiskMapper) Chunk(ref ChunkDiskMapperRef) (chunkenc.Chunk, error
 
 	// Encoding.
 	chkEnc := mmapFile.byteSlice.Range(chkStart, chkStart+ChunkEncodingSize)[0]
-
+	sourceChkEnc := chunkenc.Encoding(chkEnc)
+	// Extract the encoding from the byte. ChunkDiskMapper uses only the last 7 bits for the encoding.
+	chkEnc = byte(cdm.RemoveMasks(sourceChkEnc))
 	// Data length.
 	// With the minimum chunk length this should never cause us reading
 	// over the end of the slice.
@@ -762,7 +789,7 @@ func (cdm *ChunkDiskMapper) Chunk(ref ChunkDiskMapperRef) (chunkenc.Chunk, error
 // and runs the provided function with information about each chunk. It returns on the first error encountered.
 // NOTE: This method needs to be called at least once after creating ChunkDiskMapper
 // to set the maxt of all the file.
-func (cdm *ChunkDiskMapper) IterateAllChunks(f func(seriesRef HeadSeriesRef, chunkRef ChunkDiskMapperRef, mint, maxt int64, numSamples uint16, encoding chunkenc.Encoding) error) (err error) {
+func (cdm *ChunkDiskMapper) IterateAllChunks(f func(seriesRef HeadSeriesRef, chunkRef ChunkDiskMapperRef, mint, maxt int64, numSamples uint16, encoding chunkenc.Encoding, isOOO bool) error) (err error) {
 	cdm.writePathMtx.Lock()
 	defer cdm.writePathMtx.Unlock()
 
@@ -860,8 +887,10 @@ func (cdm *ChunkDiskMapper) IterateAllChunks(f func(seriesRef HeadSeriesRef, chu
 			if maxt > mmapFile.maxt {
 				mmapFile.maxt = maxt
 			}
-
-			if err := f(seriesRef, chunkRef, mint, maxt, numSamples, chkEnc); err != nil {
+			isOOO := cdm.IsOutOfOrderChunk(chkEnc)
+			// Extract the encoding from the byte. ChunkDiskMapper uses only the last 7 bits for the encoding.
+			chkEnc = cdm.RemoveMasks(chkEnc)
+			if err := f(seriesRef, chunkRef, mint, maxt, numSamples, chkEnc, isOOO); err != nil {
 				if cerr, ok := err.(*CorruptionErr); ok {
 					cerr.Dir = cdm.dir.Name()
 					cerr.FileIndex = segID
@@ -970,9 +999,10 @@ func (cdm *ChunkDiskMapper) DeleteCorrupted(originalErr error) error {
 	cdm.readPathMtx.RLock()
 	lastSeq := 0
 	for seg := range cdm.mmappedChunkFiles {
-		if seg >= cerr.FileIndex {
+		switch {
+		case seg >= cerr.FileIndex:
 			segs = append(segs, seg)
-		} else if seg > lastSeq {
+		case seg > lastSeq:
 			lastSeq = seg
 		}
 	}
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/compact.go b/vendor/github.com/prometheus/prometheus/tsdb/compact.go
index f216ad46a..e2b6f4c5e 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/compact.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/compact.go
@@ -44,7 +44,7 @@ func ExponentialBlockRanges(minSize int64, steps, stepSize int) []int64 {
 	curRange := minSize
 	for i := 0; i < steps; i++ {
 		ranges = append(ranges, curRange)
-		curRange = curRange * int64(stepSize)
+		curRange *= int64(stepSize)
 	}
 
 	return ranges
@@ -75,7 +75,7 @@ type Compactor interface {
 
 // LeveledCompactor implements the Compactor interface.
 type LeveledCompactor struct {
-	metrics                  *compactorMetrics
+	metrics                  *CompactorMetrics
 	logger                   log.Logger
 	ranges                   []int64
 	chunkPool                chunkenc.Pool
@@ -84,47 +84,47 @@ type LeveledCompactor struct {
 	mergeFunc                storage.VerticalChunkSeriesMergeFunc
 }
 
-type compactorMetrics struct {
-	ran               prometheus.Counter
-	populatingBlocks  prometheus.Gauge
-	overlappingBlocks prometheus.Counter
-	duration          prometheus.Histogram
-	chunkSize         prometheus.Histogram
-	chunkSamples      prometheus.Histogram
-	chunkRange        prometheus.Histogram
+type CompactorMetrics struct {
+	Ran               prometheus.Counter
+	PopulatingBlocks  prometheus.Gauge
+	OverlappingBlocks prometheus.Counter
+	Duration          prometheus.Histogram
+	ChunkSize         prometheus.Histogram
+	ChunkSamples      prometheus.Histogram
+	ChunkRange        prometheus.Histogram
 }
 
-func newCompactorMetrics(r prometheus.Registerer) *compactorMetrics {
-	m := &compactorMetrics{}
+func newCompactorMetrics(r prometheus.Registerer) *CompactorMetrics {
+	m := &CompactorMetrics{}
 
-	m.ran = prometheus.NewCounter(prometheus.CounterOpts{
+	m.Ran = prometheus.NewCounter(prometheus.CounterOpts{
 		Name: "prometheus_tsdb_compactions_total",
 		Help: "Total number of compactions that were executed for the partition.",
 	})
-	m.populatingBlocks = prometheus.NewGauge(prometheus.GaugeOpts{
+	m.PopulatingBlocks = prometheus.NewGauge(prometheus.GaugeOpts{
 		Name: "prometheus_tsdb_compaction_populating_block",
 		Help: "Set to 1 when a block is currently being written to the disk.",
 	})
-	m.overlappingBlocks = prometheus.NewCounter(prometheus.CounterOpts{
+	m.OverlappingBlocks = prometheus.NewCounter(prometheus.CounterOpts{
 		Name: "prometheus_tsdb_vertical_compactions_total",
 		Help: "Total number of compactions done on overlapping blocks.",
 	})
-	m.duration = prometheus.NewHistogram(prometheus.HistogramOpts{
+	m.Duration = prometheus.NewHistogram(prometheus.HistogramOpts{
 		Name:    "prometheus_tsdb_compaction_duration_seconds",
 		Help:    "Duration of compaction runs",
 		Buckets: prometheus.ExponentialBuckets(1, 2, 14),
 	})
-	m.chunkSize = prometheus.NewHistogram(prometheus.HistogramOpts{
+	m.ChunkSize = prometheus.NewHistogram(prometheus.HistogramOpts{
 		Name:    "prometheus_tsdb_compaction_chunk_size_bytes",
 		Help:    "Final size of chunks on their first compaction",
 		Buckets: prometheus.ExponentialBuckets(32, 1.5, 12),
 	})
-	m.chunkSamples = prometheus.NewHistogram(prometheus.HistogramOpts{
+	m.ChunkSamples = prometheus.NewHistogram(prometheus.HistogramOpts{
 		Name:    "prometheus_tsdb_compaction_chunk_samples",
 		Help:    "Final number of samples on their first compaction",
 		Buckets: prometheus.ExponentialBuckets(4, 1.5, 12),
 	})
-	m.chunkRange = prometheus.NewHistogram(prometheus.HistogramOpts{
+	m.ChunkRange = prometheus.NewHistogram(prometheus.HistogramOpts{
 		Name:    "prometheus_tsdb_compaction_chunk_range_seconds",
 		Help:    "Final time range of chunks on their first compaction",
 		Buckets: prometheus.ExponentialBuckets(100, 4, 10),
@@ -132,13 +132,13 @@ func newCompactorMetrics(r prometheus.Registerer) *compactorMetrics {
 
 	if r != nil {
 		r.MustRegister(
-			m.ran,
-			m.populatingBlocks,
-			m.overlappingBlocks,
-			m.duration,
-			m.chunkRange,
-			m.chunkSamples,
-			m.chunkSize,
+			m.Ran,
+			m.PopulatingBlocks,
+			m.OverlappingBlocks,
+			m.Duration,
+			m.ChunkRange,
+			m.ChunkSamples,
+			m.ChunkSize,
 		)
 	}
 	return m
@@ -392,6 +392,10 @@ func CompactBlockMetas(uid ulid.ULID, blocks ...*BlockMeta) *BlockMeta {
 // Compact creates a new block in the compactor's directory from the blocks in the
 // provided directories.
 func (c *LeveledCompactor) Compact(dest string, dirs []string, open []*Block) (uid ulid.ULID, err error) {
+	return c.CompactWithBlockPopulator(dest, dirs, open, DefaultBlockPopulator{})
+}
+
+func (c *LeveledCompactor) CompactWithBlockPopulator(dest string, dirs []string, open []*Block, blockPopulator BlockPopulator) (uid ulid.ULID, err error) {
 	var (
 		blocks []BlockReader
 		bs     []*Block
@@ -435,7 +439,7 @@ func (c *LeveledCompactor) Compact(dest string, dirs []string, open []*Block) (u
 	uid = ulid.MustNew(ulid.Now(), rand.Reader)
 
 	meta := CompactBlockMetas(uid, metas...)
-	err = c.write(dest, meta, blocks...)
+	err = c.write(dest, meta, blockPopulator, blocks...)
 	if err == nil {
 		if meta.Stats.NumSamples == 0 {
 			for _, b := range bs {
@@ -471,7 +475,7 @@ func (c *LeveledCompactor) Compact(dest string, dirs []string, open []*Block) (u
 	}
 
 	errs := tsdb_errors.NewMulti(err)
-	if err != context.Canceled {
+	if !errors.Is(err, context.Canceled) {
 		for _, b := range bs {
 			if err := b.setCompactionFailed(); err != nil {
 				errs.Add(errors.Wrapf(err, "setting compaction failed for block: %s", b.Dir()))
@@ -501,7 +505,7 @@ func (c *LeveledCompactor) Write(dest string, b BlockReader, mint, maxt int64, p
 		}
 	}
 
-	err := c.write(dest, meta, b)
+	err := c.write(dest, meta, DefaultBlockPopulator{}, b)
 	if err != nil {
 		return uid, err
 	}
@@ -546,7 +550,7 @@ func (w *instrumentedChunkWriter) WriteChunks(chunks ...chunks.Meta) error {
 }
 
 // write creates a new block that is the union of the provided blocks into dir.
-func (c *LeveledCompactor) write(dest string, meta *BlockMeta, blocks ...BlockReader) (err error) {
+func (c *LeveledCompactor) write(dest string, meta *BlockMeta, blockPopulator BlockPopulator, blocks ...BlockReader) (err error) {
 	dir := filepath.Join(dest, meta.ULID.String())
 	tmp := dir + tmpForCreationBlockDirSuffix
 	var closers []io.Closer
@@ -557,8 +561,8 @@ func (c *LeveledCompactor) write(dest string, meta *BlockMeta, blocks ...BlockRe
 		if err := os.RemoveAll(tmp); err != nil {
 			level.Error(c.logger).Log("msg", "removed tmp folder after failed compaction", "err", err.Error())
 		}
-		c.metrics.ran.Inc()
-		c.metrics.duration.Observe(time.Since(t).Seconds())
+		c.metrics.Ran.Inc()
+		c.metrics.Duration.Observe(time.Since(t).Seconds())
 	}(time.Now())
 
 	if err = os.RemoveAll(tmp); err != nil {
@@ -582,9 +586,9 @@ func (c *LeveledCompactor) write(dest string, meta *BlockMeta, blocks ...BlockRe
 	if meta.Compaction.Level == 1 {
 		chunkw = &instrumentedChunkWriter{
 			ChunkWriter: chunkw,
-			size:        c.metrics.chunkSize,
-			samples:     c.metrics.chunkSamples,
-			trange:      c.metrics.chunkRange,
+			size:        c.metrics.ChunkSize,
+			samples:     c.metrics.ChunkSamples,
+			trange:      c.metrics.ChunkRange,
 		}
 	}
 
@@ -594,7 +598,7 @@ func (c *LeveledCompactor) write(dest string, meta *BlockMeta, blocks ...BlockRe
 	}
 	closers = append(closers, indexw)
 
-	if err := c.populateBlock(blocks, meta, indexw, chunkw); err != nil {
+	if err := blockPopulator.PopulateBlock(c.ctx, c.metrics, c.logger, c.chunkPool, c.mergeFunc, blocks, meta, indexw, chunkw); err != nil {
 		return errors.Wrap(err, "populate block")
 	}
 
@@ -659,10 +663,16 @@ func (c *LeveledCompactor) write(dest string, meta *BlockMeta, blocks ...BlockRe
 	return nil
 }
 
-// populateBlock fills the index and chunk writers with new data gathered as the union
+type BlockPopulator interface {
+	PopulateBlock(ctx context.Context, metrics *CompactorMetrics, logger log.Logger, chunkPool chunkenc.Pool, mergeFunc storage.VerticalChunkSeriesMergeFunc, blocks []BlockReader, meta *BlockMeta, indexw IndexWriter, chunkw ChunkWriter) error
+}
+
+type DefaultBlockPopulator struct{}
+
+// PopulateBlock fills the index and chunk writers with new data gathered as the union
 // of the provided blocks. It returns meta information for the new block.
 // It expects sorted blocks input by mint.
-func (c *LeveledCompactor) populateBlock(blocks []BlockReader, meta *BlockMeta, indexw IndexWriter, chunkw ChunkWriter) (err error) {
+func (c DefaultBlockPopulator) PopulateBlock(ctx context.Context, metrics *CompactorMetrics, logger log.Logger, chunkPool chunkenc.Pool, mergeFunc storage.VerticalChunkSeriesMergeFunc, blocks []BlockReader, meta *BlockMeta, indexw IndexWriter, chunkw ChunkWriter) (err error) {
 	if len(blocks) == 0 {
 		return errors.New("cannot populate block from no readers")
 	}
@@ -679,23 +689,23 @@ func (c *LeveledCompactor) populateBlock(blocks []BlockReader, meta *BlockMeta,
 			errs.Add(errors.Wrap(cerr, "close"))
 		}
 		err = errs.Err()
-		c.metrics.populatingBlocks.Set(0)
+		metrics.PopulatingBlocks.Set(0)
 	}()
-	c.metrics.populatingBlocks.Set(1)
+	metrics.PopulatingBlocks.Set(1)
 
 	globalMaxt := blocks[0].Meta().MaxTime
 	for i, b := range blocks {
 		select {
-		case <-c.ctx.Done():
-			return c.ctx.Err()
+		case <-ctx.Done():
+			return ctx.Err()
 		default:
 		}
 
 		if !overlapping {
 			if i > 0 && b.Meta().MinTime < globalMaxt {
-				c.metrics.overlappingBlocks.Inc()
+				metrics.OverlappingBlocks.Inc()
 				overlapping = true
-				level.Info(c.logger).Log("msg", "Found overlapping blocks during compaction", "ulid", meta.ULID)
+				level.Info(logger).Log("msg", "Found overlapping blocks during compaction", "ulid", meta.ULID)
 			}
 			if b.Meta().MaxTime > globalMaxt {
 				globalMaxt = b.Meta().MaxTime
@@ -727,7 +737,7 @@ func (c *LeveledCompactor) populateBlock(blocks []BlockReader, meta *BlockMeta,
 		}
 		all = indexr.SortedPostings(all)
 		// Blocks meta is half open: [min, max), so subtract 1 to ensure we don't hold samples with exact meta.MaxTime timestamp.
-		sets = append(sets, newBlockChunkSeriesSet(b.Meta().ULID, indexr, chunkr, tombsr, all, meta.MinTime, meta.MaxTime-1, false))
+		sets = append(sets, NewBlockChunkSeriesSet(b.Meta().ULID, indexr, chunkr, tombsr, all, meta.MinTime, meta.MaxTime-1, false))
 		syms := indexr.Symbols()
 		if i == 0 {
 			symbols = syms
@@ -755,14 +765,14 @@ func (c *LeveledCompactor) populateBlock(blocks []BlockReader, meta *BlockMeta,
 	if len(sets) > 1 {
 		// Merge series using specified chunk series merger.
 		// The default one is the compacting series merger.
-		set = storage.NewMergeChunkSeriesSet(sets, c.mergeFunc)
+		set = storage.NewMergeChunkSeriesSet(sets, mergeFunc)
 	}
 
 	// Iterate over all sorted chunk series.
 	for set.Next() {
 		select {
-		case <-c.ctx.Done():
-			return c.ctx.Err()
+		case <-ctx.Done():
+			return ctx.Err()
 		default:
 		}
 		s := set.At()
@@ -797,7 +807,7 @@ func (c *LeveledCompactor) populateBlock(blocks []BlockReader, meta *BlockMeta,
 		}
 
 		for _, chk := range chks {
-			if err := c.chunkPool.Put(chk.Chunk); err != nil {
+			if err := chunkPool.Put(chk.Chunk); err != nil {
 				return errors.Wrap(err, "put chunk")
 			}
 		}
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/db.go b/vendor/github.com/prometheus/prometheus/tsdb/db.go
index 561867025..de37bdb4f 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/db.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/db.go
@@ -260,7 +260,7 @@ func newDBMetrics(db *DB, r prometheus.Registerer) *dbMetrics {
 		Help: "Size of symbol table in memory for loaded blocks",
 	}, func() float64 {
 		db.mtx.RLock()
-		blocks := db.blocks[:]
+		blocks := db.blocks
 		db.mtx.RUnlock()
 		symTblSize := uint64(0)
 		for _, b := range blocks {
@@ -828,11 +828,13 @@ func open(dir string, l log.Logger, r prometheus.Registerer, opts *Options, rngs
 			if err := wbl.Repair(initErr); err != nil {
 				return nil, errors.Wrap(err, "repair corrupted OOO WAL")
 			}
+			level.Info(db.logger).Log("msg", "Successfully repaired OOO WAL")
 		} else {
 			level.Warn(db.logger).Log("msg", "Encountered WAL read error, attempting repair", "err", initErr)
 			if err := wal.Repair(initErr); err != nil {
 				return nil, errors.Wrap(err, "repair corrupted WAL")
 			}
+			level.Info(db.logger).Log("msg", "Successfully repaired WAL")
 		}
 	}
 
@@ -961,10 +963,11 @@ func (db *DB) ApplyConfig(conf *config.Config) error {
 	// Create WBL if it was not present and if OOO is enabled with WAL enabled.
 	var wblog *wlog.WL
 	var err error
-	if db.head.wbl != nil {
+	switch {
+	case db.head.wbl != nil:
 		// The existing WBL from the disk might have been replayed while OOO was disabled.
 		wblog = db.head.wbl
-	} else if !db.oooWasEnabled.Load() && oooTimeWindow > 0 && db.opts.WALSegmentSize >= 0 {
+	case !db.oooWasEnabled.Load() && oooTimeWindow > 0 && db.opts.WALSegmentSize >= 0:
 		segmentSize := wlog.DefaultSegmentSize
 		// Wal is set to a custom size.
 		if db.opts.WALSegmentSize > 0 {
@@ -1184,7 +1187,7 @@ func (db *DB) compactOOO(dest string, oooHead *OOOCompactionHead) (_ []ulid.ULID
 		}
 	}()
 
-	for t := blockSize * (oooHeadMint / blockSize); t <= oooHeadMaxt; t = t + blockSize {
+	for t := blockSize * (oooHeadMint / blockSize); t <= oooHeadMaxt; t += blockSize {
 		mint, maxt := t, t+blockSize
 		// Block intervals are half-open: [b.MinTime, b.MaxTime). Block intervals are always +1 than the total samples it includes.
 		uid, err := db.compactor.Write(dest, oooHead.CloneForTimeRange(mint, maxt-1), mint, maxt, nil)
@@ -1506,7 +1509,7 @@ func BeyondSizeRetention(db *DB, blocks []*Block) (deletable map[ulid.ULID]struc
 	blocksSize := db.Head().Size()
 	for i, block := range blocks {
 		blocksSize += block.Size()
-		if blocksSize > int64(db.opts.MaxBytes) {
+		if blocksSize > db.opts.MaxBytes {
 			// Add this and all following blocks for deletion.
 			for _, b := range blocks[i:] {
 				deletable[b.meta.ULID] = struct{}{}
@@ -1530,10 +1533,11 @@ func (db *DB) deleteBlocks(blocks map[ulid.ULID]*Block) error {
 		}
 
 		toDelete := filepath.Join(db.dir, ulid.String())
-		if _, err := os.Stat(toDelete); os.IsNotExist(err) {
+		switch _, err := os.Stat(toDelete); {
+		case os.IsNotExist(err):
 			// Noop.
 			continue
-		} else if err != nil {
+		case err != nil:
 			return errors.Wrapf(err, "stat dir %v", toDelete)
 		}
 
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/errors/errors.go b/vendor/github.com/prometheus/prometheus/tsdb/errors/errors.go
index 607a7782a..aa0a4b1b3 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/errors/errors.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/errors/errors.go
@@ -16,6 +16,7 @@ package errors
 
 import (
 	"bytes"
+	"errors"
 	"fmt"
 	"io"
 )
@@ -79,6 +80,19 @@ func (es nonNilMultiError) Error() string {
 	return buf.String()
 }
 
+// Is attempts to match the provided error against errors in the error list.
+//
+// This function allows errors.Is to traverse the values stored in the MultiError.
+// It returns true if any of the errors in the list match the target.
+func (es nonNilMultiError) Is(target error) bool {
+	for _, err := range es.errs {
+		if errors.Is(err, target) {
+			return true
+		}
+	}
+	return false
+}
+
 // CloseAll closes all given closers while recording error in MultiError.
 func CloseAll(cs []io.Closer) error {
 	errs := NewMulti()
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/exemplar.go b/vendor/github.com/prometheus/prometheus/tsdb/exemplar.go
index 5ba3567e4..ad3b2ef39 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/exemplar.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/exemplar.go
@@ -115,17 +115,17 @@ func NewExemplarMetrics(reg prometheus.Registerer) *ExemplarMetrics {
 // 1GB of extra memory, accounting for the fact that this is heap allocated space.
 // If len <= 0, then the exemplar storage is essentially a noop storage but can later be
 // resized to store exemplars.
-func NewCircularExemplarStorage(len int64, m *ExemplarMetrics) (ExemplarStorage, error) {
-	if len < 0 {
-		len = 0
+func NewCircularExemplarStorage(length int64, m *ExemplarMetrics) (ExemplarStorage, error) {
+	if length < 0 {
+		length = 0
 	}
 	c := &CircularExemplarStorage{
-		exemplars: make([]*circularBufferEntry, len),
-		index:     make(map[string]*indexEntry, len/estimatedExemplarsPerSeries),
+		exemplars: make([]*circularBufferEntry, length),
+		index:     make(map[string]*indexEntry, length/estimatedExemplarsPerSeries),
 		metrics:   m,
 	}
 
-	c.metrics.maxExemplars.Set(float64(len))
+	c.metrics.maxExemplars.Set(float64(length))
 
 	return c, nil
 }
@@ -151,7 +151,7 @@ func (ce *CircularExemplarStorage) Querier(_ context.Context) (storage.ExemplarQ
 func (ce *CircularExemplarStorage) Select(start, end int64, matchers ...[]*labels.Matcher) ([]exemplar.QueryResult, error) {
 	ret := make([]exemplar.QueryResult, 0)
 
-	if len(ce.exemplars) <= 0 {
+	if len(ce.exemplars) == 0 {
 		return ret, nil
 	}
 
@@ -219,7 +219,7 @@ func (ce *CircularExemplarStorage) ValidateExemplar(l labels.Labels, e exemplar.
 // Not thread safe. The append parameters tells us whether this is an external validation, or internal
 // as a result of an AddExemplar call, in which case we should update any relevant metrics.
 func (ce *CircularExemplarStorage) validateExemplar(key []byte, e exemplar.Exemplar, append bool) error {
-	if len(ce.exemplars) <= 0 {
+	if len(ce.exemplars) == 0 {
 		return storage.ErrExemplarsDisabled
 	}
 
@@ -334,7 +334,7 @@ func (ce *CircularExemplarStorage) migrate(entry *circularBufferEntry) {
 }
 
 func (ce *CircularExemplarStorage) AddExemplar(l labels.Labels, e exemplar.Exemplar) error {
-	if len(ce.exemplars) <= 0 {
+	if len(ce.exemplars) == 0 {
 		return storage.ErrExemplarsDisabled
 	}
 
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/head.go b/vendor/github.com/prometheus/prometheus/tsdb/head.go
index ef176d1c5..5bd5bbccc 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/head.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/head.go
@@ -44,6 +44,7 @@ import (
 	"github.com/prometheus/prometheus/tsdb/tombstones"
 	"github.com/prometheus/prometheus/tsdb/tsdbutil"
 	"github.com/prometheus/prometheus/tsdb/wlog"
+	"github.com/prometheus/prometheus/util/zeropool"
 )
 
 var (
@@ -83,13 +84,13 @@ type Head struct {
 	exemplarMetrics     *ExemplarMetrics
 	exemplars           ExemplarStorage
 	logger              log.Logger
-	appendPool          sync.Pool
-	exemplarsPool       sync.Pool
-	histogramsPool      sync.Pool
-	floatHistogramsPool sync.Pool
-	metadataPool        sync.Pool
-	seriesPool          sync.Pool
-	bytesPool           sync.Pool
+	appendPool          zeropool.Pool[[]record.RefSample]
+	exemplarsPool       zeropool.Pool[[]exemplarWithSeriesRef]
+	histogramsPool      zeropool.Pool[[]record.RefHistogramSample]
+	floatHistogramsPool zeropool.Pool[[]record.RefFloatHistogramSample]
+	metadataPool        zeropool.Pool[[]record.RefMetadata]
+	seriesPool          zeropool.Pool[[]*memSeries]
+	bytesPool           zeropool.Pool[[]byte]
 	memChunkPool        sync.Pool
 
 	// All series addressable by their ID or hash.
@@ -573,7 +574,7 @@ const cardinalityCacheExpirationTime = time.Duration(30) * time.Second
 func (h *Head) Init(minValidTime int64) error {
 	h.minValidTime.Store(minValidTime)
 	defer func() {
-		h.postings.EnsureOrder()
+		h.postings.EnsureOrder(h.opts.WALReplayConcurrency)
 	}()
 	defer h.gc() // After loading the wal remove the obsolete data from the head.
 	defer func() {
@@ -590,6 +591,7 @@ func (h *Head) Init(minValidTime int64) error {
 	snapIdx, snapOffset := -1, 0
 	refSeries := make(map[chunks.HeadSeriesRef]*memSeries)
 
+	snapshotLoaded := false
 	if h.opts.EnableMemorySnapshotOnShutdown {
 		level.Info(h.logger).Log("msg", "Chunk snapshot is enabled, replaying from the snapshot")
 		// If there are any WAL files, there should be at least one WAL file with an index that is current or newer
@@ -619,6 +621,7 @@ func (h *Head) Init(minValidTime int64) error {
 			var err error
 			snapIdx, snapOffset, refSeries, err = h.loadChunkSnapshot()
 			if err == nil {
+				snapshotLoaded = true
 				level.Info(h.logger).Log("msg", "Chunk snapshot loading time", "duration", time.Since(start).String())
 			}
 			if err != nil {
@@ -636,26 +639,36 @@ func (h *Head) Init(minValidTime int64) error {
 	}
 
 	mmapChunkReplayStart := time.Now()
-	mmappedChunks, oooMmappedChunks, lastMmapRef, err := h.loadMmappedChunks(refSeries)
-	if err != nil {
-		// TODO(codesome): clear out all m-map chunks here for refSeries.
-		level.Error(h.logger).Log("msg", "Loading on-disk chunks failed", "err", err)
-		if _, ok := errors.Cause(err).(*chunks.CorruptionErr); ok {
-			h.metrics.mmapChunkCorruptionTotal.Inc()
-		}
-
-		// Discard snapshot data since we need to replay the WAL for the missed m-map chunks data.
-		snapIdx, snapOffset = -1, 0
-
-		// If this fails, data will be recovered from WAL.
-		// Hence we wont lose any data (given WAL is not corrupt).
-		mmappedChunks, oooMmappedChunks, lastMmapRef, err = h.removeCorruptedMmappedChunks(err)
+	var (
+		mmappedChunks    map[chunks.HeadSeriesRef][]*mmappedChunk
+		oooMmappedChunks map[chunks.HeadSeriesRef][]*mmappedChunk
+		lastMmapRef      chunks.ChunkDiskMapperRef
+		err              error
+	)
+	if snapshotLoaded || h.wal != nil {
+		// If snapshot was not loaded and if there is no WAL, then m-map chunks will be discarded
+		// anyway. So we only load m-map chunks when it won't be discarded.
+		mmappedChunks, oooMmappedChunks, lastMmapRef, err = h.loadMmappedChunks(refSeries)
 		if err != nil {
-			return err
+			// TODO(codesome): clear out all m-map chunks here for refSeries.
+			level.Error(h.logger).Log("msg", "Loading on-disk chunks failed", "err", err)
+			if _, ok := errors.Cause(err).(*chunks.CorruptionErr); ok {
+				h.metrics.mmapChunkCorruptionTotal.Inc()
+			}
+
+			// Discard snapshot data since we need to replay the WAL for the missed m-map chunks data.
+			snapIdx, snapOffset = -1, 0
+
+			// If this fails, data will be recovered from WAL.
+			// Hence we wont lose any data (given WAL is not corrupt).
+			mmappedChunks, oooMmappedChunks, lastMmapRef, err = h.removeCorruptedMmappedChunks(err)
+			if err != nil {
+				return err
+			}
 		}
+		level.Info(h.logger).Log("msg", "On-disk memory mappable chunks replay completed", "duration", time.Since(mmapChunkReplayStart).String())
 	}
 
-	level.Info(h.logger).Log("msg", "On-disk memory mappable chunks replay completed", "duration", time.Since(mmapChunkReplayStart).String())
 	if h.wal == nil {
 		level.Info(h.logger).Log("msg", "WAL not found")
 		return nil
@@ -784,10 +797,9 @@ func (h *Head) loadMmappedChunks(refSeries map[chunks.HeadSeriesRef]*memSeries)
 	mmappedChunks := map[chunks.HeadSeriesRef][]*mmappedChunk{}
 	oooMmappedChunks := map[chunks.HeadSeriesRef][]*mmappedChunk{}
 	var lastRef, secondLastRef chunks.ChunkDiskMapperRef
-	if err := h.chunkDiskMapper.IterateAllChunks(func(seriesRef chunks.HeadSeriesRef, chunkRef chunks.ChunkDiskMapperRef, mint, maxt int64, numSamples uint16, encoding chunkenc.Encoding) error {
+	if err := h.chunkDiskMapper.IterateAllChunks(func(seriesRef chunks.HeadSeriesRef, chunkRef chunks.ChunkDiskMapperRef, mint, maxt int64, numSamples uint16, encoding chunkenc.Encoding, isOOO bool) error {
 		secondLastRef = lastRef
 		lastRef = chunkRef
-		isOOO := chunkenc.IsOutOfOrderChunk(encoding)
 		if !isOOO && maxt < h.minValidTime.Load() {
 			return nil
 		}
@@ -824,6 +836,7 @@ func (h *Head) loadMmappedChunks(refSeries map[chunks.HeadSeriesRef]*memSeries)
 				numSamples: numSamples,
 			})
 
+			h.updateMinOOOMaxOOOTime(mint, maxt)
 			return nil
 		}
 
@@ -1257,6 +1270,10 @@ func (h *Head) truncateOOO(lastWBLFile int, minOOOMmapRef chunks.ChunkDiskMapper
 		}
 	}
 
+	if h.wbl == nil {
+		return nil
+	}
+
 	return h.wbl.Truncate(lastWBLFile)
 }
 
@@ -1436,7 +1453,7 @@ func (h *Head) Delete(mint, maxt int64, ms ...*labels.Matcher) error {
 		}
 	}
 	for _, s := range stones {
-		h.tombstones.AddInterval(storage.SeriesRef(s.Ref), s.Intervals[0])
+		h.tombstones.AddInterval(s.Ref, s.Intervals[0])
 	}
 
 	return nil
@@ -1847,7 +1864,7 @@ func (s *stripeSeries) getOrSet(hash uint64, lset labels.Labels, createSeries fu
 
 type sample struct {
 	t  int64
-	v  float64
+	f  float64
 	h  *histogram.Histogram
 	fh *histogram.FloatHistogram
 }
@@ -1857,7 +1874,7 @@ func newSample(t int64, v float64, h *histogram.Histogram, fh *histogram.FloatHi
 }
 
 func (s sample) T() int64                      { return s.t }
-func (s sample) V() float64                    { return s.v }
+func (s sample) F() float64                    { return s.f }
 func (s sample) H() *histogram.Histogram       { return s.h }
 func (s sample) FH() *histogram.FloatHistogram { return s.fh }
 
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/head_append.go b/vendor/github.com/prometheus/prometheus/tsdb/head_append.go
index 8a622fafe..86cb09751 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/head_append.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/head_append.go
@@ -199,11 +199,10 @@ func (h *Head) getAppendBuffer() []record.RefSample {
 	if b == nil {
 		return make([]record.RefSample, 0, 512)
 	}
-	return b.([]record.RefSample)
+	return b
 }
 
 func (h *Head) putAppendBuffer(b []record.RefSample) {
-	//nolint:staticcheck // Ignore SA6002 safe to ignore and actually fixing it has some performance penalty.
 	h.appendPool.Put(b[:0])
 }
 
@@ -212,7 +211,7 @@ func (h *Head) getExemplarBuffer() []exemplarWithSeriesRef {
 	if b == nil {
 		return make([]exemplarWithSeriesRef, 0, 512)
 	}
-	return b.([]exemplarWithSeriesRef)
+	return b
 }
 
 func (h *Head) putExemplarBuffer(b []exemplarWithSeriesRef) {
@@ -220,7 +219,6 @@ func (h *Head) putExemplarBuffer(b []exemplarWithSeriesRef) {
 		return
 	}
 
-	//nolint:staticcheck // Ignore SA6002 safe to ignore and actually fixing it has some performance penalty.
 	h.exemplarsPool.Put(b[:0])
 }
 
@@ -229,11 +227,10 @@ func (h *Head) getHistogramBuffer() []record.RefHistogramSample {
 	if b == nil {
 		return make([]record.RefHistogramSample, 0, 512)
 	}
-	return b.([]record.RefHistogramSample)
+	return b
 }
 
 func (h *Head) putHistogramBuffer(b []record.RefHistogramSample) {
-	//nolint:staticcheck // Ignore SA6002 safe to ignore and actually fixing it has some performance penalty.
 	h.histogramsPool.Put(b[:0])
 }
 
@@ -242,11 +239,10 @@ func (h *Head) getFloatHistogramBuffer() []record.RefFloatHistogramSample {
 	if b == nil {
 		return make([]record.RefFloatHistogramSample, 0, 512)
 	}
-	return b.([]record.RefFloatHistogramSample)
+	return b
 }
 
 func (h *Head) putFloatHistogramBuffer(b []record.RefFloatHistogramSample) {
-	//nolint:staticcheck // Ignore SA6002 safe to ignore and actually fixing it has some performance penalty.
 	h.floatHistogramsPool.Put(b[:0])
 }
 
@@ -255,11 +251,10 @@ func (h *Head) getMetadataBuffer() []record.RefMetadata {
 	if b == nil {
 		return make([]record.RefMetadata, 0, 512)
 	}
-	return b.([]record.RefMetadata)
+	return b
 }
 
 func (h *Head) putMetadataBuffer(b []record.RefMetadata) {
-	//nolint:staticcheck // Ignore SA6002 safe to ignore and actually fixing it has some performance penalty.
 	h.metadataPool.Put(b[:0])
 }
 
@@ -268,11 +263,10 @@ func (h *Head) getSeriesBuffer() []*memSeries {
 	if b == nil {
 		return make([]*memSeries, 0, 512)
 	}
-	return b.([]*memSeries)
+	return b
 }
 
 func (h *Head) putSeriesBuffer(b []*memSeries) {
-	//nolint:staticcheck // Ignore SA6002 safe to ignore and actually fixing it has some performance penalty.
 	h.seriesPool.Put(b[:0])
 }
 
@@ -281,11 +275,10 @@ func (h *Head) getBytesBuffer() []byte {
 	if b == nil {
 		return make([]byte, 0, 1024)
 	}
-	return b.([]byte)
+	return b
 }
 
 func (h *Head) putBytesBuffer(b []byte) {
-	//nolint:staticcheck // Ignore SA6002 safe to ignore and actually fixing it has some performance penalty.
 	h.bytesPool.Put(b[:0])
 }
 
@@ -351,9 +344,10 @@ func (a *headAppender) Append(ref storage.SeriesRef, lset labels.Labels, t int64
 	}
 
 	if value.IsStaleNaN(v) {
-		if s.lastHistogramValue != nil {
+		switch {
+		case s.lastHistogramValue != nil:
 			return a.AppendHistogram(ref, lset, t, &histogram.Histogram{Sum: v}, nil)
-		} else if s.lastFloatHistogramValue != nil {
+		case s.lastFloatHistogramValue != nil:
 			return a.AppendHistogram(ref, lset, t, nil, &histogram.FloatHistogram{Sum: v})
 		}
 	}
@@ -437,7 +431,7 @@ func (s *memSeries) appendable(t int64, v float64, headMaxt, minValidTime, oooTi
 	return false, headMaxt - t, storage.ErrOutOfOrderSample
 }
 
-// appendableHistogram checks whether the given sample is valid for appending to the series.
+// appendableHistogram checks whether the given histogram is valid for appending to the series.
 func (s *memSeries) appendableHistogram(t int64, h *histogram.Histogram) error {
 	c := s.head()
 	if c == nil {
@@ -459,7 +453,7 @@ func (s *memSeries) appendableHistogram(t int64, h *histogram.Histogram) error {
 	return nil
 }
 
-// appendableFloatHistogram checks whether the given sample is valid for appending to the series.
+// appendableFloatHistogram checks whether the given float histogram is valid for appending to the series.
 func (s *memSeries) appendableFloatHistogram(t int64, fh *histogram.FloatHistogram) error {
 	c := s.head()
 	if c == nil {
@@ -559,9 +553,10 @@ func (a *headAppender) AppendHistogram(ref storage.SeriesRef, lset labels.Labels
 			return 0, err
 		}
 		if created {
-			if h != nil {
+			switch {
+			case h != nil:
 				s.lastHistogramValue = &histogram.Histogram{}
-			} else if fh != nil {
+			case fh != nil:
 				s.lastFloatHistogramValue = &histogram.FloatHistogram{}
 			}
 			a.series = append(a.series, record.RefSeries{
@@ -571,7 +566,8 @@ func (a *headAppender) AppendHistogram(ref storage.SeriesRef, lset labels.Labels
 		}
 	}
 
-	if h != nil {
+	switch {
+	case h != nil:
 		s.Lock()
 		if err := s.appendableHistogram(t, h); err != nil {
 			s.Unlock()
@@ -588,7 +584,7 @@ func (a *headAppender) AppendHistogram(ref storage.SeriesRef, lset labels.Labels
 			H:   h,
 		})
 		a.histogramSeries = append(a.histogramSeries, s)
-	} else if fh != nil {
+	case fh != nil:
 		s.Lock()
 		if err := s.appendableFloatHistogram(t, fh); err != nil {
 			s.Unlock()
@@ -945,7 +941,10 @@ func (a *headAppender) Commit() (err error) {
 
 		var ok, chunkCreated bool
 
-		if err == nil && oooSample {
+		switch {
+		case err != nil:
+			// Do nothing here.
+		case oooSample:
 			// Sample is OOO and OOO handling is enabled
 			// and the delta is within the OOO tolerance.
 			var mmapRef chunks.ChunkDiskMapperRef
@@ -983,7 +982,7 @@ func (a *headAppender) Commit() (err error) {
 				// TODO(codesome): Add error reporting? It depends on addressing https://github.com/prometheus/prometheus/discussions/10305.
 				samplesAppended--
 			}
-		} else if err == nil {
+		default:
 			ok, chunkCreated = series.append(s.T, s.V, a.appendID, a.head.chunkDiskMapper, chunkRange)
 			if ok {
 				if s.T < inOrderMint {
@@ -1184,14 +1183,15 @@ func (s *memSeries) appendHistogram(t int64, h *histogram.Histogram, appendID ui
 			app.RecodeHistogram(h, pBackwardInserts, nBackwardInserts)
 		}
 		// We have 3 cases here
-		// - !okToAppend -> We need to cut a new chunk.
+		// - !okToAppend or counterReset -> We need to cut a new chunk.
 		// - okToAppend but we have inserts → Existing chunk needs
 		//   recoding before we can append our histogram.
 		// - okToAppend and no inserts → Chunk is ready to support our histogram.
-		if !okToAppend || counterReset {
+		switch {
+		case !okToAppend || counterReset:
 			c = s.cutNewHeadChunk(t, chunkenc.EncHistogram, chunkDiskMapper, chunkRange)
 			chunkCreated = true
-		} else if len(pForwardInserts) > 0 || len(nForwardInserts) > 0 {
+		case len(pForwardInserts) > 0 || len(nForwardInserts) > 0:
 			// New buckets have appeared. We need to recode all
 			// prior histogram samples within the chunk before we
 			// can process this one.
@@ -1277,14 +1277,15 @@ func (s *memSeries) appendFloatHistogram(t int64, fh *histogram.FloatHistogram,
 			app.RecodeHistogramm(fh, pBackwardInserts, nBackwardInserts)
 		}
 		// We have 3 cases here
-		// - !okToAppend -> We need to cut a new chunk.
+		// - !okToAppend or counterReset -> We need to cut a new chunk.
 		// - okToAppend but we have inserts → Existing chunk needs
 		//   recoding before we can append our histogram.
 		// - okToAppend and no inserts → Chunk is ready to support our histogram.
-		if !okToAppend || counterReset {
+		switch {
+		case !okToAppend || counterReset:
 			c = s.cutNewHeadChunk(t, chunkenc.EncFloatHistogram, chunkDiskMapper, chunkRange)
 			chunkCreated = true
-		} else if len(pForwardInserts) > 0 || len(nForwardInserts) > 0 {
+		case len(pForwardInserts) > 0 || len(nForwardInserts) > 0:
 			// New buckets have appeared. We need to recode all
 			// prior histogram samples within the chunk before we
 			// can process this one.
@@ -1453,8 +1454,7 @@ func (s *memSeries) mmapCurrentOOOHeadChunk(chunkDiskMapper *chunks.ChunkDiskMap
 		return 0
 	}
 	xor, _ := s.ooo.oooHeadChunk.chunk.ToXOR() // Encode to XorChunk which is more compact and implements all of the needed functionality.
-	oooXor := &chunkenc.OOOXORChunk{XORChunk: xor}
-	chunkRef := chunkDiskMapper.WriteChunk(s.ref, s.ooo.oooHeadChunk.minTime, s.ooo.oooHeadChunk.maxTime, oooXor, handleChunkWriteError)
+	chunkRef := chunkDiskMapper.WriteChunk(s.ref, s.ooo.oooHeadChunk.minTime, s.ooo.oooHeadChunk.maxTime, xor, true, handleChunkWriteError)
 	s.ooo.oooMmappedChunks = append(s.ooo.oooMmappedChunks, &mmappedChunk{
 		ref:        chunkRef,
 		numSamples: uint16(xor.NumSamples()),
@@ -1471,7 +1471,7 @@ func (s *memSeries) mmapCurrentHeadChunk(chunkDiskMapper *chunks.ChunkDiskMapper
 		return
 	}
 
-	chunkRef := chunkDiskMapper.WriteChunk(s.ref, s.headChunk.minTime, s.headChunk.maxTime, s.headChunk.chunk, handleChunkWriteError)
+	chunkRef := chunkDiskMapper.WriteChunk(s.ref, s.headChunk.minTime, s.headChunk.maxTime, s.headChunk.chunk, false, handleChunkWriteError)
 	s.mmappedChunks = append(s.mmappedChunks, &mmappedChunk{
 		ref:        chunkRef,
 		numSamples: uint16(s.headChunk.chunk.NumSamples()),
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/head_read.go b/vendor/github.com/prometheus/prometheus/tsdb/head_read.go
index efcafcf6c..9c546ab16 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/head_read.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/head_read.go
@@ -274,22 +274,36 @@ func (h *headChunkReader) Close() error {
 
 // Chunk returns the chunk for the reference number.
 func (h *headChunkReader) Chunk(meta chunks.Meta) (chunkenc.Chunk, error) {
+	chk, _, err := h.chunk(meta, false)
+	return chk, err
+}
+
+// ChunkWithCopy returns the chunk for the reference number.
+// If the chunk is the in-memory chunk, then it makes a copy and returns the copied chunk.
+func (h *headChunkReader) ChunkWithCopy(meta chunks.Meta) (chunkenc.Chunk, int64, error) {
+	return h.chunk(meta, true)
+}
+
+// chunk returns the chunk for the reference number.
+// If copyLastChunk is true, then it makes a copy of the head chunk if asked for it.
+// Also returns max time of the chunk.
+func (h *headChunkReader) chunk(meta chunks.Meta, copyLastChunk bool) (chunkenc.Chunk, int64, error) {
 	sid, cid := chunks.HeadChunkRef(meta.Ref).Unpack()
 
 	s := h.head.series.getByID(sid)
 	// This means that the series has been garbage collected.
 	if s == nil {
-		return nil, storage.ErrNotFound
+		return nil, 0, storage.ErrNotFound
 	}
 
 	s.Lock()
-	c, garbageCollect, err := s.chunk(cid, h.head.chunkDiskMapper, &h.head.memChunkPool)
+	c, headChunk, err := s.chunk(cid, h.head.chunkDiskMapper, &h.head.memChunkPool)
 	if err != nil {
 		s.Unlock()
-		return nil, err
+		return nil, 0, err
 	}
 	defer func() {
-		if garbageCollect {
+		if !headChunk {
 			// Set this to nil so that Go GC can collect it after it has been used.
 			c.chunk = nil
 			h.head.memChunkPool.Put(c)
@@ -299,22 +313,36 @@ func (h *headChunkReader) Chunk(meta chunks.Meta) (chunkenc.Chunk, error) {
 	// This means that the chunk is outside the specified range.
 	if !c.OverlapsClosedInterval(h.mint, h.maxt) {
 		s.Unlock()
-		return nil, storage.ErrNotFound
+		return nil, 0, storage.ErrNotFound
+	}
+
+	chk, maxTime := c.chunk, c.maxTime
+	if headChunk && copyLastChunk {
+		// The caller may ask to copy the head chunk in order to take the
+		// bytes of the chunk without causing the race between read and append.
+		b := s.headChunk.chunk.Bytes()
+		newB := make([]byte, len(b))
+		copy(newB, b) // TODO(codesome): Use bytes.Clone() when we upgrade to Go 1.20.
+		// TODO(codesome): Put back in the pool (non-trivial).
+		chk, err = h.head.opts.ChunkPool.Get(s.headChunk.chunk.Encoding(), newB)
+		if err != nil {
+			return nil, 0, err
+		}
 	}
 	s.Unlock()
 
 	return &safeChunk{
-		Chunk:    c.chunk,
+		Chunk:    chk,
 		s:        s,
 		cid:      cid,
 		isoState: h.isoState,
-	}, nil
+	}, maxTime, nil
 }
 
 // chunk returns the chunk for the HeadChunkID from memory or by m-mapping it from the disk.
-// If garbageCollect is true, it means that the returned *memChunk
+// If headChunk is false, it means that the returned *memChunk
 // (and not the chunkenc.Chunk inside it) can be garbage collected after its usage.
-func (s *memSeries) chunk(id chunks.HeadChunkID, chunkDiskMapper *chunks.ChunkDiskMapper, memChunkPool *sync.Pool) (chunk *memChunk, garbageCollect bool, err error) {
+func (s *memSeries) chunk(id chunks.HeadChunkID, chunkDiskMapper *chunks.ChunkDiskMapper, memChunkPool *sync.Pool) (chunk *memChunk, headChunk bool, err error) {
 	// ix represents the index of chunk in the s.mmappedChunks slice. The chunk id's are
 	// incremented by 1 when new chunk is created, hence (id - firstChunkID) gives the slice index.
 	// The max index for the s.mmappedChunks slice can be len(s.mmappedChunks)-1, hence if the ix
@@ -323,11 +351,12 @@ func (s *memSeries) chunk(id chunks.HeadChunkID, chunkDiskMapper *chunks.ChunkDi
 	if ix < 0 || ix > len(s.mmappedChunks) {
 		return nil, false, storage.ErrNotFound
 	}
+
 	if ix == len(s.mmappedChunks) {
 		if s.headChunk == nil {
 			return nil, false, errors.New("invalid head chunk")
 		}
-		return s.headChunk, false, nil
+		return s.headChunk, true, nil
 	}
 	chk, err := chunkDiskMapper.Chunk(s.mmappedChunks[ix].ref)
 	if err != nil {
@@ -340,7 +369,7 @@ func (s *memSeries) chunk(id chunks.HeadChunkID, chunkDiskMapper *chunks.ChunkDi
 	mc.chunk = chk
 	mc.minTime = s.mmappedChunks[ix].minTime
 	mc.maxTime = s.mmappedChunks[ix].maxTime
-	return mc, true, nil
+	return mc, false, nil
 }
 
 // oooMergedChunk returns the requested chunk based on the given chunks.Meta
@@ -395,7 +424,8 @@ func (s *memSeries) oooMergedChunk(meta chunks.Meta, cdm *chunks.ChunkDiskMapper
 			break
 		}
 
-		if chunkRef == meta.OOOLastRef {
+		switch {
+		case chunkRef == meta.OOOLastRef:
 			tmpChks = append(tmpChks, chunkMetaAndChunkDiskMapperRef{
 				meta: chunks.Meta{
 					MinTime: meta.OOOLastMinTime,
@@ -406,7 +436,7 @@ func (s *memSeries) oooMergedChunk(meta chunks.Meta, cdm *chunks.ChunkDiskMapper
 				origMinT: c.minTime,
 				origMaxT: c.maxTime,
 			})
-		} else if c.OverlapsClosedInterval(mint, maxt) {
+		case c.OverlapsClosedInterval(mint, maxt):
 			tmpChks = append(tmpChks, chunkMetaAndChunkDiskMapperRef{
 				meta: chunks.Meta{
 					MinTime: c.minTime,
@@ -565,12 +595,14 @@ type boundedIterator struct {
 func (b boundedIterator) Next() chunkenc.ValueType {
 	for b.Iterator.Next() == chunkenc.ValFloat {
 		t, _ := b.Iterator.At()
-		if t < b.minT {
+		switch {
+		case t < b.minT:
 			continue
-		} else if t > b.maxT {
+		case t > b.maxT:
 			return chunkenc.ValNone
+		default:
+			return chunkenc.ValFloat
 		}
-		return chunkenc.ValFloat
 	}
 	return chunkenc.ValNone
 }
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/head_wal.go b/vendor/github.com/prometheus/prometheus/tsdb/head_wal.go
index dd55f438d..6e81f1793 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/head_wal.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/head_wal.go
@@ -11,6 +11,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// nolint:revive // Many legitimately empty blocks in this file.
 package tsdb
 
 import (
@@ -40,6 +41,7 @@ import (
 	"github.com/prometheus/prometheus/tsdb/record"
 	"github.com/prometheus/prometheus/tsdb/tombstones"
 	"github.com/prometheus/prometheus/tsdb/wlog"
+	"github.com/prometheus/prometheus/util/zeropool"
 )
 
 // histogramRecord combines both RefHistogramSample and RefFloatHistogramSample
@@ -74,41 +76,14 @@ func (h *Head) loadWAL(r *wlog.Reader, multiRef map[chunks.HeadSeriesRef]chunks.
 
 		decoded                      = make(chan interface{}, 10)
 		decodeErr, seriesCreationErr error
-		seriesPool                   = sync.Pool{
-			New: func() interface{} {
-				return []record.RefSeries{}
-			},
-		}
-		samplesPool = sync.Pool{
-			New: func() interface{} {
-				return []record.RefSample{}
-			},
-		}
-		tstonesPool = sync.Pool{
-			New: func() interface{} {
-				return []tombstones.Stone{}
-			},
-		}
-		exemplarsPool = sync.Pool{
-			New: func() interface{} {
-				return []record.RefExemplar{}
-			},
-		}
-		histogramsPool = sync.Pool{
-			New: func() interface{} {
-				return []record.RefHistogramSample{}
-			},
-		}
-		floatHistogramsPool = sync.Pool{
-			New: func() interface{} {
-				return []record.RefFloatHistogramSample{}
-			},
-		}
-		metadataPool = sync.Pool{
-			New: func() interface{} {
-				return []record.RefMetadata{}
-			},
-		}
+
+		seriesPool          zeropool.Pool[[]record.RefSeries]
+		samplesPool         zeropool.Pool[[]record.RefSample]
+		tstonesPool         zeropool.Pool[[]tombstones.Stone]
+		exemplarsPool       zeropool.Pool[[]record.RefExemplar]
+		histogramsPool      zeropool.Pool[[]record.RefHistogramSample]
+		floatHistogramsPool zeropool.Pool[[]record.RefFloatHistogramSample]
+		metadataPool        zeropool.Pool[[]record.RefMetadata]
 	)
 
 	defer func() {
@@ -167,7 +142,7 @@ func (h *Head) loadWAL(r *wlog.Reader, multiRef map[chunks.HeadSeriesRef]chunks.
 			rec := r.Record()
 			switch dec.Type(rec) {
 			case record.Series:
-				series := seriesPool.Get().([]record.RefSeries)[:0]
+				series := seriesPool.Get()[:0]
 				series, err = dec.Series(rec, series)
 				if err != nil {
 					decodeErr = &wlog.CorruptionErr{
@@ -179,7 +154,7 @@ func (h *Head) loadWAL(r *wlog.Reader, multiRef map[chunks.HeadSeriesRef]chunks.
 				}
 				decoded <- series
 			case record.Samples:
-				samples := samplesPool.Get().([]record.RefSample)[:0]
+				samples := samplesPool.Get()[:0]
 				samples, err = dec.Samples(rec, samples)
 				if err != nil {
 					decodeErr = &wlog.CorruptionErr{
@@ -191,7 +166,7 @@ func (h *Head) loadWAL(r *wlog.Reader, multiRef map[chunks.HeadSeriesRef]chunks.
 				}
 				decoded <- samples
 			case record.Tombstones:
-				tstones := tstonesPool.Get().([]tombstones.Stone)[:0]
+				tstones := tstonesPool.Get()[:0]
 				tstones, err = dec.Tombstones(rec, tstones)
 				if err != nil {
 					decodeErr = &wlog.CorruptionErr{
@@ -203,7 +178,7 @@ func (h *Head) loadWAL(r *wlog.Reader, multiRef map[chunks.HeadSeriesRef]chunks.
 				}
 				decoded <- tstones
 			case record.Exemplars:
-				exemplars := exemplarsPool.Get().([]record.RefExemplar)[:0]
+				exemplars := exemplarsPool.Get()[:0]
 				exemplars, err = dec.Exemplars(rec, exemplars)
 				if err != nil {
 					decodeErr = &wlog.CorruptionErr{
@@ -215,7 +190,7 @@ func (h *Head) loadWAL(r *wlog.Reader, multiRef map[chunks.HeadSeriesRef]chunks.
 				}
 				decoded <- exemplars
 			case record.HistogramSamples:
-				hists := histogramsPool.Get().([]record.RefHistogramSample)[:0]
+				hists := histogramsPool.Get()[:0]
 				hists, err = dec.HistogramSamples(rec, hists)
 				if err != nil {
 					decodeErr = &wlog.CorruptionErr{
@@ -227,7 +202,7 @@ func (h *Head) loadWAL(r *wlog.Reader, multiRef map[chunks.HeadSeriesRef]chunks.
 				}
 				decoded <- hists
 			case record.FloatHistogramSamples:
-				hists := floatHistogramsPool.Get().([]record.RefFloatHistogramSample)[:0]
+				hists := floatHistogramsPool.Get()[:0]
 				hists, err = dec.FloatHistogramSamples(rec, hists)
 				if err != nil {
 					decodeErr = &wlog.CorruptionErr{
@@ -239,7 +214,7 @@ func (h *Head) loadWAL(r *wlog.Reader, multiRef map[chunks.HeadSeriesRef]chunks.
 				}
 				decoded <- hists
 			case record.Metadata:
-				meta := metadataPool.Get().([]record.RefMetadata)[:0]
+				meta := metadataPool.Get()[:0]
 				meta, err := dec.Metadata(rec, meta)
 				if err != nil {
 					decodeErr = &wlog.CorruptionErr{
@@ -278,7 +253,6 @@ Outer:
 				idx := uint64(mSeries.ref) % uint64(concurrency)
 				processors[idx].input <- walSubsetProcessorInputItem{walSeriesRef: walSeries.Ref, existingSeries: mSeries}
 			}
-			//nolint:staticcheck // Ignore SA6002 relax staticcheck verification.
 			seriesPool.Put(v)
 		case []record.RefSample:
 			samples := v
@@ -315,7 +289,6 @@ Outer:
 				}
 				samples = samples[m:]
 			}
-			//nolint:staticcheck // Ignore SA6002 relax staticcheck verification.
 			samplesPool.Put(v)
 		case []tombstones.Stone:
 			for _, s := range v {
@@ -327,16 +300,14 @@ Outer:
 						unknownRefs.Inc()
 						continue
 					}
-					h.tombstones.AddInterval(storage.SeriesRef(s.Ref), itv)
+					h.tombstones.AddInterval(s.Ref, itv)
 				}
 			}
-			//nolint:staticcheck // Ignore SA6002 relax staticcheck verification.
 			tstonesPool.Put(v)
 		case []record.RefExemplar:
 			for _, e := range v {
 				exemplarsInput <- e
 			}
-			//nolint:staticcheck // Ignore SA6002 relax staticcheck verification.
 			exemplarsPool.Put(v)
 		case []record.RefHistogramSample:
 			samples := v
@@ -373,7 +344,6 @@ Outer:
 				}
 				samples = samples[m:]
 			}
-			//nolint:staticcheck // Ignore SA6002 relax staticcheck verification.
 			histogramsPool.Put(v)
 		case []record.RefFloatHistogramSample:
 			samples := v
@@ -410,11 +380,10 @@ Outer:
 				}
 				samples = samples[m:]
 			}
-			//nolint:staticcheck // Ignore SA6002 relax staticcheck verification.
 			floatHistogramsPool.Put(v)
 		case []record.RefMetadata:
 			for _, m := range v {
-				s := h.series.getByID(chunks.HeadSeriesRef(m.Ref))
+				s := h.series.getByID(m.Ref)
 				if s == nil {
 					unknownMetadataRefs.Inc()
 					continue
@@ -425,7 +394,6 @@ Outer:
 					Help: m.Help,
 				}
 			}
-			//nolint:staticcheck // Ignore SA6002 relax staticcheck verification.
 			metadataPool.Put(v)
 		default:
 			panic(fmt.Errorf("unexpected decoded type: %T", d))
@@ -793,7 +761,6 @@ func (h *Head) loadWBL(r *wlog.Reader, multiRef map[chunks.HeadSeriesRef]chunks.
 				}
 				samples = samples[m:]
 			}
-			//nolint:staticcheck // Ignore SA6002 relax staticcheck verification.
 			samplesPool.Put(d)
 		case []record.RefMmapMarker:
 			markers := v
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/index/index.go b/vendor/github.com/prometheus/prometheus/tsdb/index/index.go
index 9f584ee82..50a701d3a 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/index/index.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/index/index.go
@@ -536,7 +536,7 @@ func (w *Writer) finishSymbols() error {
 	// Write out the length and symbol count.
 	w.buf1.Reset()
 	w.buf1.PutBE32int(int(symbolTableSize))
-	w.buf1.PutBE32int(int(w.numSymbols))
+	w.buf1.PutBE32int(w.numSymbols)
 	if err := w.writeAt(w.buf1.Get(), w.toc.Symbols); err != nil {
 		return err
 	}
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/index/postings.go b/vendor/github.com/prometheus/prometheus/tsdb/index/postings.go
index b55d70df0..b93d3a202 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/index/postings.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/index/postings.go
@@ -224,7 +224,10 @@ func (p *MemPostings) All() Postings {
 
 // EnsureOrder ensures that all postings lists are sorted. After it returns all further
 // calls to add and addFor will insert new IDs in a sorted manner.
-func (p *MemPostings) EnsureOrder() {
+// Parameter numberOfConcurrentProcesses is used to specify the maximal number of
+// CPU cores used for this operation. If it is <= 0, GOMAXPROCS is used.
+// GOMAXPROCS was the default before introducing this parameter.
+func (p *MemPostings) EnsureOrder(numberOfConcurrentProcesses int) {
 	p.mtx.Lock()
 	defer p.mtx.Unlock()
 
@@ -232,13 +235,16 @@ func (p *MemPostings) EnsureOrder() {
 		return
 	}
 
-	n := runtime.GOMAXPROCS(0)
+	concurrency := numberOfConcurrentProcesses
+	if concurrency <= 0 {
+		concurrency = runtime.GOMAXPROCS(0)
+	}
 	workc := make(chan *[][]storage.SeriesRef)
 
 	var wg sync.WaitGroup
-	wg.Add(n)
+	wg.Add(concurrency)
 
-	for i := 0; i < n; i++ {
+	for i := 0; i < concurrency; i++ {
 		go func() {
 			for job := range workc {
 				for _, l := range *job {
@@ -559,12 +565,11 @@ func newMergedPostings(p []Postings) (m *mergedPostings, nonEmpty bool) {
 
 	for _, it := range p {
 		// NOTE: mergedPostings struct requires the user to issue an initial Next.
-		if it.Next() {
+		switch {
+		case it.Next():
 			ph = append(ph, it)
-		} else {
-			if it.Err() != nil {
-				return &mergedPostings{err: it.Err()}, true
-			}
+		case it.Err() != nil:
+			return &mergedPostings{err: it.Err()}, true
 		}
 	}
 
@@ -697,17 +702,16 @@ func (rp *removedPostings) Next() bool {
 			rp.fok = rp.full.Next()
 			return true
 		}
-
-		fcur, rcur := rp.full.At(), rp.remove.At()
-		if fcur < rcur {
+		switch fcur, rcur := rp.full.At(), rp.remove.At(); {
+		case fcur < rcur:
 			rp.cur = fcur
 			rp.fok = rp.full.Next()
 
 			return true
-		} else if rcur < fcur {
+		case rcur < fcur:
 			// Forward the remove postings to the right position.
 			rp.rok = rp.remove.Seek(fcur)
-		} else {
+		default:
 			// Skip the current posting.
 			rp.fok = rp.full.Next()
 		}
@@ -842,9 +846,10 @@ func (it *bigEndianPostings) Err() error {
 func FindIntersectingPostings(p Postings, candidates []Postings) (indexes []int, err error) {
 	h := make(postingsWithIndexHeap, 0, len(candidates))
 	for idx, it := range candidates {
-		if it.Next() {
+		switch {
+		case it.Next():
 			h = append(h, postingsWithIndex{index: idx, p: it})
-		} else if it.Err() != nil {
+		case it.Err() != nil:
 			return nil, it.Err()
 		}
 	}
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/index/postingsstats.go b/vendor/github.com/prometheus/prometheus/tsdb/index/postingsstats.go
index 5e5880720..6b29bddab 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/index/postingsstats.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/index/postingsstats.go
@@ -31,10 +31,10 @@ type maxHeap struct {
 	Items     []Stat
 }
 
-func (m *maxHeap) init(len int) {
-	m.maxLength = len
+func (m *maxHeap) init(length int) {
+	m.maxLength = length
 	m.minValue = math.MaxUint64
-	m.Items = make([]Stat, 0, len)
+	m.Items = make([]Stat, 0, length)
 }
 
 func (m *maxHeap) push(item Stat) {
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/isolation.go b/vendor/github.com/prometheus/prometheus/tsdb/isolation.go
index 74d63c6af..401e5885a 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/isolation.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/isolation.go
@@ -254,7 +254,7 @@ func (txr *txRing) add(appendID uint64) {
 	if txr.txIDCount == len(txr.txIDs) {
 		// Ring buffer is full, expand by doubling.
 		newRing := make([]uint64, txr.txIDCount*2)
-		idx := copy(newRing[:], txr.txIDs[txr.txIDFirst:])
+		idx := copy(newRing, txr.txIDs[txr.txIDFirst:])
 		copy(newRing[idx:], txr.txIDs[:txr.txIDFirst])
 		txr.txIDs = newRing
 		txr.txIDFirst = 0
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/ooo_head.go b/vendor/github.com/prometheus/prometheus/tsdb/ooo_head.go
index 63d0b3712..45827889e 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/ooo_head.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/ooo_head.go
@@ -78,7 +78,7 @@ func (o *OOOChunk) ToXOR() (*chunkenc.XORChunk, error) {
 		return nil, err
 	}
 	for _, s := range o.samples {
-		app.Append(s.t, s.v)
+		app.Append(s.t, s.f)
 	}
 	return x, nil
 }
@@ -96,7 +96,7 @@ func (o *OOOChunk) ToXORBetweenTimestamps(mint, maxt int64) (*chunkenc.XORChunk,
 		if s.t > maxt {
 			break
 		}
-		app.Append(s.t, s.v)
+		app.Append(s.t, s.f)
 	}
 	return x, nil
 }
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/ooo_head_read.go b/vendor/github.com/prometheus/prometheus/tsdb/ooo_head_read.go
index 9feb6bc6f..8ba3ea39a 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/ooo_head_read.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/ooo_head_read.go
@@ -11,6 +11,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// nolint:revive // Many unsued function arguments in this file by design.
 package tsdb
 
 import (
@@ -122,7 +123,7 @@ func (oh *OOOHeadIndexReader) series(ref storage.SeriesRef, builder *labels.Scra
 		}
 	}
 
-	// There is nothing to do if we did not collect any chunk
+	// There is nothing to do if we did not collect any chunk.
 	if len(tmpChks) == 0 {
 		return nil
 	}
@@ -135,14 +136,15 @@ func (oh *OOOHeadIndexReader) series(ref storage.SeriesRef, builder *labels.Scra
 	// chunks Meta the first chunk that overlaps with others.
 	// Example chunks of a series: 5:(100, 200) 6:(500, 600) 7:(150, 250) 8:(550, 650)
 	// In the example 5 overlaps with 7 and 6 overlaps with 8 so we only want to
-	// to return chunk Metas for chunk 5 and chunk 6
+	// to return chunk Metas for chunk 5 and chunk 6e
 	*chks = append(*chks, tmpChks[0])
-	maxTime := tmpChks[0].MaxTime // tracks the maxTime of the previous "to be merged chunk"
+	maxTime := tmpChks[0].MaxTime // Tracks the maxTime of the previous "to be merged chunk".
 	for _, c := range tmpChks[1:] {
-		if c.MinTime > maxTime {
+		switch {
+		case c.MinTime > maxTime:
 			*chks = append(*chks, c)
 			maxTime = c.MaxTime
-		} else if c.MaxTime > maxTime {
+		case c.MaxTime > maxTime:
 			maxTime = c.MaxTime
 			(*chks)[len(*chks)-1].MaxTime = c.MaxTime
 		}
@@ -276,16 +278,18 @@ type OOOCompactionHead struct {
 // All the above together have a bit of CPU and memory overhead, and can have a bit of impact
 // on the sample append latency. So call NewOOOCompactionHead only right before compaction.
 func NewOOOCompactionHead(head *Head) (*OOOCompactionHead, error) {
-	newWBLFile, err := head.wbl.NextSegmentSync()
-	if err != nil {
-		return nil, err
+	ch := &OOOCompactionHead{
+		chunkRange: head.chunkRange.Load(),
+		mint:       math.MaxInt64,
+		maxt:       math.MinInt64,
 	}
 
-	ch := &OOOCompactionHead{
-		chunkRange:  head.chunkRange.Load(),
-		mint:        math.MaxInt64,
-		maxt:        math.MinInt64,
-		lastWBLFile: newWBLFile,
+	if head.wbl != nil {
+		lastWBLFile, err := head.wbl.NextSegmentSync()
+		if err != nil {
+			return nil, err
+		}
+		ch.lastWBLFile = lastWBLFile
 	}
 
 	ch.oooIR = NewOOOHeadIndexReader(head, math.MinInt64, math.MaxInt64)
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/querier.go b/vendor/github.com/prometheus/prometheus/tsdb/querier.go
index 061d5b394..70f8f6de8 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/querier.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/querier.go
@@ -180,7 +180,7 @@ func (q *blockChunkQuerier) Select(sortSeries bool, hints *storage.SelectHints,
 	if sortSeries {
 		p = q.index.SortedPostings(p)
 	}
-	return newBlockChunkSeriesSet(q.blockID, q.index, q.chunks, q.tombstones, p, mint, maxt, disableTrimming)
+	return NewBlockChunkSeriesSet(q.blockID, q.index, q.chunks, q.tombstones, p, mint, maxt, disableTrimming)
 }
 
 func findSetMatches(pattern string) []string {
@@ -239,18 +239,20 @@ func PostingsForMatchers(ix IndexReader, ms ...*labels.Matcher) (index.Postings,
 	}
 
 	for _, m := range ms {
-		if m.Name == "" && m.Value == "" { // Special-case for AllPostings, used in tests at least.
+		switch {
+		case m.Name == "" && m.Value == "": // Special-case for AllPostings, used in tests at least.
 			k, v := index.AllPostingsKey()
 			allPostings, err := ix.Postings(k, v)
 			if err != nil {
 				return nil, err
 			}
 			its = append(its, allPostings)
-		} else if labelMustBeSet[m.Name] {
+		case labelMustBeSet[m.Name]:
 			// If this matcher must be non-empty, we can be smarter.
 			matchesEmpty := m.Matches("")
 			isNot := m.Type == labels.MatchNotEqual || m.Type == labels.MatchNotRegexp
-			if isNot && matchesEmpty { // l!="foo"
+			switch {
+			case isNot && matchesEmpty: // l!="foo"
 				// If the label can't be empty and is a Not and the inner matcher
 				// doesn't match empty, then subtract it out at the end.
 				inverse, err := m.Inverse()
@@ -263,7 +265,7 @@ func PostingsForMatchers(ix IndexReader, ms ...*labels.Matcher) (index.Postings,
 					return nil, err
 				}
 				notIts = append(notIts, it)
-			} else if isNot && !matchesEmpty { // l!=""
+			case isNot && !matchesEmpty: // l!=""
 				// If the label can't be empty and is a Not, but the inner matcher can
 				// be empty we need to use inversePostingsForMatcher.
 				inverse, err := m.Inverse()
@@ -279,7 +281,7 @@ func PostingsForMatchers(ix IndexReader, ms ...*labels.Matcher) (index.Postings,
 					return index.EmptyPostings(), nil
 				}
 				its = append(its, it)
-			} else { // l="a"
+			default: // l="a"
 				// Non-Not matcher, use normal postingsForMatcher.
 				it, err := postingsForMatcher(ix, m)
 				if err != nil {
@@ -290,7 +292,7 @@ func PostingsForMatchers(ix IndexReader, ms ...*labels.Matcher) (index.Postings,
 				}
 				its = append(its, it)
 			}
-		} else { // l=""
+		default: // l=""
 			// If the matchers for a labelname selects an empty value, it selects all
 			// the series which don't have the label name set too. See:
 			// https://github.com/prometheus/prometheus/issues/3575 and
@@ -438,7 +440,7 @@ func (s *seriesData) Labels() labels.Labels { return s.labels }
 
 // blockBaseSeriesSet allows to iterate over all series in the single block.
 // Iterated series are trimmed with given min and max time as well as tombstones.
-// See newBlockSeriesSet and newBlockChunkSeriesSet to use it for either sample or chunk iterating.
+// See newBlockSeriesSet and NewBlockChunkSeriesSet to use it for either sample or chunk iterating.
 type blockBaseSeriesSet struct {
 	blockID         ulid.ULID
 	p               index.Postings
@@ -584,7 +586,11 @@ func (p *populateWithDelGenericSeriesIterator) reset(blockID ulid.ULID, cr Chunk
 	p.currChkMeta = chunks.Meta{}
 }
 
-func (p *populateWithDelGenericSeriesIterator) next() bool {
+// If copyHeadChunk is true, then the head chunk (i.e. the in-memory chunk of the TSDB)
+// is deep copied to avoid races between reads and copying chunk bytes.
+// However, if the deletion intervals overlaps with the head chunk, then the head chunk is
+// not copied irrespective of copyHeadChunk because it will be re-encoded later anyway.
+func (p *populateWithDelGenericSeriesIterator) next(copyHeadChunk bool) bool {
 	if p.err != nil || p.i >= len(p.chks)-1 {
 		return false
 	}
@@ -592,12 +598,6 @@ func (p *populateWithDelGenericSeriesIterator) next() bool {
 	p.i++
 	p.currChkMeta = p.chks[p.i]
 
-	p.currChkMeta.Chunk, p.err = p.chunks.Chunk(p.currChkMeta)
-	if p.err != nil {
-		p.err = errors.Wrapf(p.err, "cannot populate chunk %d from block %s", p.currChkMeta.Ref, p.blockID.String())
-		return false
-	}
-
 	p.bufIter.Intervals = p.bufIter.Intervals[:0]
 	for _, interval := range p.intervals {
 		if p.currChkMeta.OverlapsClosedInterval(interval.Mint, interval.Maxt) {
@@ -605,22 +605,28 @@ func (p *populateWithDelGenericSeriesIterator) next() bool {
 		}
 	}
 
-	// Re-encode head chunks that are still open (being appended to) or
-	// outside the compacted MaxTime range.
-	// The chunk.Bytes() method is not safe for open chunks hence the re-encoding.
-	// This happens when snapshotting the head block or just fetching chunks from TSDB.
-	//
-	// TODO(codesome): think how to avoid the typecasting to verify when it is head block.
-	_, isSafeChunk := p.currChkMeta.Chunk.(*safeChunk)
-	if len(p.bufIter.Intervals) == 0 && !(isSafeChunk && p.currChkMeta.MaxTime == math.MaxInt64) {
-		// If there is no overlap with deletion intervals AND it's NOT
-		// an "open" head chunk, we can take chunk as it is.
+	hcr, ok := p.chunks.(*headChunkReader)
+	if ok && copyHeadChunk && len(p.bufIter.Intervals) == 0 {
+		// ChunkWithCopy will copy the head chunk.
+		var maxt int64
+		p.currChkMeta.Chunk, maxt, p.err = hcr.ChunkWithCopy(p.currChkMeta)
+		// For the in-memory head chunk the index reader sets maxt as MaxInt64. We fix it here.
+		p.currChkMeta.MaxTime = maxt
+	} else {
+		p.currChkMeta.Chunk, p.err = p.chunks.Chunk(p.currChkMeta)
+	}
+	if p.err != nil {
+		p.err = errors.Wrapf(p.err, "cannot populate chunk %d from block %s", p.currChkMeta.Ref, p.blockID.String())
+		return false
+	}
+
+	if len(p.bufIter.Intervals) == 0 {
+		// If there is no overlap with deletion intervals, we can take chunk as it is.
 		p.currDelIter = nil
 		return true
 	}
 
-	// We don't want the full chunk, or it's potentially still opened, take
-	// just a part of it.
+	// We don't want the full chunk, take just a part of it.
 	p.bufIter.Iter = p.currChkMeta.Chunk.Iterator(p.bufIter.Iter)
 	p.currDelIter = &p.bufIter
 	return true
@@ -677,7 +683,7 @@ func (p *populateWithDelSeriesIterator) Next() chunkenc.ValueType {
 		}
 	}
 
-	for p.next() {
+	for p.next(false) {
 		if p.currDelIter != nil {
 			p.curr = p.currDelIter
 		} else {
@@ -742,7 +748,7 @@ func (p *populateWithDelChunkSeriesIterator) reset(blockID ulid.ULID, cr ChunkRe
 }
 
 func (p *populateWithDelChunkSeriesIterator) Next() bool {
-	if !p.next() {
+	if !p.next(true) {
 		return false
 	}
 	p.curr = p.currChkMeta
@@ -920,7 +926,7 @@ type blockChunkSeriesSet struct {
 	blockBaseSeriesSet
 }
 
-func newBlockChunkSeriesSet(id ulid.ULID, i IndexReader, c ChunkReader, t tombstones.Reader, p index.Postings, mint, maxt int64, disableTrimming bool) storage.ChunkSeriesSet {
+func NewBlockChunkSeriesSet(id ulid.ULID, i IndexReader, c ChunkReader, t tombstones.Reader, p index.Postings, mint, maxt int64, disableTrimming bool) storage.ChunkSeriesSet {
 	return &blockChunkSeriesSet{
 		blockBaseSeriesSet{
 			blockID:         id,
@@ -954,39 +960,45 @@ type mergedStringIter struct {
 	b        index.StringIter
 	aok, bok bool
 	cur      string
+	err      error
 }
 
 func (m *mergedStringIter) Next() bool {
 	if (!m.aok && !m.bok) || (m.Err() != nil) {
 		return false
 	}
-
-	if !m.aok {
+	switch {
+	case !m.aok:
 		m.cur = m.b.At()
 		m.bok = m.b.Next()
-	} else if !m.bok {
+		m.err = m.b.Err()
+	case !m.bok:
 		m.cur = m.a.At()
 		m.aok = m.a.Next()
-	} else if m.b.At() > m.a.At() {
+		m.err = m.a.Err()
+	case m.b.At() > m.a.At():
 		m.cur = m.a.At()
 		m.aok = m.a.Next()
-	} else if m.a.At() > m.b.At() {
+		m.err = m.a.Err()
+	case m.a.At() > m.b.At():
 		m.cur = m.b.At()
 		m.bok = m.b.Next()
-	} else { // Equal.
+		m.err = m.b.Err()
+	default: // Equal.
 		m.cur = m.b.At()
 		m.aok = m.a.Next()
+		m.err = m.a.Err()
 		m.bok = m.b.Next()
+		if m.err == nil {
+			m.err = m.b.Err()
+		}
 	}
 
 	return true
 }
 func (m mergedStringIter) At() string { return m.cur }
 func (m mergedStringIter) Err() error {
-	if m.a.Err() != nil {
-		return m.a.Err()
-	}
-	return m.b.Err()
+	return m.err
 }
 
 // DeletedIterator wraps chunk Iterator and makes sure any deleted metrics are not returned.
@@ -1075,7 +1087,7 @@ func newNopChunkReader() ChunkReader {
 	}
 }
 
-func (cr nopChunkReader) Chunk(meta chunks.Meta) (chunkenc.Chunk, error) {
+func (cr nopChunkReader) Chunk(chunks.Meta) (chunkenc.Chunk, error) {
 	return cr.emptyChunk, nil
 }
 
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/test.txt b/vendor/github.com/prometheus/prometheus/tsdb/test.txt
deleted file mode 100644
index e69de29bb..000000000
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/tombstones/tombstones.go b/vendor/github.com/prometheus/prometheus/tsdb/tombstones/tombstones.go
index f7e2a2a1e..a52e1caa9 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/tombstones/tombstones.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/tombstones/tombstones.go
@@ -190,9 +190,10 @@ type Stone struct {
 
 func ReadTombstones(dir string) (Reader, int64, error) {
 	b, err := os.ReadFile(filepath.Join(dir, TombstonesFilename))
-	if os.IsNotExist(err) {
+	switch {
+	case os.IsNotExist(err):
 		return NewMemTombstones(), 0, nil
-	} else if err != nil {
+	case err != nil:
 		return nil, 0, err
 	}
 
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/tsdbutil/chunks.go b/vendor/github.com/prometheus/prometheus/tsdb/tsdbutil/chunks.go
index f9981ffe1..02a7dd619 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/tsdbutil/chunks.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/tsdbutil/chunks.go
@@ -28,7 +28,7 @@ type Samples interface {
 
 type Sample interface {
 	T() int64
-	V() float64
+	F() float64
 	H() *histogram.Histogram
 	FH() *histogram.FloatHistogram
 	Type() chunkenc.ValueType
@@ -69,7 +69,7 @@ func ChunkFromSamplesGeneric(s Samples) chunks.Meta {
 	for i := 0; i < s.Len(); i++ {
 		switch sampleType {
 		case chunkenc.ValFloat:
-			ca.Append(s.Get(i).T(), s.Get(i).V())
+			ca.Append(s.Get(i).T(), s.Get(i).F())
 		case chunkenc.ValHistogram:
 			ca.AppendHistogram(s.Get(i).T(), s.Get(i).H())
 		case chunkenc.ValFloatHistogram:
@@ -87,7 +87,7 @@ func ChunkFromSamplesGeneric(s Samples) chunks.Meta {
 
 type sample struct {
 	t  int64
-	v  float64
+	f  float64
 	h  *histogram.Histogram
 	fh *histogram.FloatHistogram
 }
@@ -96,8 +96,8 @@ func (s sample) T() int64 {
 	return s.t
 }
 
-func (s sample) V() float64 {
-	return s.v
+func (s sample) F() float64 {
+	return s.f
 }
 
 func (s sample) H() *histogram.Histogram {
@@ -123,7 +123,7 @@ func (s sample) Type() chunkenc.ValueType {
 func PopulatedChunk(numSamples int, minTime int64) chunks.Meta {
 	samples := make([]Sample, numSamples)
 	for i := 0; i < numSamples; i++ {
-		samples[i] = sample{t: minTime + int64(i*1000), v: 1.0}
+		samples[i] = sample{t: minTime + int64(i*1000), f: 1.0}
 	}
 	return ChunkFromSamples(samples)
 }
@@ -133,7 +133,7 @@ func GenerateSamples(start, numSamples int) []Sample {
 	return generateSamples(start, numSamples, func(i int) Sample {
 		return sample{
 			t: int64(i),
-			v: float64(i),
+			f: float64(i),
 		}
 	})
 }
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/wal.go b/vendor/github.com/prometheus/prometheus/tsdb/wal.go
index 38584847e..70378021a 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/wal.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/wal.go
@@ -11,6 +11,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// nolint:revive // Many unsued function arguments in this file by design.
 package tsdb
 
 import (
@@ -38,6 +39,7 @@ import (
 	"github.com/prometheus/prometheus/tsdb/record"
 	"github.com/prometheus/prometheus/tsdb/tombstones"
 	"github.com/prometheus/prometheus/tsdb/wlog"
+	"github.com/prometheus/prometheus/util/zeropool"
 )
 
 // WALEntryType indicates what data a WAL entry contains.
@@ -89,7 +91,7 @@ func newWalMetrics(r prometheus.Registerer) *walMetrics {
 // WAL is a write ahead log that can log new series labels and samples.
 // It must be completely read before new entries are logged.
 //
-// DEPRECATED: use wlog pkg combined with the record codex instead.
+// Deprecated: use wlog pkg combined with the record codex instead.
 type WAL interface {
 	Reader() WALReader
 	LogSeries([]record.RefSeries) error
@@ -146,7 +148,7 @@ func newCRC32() hash.Hash32 {
 
 // SegmentWAL is a write ahead log for series data.
 //
-// DEPRECATED: use wlog pkg combined with the record coders instead.
+// Deprecated: use wlog pkg combined with the record coders instead.
 type SegmentWAL struct {
 	mtx     sync.Mutex
 	metrics *walMetrics
@@ -520,9 +522,10 @@ func (w *SegmentWAL) openSegmentFile(name string) (*os.File, error) {
 		}
 	}()
 
-	if n, err := f.Read(metab); err != nil {
+	switch n, err := f.Read(metab); {
+	case err != nil:
 		return nil, errors.Wrapf(err, "validate meta %q", f.Name())
-	} else if n != 8 {
+	case n != 8:
 		return nil, errors.Errorf("invalid header size %d in %q", n, f.Name())
 	}
 
@@ -870,9 +873,9 @@ func (r *walReader) Read(
 	// Historically, the processing is the bottleneck with reading and decoding using only
 	// 15% of the CPU.
 	var (
-		seriesPool sync.Pool
-		samplePool sync.Pool
-		deletePool sync.Pool
+		seriesPool zeropool.Pool[[]record.RefSeries]
+		samplePool zeropool.Pool[[]record.RefSample]
+		deletePool zeropool.Pool[[]tombstones.Stone]
 	)
 	donec := make(chan struct{})
 	datac := make(chan interface{}, 100)
@@ -886,19 +889,16 @@ func (r *walReader) Read(
 				if seriesf != nil {
 					seriesf(v)
 				}
-				//nolint:staticcheck // Ignore SA6002 safe to ignore and actually fixing it has some performance penalty.
 				seriesPool.Put(v[:0])
 			case []record.RefSample:
 				if samplesf != nil {
 					samplesf(v)
 				}
-				//nolint:staticcheck // Ignore SA6002 safe to ignore and actually fixing it has some performance penalty.
 				samplePool.Put(v[:0])
 			case []tombstones.Stone:
 				if deletesf != nil {
 					deletesf(v)
 				}
-				//nolint:staticcheck // Ignore SA6002 safe to ignore and actually fixing it has some performance penalty.
 				deletePool.Put(v[:0])
 			default:
 				level.Error(r.logger).Log("msg", "unexpected data type")
@@ -915,11 +915,9 @@ func (r *walReader) Read(
 		// Those should generally be caught by entry decoding before.
 		switch et {
 		case WALEntrySeries:
-			var series []record.RefSeries
-			if v := seriesPool.Get(); v == nil {
+			series := seriesPool.Get()
+			if series == nil {
 				series = make([]record.RefSeries, 0, 512)
-			} else {
-				series = v.([]record.RefSeries)
 			}
 
 			err = r.decodeSeries(flag, b, &series)
@@ -936,11 +934,9 @@ func (r *walReader) Read(
 				}
 			}
 		case WALEntrySamples:
-			var samples []record.RefSample
-			if v := samplePool.Get(); v == nil {
+			samples := samplePool.Get()
+			if samples == nil {
 				samples = make([]record.RefSample, 0, 512)
-			} else {
-				samples = v.([]record.RefSample)
 			}
 
 			err = r.decodeSamples(flag, b, &samples)
@@ -958,11 +954,9 @@ func (r *walReader) Read(
 				}
 			}
 		case WALEntryDeletes:
-			var deletes []tombstones.Stone
-			if v := deletePool.Get(); v == nil {
+			deletes := deletePool.Get()
+			if deletes == nil {
 				deletes = make([]tombstones.Stone, 0, 512)
-			} else {
-				deletes = v.([]tombstones.Stone)
 			}
 
 			err = r.decodeDeletes(flag, b, &deletes)
@@ -1070,9 +1064,10 @@ func (r *walReader) entry(cr io.Reader) (WALEntryType, byte, []byte, error) {
 	tr := io.TeeReader(cr, r.crc32)
 
 	b := make([]byte, 6)
-	if n, err := tr.Read(b); err != nil {
+	switch n, err := tr.Read(b); {
+	case err != nil:
 		return 0, 0, nil, err
-	} else if n != 6 {
+	case n != 6:
 		return 0, 0, nil, r.corruptionErr("invalid entry header size %d", n)
 	}
 
@@ -1094,15 +1089,17 @@ func (r *walReader) entry(cr io.Reader) (WALEntryType, byte, []byte, error) {
 	}
 	buf := r.buf[:length]
 
-	if n, err := tr.Read(buf); err != nil {
+	switch n, err := tr.Read(buf); {
+	case err != nil:
 		return 0, 0, nil, err
-	} else if n != length {
+	case n != length:
 		return 0, 0, nil, r.corruptionErr("invalid entry body size %d", n)
 	}
 
-	if n, err := cr.Read(b[:4]); err != nil {
+	switch n, err := cr.Read(b[:4]); {
+	case err != nil:
 		return 0, 0, nil, err
-	} else if n != 4 {
+	case n != 4:
 		return 0, 0, nil, r.corruptionErr("invalid checksum length %d", n)
 	}
 	if exp, has := binary.BigEndian.Uint32(b[:4]), r.crc32.Sum32(); has != exp {
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/wlog/live_reader.go b/vendor/github.com/prometheus/prometheus/tsdb/wlog/live_reader.go
index 29467aef4..0ca69093a 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/wlog/live_reader.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/wlog/live_reader.go
@@ -126,9 +126,10 @@ func (r *LiveReader) Next() bool {
 		// we return  EOF and the user can try again later. If we have a full
 		// page, buildRecord is guaranteed to return a record or a non-EOF; it
 		// has checks the records fit in pages.
-		if ok, err := r.buildRecord(); ok {
+		switch ok, err := r.buildRecord(); {
+		case ok:
 			return true
-		} else if err != nil && err != io.EOF {
+		case err != nil && err != io.EOF:
 			r.err = err
 			return false
 		}
diff --git a/vendor/github.com/prometheus/prometheus/tsdb/wlog/watcher.go b/vendor/github.com/prometheus/prometheus/tsdb/wlog/watcher.go
index 72121283d..b0c17dcba 100644
--- a/vendor/github.com/prometheus/prometheus/tsdb/wlog/watcher.go
+++ b/vendor/github.com/prometheus/prometheus/tsdb/wlog/watcher.go
@@ -405,9 +405,10 @@ func (w *Watcher) watch(segmentNum int, tail bool) error {
 
 			// Ignore errors reading to end of segment whilst replaying the WAL.
 			if !tail {
-				if err != nil && errors.Cause(err) != io.EOF {
+				switch {
+				case err != nil && errors.Cause(err) != io.EOF:
 					level.Warn(w.logger).Log("msg", "Ignoring error reading to end of segment, may have dropped data", "err", err)
-				} else if reader.Offset() != size {
+				case reader.Offset() != size:
 					level.Warn(w.logger).Log("msg", "Expected to have read whole segment, may have dropped data", "segment", segmentNum, "read", reader.Offset(), "size", size)
 				}
 				return nil
@@ -425,9 +426,10 @@ func (w *Watcher) watch(segmentNum int, tail bool) error {
 
 			// Ignore all errors reading to end of segment whilst replaying the WAL.
 			if !tail {
-				if err != nil && errors.Cause(err) != io.EOF {
+				switch {
+				case err != nil && errors.Cause(err) != io.EOF:
 					level.Warn(w.logger).Log("msg", "Ignoring error reading to end of segment, may have dropped data", "segment", segmentNum, "err", err)
-				} else if reader.Offset() != size {
+				case reader.Offset() != size:
 					level.Warn(w.logger).Log("msg", "Expected to have read whole segment, may have dropped data", "segment", segmentNum, "read", reader.Offset(), "size", size)
 				}
 				return nil
diff --git a/vendor/github.com/prometheus/prometheus/util/testutil/context.go b/vendor/github.com/prometheus/prometheus/util/testutil/context.go
index cf730421b..c1f4a831c 100644
--- a/vendor/github.com/prometheus/prometheus/util/testutil/context.go
+++ b/vendor/github.com/prometheus/prometheus/util/testutil/context.go
@@ -37,6 +37,6 @@ func (c *MockContext) Err() error {
 }
 
 // Value ignores the Value and always returns nil
-func (c *MockContext) Value(key interface{}) interface{} {
+func (c *MockContext) Value(interface{}) interface{} {
 	return nil
 }
diff --git a/vendor/github.com/prometheus/prometheus/util/testutil/roundtrip.go b/vendor/github.com/prometheus/prometheus/util/testutil/roundtrip.go
index a93991a13..364e0c264 100644
--- a/vendor/github.com/prometheus/prometheus/util/testutil/roundtrip.go
+++ b/vendor/github.com/prometheus/prometheus/util/testutil/roundtrip.go
@@ -22,7 +22,7 @@ type roundTrip struct {
 	theError    error
 }
 
-func (rt *roundTrip) RoundTrip(r *http.Request) (*http.Response, error) {
+func (rt *roundTrip) RoundTrip(*http.Request) (*http.Response, error) {
 	return rt.theResponse, rt.theError
 }
 
diff --git a/vendor/github.com/prometheus/prometheus/util/zeropool/pool.go b/vendor/github.com/prometheus/prometheus/util/zeropool/pool.go
new file mode 100644
index 000000000..4f6deddfb
--- /dev/null
+++ b/vendor/github.com/prometheus/prometheus/util/zeropool/pool.go
@@ -0,0 +1,77 @@
+// Copyright 2023 The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Package zeropool provides a zero-allocation type-safe alternative for sync.Pool, used to workaround staticheck SA6002.
+// The contents of this package are brought from https://github.com/colega/zeropool because "little copying is better than little dependency".
+
+package zeropool
+
+import "sync"
+
+// Pool is a type-safe pool of items that does not allocate pointers to items.
+// That is not entirely true, it does allocate sometimes, but not most of the time,
+// just like the usual sync.Pool pools items most of the time, except when they're evicted.
+// It does that by storing the allocated pointers in a secondary pool instead of letting them go,
+// so they can be used later to store the items again.
+//
+// Zero value of Pool[T] is valid, and it will return zero values of T if nothing is pooled.
+type Pool[T any] struct {
+	// items holds pointers to the pooled items, which are valid to be used.
+	items sync.Pool
+	// pointers holds just pointers to the pooled item types.
+	// The values referenced by pointers are not valid to be used (as they're used by some other caller)
+	// and it is safe to overwrite these pointers.
+	pointers sync.Pool
+}
+
+// New creates a new Pool[T] with the given function to create new items.
+// A Pool must not be copied after first use.
+func New[T any](item func() T) Pool[T] {
+	return Pool[T]{
+		items: sync.Pool{
+			New: func() interface{} {
+				val := item()
+				return &val
+			},
+		},
+	}
+}
+
+// Get returns an item from the pool, creating a new one if necessary.
+// Get may be called concurrently from multiple goroutines.
+func (p *Pool[T]) Get() T {
+	pooled := p.items.Get()
+	if pooled == nil {
+		// The only way this can happen is when someone is using the zero-value of zeropool.Pool, and items pool is empty.
+		// We don't have a pointer to store in p.pointers, so just return the empty value.
+		var zero T
+		return zero
+	}
+
+	ptr := pooled.(*T)
+	item := *ptr // ptr still holds a reference to a copy of item, but nobody will use it.
+	p.pointers.Put(ptr)
+	return item
+}
+
+// Put adds an item to the pool.
+func (p *Pool[T]) Put(item T) {
+	var ptr *T
+	if pooled := p.pointers.Get(); pooled != nil {
+		ptr = pooled.(*T)
+	} else {
+		ptr = new(T)
+	}
+	*ptr = item
+	p.items.Put(ptr)
+}
diff --git a/vendor/github.com/urfave/cli/v2/context.go b/vendor/github.com/urfave/cli/v2/context.go
index dbf50e495..cf5e58fe7 100644
--- a/vendor/github.com/urfave/cli/v2/context.go
+++ b/vendor/github.com/urfave/cli/v2/context.go
@@ -204,9 +204,10 @@ func (cCtx *Context) checkRequiredFlags(flags []Flag) requiredFlagsErr {
 			var flagPresent bool
 			var flagName string
 
-			for _, key := range f.Names() {
-				flagName = key
+			flagNames := f.Names()
+			flagName = flagNames[0]
 
+			for _, key := range flagNames {
 				if cCtx.IsSet(strings.TrimSpace(key)) {
 					flagPresent = true
 				}
diff --git a/vendor/github.com/urfave/cli/v2/docs.go b/vendor/github.com/urfave/cli/v2/docs.go
index 8b1c9c8a2..6cd0624ae 100644
--- a/vendor/github.com/urfave/cli/v2/docs.go
+++ b/vendor/github.com/urfave/cli/v2/docs.go
@@ -153,9 +153,14 @@ func prepareFlags(
 // flagDetails returns a string containing the flags metadata
 func flagDetails(flag DocGenerationFlag) string {
 	description := flag.GetUsage()
-	value := flag.GetValue()
-	if value != "" {
-		description += " (default: " + value + ")"
+	if flag.TakesValue() {
+		defaultText := flag.GetDefaultText()
+		if defaultText == "" {
+			defaultText = flag.GetValue()
+		}
+		if defaultText != "" {
+			description += " (default: " + defaultText + ")"
+		}
 	}
 	return ": " + description
 }
diff --git a/vendor/github.com/urfave/cli/v2/flag_generic.go b/vendor/github.com/urfave/cli/v2/flag_generic.go
index 4f9ac0a7f..039ffdfee 100644
--- a/vendor/github.com/urfave/cli/v2/flag_generic.go
+++ b/vendor/github.com/urfave/cli/v2/flag_generic.go
@@ -117,13 +117,8 @@ func (cCtx *Context) Generic(name string) interface{} {
 }
 
 func lookupGeneric(name string, set *flag.FlagSet) interface{} {
-	f := set.Lookup(name)
-	if f != nil {
-		parsed, err := f.Value, error(nil)
-		if err != nil {
-			return nil
-		}
-		return parsed
+	if f := set.Lookup(name); f != nil {
+		return f.Value
 	}
 	return nil
 }
diff --git a/vendor/github.com/urfave/cli/v2/flag_path.go b/vendor/github.com/urfave/cli/v2/flag_path.go
index 6434d3224..c4986779d 100644
--- a/vendor/github.com/urfave/cli/v2/flag_path.go
+++ b/vendor/github.com/urfave/cli/v2/flag_path.go
@@ -90,13 +90,8 @@ func (cCtx *Context) Path(name string) string {
 }
 
 func lookupPath(name string, set *flag.FlagSet) string {
-	f := set.Lookup(name)
-	if f != nil {
-		parsed, err := f.Value.String(), error(nil)
-		if err != nil {
-			return ""
-		}
-		return parsed
+	if f := set.Lookup(name); f != nil {
+		return f.Value.String()
 	}
 	return ""
 }
diff --git a/vendor/github.com/urfave/cli/v2/flag_string.go b/vendor/github.com/urfave/cli/v2/flag_string.go
index 3050086e8..4e55a2ca3 100644
--- a/vendor/github.com/urfave/cli/v2/flag_string.go
+++ b/vendor/github.com/urfave/cli/v2/flag_string.go
@@ -87,10 +87,8 @@ func (cCtx *Context) String(name string) string {
 }
 
 func lookupString(name string, set *flag.FlagSet) string {
-	f := set.Lookup(name)
-	if f != nil {
-		parsed := f.Value.String()
-		return parsed
+	if f := set.Lookup(name); f != nil {
+		return f.Value.String()
 	}
 	return ""
 }
diff --git a/vendor/github.com/valyala/gozstd/Makefile b/vendor/github.com/valyala/gozstd/Makefile
index b7f1372d3..90ca115ba 100644
--- a/vendor/github.com/valyala/gozstd/Makefile
+++ b/vendor/github.com/valyala/gozstd/Makefile
@@ -4,59 +4,67 @@ GOOS_GOARCH := $(GOOS)_$(GOARCH)
 GOOS_GOARCH_NATIVE := $(shell go env GOHOSTOS)_$(shell go env GOHOSTARCH)
 LIBZSTD_NAME := libzstd_$(GOOS_GOARCH).a
 ZSTD_VERSION ?= v1.5.5
-MUSL_BUILDER_IMAGE=golang:1.20.1-alpine
-BUILDER_IMAGE := local/builder_musl:2.0.0-$(shell echo $(MUSL_BUILDER_IMAGE) | tr : _)-1
+ZIG_BUILDER_IMAGE=euantorano/zig:0.10.1
+BUILDER_IMAGE := local/builder_musl:2.0.0-$(shell echo $(ZIG_BUILDER_IMAGE) | tr : _ | tr / _)-1
 
 .PHONY: libzstd.a $(LIBZSTD_NAME)
 
 libzstd.a: $(LIBZSTD_NAME)
 $(LIBZSTD_NAME):
 ifeq ($(GOOS_GOARCH),$(GOOS_GOARCH_NATIVE))
+	rm -f $(LIBZSTD_NAME)
 	cd zstd/lib && ZSTD_LEGACY_SUPPORT=0 MOREFLAGS=$(MOREFLAGS) $(MAKE) clean libzstd.a
 	mv zstd/lib/libzstd.a $(LIBZSTD_NAME)
-else
-ifeq ($(GOOS_GOARCH),linux_arm)
-	cd zstd/lib && CC=arm-linux-gnueabi-gcc ZSTD_LEGACY_SUPPORT=0 MOREFLAGS=$(MOREFLAGS) $(MAKE) clean libzstd.a
-	mv zstd/lib/libzstd.a libzstd_linux_arm.a
-endif
-ifeq ($(GOOS_GOARCH),linux_arm64)
-	cd zstd/lib && CC=aarch64-linux-gnu-gcc ZSTD_LEGACY_SUPPORT=0 MOREFLAGS=$(MOREFLAGS) $(MAKE) clean libzstd.a
-	mv zstd/lib/libzstd.a libzstd_linux_arm64.a
-endif
-ifeq ($(GOOS_GOARCH),linux_musl_amd64)
-	cd zstd/lib && ZSTD_LEGACY_SUPPORT=0 MOREFLAGS=$(MOREFLAGS) $(MAKE) clean libzstd.a
-	mv zstd/lib/libzstd.a libzstd_linux_musl_amd64.a
-endif
-ifeq ($(GOOS_GOARCH),linux_musl_arm64)
-	cd zstd/lib && ZSTD_LEGACY_SUPPORT=0 MOREFLAGS=$(MOREFLAGS) $(MAKE) clean libzstd.a
-	mv zstd/lib/libzstd.a libzstd_linux_musl_arm64.a
-endif
+else ifeq ($(GOOS_GOARCH),linux_amd64)
+	TARGET=x86_64-linux GOARCH=amd64 GOOS=linux $(MAKE) package-arch
+else ifeq ($(GOOS_GOARCH),linux_arm)
+	TARGET=arm-linux-gnueabi GOARCH=arm GOOS=linux $(MAKE) package-arch
+else ifeq ($(GOOS_GOARCH),linux_arm64)
+	TARGET=aarch64-linux GOARCH=arm64 GOOS=linux $(MAKE) package-arch
+else ifeq ($(GOOS_GOARCH),linux_musl_amd64)
+	TARGET=x86_64-linux-musl GOARCH=amd64 GOOS=linux_musl $(MAKE) package-arch
+else ifeq ($(GOOS_GOARCH),linux_musl_arm64)
+	TARGET=aarch64-linux-musl GOARCH=arm64 GOOS=linux_musl $(MAKE) package-arch
+else ifeq ($(GOOS_GOARCH),darwin_arm64)
+	TARGET=aarch64-macos GOARCH=arm64 GOOS=darwin $(MAKE) package-arch
+else ifeq ($(GOOS_GOARCH),darwin_amd64)
+	TARGET=x86_64-macos GOARCH=amd64 GOOS=darwin $(MAKE) package-arch
+else ifeq ($(GOOS_GOARCH),windows_amd64)
+	TARGET=x86_64-windows GOARCH=amd64 GOOS=windows GOARCH=amd64 $(MAKE) package-arch
 endif
 
 package-builder:
 	(docker image ls --format '{{.Repository}}:{{.Tag}}' | grep -q '$(BUILDER_IMAGE)$$') \
 		|| docker build \
-			--build-arg builder_image=$(MUSL_BUILDER_IMAGE) \
+			--build-arg builder_image=$(ZIG_BUILDER_IMAGE) \
 			--tag $(BUILDER_IMAGE) \
 			builder
 
-package-musl: package-builder
+package-arch: package-builder
+	rm -f $(LIBZSTD_NAME)
 	docker run --rm \
-		--user $(shell id -u):$(shell id -g) \
 		--mount type=bind,src="$(shell pwd)",dst=/zstd \
 		-w /zstd \
 		$(DOCKER_OPTS) \
 		$(BUILDER_IMAGE) \
-		sh -c "GOOS=linux_musl make clean libzstd.a"
-	docker run --rm \
-		--user $(shell id -u):$(shell id -g) \
-		--mount type=bind,src="$(shell pwd)",dst=/zstd \
-		--env CC=/opt/cross-builder/aarch64-linux-musl-cross/bin/aarch64-linux-musl-gcc \
-		-w /zstd \
-		$(DOCKER_OPTS) \
-		$(BUILDER_IMAGE) \
-		sh -c "GOARCH=arm64 GOOS=linux_musl make clean libzstd.a"
+		-c 'cd zstd/lib && \
+			ZSTD_LEGACY_SUPPORT=0 AR="zig ar" \
+			CC="zig cc -target $(TARGET)" \
+			CXX="zig cc -target $(TARGET)" \
+			MOREFLAGS=$(MOREFLAGS) \
+			$(MAKE) clean libzstd.a'
+	mv -f zstd/lib/libzstd.a $(LIBZSTD_NAME)
 
+# freebsd and illumos aren't supported by zig compiler atm.
+release:
+	GOOS=linux GOARCH=amd64 $(MAKE) libzstd.a
+	GOOS=linux GOARCH=arm64 $(MAKE) libzstd.a
+	GOOS=linux GOARCH=arm $(MAKE) libzstd.a
+	GOOS=linux_musl GOARCH=amd64 $(MAKE) libzstd.a
+	GOOS=linux_musl GOARCH=arm64 $(MAKE) libzstd.a
+	GOOS=darwin GOARCH=arm64 $(MAKE) libzstd.a
+	GOOS=darwin GOARCH=amd64 $(MAKE) libzstd.a
+	GOOS=windows GOARCH=amd64 $(MAKE) libzstd.a
 
 clean:
 	rm -f $(LIBZSTD_NAME)
diff --git a/vendor/github.com/valyala/gozstd/README.md b/vendor/github.com/valyala/gozstd/README.md
index 7b8d31142..8c05784a7 100644
--- a/vendor/github.com/valyala/gozstd/README.md
+++ b/vendor/github.com/valyala/gozstd/README.md
@@ -76,7 +76,6 @@ env CC=arm-linux-gnueabi-gcc GOOS=linux GOARCH=arm CGO_ENABLED=1 go build ./main
 
 * [VictoriaMetrics](https://github.com/VictoriaMetrics/VictoriaMetrics)
 
-
 ## FAQ
 
   * Q: _Which go version is supported?_
diff --git a/vendor/github.com/valyala/gozstd/libzstd_darwin_amd64.a b/vendor/github.com/valyala/gozstd/libzstd_darwin_amd64.a
index 7157fb394..5c12111ea 100644
Binary files a/vendor/github.com/valyala/gozstd/libzstd_darwin_amd64.a and b/vendor/github.com/valyala/gozstd/libzstd_darwin_amd64.a differ
diff --git a/vendor/github.com/valyala/gozstd/libzstd_darwin_arm64.a b/vendor/github.com/valyala/gozstd/libzstd_darwin_arm64.a
index d6116c1ea..1339570a7 100644
Binary files a/vendor/github.com/valyala/gozstd/libzstd_darwin_arm64.a and b/vendor/github.com/valyala/gozstd/libzstd_darwin_arm64.a differ
diff --git a/vendor/github.com/valyala/gozstd/libzstd_freebsd_amd64.a b/vendor/github.com/valyala/gozstd/libzstd_freebsd_amd64.a
index 7c992f93f..957ab9b6a 100644
Binary files a/vendor/github.com/valyala/gozstd/libzstd_freebsd_amd64.a and b/vendor/github.com/valyala/gozstd/libzstd_freebsd_amd64.a differ
diff --git a/vendor/github.com/valyala/gozstd/libzstd_illumos_amd64.a b/vendor/github.com/valyala/gozstd/libzstd_illumos_amd64.a
new file mode 100644
index 000000000..c447905db
Binary files /dev/null and b/vendor/github.com/valyala/gozstd/libzstd_illumos_amd64.a differ
diff --git a/vendor/github.com/valyala/gozstd/libzstd_illumos_amd64.go b/vendor/github.com/valyala/gozstd/libzstd_illumos_amd64.go
new file mode 100644
index 000000000..5e3d58420
--- /dev/null
+++ b/vendor/github.com/valyala/gozstd/libzstd_illumos_amd64.go
@@ -0,0 +1,6 @@
+package gozstd
+
+/*
+#cgo LDFLAGS: ${SRCDIR}/libzstd_illumos_amd64.a
+*/
+import "C"
diff --git a/vendor/github.com/valyala/gozstd/libzstd_linux_arm.a b/vendor/github.com/valyala/gozstd/libzstd_linux_arm.a
index 6ecca1de0..527b393c0 100644
Binary files a/vendor/github.com/valyala/gozstd/libzstd_linux_arm.a and b/vendor/github.com/valyala/gozstd/libzstd_linux_arm.a differ
diff --git a/vendor/github.com/valyala/gozstd/libzstd_linux_arm64.a b/vendor/github.com/valyala/gozstd/libzstd_linux_arm64.a
index af70e8e1c..6b4439dfe 100644
Binary files a/vendor/github.com/valyala/gozstd/libzstd_linux_arm64.a and b/vendor/github.com/valyala/gozstd/libzstd_linux_arm64.a differ
diff --git a/vendor/github.com/valyala/gozstd/libzstd_linux_musl_amd64.a b/vendor/github.com/valyala/gozstd/libzstd_linux_musl_amd64.a
index 9efa3a11e..0a42810f3 100644
Binary files a/vendor/github.com/valyala/gozstd/libzstd_linux_musl_amd64.a and b/vendor/github.com/valyala/gozstd/libzstd_linux_musl_amd64.a differ
diff --git a/vendor/github.com/valyala/gozstd/libzstd_linux_musl_arm64.a b/vendor/github.com/valyala/gozstd/libzstd_linux_musl_arm64.a
index efcbce913..6b4439dfe 100644
Binary files a/vendor/github.com/valyala/gozstd/libzstd_linux_musl_arm64.a and b/vendor/github.com/valyala/gozstd/libzstd_linux_musl_arm64.a differ
diff --git a/vendor/github.com/valyala/gozstd/libzstd_windows_amd64.a b/vendor/github.com/valyala/gozstd/libzstd_windows_amd64.a
index 81a185fcd..c3af82dcf 100644
Binary files a/vendor/github.com/valyala/gozstd/libzstd_windows_amd64.a and b/vendor/github.com/valyala/gozstd/libzstd_windows_amd64.a differ
diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go
index d92aecc0a..f2f20e3b9 100644
--- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go
+++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/handler.go
@@ -24,7 +24,6 @@ import (
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/metric"
-	"go.opentelemetry.io/otel/metric/instrument"
 	"go.opentelemetry.io/otel/propagation"
 	semconv "go.opentelemetry.io/otel/semconv/v1.17.0"
 	"go.opentelemetry.io/otel/semconv/v1.17.0/httpconv"
@@ -50,8 +49,8 @@ type Handler struct {
 	writeEvent        bool
 	filters           []Filter
 	spanNameFormatter func(string, *http.Request) string
-	counters          map[string]instrument.Int64Counter
-	valueRecorders    map[string]instrument.Float64Histogram
+	counters          map[string]metric.Int64Counter
+	valueRecorders    map[string]metric.Float64Histogram
 	publicEndpoint    bool
 	publicEndpointFn  func(*http.Request) bool
 }
@@ -101,8 +100,8 @@ func handleErr(err error) {
 }
 
 func (h *Handler) createMeasures() {
-	h.counters = make(map[string]instrument.Int64Counter)
-	h.valueRecorders = make(map[string]instrument.Float64Histogram)
+	h.counters = make(map[string]metric.Int64Counter)
+	h.valueRecorders = make(map[string]metric.Float64Histogram)
 
 	requestBytesCounter, err := h.meter.Int64Counter(RequestContentLength)
 	handleErr(err)
@@ -219,13 +218,14 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	if rww.statusCode > 0 {
 		attributes = append(attributes, semconv.HTTPStatusCode(rww.statusCode))
 	}
-	h.counters[RequestContentLength].Add(ctx, bw.read, attributes...)
-	h.counters[ResponseContentLength].Add(ctx, rww.written, attributes...)
+	o := metric.WithAttributes(attributes...)
+	h.counters[RequestContentLength].Add(ctx, bw.read, o)
+	h.counters[ResponseContentLength].Add(ctx, rww.written, o)
 
 	// Use floating point division here for higher precision (instead of Millisecond method).
 	elapsedTime := float64(time.Since(requestStartTime)) / float64(time.Millisecond)
 
-	h.valueRecorders[ServerLatency].Record(ctx, elapsedTime, attributes...)
+	h.valueRecorders[ServerLatency].Record(ctx, elapsedTime, o)
 }
 
 func setAfterServeAttributes(span trace.Span, read, wrote int64, statusCode int, rerr, werr error) {
diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go
index 8a55855b9..022c7cd0a 100644
--- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go
+++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go
@@ -16,7 +16,7 @@ package otelhttp // import "go.opentelemetry.io/contrib/instrumentation/net/http
 
 // Version is the current release version of the otelhttp instrumentation.
 func Version() string {
-	return "0.40.0"
+	return "0.41.1"
 	// This string is updated by the pre_release.sh script during release
 }
 
diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/wrap.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/wrap.go
index da6468c4e..11a35ed16 100644
--- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/wrap.go
+++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/wrap.go
@@ -50,7 +50,7 @@ func (w *bodyWrapper) Close() error {
 var _ http.ResponseWriter = &respWriterWrapper{}
 
 // respWriterWrapper wraps a http.ResponseWriter in order to track the number of
-// bytes written, the last error, and to catch the returned statusCode
+// bytes written, the last error, and to catch the first written statusCode.
 // TODO: The wrapped http.ResponseWriter doesn't implement any of the optional
 // types (http.Hijacker, http.Pusher, http.CloseNotifier, http.Flusher, etc)
 // that may be useful when using it in real life situations.
@@ -85,11 +85,15 @@ func (w *respWriterWrapper) Write(p []byte) (int, error) {
 	return n, err
 }
 
+// WriteHeader persists initial statusCode for span attribution.
+// All calls to WriteHeader will be propagated to the underlying ResponseWriter
+// and will persist the statusCode from the first call.
+// Blocking consecutive calls to WriteHeader alters expected behavior and will
+// remove warning logs from net/http where developers will notice incorrect handler implementations.
 func (w *respWriterWrapper) WriteHeader(statusCode int) {
-	if w.wroteHeader {
-		return
+	if !w.wroteHeader {
+		w.wroteHeader = true
+		w.statusCode = statusCode
 	}
-	w.wroteHeader = true
-	w.statusCode = statusCode
 	w.ResponseWriter.WriteHeader(statusCode)
 }
diff --git a/vendor/go.opentelemetry.io/otel/.gitignore b/vendor/go.opentelemetry.io/otel/.gitignore
index 0b605b3d6..cf29d10a7 100644
--- a/vendor/go.opentelemetry.io/otel/.gitignore
+++ b/vendor/go.opentelemetry.io/otel/.gitignore
@@ -7,6 +7,8 @@ Thumbs.db
 *.iml
 *.so
 coverage.*
+go.work
+go.work.sum
 
 gen/
 
diff --git a/vendor/go.opentelemetry.io/otel/.golangci.yml b/vendor/go.opentelemetry.io/otel/.golangci.yml
index 0f099f575..e28904f6a 100644
--- a/vendor/go.opentelemetry.io/otel/.golangci.yml
+++ b/vendor/go.opentelemetry.io/otel/.golangci.yml
@@ -85,6 +85,8 @@ linters-settings:
           - "**/internal/matchers/*.go"
   godot:
     exclude:
+      # Exclude links.
+      - '^ *\[[^]]+\]:'
       # Exclude sentence fragments for lists.
       - '^[ ]*[-•]'
       # Exclude sentences prefixing a list.
diff --git a/vendor/go.opentelemetry.io/otel/CHANGELOG.md b/vendor/go.opentelemetry.io/otel/CHANGELOG.md
index 1d9726f60..7630a4f33 100644
--- a/vendor/go.opentelemetry.io/otel/CHANGELOG.md
+++ b/vendor/go.opentelemetry.io/otel/CHANGELOG.md
@@ -8,6 +8,147 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 ## [Unreleased]
 
+## [1.15.1/0.38.1] 2023-05-02
+
+### Fixed
+
+- Remove unused imports from `sdk/resource/host_id_bsd.go` which caused build failures. (#4040, #4041)
+
+## [1.15.0/0.38.0] 2023-04-27
+
+### Added
+
+- The `go.opentelemetry.io/otel/metric/embedded` package. (#3916)
+- The `Version` function to `go.opentelemetry.io/otel/sdk` to return the SDK version. (#3949)
+- Add a `WithNamespace` option to `go.opentelemetry.io/otel/exporters/prometheus` to allow users to prefix metrics with a namespace. (#3970)
+- The following configuration types were added to `go.opentelemetry.io/otel/metric/instrument` to be used in the configuration of measurement methods. (#3971)
+  - The `AddConfig` used to hold configuration for addition measurements
+    - `NewAddConfig` used to create a new `AddConfig`
+    - `AddOption` used to configure an `AddConfig`
+  - The `RecordConfig` used to hold configuration for recorded measurements
+    - `NewRecordConfig` used to create a new `RecordConfig`
+    - `RecordOption` used to configure a `RecordConfig`
+  - The `ObserveConfig` used to hold configuration for observed measurements
+    - `NewObserveConfig` used to create a new `ObserveConfig`
+    - `ObserveOption` used to configure an `ObserveConfig`
+- `WithAttributeSet` and `WithAttributes` are added to `go.opentelemetry.io/otel/metric/instrument`.
+  They return an option used during a measurement that defines the attribute Set associated with the measurement. (#3971)
+- The `Version` function to `go.opentelemetry.io/otel/exporters/otlp/otlpmetric` to return the OTLP metrics client version. (#3956)
+- The `Version` function to `go.opentelemetry.io/otel/exporters/otlp/otlptrace` to return the OTLP trace client version. (#3956)
+
+### Changed
+
+- The `Extrema` in `go.opentelemetry.io/otel/sdk/metric/metricdata` is redefined with a generic argument of `[N int64 | float64]`. (#3870)
+- Update all exported interfaces from `go.opentelemetry.io/otel/metric` to embed their corresponding interface from `go.opentelemetry.io/otel/metric/embedded`.
+  This adds an implementation requirement to set the interface default behavior for unimplemented methods. (#3916)
+- Move No-Op implementation from `go.opentelemetry.io/otel/metric` into its own package `go.opentelemetry.io/otel/metric/noop`. (#3941)
+  - `metric.NewNoopMeterProvider` is replaced with `noop.NewMeterProvider`
+- Add all the methods from `"go.opentelemetry.io/otel/trace".SpanContext` to `bridgeSpanContext` by embedding `otel.SpanContext` in `bridgeSpanContext`. (#3966)
+- Wrap `UploadMetrics` error in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/` to improve error message when encountering generic grpc errors. (#3974)
+- The measurement methods for all instruments in `go.opentelemetry.io/otel/metric/instrument` accept an option instead of the variadic `"go.opentelemetry.io/otel/attribute".KeyValue`. (#3971)
+  - The `Int64Counter.Add` method now accepts `...AddOption`
+  - The `Float64Counter.Add` method now accepts `...AddOption`
+  - The `Int64UpDownCounter.Add` method now accepts `...AddOption`
+  - The `Float64UpDownCounter.Add` method now accepts `...AddOption`
+  - The `Int64Histogram.Record` method now accepts `...RecordOption`
+  - The `Float64Histogram.Record` method now accepts `...RecordOption`
+  - The `Int64Observer.Observe` method now accepts `...ObserveOption`
+  - The `Float64Observer.Observe` method now accepts `...ObserveOption`
+- The `Observer` methods in `go.opentelemetry.io/otel/metric` accept an option instead of the variadic `"go.opentelemetry.io/otel/attribute".KeyValue`. (#3971)
+  - The `Observer.ObserveInt64` method now accepts `...ObserveOption`
+  - The `Observer.ObserveFloat64` method now accepts `...ObserveOption`
+- Move global metric back to `go.opentelemetry.io/otel/metric/global` from `go.opentelemetry.io/otel`. (#3986)
+
+### Fixed
+
+- `TracerProvider` allows calling `Tracer()` while it's shutting down.
+  It used to deadlock. (#3924)
+- Use the SDK version for the Telemetry SDK resource detector in `go.opentelemetry.io/otel/sdk/resource`. (#3949)
+- Fix a data race in `SpanProcessor` returned by `NewSimpleSpanProcessor` in `go.opentelemetry.io/otel/sdk/trace`. (#3951)
+- Automatically figure out the default aggregation with `aggregation.Default`. (#3967)
+
+### Deprecated
+
+- The `go.opentelemetry.io/otel/metric/instrument` package is deprecated.
+  Use the equivalent types added to `go.opentelemetry.io/otel/metric` instead. (#4018)
+
+## [1.15.0-rc.2/0.38.0-rc.2] 2023-03-23
+
+This is a release candidate for the v1.15.0/v0.38.0 release.
+That release will include the `v1` release of the OpenTelemetry Go metric API and will provide stability guarantees of that API.
+See our [versioning policy](VERSIONING.md) for more information about these stability guarantees.
+
+### Added
+
+- The `WithHostID` option to `go.opentelemetry.io/otel/sdk/resource`. (#3812)
+- The `WithoutTimestamps` option to `go.opentelemetry.io/otel/exporters/stdout/stdoutmetric` to sets all timestamps to zero. (#3828)
+- The new `Exemplar` type is added to `go.opentelemetry.io/otel/sdk/metric/metricdata`.
+  Both the `DataPoint` and `HistogramDataPoint` types from that package have a new field of `Exemplars` containing the sampled exemplars for their timeseries. (#3849)
+- Configuration for each metric instrument in `go.opentelemetry.io/otel/sdk/metric/instrument`. (#3895)
+- The internal logging introduces a warning level verbosity equal to `V(1)`. (#3900)
+- Added a log message warning about usage of `SimpleSpanProcessor` in production environments. (#3854)
+
+### Changed
+
+- Optimize memory allocation when creation a new `Set` using `NewSet` or `NewSetWithFiltered` in `go.opentelemetry.io/otel/attribute`. (#3832)
+- Optimize memory allocation when creation new metric instruments in `go.opentelemetry.io/otel/sdk/metric`. (#3832)
+- Avoid creating new objects on all calls to `WithDeferredSetup` and `SkipContextSetup` in OpenTracing bridge. (#3833)
+- The `New` and `Detect` functions from `go.opentelemetry.io/otel/sdk/resource` return errors that wrap underlying errors instead of just containing the underlying error strings. (#3844)
+- Both the `Histogram` and `HistogramDataPoint` are redefined with a generic argument of `[N int64 | float64]` in `go.opentelemetry.io/otel/sdk/metric/metricdata`. (#3849)
+- The metric `Export` interface from `go.opentelemetry.io/otel/sdk/metric` accepts a `*ResourceMetrics` instead of `ResourceMetrics`. (#3853)
+- Rename `Asynchronous` to `Observable` in `go.opentelemetry.io/otel/metric/instrument`. (#3892)
+- Rename `Int64ObserverOption` to `Int64ObservableOption` in `go.opentelemetry.io/otel/metric/instrument`. (#3895)
+- Rename `Float64ObserverOption` to `Float64ObservableOption` in `go.opentelemetry.io/otel/metric/instrument`. (#3895)
+- The internal logging changes the verbosity level of info to `V(4)`, the verbosity level of debug to `V(8)`. (#3900)
+
+### Fixed
+
+- `TracerProvider` consistently doesn't allow to register a `SpanProcessor` after shutdown. (#3845)
+
+### Removed
+
+- The deprecated `go.opentelemetry.io/otel/metric/global` package is removed. (#3829)
+- The unneeded `Synchronous` interface in `go.opentelemetry.io/otel/metric/instrument` was removed. (#3892)
+- The `Float64ObserverConfig` and `NewFloat64ObserverConfig` in `go.opentelemetry.io/otel/sdk/metric/instrument`.
+  Use the added `float64` instrument configuration instead. (#3895)
+- The `Int64ObserverConfig` and `NewInt64ObserverConfig` in `go.opentelemetry.io/otel/sdk/metric/instrument`.
+  Use the added `int64` instrument configuration instead. (#3895)
+- The `NewNoopMeter` function in `go.opentelemetry.io/otel/metric`, use `NewMeterProvider().Meter("")` instead. (#3893)
+
+## [1.15.0-rc.1/0.38.0-rc.1] 2023-03-01
+
+This is a release candidate for the v1.15.0/v0.38.0 release.
+That release will include the `v1` release of the OpenTelemetry Go metric API and will provide stability guarantees of that API.
+See our [versioning policy](VERSIONING.md) for more information about these stability guarantees.
+
+This release drops the compatibility guarantee of [Go 1.18].
+
+### Added
+
+- Support global `MeterProvider` in `go.opentelemetry.io/otel`. (#3818)
+  - Use `Meter` for a `metric.Meter` from the global `metric.MeterProvider`.
+  - Use `GetMeterProivder` for a global `metric.MeterProvider`.
+  - Use `SetMeterProivder` to set the global `metric.MeterProvider`.
+
+### Changed
+
+- Dropped compatibility testing for [Go 1.18].
+  The project no longer guarantees support for this version of Go. (#3813)
+
+### Fixed
+
+- Handle empty environment variable as it they were not set. (#3764)
+- Clarify the `httpconv` and `netconv` packages in `go.opentelemetry.io/otel/semconv/*` provide tracing semantic conventions. (#3823)
+
+### Deprecated
+
+- The `go.opentelemetry.io/otel/metric/global` package is deprecated.
+  Use `go.opentelemetry.io/otel` instead. (#3818)
+
+### Removed
+
+- The deprecated `go.opentelemetry.io/otel/metric/unit` package is removed. (#3814)
+
 ## [1.14.0/0.37.0/0.0.4] 2023-02-27
 
 This release is the last to support [Go 1.18].
@@ -121,7 +262,7 @@ The next release will require at least [Go 1.19].
 - The `go.opentelemetry.io/otel/semconv/v1.16.0` package.
   The package contains semantic conventions from the `v1.16.0` version of the OpenTelemetry specification. (#3579)
 - Metric instruments to `go.opentelemetry.io/otel/metric/instrument`.
-  These instruments are use as replacements of the depreacted `go.opentelemetry.io/otel/metric/instrument/{asyncfloat64,asyncint64,syncfloat64,syncint64}` packages.(#3575, #3586)
+  These instruments are use as replacements of the deprecated `go.opentelemetry.io/otel/metric/instrument/{asyncfloat64,asyncint64,syncfloat64,syncint64}` packages.(#3575, #3586)
   - `Float64ObservableCounter` replaces the `asyncfloat64.Counter`
   - `Float64ObservableUpDownCounter` replaces the `asyncfloat64.UpDownCounter`
   - `Float64ObservableGauge` replaces the `asyncfloat64.Gauge`
@@ -144,7 +285,7 @@ The next release will require at least [Go 1.19].
 ### Changed
 
 - Jaeger and Zipkin exporter use `github.com/go-logr/logr` as the logging interface, and add the `WithLogr` option. (#3497, #3500)
-- Instrument configuration in `go.opentelemetry.io/otel/metric/instrument` is split into specific options and confguration based on the instrument type. (#3507)
+- Instrument configuration in `go.opentelemetry.io/otel/metric/instrument` is split into specific options and configuration based on the instrument type. (#3507)
   - Use the added `Int64Option` type to configure instruments from `go.opentelemetry.io/otel/metric/instrument/syncint64`.
   - Use the added `Float64Option` type to configure instruments from `go.opentelemetry.io/otel/metric/instrument/syncfloat64`.
   - Use the added `Int64ObserverOption` type to configure instruments from `go.opentelemetry.io/otel/metric/instrument/asyncint64`.
@@ -157,7 +298,7 @@ The next release will require at least [Go 1.19].
 - The `Shutdown` method of the `"go.opentelemetry.io/otel/sdk/trace".TracerProvider` releases all computational resources when called the first time. (#3551)
 - The `Sampler` returned from `TraceIDRatioBased` `go.opentelemetry.io/otel/sdk/trace` now uses the rightmost bits for sampling decisions.
   This fixes random sampling when using ID generators like `xray.IDGenerator` and increasing parity with other language implementations. (#3557)
-- Errors from `go.opentelemetry.io/otel/exporters/otlp/otlptrace` exporters are wrapped in erros identifying their signal name.
+- Errors from `go.opentelemetry.io/otel/exporters/otlp/otlptrace` exporters are wrapped in errors identifying their signal name.
   Existing users of the exporters attempting to identify specific errors will need to use `errors.Unwrap()` to get the underlying error. (#3516)
 - Exporters from `go.opentelemetry.io/otel/exporters/otlp` will print the final retryable error message when attempts to retry time out. (#3514)
 - The instrument kind names in `go.opentelemetry.io/otel/sdk/metric` are updated to match the API. (#3562)
@@ -266,7 +407,7 @@ The next release will require at least [Go 1.19].
 - Asynchronous counters (`Counter` and `UpDownCounter`) from the metric SDK now produce delta sums when configured with delta temporality. (#3398)
 - Exported `Status` codes in the `go.opentelemetry.io/otel/exporters/zipkin` exporter are now exported as all upper case values. (#3340)
 - `Aggregation`s from `go.opentelemetry.io/otel/sdk/metric` with no data are not exported. (#3394, #3436)
-- Reenabled Attribute Filters in the Metric SDK. (#3396)
+- Re-enabled Attribute Filters in the Metric SDK. (#3396)
 - Asynchronous callbacks are only called if they are registered with at least one instrument that does not use drop aggragation. (#3408)
 - Do not report empty partial-success responses in the `go.opentelemetry.io/otel/exporters/otlp` exporters. (#3438, #3432)
 - Handle partial success responses in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric` exporters. (#3162, #3440)
@@ -847,7 +988,7 @@ This release includes an API and SDK for the tracing signal that will comply wit
 - Setting the global `ErrorHandler` with `"go.opentelemetry.io/otel".SetErrorHandler` multiple times is now supported. (#2160, #2140)
 - The `"go.opentelemetry.io/otel/attribute".Any` function now supports `int32` values. (#2169)
 - Multiple calls to `"go.opentelemetry.io/otel/sdk/metric/controller/basic".WithResource()` are handled correctly, and when no resources are provided `"go.opentelemetry.io/otel/sdk/resource".Default()` is used. (#2120)
-- The `WithoutTimestamps` option for the `go.opentelemetry.io/otel/exporters/stdout/stdouttrace` exporter causes the exporter to correctly ommit timestamps. (#2195)
+- The `WithoutTimestamps` option for the `go.opentelemetry.io/otel/exporters/stdout/stdouttrace` exporter causes the exporter to correctly omit timestamps. (#2195)
 - Fixed typos in resources.go. (#2201)
 
 ## [1.0.0-RC2] - 2021-07-26
@@ -1293,7 +1434,7 @@ with major version 0.
 - `NewGRPCDriver` function returns a `ProtocolDriver` that maintains a single gRPC connection to the collector. (#1369)
 - Added documentation about the project's versioning policy. (#1388)
 - Added `NewSplitDriver` for OTLP exporter that allows sending traces and metrics to different endpoints. (#1418)
-- Added codeql worfklow to GitHub Actions (#1428)
+- Added codeql workflow to GitHub Actions (#1428)
 - Added Gosec workflow to GitHub Actions (#1429)
 - Add new HTTP driver for OTLP exporter in `exporters/otlp/otlphttp`. Currently it only supports the binary protobuf payloads. (#1420)
 - Add an OpenCensus exporter bridge. (#1444)
@@ -2136,7 +2277,7 @@ There is still a possibility of breaking changes.
 
 ### Fixed
 
-- Use stateful batcher on Prometheus exporter fixing regresion introduced in #395. (#428)
+- Use stateful batcher on Prometheus exporter fixing regression introduced in #395. (#428)
 
 ## [0.2.1] - 2020-01-08
 
@@ -2302,7 +2443,11 @@ It contains api and sdk for trace and meter.
 - CircleCI build CI manifest files.
 - CODEOWNERS file to track owners of this project.
 
-[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.14.0...HEAD
+[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.15.1...HEAD
+[1.15.1/0.38.1]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.15.1
+[1.15.0/0.38.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.15.0
+[1.15.0-rc.2/0.38.0-rc.2]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.15.0-rc.2
+[1.15.0-rc.1/0.38.0-rc.1]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.15.0-rc.1
 [1.14.0/0.37.0/0.0.4]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.14.0
 [1.13.0/0.36.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.13.0
 [1.12.0/0.35.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.12.0
diff --git a/vendor/go.opentelemetry.io/otel/CODEOWNERS b/vendor/go.opentelemetry.io/otel/CODEOWNERS
index c4012ed6c..f6f6a313b 100644
--- a/vendor/go.opentelemetry.io/otel/CODEOWNERS
+++ b/vendor/go.opentelemetry.io/otel/CODEOWNERS
@@ -12,6 +12,6 @@
 #  https://help.github.com/en/articles/about-code-owners
 #
 
-* @jmacd @MrAlias @Aneurysm9 @evantorrie @XSAM @dashpole @MadVikingGod @pellared @hanyuancheung @dmathieu
+* @MrAlias @Aneurysm9 @evantorrie @XSAM @dashpole @MadVikingGod @pellared @hanyuancheung @dmathieu
 
 CODEOWNERS @MrAlias @Aneurysm9 @MadVikingGod
diff --git a/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md b/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
index a6928bfdf..f521d6543 100644
--- a/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
+++ b/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
@@ -6,7 +6,7 @@ OpenTelemetry
 repo for information on this and other language SIGs.
 
 See the [public meeting
-notes](https://docs.google.com/document/d/1A63zSWX0x2CyCK_LoNhmQC4rqhLpYXJzXbEPDUQ2n6w/edit#heading=h.9tngw7jdwd6b)
+notes](https://docs.google.com/document/d/1E5e7Ld0NuU1iVvf-42tOBpu2VBBLYnh73GJuITGJTTU/edit)
 for a summary description of past meetings. To request edit access,
 join the meeting or get in touch on
 [Slack](https://cloud-native.slack.com/archives/C01NPAXACKT).
@@ -94,30 +94,58 @@ request ID to the entry you added to `CHANGELOG.md`.
 
 ### How to Get PRs Merged
 
-A PR is considered to be **ready to merge** when:
+A PR is considered **ready to merge** when:
 
-* It has received two approvals from Collaborators/Maintainers (at
-  different companies). This is not enforced through technical means
-  and a PR may be **ready to merge** with a single approval if the change
-  and its approach have been discussed and consensus reached.
-* Feedback has been addressed.
-* Any substantive changes to your PR will require that you clear any prior
-  Approval reviews, this includes changes resulting from other feedback. Unless
-  the approver explicitly stated that their approval will persist across
-  changes it should be assumed that the PR needs their review again. Other
-  project members (e.g. approvers, maintainers) can help with this if there are
-  any questions or if you forget to clear reviews.
-* It has been open for review for at least one working day. This gives
-  people reasonable time to review.
-* Trivial changes (typo, cosmetic, doc, etc.) do not have to wait for
-  one day and may be merged with a single Maintainer's approval.
-* `CHANGELOG.md` has been updated to reflect what has been
-  added, changed, removed, or fixed.
-* `README.md` has been updated if necessary.
-* Urgent fix can take exception as long as it has been actively
-  communicated.
+* It has received two qualified approvals[^1].
 
-Any Maintainer can merge the PR once it is **ready to merge**.
+  This is not enforced through automation, but needs to be validated by the
+  maintainer merging.
+  * The qualified approvals need to be from [Approver]s/[Maintainer]s
+    affiliated with different companies. Two qualified approvals from
+    [Approver]s or [Maintainer]s affiliated with the same company counts as a
+    single qualified approval.
+  * PRs introducing changes that have already been discussed and consensus
+    reached only need one qualified approval. The discussion and resolution
+    needs to be linked to the PR.
+  * Trivial changes[^2] only need one qualified approval.
+
+* All feedback has been addressed.
+  * All PR comments and suggestions are resolved.
+  * All GitHub Pull Request reviews with a status of "Request changes" have
+    been addressed. Another review by the objecting reviewer with a different
+    status can be submitted to clear the original review, or the review can be
+    dismissed by a [Maintainer] when the issues from the original review have
+    been addressed.
+  * Any comments or reviews that cannot be resolved between the PR author and
+    reviewers can be submitted to the community [Approver]s and [Maintainer]s
+    during the weekly SIG meeting. If consensus is reached among the
+    [Approver]s and [Maintainer]s during the SIG meeting the objections to the
+    PR may be dismissed or resolved or the PR closed by a [Maintainer].
+  * Any substantive changes to the PR require existing Approval reviews be
+    cleared unless the approver explicitly states that their approval persists
+    across changes. This includes changes resulting from other feedback.
+    [Approver]s and [Maintainer]s can help in clearing reviews and they should
+    be consulted if there are any questions.
+
+* The PR branch is up to date with the base branch it is merging into.
+  * To ensure this does not block the PR, it should be configured to allow
+    maintainers to update it.
+
+* It has been open for review for at least one working day. This gives people
+  reasonable time to review.
+  * Trivial changes[^2] do not have to wait for one day and may be merged with
+    a single [Maintainer]'s approval.
+
+* All required GitHub workflows have succeeded.
+* Urgent fix can take exception as long as it has been actively communicated
+  among [Maintainer]s.
+
+Any [Maintainer] can merge the PR once the above criteria have been met.
+
+[^1]: A qualified approval is a GitHub Pull Request review with "Approve"
+  status from an OpenTelemetry Go [Approver] or [Maintainer].
+[^2]: Trivial changes include: typo corrections, cosmetic non-substantive
+  changes, documentation corrections or updates, dependency updates, etc.
 
 ## Design Choices
 
@@ -216,7 +244,7 @@ Meaning a `config` from one package should not be directly used by another. The
 one exception is the API packages.  The configs from the base API, eg.
 `go.opentelemetry.io/otel/trace.TracerConfig` and
 `go.opentelemetry.io/otel/metric.InstrumentConfig`, are intended to be consumed
-by the SDK therefor it is expected that these are exported.
+by the SDK therefore it is expected that these are exported.
 
 When a config is exported we want to maintain forward and backward
 compatibility, to achieve this no fields should be exported but should
@@ -234,12 +262,12 @@ func newConfig(options ...Option) config {
 	for _, option := range options {
 		config = option.apply(config)
 	}
-	// Preform any validation here.
+	// Perform any validation here.
 	return config
 }
 ```
 
-If validation of the `config` options is also preformed this can return an
+If validation of the `config` options is also performed this can return an
 error as well that is expected to be handled by the instantiation function
 or propagated to the user.
 
@@ -438,7 +466,7 @@ their parameters appropriately named.
 #### Interface Stability
 
 All exported stable interfaces that include the following warning in their
-doumentation are allowed to be extended with additional methods.
+documentation are allowed to be extended with additional methods.
 
 > Warning: methods may be added to this interface in minor releases.
 
@@ -500,27 +528,30 @@ interface that defines the specific functionality should be preferred.
 
 ## Approvers and Maintainers
 
-Approvers:
+### Approvers
 
 - [Evan Torrie](https://github.com/evantorrie), Verizon Media
-- [Josh MacDonald](https://github.com/jmacd), LightStep
 - [Sam Xie](https://github.com/XSAM), Cisco/AppDynamics
 - [David Ashpole](https://github.com/dashpole), Google
 - [Robert Pająk](https://github.com/pellared), Splunk
 - [Chester Cheung](https://github.com/hanyuancheung), Tencent
 - [Damien Mathieu](https://github.com/dmathieu), Elastic
 
-Maintainers:
+### Maintainers
 
 - [Aaron Clawson](https://github.com/MadVikingGod), LightStep
 - [Anthony Mirabella](https://github.com/Aneurysm9), AWS
 - [Tyler Yahn](https://github.com/MrAlias), Splunk
 
-Emeritus:
+### Emeritus
 
 - [Gustavo Silva Paiva](https://github.com/paivagustavo), LightStep
+- [Josh MacDonald](https://github.com/jmacd), LightStep
 
 ### Become an Approver or a Maintainer
 
 See the [community membership document in OpenTelemetry community
 repo](https://github.com/open-telemetry/community/blob/main/community-membership.md).
+
+[Approver]: #approvers
+[Maintainer]: #maintainers
diff --git a/vendor/go.opentelemetry.io/otel/Makefile b/vendor/go.opentelemetry.io/otel/Makefile
index 0e6ffa284..91ead91b4 100644
--- a/vendor/go.opentelemetry.io/otel/Makefile
+++ b/vendor/go.opentelemetry.io/otel/Makefile
@@ -156,7 +156,7 @@ go-mod-tidy/%: DIR=$*
 go-mod-tidy/%: | crosslink
 	@echo "$(GO) mod tidy in $(DIR)" \
 		&& cd $(DIR) \
-		&& $(GO) mod tidy -compat=1.18
+		&& $(GO) mod tidy -compat=1.19
 
 .PHONY: lint-modules
 lint-modules: go-mod-tidy
diff --git a/vendor/go.opentelemetry.io/otel/README.md b/vendor/go.opentelemetry.io/otel/README.md
index 878d87e58..e138a8a07 100644
--- a/vendor/go.opentelemetry.io/otel/README.md
+++ b/vendor/go.opentelemetry.io/otel/README.md
@@ -14,7 +14,7 @@ It provides a set of APIs to directly measure performance and behavior of your s
 | Signal  | Status     | Project |
 | ------- | ---------- | ------- |
 | Traces  | Stable     | N/A     |
-| Metrics | Alpha      | N/A     |
+| Metrics | Beta       | N/A     |
 | Logs    | Frozen [1] | N/A     |
 
 - [1]: The Logs signal development is halted for this project while we develop both Traces and Metrics.
@@ -52,19 +52,14 @@ Currently, this project supports the following environments.
 | ------- | ---------- | ------------ |
 | Ubuntu  | 1.20       | amd64        |
 | Ubuntu  | 1.19       | amd64        |
-| Ubuntu  | 1.18       | amd64        |
 | Ubuntu  | 1.20       | 386          |
 | Ubuntu  | 1.19       | 386          |
-| Ubuntu  | 1.18       | 386          |
 | MacOS   | 1.20       | amd64        |
 | MacOS   | 1.19       | amd64        |
-| MacOS   | 1.18       | amd64        |
 | Windows | 1.20       | amd64        |
 | Windows | 1.19       | amd64        |
-| Windows | 1.18       | amd64        |
 | Windows | 1.20       | 386          |
 | Windows | 1.19       | 386          |
-| Windows | 1.18       | 386          |
 
 While this project should work for other systems, no compatibility guarantees
 are made for those systems currently.
diff --git a/vendor/go.opentelemetry.io/otel/attribute/set.go b/vendor/go.opentelemetry.io/otel/attribute/set.go
index 26be59832..b976367e4 100644
--- a/vendor/go.opentelemetry.io/otel/attribute/set.go
+++ b/vendor/go.opentelemetry.io/otel/attribute/set.go
@@ -18,6 +18,7 @@ import (
 	"encoding/json"
 	"reflect"
 	"sort"
+	"sync"
 )
 
 type (
@@ -62,6 +63,12 @@ var (
 			iface: [0]KeyValue{},
 		},
 	}
+
+	// sortables is a pool of Sortables used to create Sets with a user does
+	// not provide one.
+	sortables = sync.Pool{
+		New: func() interface{} { return new(Sortable) },
+	}
 )
 
 // EmptySet returns a reference to a Set with no elements.
@@ -91,7 +98,7 @@ func (l *Set) Len() int {
 
 // Get returns the KeyValue at ordered position idx in this set.
 func (l *Set) Get(idx int) (KeyValue, bool) {
-	if l == nil {
+	if l == nil || !l.equivalent.Valid() {
 		return KeyValue{}, false
 	}
 	value := l.equivalent.reflectValue()
@@ -107,7 +114,7 @@ func (l *Set) Get(idx int) (KeyValue, bool) {
 
 // Value returns the value of a specified key in this set.
 func (l *Set) Value(k Key) (Value, bool) {
-	if l == nil {
+	if l == nil || !l.equivalent.Valid() {
 		return Value{}, false
 	}
 	rValue := l.equivalent.reflectValue()
@@ -191,7 +198,9 @@ func NewSet(kvs ...KeyValue) Set {
 	if len(kvs) == 0 {
 		return empty()
 	}
-	s, _ := NewSetWithSortableFiltered(kvs, new(Sortable), nil)
+	srt := sortables.Get().(*Sortable)
+	s, _ := NewSetWithSortableFiltered(kvs, srt, nil)
+	sortables.Put(srt)
 	return s
 }
 
@@ -218,7 +227,10 @@ func NewSetWithFiltered(kvs []KeyValue, filter Filter) (Set, []KeyValue) {
 	if len(kvs) == 0 {
 		return empty(), nil
 	}
-	return NewSetWithSortableFiltered(kvs, new(Sortable), filter)
+	srt := sortables.Get().(*Sortable)
+	s, filtered := NewSetWithSortableFiltered(kvs, srt, filter)
+	sortables.Put(srt)
+	return s, filtered
 }
 
 // NewSetWithSortableFiltered returns a new Set.
diff --git a/vendor/go.opentelemetry.io/otel/handler.go b/vendor/go.opentelemetry.io/otel/handler.go
index ecd363ab5..4115fe3bb 100644
--- a/vendor/go.opentelemetry.io/otel/handler.go
+++ b/vendor/go.opentelemetry.io/otel/handler.go
@@ -15,58 +15,16 @@
 package otel // import "go.opentelemetry.io/otel"
 
 import (
-	"log"
-	"os"
-	"sync/atomic"
-	"unsafe"
+	"go.opentelemetry.io/otel/internal/global"
 )
 
 var (
-	// globalErrorHandler provides an ErrorHandler that can be used
-	// throughout an OpenTelemetry instrumented project. When a user
-	// specified ErrorHandler is registered (`SetErrorHandler`) all calls to
-	// `Handle` and will be delegated to the registered ErrorHandler.
-	globalErrorHandler = defaultErrorHandler()
-
-	// Compile-time check that delegator implements ErrorHandler.
-	_ ErrorHandler = (*delegator)(nil)
-	// Compile-time check that errLogger implements ErrorHandler.
-	_ ErrorHandler = (*errLogger)(nil)
+	// Compile-time check global.ErrDelegator implements ErrorHandler.
+	_ ErrorHandler = (*global.ErrDelegator)(nil)
+	// Compile-time check global.ErrLogger implements ErrorHandler.
+	_ ErrorHandler = (*global.ErrLogger)(nil)
 )
 
-type delegator struct {
-	delegate unsafe.Pointer
-}
-
-func (d *delegator) Handle(err error) {
-	d.getDelegate().Handle(err)
-}
-
-func (d *delegator) getDelegate() ErrorHandler {
-	return *(*ErrorHandler)(atomic.LoadPointer(&d.delegate))
-}
-
-// setDelegate sets the ErrorHandler delegate.
-func (d *delegator) setDelegate(eh ErrorHandler) {
-	atomic.StorePointer(&d.delegate, unsafe.Pointer(&eh))
-}
-
-func defaultErrorHandler() *delegator {
-	d := &delegator{}
-	d.setDelegate(&errLogger{l: log.New(os.Stderr, "", log.LstdFlags)})
-	return d
-}
-
-// errLogger logs errors if no delegate is set, otherwise they are delegated.
-type errLogger struct {
-	l *log.Logger
-}
-
-// Handle logs err if no delegate is set, otherwise it is delegated.
-func (h *errLogger) Handle(err error) {
-	h.l.Print(err)
-}
-
 // GetErrorHandler returns the global ErrorHandler instance.
 //
 // The default ErrorHandler instance returned will log all errors to STDERR
@@ -76,9 +34,7 @@ func (h *errLogger) Handle(err error) {
 //
 // Subsequent calls to SetErrorHandler after the first will not forward errors
 // to the new ErrorHandler for prior returned instances.
-func GetErrorHandler() ErrorHandler {
-	return globalErrorHandler
-}
+func GetErrorHandler() ErrorHandler { return global.GetErrorHandler() }
 
 // SetErrorHandler sets the global ErrorHandler to h.
 //
@@ -86,11 +42,7 @@ func GetErrorHandler() ErrorHandler {
 // GetErrorHandler will send errors to h instead of the default logging
 // ErrorHandler. Subsequent calls will set the global ErrorHandler, but not
 // delegate errors to h.
-func SetErrorHandler(h ErrorHandler) {
-	globalErrorHandler.setDelegate(h)
-}
+func SetErrorHandler(h ErrorHandler) { global.SetErrorHandler(h) }
 
 // Handle is a convenience function for ErrorHandler().Handle(err).
-func Handle(err error) {
-	GetErrorHandler().Handle(err)
-}
+func Handle(err error) { global.Handle(err) }
diff --git a/vendor/go.opentelemetry.io/otel/internal/global/handler.go b/vendor/go.opentelemetry.io/otel/internal/global/handler.go
new file mode 100644
index 000000000..3dcd1caae
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/internal/global/handler.go
@@ -0,0 +1,103 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package global // import "go.opentelemetry.io/otel/internal/global"
+
+import (
+	"log"
+	"os"
+	"sync/atomic"
+	"unsafe"
+)
+
+var (
+	// GlobalErrorHandler provides an ErrorHandler that can be used
+	// throughout an OpenTelemetry instrumented project. When a user
+	// specified ErrorHandler is registered (`SetErrorHandler`) all calls to
+	// `Handle` and will be delegated to the registered ErrorHandler.
+	GlobalErrorHandler = defaultErrorHandler()
+
+	// Compile-time check that delegator implements ErrorHandler.
+	_ ErrorHandler = (*ErrDelegator)(nil)
+	// Compile-time check that errLogger implements ErrorHandler.
+	_ ErrorHandler = (*ErrLogger)(nil)
+)
+
+// ErrorHandler handles irremediable events.
+type ErrorHandler interface {
+	// Handle handles any error deemed irremediable by an OpenTelemetry
+	// component.
+	Handle(error)
+}
+
+type ErrDelegator struct {
+	delegate unsafe.Pointer
+}
+
+func (d *ErrDelegator) Handle(err error) {
+	d.getDelegate().Handle(err)
+}
+
+func (d *ErrDelegator) getDelegate() ErrorHandler {
+	return *(*ErrorHandler)(atomic.LoadPointer(&d.delegate))
+}
+
+// setDelegate sets the ErrorHandler delegate.
+func (d *ErrDelegator) setDelegate(eh ErrorHandler) {
+	atomic.StorePointer(&d.delegate, unsafe.Pointer(&eh))
+}
+
+func defaultErrorHandler() *ErrDelegator {
+	d := &ErrDelegator{}
+	d.setDelegate(&ErrLogger{l: log.New(os.Stderr, "", log.LstdFlags)})
+	return d
+}
+
+// ErrLogger logs errors if no delegate is set, otherwise they are delegated.
+type ErrLogger struct {
+	l *log.Logger
+}
+
+// Handle logs err if no delegate is set, otherwise it is delegated.
+func (h *ErrLogger) Handle(err error) {
+	h.l.Print(err)
+}
+
+// GetErrorHandler returns the global ErrorHandler instance.
+//
+// The default ErrorHandler instance returned will log all errors to STDERR
+// until an override ErrorHandler is set with SetErrorHandler. All
+// ErrorHandler returned prior to this will automatically forward errors to
+// the set instance instead of logging.
+//
+// Subsequent calls to SetErrorHandler after the first will not forward errors
+// to the new ErrorHandler for prior returned instances.
+func GetErrorHandler() ErrorHandler {
+	return GlobalErrorHandler
+}
+
+// SetErrorHandler sets the global ErrorHandler to h.
+//
+// The first time this is called all ErrorHandler previously returned from
+// GetErrorHandler will send errors to h instead of the default logging
+// ErrorHandler. Subsequent calls will set the global ErrorHandler, but not
+// delegate errors to h.
+func SetErrorHandler(h ErrorHandler) {
+	GlobalErrorHandler.setDelegate(h)
+}
+
+// Handle is a convenience function for ErrorHandler().Handle(err).
+func Handle(err error) {
+	GetErrorHandler().Handle(err)
+}
diff --git a/vendor/go.opentelemetry.io/otel/internal/global/internal_logging.go b/vendor/go.opentelemetry.io/otel/internal/global/internal_logging.go
index 293c08961..5951fd06d 100644
--- a/vendor/go.opentelemetry.io/otel/internal/global/internal_logging.go
+++ b/vendor/go.opentelemetry.io/otel/internal/global/internal_logging.go
@@ -24,7 +24,7 @@ import (
 	"github.com/go-logr/stdr"
 )
 
-// globalLogger is the logging interface used within the otel api and sdk provide deatails of the internals.
+// globalLogger is the logging interface used within the otel api and sdk provide details of the internals.
 //
 // The default logger uses stdr which is backed by the standard `log.Logger`
 // interface. This logger will only show messages at the Error Level.
@@ -36,8 +36,9 @@ func init() {
 
 // SetLogger overrides the globalLogger with l.
 //
-// To see Info messages use a logger with `l.V(1).Enabled() == true`
-// To see Debug messages use a logger with `l.V(5).Enabled() == true`.
+// To see Warn messages use a logger with `l.V(1).Enabled() == true`
+// To see Info messages use a logger with `l.V(4).Enabled() == true`
+// To see Debug messages use a logger with `l.V(8).Enabled() == true`.
 func SetLogger(l logr.Logger) {
 	atomic.StorePointer(&globalLogger, unsafe.Pointer(&l))
 }
@@ -47,9 +48,9 @@ func getLogger() logr.Logger {
 }
 
 // Info prints messages about the general state of the API or SDK.
-// This should usually be less then 5 messages a minute.
+// This should usually be less than 5 messages a minute.
 func Info(msg string, keysAndValues ...interface{}) {
-	getLogger().V(1).Info(msg, keysAndValues...)
+	getLogger().V(4).Info(msg, keysAndValues...)
 }
 
 // Error prints messages about exceptional states of the API or SDK.
@@ -59,5 +60,11 @@ func Error(err error, msg string, keysAndValues ...interface{}) {
 
 // Debug prints messages about all internal changes in the API or SDK.
 func Debug(msg string, keysAndValues ...interface{}) {
-	getLogger().V(5).Info(msg, keysAndValues...)
+	getLogger().V(8).Info(msg, keysAndValues...)
+}
+
+// Warn prints messages about warnings in the API or SDK.
+// Not an error but is likely more important than an informational event.
+func Warn(msg string, keysAndValues ...interface{}) {
+	getLogger().V(1).Info(msg, keysAndValues...)
 }
diff --git a/vendor/go.opentelemetry.io/otel/metric/asyncfloat64.go b/vendor/go.opentelemetry.io/otel/metric/asyncfloat64.go
new file mode 100644
index 000000000..e2ffb6738
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/metric/asyncfloat64.go
@@ -0,0 +1,258 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metric // import "go.opentelemetry.io/otel/metric"
+
+import (
+	"context"
+
+	"go.opentelemetry.io/otel/metric/embedded"
+)
+
+// Float64Observable describes a set of instruments used asynchronously to
+// record float64 measurements once per collection cycle. Observations of
+// these instruments are only made within a callback.
+//
+// Warning: Methods may be added to this interface in minor releases.
+type Float64Observable interface {
+	Observable
+
+	float64Observable()
+}
+
+// Float64ObservableCounter is an instrument used to asynchronously record
+// increasing float64 measurements once per collection cycle. Observations are
+// only made within a callback for this instrument. The value observed is
+// assumed the to be the cumulative sum of the count.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// [go.opentelemetry.io/otel/metric] package documentation on API
+// implementation for information on how to set default behavior for
+// unimplemented methods.
+type Float64ObservableCounter interface {
+	embedded.Float64ObservableCounter
+
+	Float64Observable
+}
+
+// Float64ObservableCounterConfig contains options for asynchronous counter
+// instruments that record int64 values.
+type Float64ObservableCounterConfig struct {
+	description string
+	unit        string
+	callbacks   []Float64Callback
+}
+
+// NewFloat64ObservableCounterConfig returns a new
+// [Float64ObservableCounterConfig] with all opts applied.
+func NewFloat64ObservableCounterConfig(opts ...Float64ObservableCounterOption) Float64ObservableCounterConfig {
+	var config Float64ObservableCounterConfig
+	for _, o := range opts {
+		config = o.applyFloat64ObservableCounter(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Float64ObservableCounterConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Float64ObservableCounterConfig) Unit() string {
+	return c.unit
+}
+
+// Callbacks returns the configured callbacks.
+func (c Float64ObservableCounterConfig) Callbacks() []Float64Callback {
+	return c.callbacks
+}
+
+// Float64ObservableCounterOption applies options to a
+// [Float64ObservableCounterConfig]. See [Float64ObservableOption] and [Option]
+// for other options that can be used as a Float64ObservableCounterOption.
+type Float64ObservableCounterOption interface {
+	applyFloat64ObservableCounter(Float64ObservableCounterConfig) Float64ObservableCounterConfig
+}
+
+// Float64ObservableUpDownCounter is an instrument used to asynchronously
+// record float64 measurements once per collection cycle. Observations are only
+// made within a callback for this instrument. The value observed is assumed
+// the to be the cumulative sum of the count.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// [go.opentelemetry.io/otel/metric] package documentation on API
+// implementation for information on how to set default behavior for
+// unimplemented methods.
+type Float64ObservableUpDownCounter interface {
+	embedded.Float64ObservableUpDownCounter
+
+	Float64Observable
+}
+
+// Float64ObservableUpDownCounterConfig contains options for asynchronous
+// counter instruments that record int64 values.
+type Float64ObservableUpDownCounterConfig struct {
+	description string
+	unit        string
+	callbacks   []Float64Callback
+}
+
+// NewFloat64ObservableUpDownCounterConfig returns a new
+// [Float64ObservableUpDownCounterConfig] with all opts applied.
+func NewFloat64ObservableUpDownCounterConfig(opts ...Float64ObservableUpDownCounterOption) Float64ObservableUpDownCounterConfig {
+	var config Float64ObservableUpDownCounterConfig
+	for _, o := range opts {
+		config = o.applyFloat64ObservableUpDownCounter(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Float64ObservableUpDownCounterConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Float64ObservableUpDownCounterConfig) Unit() string {
+	return c.unit
+}
+
+// Callbacks returns the configured callbacks.
+func (c Float64ObservableUpDownCounterConfig) Callbacks() []Float64Callback {
+	return c.callbacks
+}
+
+// Float64ObservableUpDownCounterOption applies options to a
+// [Float64ObservableUpDownCounterConfig]. See [Float64ObservableOption] and
+// [Option] for other options that can be used as a
+// Float64ObservableUpDownCounterOption.
+type Float64ObservableUpDownCounterOption interface {
+	applyFloat64ObservableUpDownCounter(Float64ObservableUpDownCounterConfig) Float64ObservableUpDownCounterConfig
+}
+
+// Float64ObservableGauge is an instrument used to asynchronously record
+// instantaneous float64 measurements once per collection cycle. Observations
+// are only made within a callback for this instrument.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// [go.opentelemetry.io/otel/metric] package documentation on API
+// implementation for information on how to set default behavior for
+// unimplemented methods.
+type Float64ObservableGauge interface {
+	embedded.Float64ObservableGauge
+
+	Float64Observable
+}
+
+// Float64ObservableGaugeConfig contains options for asynchronous counter
+// instruments that record int64 values.
+type Float64ObservableGaugeConfig struct {
+	description string
+	unit        string
+	callbacks   []Float64Callback
+}
+
+// NewFloat64ObservableGaugeConfig returns a new [Float64ObservableGaugeConfig]
+// with all opts applied.
+func NewFloat64ObservableGaugeConfig(opts ...Float64ObservableGaugeOption) Float64ObservableGaugeConfig {
+	var config Float64ObservableGaugeConfig
+	for _, o := range opts {
+		config = o.applyFloat64ObservableGauge(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Float64ObservableGaugeConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Float64ObservableGaugeConfig) Unit() string {
+	return c.unit
+}
+
+// Callbacks returns the configured callbacks.
+func (c Float64ObservableGaugeConfig) Callbacks() []Float64Callback {
+	return c.callbacks
+}
+
+// Float64ObservableGaugeOption applies options to a
+// [Float64ObservableGaugeConfig]. See [Float64ObservableOption] and
+// [Option] for other options that can be used as a
+// Float64ObservableGaugeOption.
+type Float64ObservableGaugeOption interface {
+	applyFloat64ObservableGauge(Float64ObservableGaugeConfig) Float64ObservableGaugeConfig
+}
+
+// Float64Observer is a recorder of float64 measurements.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// [go.opentelemetry.io/otel/metric] package documentation on API
+// implementation for information on how to set default behavior for
+// unimplemented methods.
+type Float64Observer interface {
+	embedded.Float64Observer
+
+	// Observe records the float64 value.
+	Observe(value float64, opts ...ObserveOption)
+}
+
+// Float64Callback is a function registered with a Meter that makes
+// observations for a Float64Observerable instrument it is registered with.
+// Calls to the Float64Observer record measurement values for the
+// Float64Observable.
+//
+// The function needs to complete in a finite amount of time and the deadline
+// of the passed context is expected to be honored.
+//
+// The function needs to make unique observations across all registered
+// Float64Callbacks. Meaning, it should not report measurements with the same
+// attributes as another Float64Callbacks also registered for the same
+// instrument.
+//
+// The function needs to be concurrent safe.
+type Float64Callback func(context.Context, Float64Observer) error
+
+// Float64ObservableOption applies options to float64 Observer instruments.
+type Float64ObservableOption interface {
+	Float64ObservableCounterOption
+	Float64ObservableUpDownCounterOption
+	Float64ObservableGaugeOption
+}
+
+type float64CallbackOpt struct {
+	cback Float64Callback
+}
+
+func (o float64CallbackOpt) applyFloat64ObservableCounter(cfg Float64ObservableCounterConfig) Float64ObservableCounterConfig {
+	cfg.callbacks = append(cfg.callbacks, o.cback)
+	return cfg
+}
+
+func (o float64CallbackOpt) applyFloat64ObservableUpDownCounter(cfg Float64ObservableUpDownCounterConfig) Float64ObservableUpDownCounterConfig {
+	cfg.callbacks = append(cfg.callbacks, o.cback)
+	return cfg
+}
+
+func (o float64CallbackOpt) applyFloat64ObservableGauge(cfg Float64ObservableGaugeConfig) Float64ObservableGaugeConfig {
+	cfg.callbacks = append(cfg.callbacks, o.cback)
+	return cfg
+}
+
+// WithFloat64Callback adds callback to be called for an instrument.
+func WithFloat64Callback(callback Float64Callback) Float64ObservableOption {
+	return float64CallbackOpt{callback}
+}
diff --git a/vendor/go.opentelemetry.io/otel/metric/asyncint64.go b/vendor/go.opentelemetry.io/otel/metric/asyncint64.go
new file mode 100644
index 000000000..a56b3d7a6
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/metric/asyncint64.go
@@ -0,0 +1,256 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metric // import "go.opentelemetry.io/otel/metric"
+
+import (
+	"context"
+
+	"go.opentelemetry.io/otel/metric/embedded"
+)
+
+// Int64Observable describes a set of instruments used asynchronously to record
+// int64 measurements once per collection cycle. Observations of these
+// instruments are only made within a callback.
+//
+// Warning: Methods may be added to this interface in minor releases.
+type Int64Observable interface {
+	Observable
+
+	int64Observable()
+}
+
+// Int64ObservableCounter is an instrument used to asynchronously record
+// increasing int64 measurements once per collection cycle. Observations are
+// only made within a callback for this instrument. The value observed is
+// assumed the to be the cumulative sum of the count.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// [go.opentelemetry.io/otel/metric] package documentation on API
+// implementation for information on how to set default behavior for
+// unimplemented methods.
+type Int64ObservableCounter interface {
+	embedded.Int64ObservableCounter
+
+	Int64Observable
+}
+
+// Int64ObservableCounterConfig contains options for asynchronous counter
+// instruments that record int64 values.
+type Int64ObservableCounterConfig struct {
+	description string
+	unit        string
+	callbacks   []Int64Callback
+}
+
+// NewInt64ObservableCounterConfig returns a new [Int64ObservableCounterConfig]
+// with all opts applied.
+func NewInt64ObservableCounterConfig(opts ...Int64ObservableCounterOption) Int64ObservableCounterConfig {
+	var config Int64ObservableCounterConfig
+	for _, o := range opts {
+		config = o.applyInt64ObservableCounter(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Int64ObservableCounterConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Int64ObservableCounterConfig) Unit() string {
+	return c.unit
+}
+
+// Callbacks returns the configured callbacks.
+func (c Int64ObservableCounterConfig) Callbacks() []Int64Callback {
+	return c.callbacks
+}
+
+// Int64ObservableCounterOption applies options to a
+// [Int64ObservableCounterConfig]. See [Int64ObservableOption] and [Option] for
+// other options that can be used as an Int64ObservableCounterOption.
+type Int64ObservableCounterOption interface {
+	applyInt64ObservableCounter(Int64ObservableCounterConfig) Int64ObservableCounterConfig
+}
+
+// Int64ObservableUpDownCounter is an instrument used to asynchronously record
+// int64 measurements once per collection cycle. Observations are only made
+// within a callback for this instrument. The value observed is assumed the to
+// be the cumulative sum of the count.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// [go.opentelemetry.io/otel/metric] package documentation on API
+// implementation for information on how to set default behavior for
+// unimplemented methods.
+type Int64ObservableUpDownCounter interface {
+	embedded.Int64ObservableUpDownCounter
+
+	Int64Observable
+}
+
+// Int64ObservableUpDownCounterConfig contains options for asynchronous counter
+// instruments that record int64 values.
+type Int64ObservableUpDownCounterConfig struct {
+	description string
+	unit        string
+	callbacks   []Int64Callback
+}
+
+// NewInt64ObservableUpDownCounterConfig returns a new
+// [Int64ObservableUpDownCounterConfig] with all opts applied.
+func NewInt64ObservableUpDownCounterConfig(opts ...Int64ObservableUpDownCounterOption) Int64ObservableUpDownCounterConfig {
+	var config Int64ObservableUpDownCounterConfig
+	for _, o := range opts {
+		config = o.applyInt64ObservableUpDownCounter(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Int64ObservableUpDownCounterConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Int64ObservableUpDownCounterConfig) Unit() string {
+	return c.unit
+}
+
+// Callbacks returns the configured callbacks.
+func (c Int64ObservableUpDownCounterConfig) Callbacks() []Int64Callback {
+	return c.callbacks
+}
+
+// Int64ObservableUpDownCounterOption applies options to a
+// [Int64ObservableUpDownCounterConfig]. See [Int64ObservableOption] and
+// [Option] for other options that can be used as an
+// Int64ObservableUpDownCounterOption.
+type Int64ObservableUpDownCounterOption interface {
+	applyInt64ObservableUpDownCounter(Int64ObservableUpDownCounterConfig) Int64ObservableUpDownCounterConfig
+}
+
+// Int64ObservableGauge is an instrument used to asynchronously record
+// instantaneous int64 measurements once per collection cycle. Observations are
+// only made within a callback for this instrument.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// [go.opentelemetry.io/otel/metric] package documentation on API
+// implementation for information on how to set default behavior for
+// unimplemented methods.
+type Int64ObservableGauge interface {
+	embedded.Int64ObservableGauge
+
+	Int64Observable
+}
+
+// Int64ObservableGaugeConfig contains options for asynchronous counter
+// instruments that record int64 values.
+type Int64ObservableGaugeConfig struct {
+	description string
+	unit        string
+	callbacks   []Int64Callback
+}
+
+// NewInt64ObservableGaugeConfig returns a new [Int64ObservableGaugeConfig]
+// with all opts applied.
+func NewInt64ObservableGaugeConfig(opts ...Int64ObservableGaugeOption) Int64ObservableGaugeConfig {
+	var config Int64ObservableGaugeConfig
+	for _, o := range opts {
+		config = o.applyInt64ObservableGauge(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Int64ObservableGaugeConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Int64ObservableGaugeConfig) Unit() string {
+	return c.unit
+}
+
+// Callbacks returns the configured callbacks.
+func (c Int64ObservableGaugeConfig) Callbacks() []Int64Callback {
+	return c.callbacks
+}
+
+// Int64ObservableGaugeOption applies options to a
+// [Int64ObservableGaugeConfig]. See [Int64ObservableOption] and [Option] for
+// other options that can be used as an Int64ObservableGaugeOption.
+type Int64ObservableGaugeOption interface {
+	applyInt64ObservableGauge(Int64ObservableGaugeConfig) Int64ObservableGaugeConfig
+}
+
+// Int64Observer is a recorder of int64 measurements.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// [go.opentelemetry.io/otel/metric] package documentation on API
+// implementation for information on how to set default behavior for
+// unimplemented methods.
+type Int64Observer interface {
+	embedded.Int64Observer
+
+	// Observe records the int64 value.
+	Observe(value int64, opts ...ObserveOption)
+}
+
+// Int64Callback is a function registered with a Meter that makes observations
+// for an Int64Observerable instrument it is registered with. Calls to the
+// Int64Observer record measurement values for the Int64Observable.
+//
+// The function needs to complete in a finite amount of time and the deadline
+// of the passed context is expected to be honored.
+//
+// The function needs to make unique observations across all registered
+// Int64Callbacks. Meaning, it should not report measurements with the same
+// attributes as another Int64Callbacks also registered for the same
+// instrument.
+//
+// The function needs to be concurrent safe.
+type Int64Callback func(context.Context, Int64Observer) error
+
+// Int64ObservableOption applies options to int64 Observer instruments.
+type Int64ObservableOption interface {
+	Int64ObservableCounterOption
+	Int64ObservableUpDownCounterOption
+	Int64ObservableGaugeOption
+}
+
+type int64CallbackOpt struct {
+	cback Int64Callback
+}
+
+func (o int64CallbackOpt) applyInt64ObservableCounter(cfg Int64ObservableCounterConfig) Int64ObservableCounterConfig {
+	cfg.callbacks = append(cfg.callbacks, o.cback)
+	return cfg
+}
+
+func (o int64CallbackOpt) applyInt64ObservableUpDownCounter(cfg Int64ObservableUpDownCounterConfig) Int64ObservableUpDownCounterConfig {
+	cfg.callbacks = append(cfg.callbacks, o.cback)
+	return cfg
+}
+
+func (o int64CallbackOpt) applyInt64ObservableGauge(cfg Int64ObservableGaugeConfig) Int64ObservableGaugeConfig {
+	cfg.callbacks = append(cfg.callbacks, o.cback)
+	return cfg
+}
+
+// WithInt64Callback adds callback to be called for an instrument.
+func WithInt64Callback(callback Int64Callback) Int64ObservableOption {
+	return int64CallbackOpt{callback}
+}
diff --git a/vendor/go.opentelemetry.io/otel/metric/doc.go b/vendor/go.opentelemetry.io/otel/metric/doc.go
index bd6f43437..bda14e10a 100644
--- a/vendor/go.opentelemetry.io/otel/metric/doc.go
+++ b/vendor/go.opentelemetry.io/otel/metric/doc.go
@@ -13,11 +13,125 @@
 // limitations under the License.
 
 /*
-Package metric provides an implementation of the metrics part of the
-OpenTelemetry API.
+Package metric provides the OpenTelemetry API used to measure metrics about
+source code operation.
 
-This package is currently in a pre-GA phase. Backwards incompatible changes
-may be introduced in subsequent minor version releases as we work to track the
-evolving OpenTelemetry specification and user feedback.
+This API is separate from its implementation so the instrumentation built from
+it is reusable. See [go.opentelemetry.io/otel/sdk/metric] for the official
+OpenTelemetry implementation of this API.
+
+All measurements made with this package are made via instruments. These
+instruments are created by a [Meter] which itself is created by a
+[MeterProvider]. Applications need to accept a [MeterProvider] implementation
+as a starting point when instrumenting. This can be done directly, or by using
+the OpenTelemetry global MeterProvider via [GetMeterProvider]. Using an
+appropriately named [Meter] from the accepted [MeterProvider], instrumentation
+can then be built from the [Meter]'s instruments.
+
+# Instruments
+
+Each instrument is designed to make measurements of a particular type. Broadly,
+all instruments fall into two overlapping logical categories: asynchronous or
+synchronous, and int64 or float64.
+
+All synchronous instruments ([Int64Counter], [Int64UpDownCounter],
+[Int64Histogram], [Float64Counter], [Float64UpDownCounter], [Float64Histogram])
+are used to measure the operation and performance of source code during the
+source code execution. These instruments only make measurements when the source
+code they instrument is run.
+
+All asynchronous instruments ([Int64ObservableCounter],
+[Int64ObservableUpDownCounter], [Int64ObservableGauge],
+[Float64ObservableCounter], [Float64ObservableUpDownCounter],
+[Float64ObservableGauge]) are used to measure metrics outside of the execution
+of source code. They are said to make "observations" via a callback function
+called once every measurement collection cycle.
+
+Each instrument is also grouped by the value type it measures. Either int64 or
+float64. The value being measured will dictate which instrument in these
+categories to use.
+
+Outside of these two broad categories, instruments are described by the
+function they are designed to serve. All Counters ([Int64Counter],
+[Float64Counter], [Int64ObservableCounter], [Float64ObservableCounter]) are
+designed to measure values that never decrease in value, but instead only
+incrementally increase in value. UpDownCounters ([Int64UpDownCounter],
+[Float64UpDownCounter], [Int64ObservableUpDownCounter],
+[Float64ObservableUpDownCounter]) on the other hand, are designed to measure
+values that can increase and decrease. When more information
+needs to be conveyed about all the synchronous measurements made during a
+collection cycle, a Histogram ([Int64Histogram], [Float64Histogram]) should be
+used. Finally, when just the most recent measurement needs to be conveyed about an
+asynchronous measurement, a Gauge ([Int64ObservableGauge],
+[Float64ObservableGauge]) should be used.
+
+See the [OpenTelemetry documentation] for more information about instruments
+and their intended use.
+
+# API Implementations
+
+This package does not conform to the standard Go versioning policy, all of its
+interfaces may have methods added to them without a package major version bump.
+This non-standard API evolution could surprise an uninformed implementation
+author. They could unknowingly build their implementation in a way that would
+result in a runtime panic for their users that update to the new API.
+
+The API is designed to help inform an instrumentation author about this
+non-standard API evolution. It requires them to choose a default behavior for
+unimplemented interface methods. There are three behavior choices they can
+make:
+
+  - Compilation failure
+  - Panic
+  - Default to another implementation
+
+All interfaces in this API embed a corresponding interface from
+[go.opentelemetry.io/otel/metric/embedded]. If an author wants the default
+behavior of their implementations to be a compilation failure, signaling to
+their users they need to update to the latest version of that implementation,
+they need to embed the corresponding interface from
+[go.opentelemetry.io/otel/metric/embedded] in their implementation. For
+example,
+
+	import "go.opentelemetry.io/otel/metric/embedded"
+
+	type MeterProvider struct {
+		embedded.MeterProvider
+		// ...
+	}
+
+If an author wants the default behavior of their implementations to a panic,
+they need to embed the API interface directly.
+
+	import "go.opentelemetry.io/otel/metric"
+
+	type MeterProvider struct {
+		metric.MeterProvider
+		// ...
+	}
+
+This is not a recommended behavior as it could lead to publishing packages that
+contain runtime panics when users update other package that use newer versions
+of [go.opentelemetry.io/otel/metric].
+
+Finally, an author can embed another implementation in theirs. The embedded
+implementation will be used for methods not defined by the author. For example,
+an author who want to default to silently dropping the call can use
+[go.opentelemetry.io/otel/metric/noop]:
+
+	import "go.opentelemetry.io/otel/metric/noop"
+
+	type MeterProvider struct {
+		noop.MeterProvider
+		// ...
+	}
+
+It is strongly recommended that authors only embed
+[go.opentelemetry.io/otel/metric/noop] if they choose this default behavior.
+That implementation is the only one OpenTelemetry authors can guarantee will
+fully implement all the API interfaces when a user updates their API.
+
+[OpenTelemetry documentation]: https://opentelemetry.io/docs/concepts/signals/metrics/
+[GetMeterProvider]: https://pkg.go.dev/go.opentelemetry.io/otel#GetMeterProvider
 */
 package metric // import "go.opentelemetry.io/otel/metric"
diff --git a/vendor/go.opentelemetry.io/otel/metric/embedded/embedded.go b/vendor/go.opentelemetry.io/otel/metric/embedded/embedded.go
new file mode 100644
index 000000000..ae0bdbd2e
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/metric/embedded/embedded.go
@@ -0,0 +1,234 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package embedded provides interfaces embedded within the [OpenTelemetry
+// metric API].
+//
+// Implementers of the [OpenTelemetry metric API] can embed the relevant type
+// from this package into their implementation directly. Doing so will result
+// in a compilation error for users when the [OpenTelemetry metric API] is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+//
+// [OpenTelemetry metric API]: https://pkg.go.dev/go.opentelemetry.io/otel/metric
+package embedded // import "go.opentelemetry.io/otel/metric/embedded"
+
+// MeterProvider is embedded in
+// [go.opentelemetry.io/otel/metric.MeterProvider].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.MeterProvider] if you want users to
+// experience a compilation error, signaling they need to update to your latest
+// implementation, when the [go.opentelemetry.io/otel/metric.MeterProvider]
+// interface is extended (which is something that can happen without a major
+// version bump of the API package).
+type MeterProvider interface{ meterProvider() }
+
+// Meter is embedded in [go.opentelemetry.io/otel/metric.Meter].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Meter] if you want users to experience a
+// compilation error, signaling they need to update to your latest
+// implementation, when the [go.opentelemetry.io/otel/metric.Meter] interface
+// is extended (which is something that can happen without a major version bump
+// of the API package).
+type Meter interface{ meter() }
+
+// Float64Observer is embedded in
+// [go.opentelemetry.io/otel/metric.Float64Observer].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Float64Observer] if you want
+// users to experience a compilation error, signaling they need to update to
+// your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Float64Observer] interface is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+type Float64Observer interface{ float64Observer() }
+
+// Int64Observer is embedded in
+// [go.opentelemetry.io/otel/metric.Int64Observer].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Int64Observer] if you want users
+// to experience a compilation error, signaling they need to update to your
+// latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Int64Observer] interface is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+type Int64Observer interface{ int64Observer() }
+
+// Observer is embedded in [go.opentelemetry.io/otel/metric.Observer].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Observer] if you want users to experience a
+// compilation error, signaling they need to update to your latest
+// implementation, when the [go.opentelemetry.io/otel/metric.Observer]
+// interface is extended (which is something that can happen without a major
+// version bump of the API package).
+type Observer interface{ observer() }
+
+// Registration is embedded in [go.opentelemetry.io/otel/metric.Registration].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Registration] if you want users to
+// experience a compilation error, signaling they need to update to your latest
+// implementation, when the [go.opentelemetry.io/otel/metric.Registration]
+// interface is extended (which is something that can happen without a major
+// version bump of the API package).
+type Registration interface{ registration() }
+
+// Float64Counter is embedded in
+// [go.opentelemetry.io/otel/metric.Float64Counter].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Float64Counter] if you want
+// users to experience a compilation error, signaling they need to update to
+// your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Float64Counter] interface is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+type Float64Counter interface{ float64Counter() }
+
+// Float64Histogram is embedded in
+// [go.opentelemetry.io/otel/metric.Float64Histogram].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Float64Histogram] if you want
+// users to experience a compilation error, signaling they need to update to
+// your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Float64Histogram] interface is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+type Float64Histogram interface{ float64Histogram() }
+
+// Float64ObservableCounter is embedded in
+// [go.opentelemetry.io/otel/metric.Float64ObservableCounter].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Float64ObservableCounter] if you
+// want users to experience a compilation error, signaling they need to update
+// to your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Float64ObservableCounter]
+// interface is extended (which is something that can happen without a major
+// version bump of the API package).
+type Float64ObservableCounter interface{ float64ObservableCounter() }
+
+// Float64ObservableGauge is embedded in
+// [go.opentelemetry.io/otel/metric.Float64ObservableGauge].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Float64ObservableGauge] if you
+// want users to experience a compilation error, signaling they need to update
+// to your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Float64ObservableGauge]
+// interface is extended (which is something that can happen without a major
+// version bump of the API package).
+type Float64ObservableGauge interface{ float64ObservableGauge() }
+
+// Float64ObservableUpDownCounter is embedded in
+// [go.opentelemetry.io/otel/metric.Float64ObservableUpDownCounter].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Float64ObservableUpDownCounter]
+// if you want users to experience a compilation error, signaling they need to
+// update to your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Float64ObservableUpDownCounter]
+// interface is extended (which is something that can happen without a major
+// version bump of the API package).
+type Float64ObservableUpDownCounter interface{ float64ObservableUpDownCounter() }
+
+// Float64UpDownCounter is embedded in
+// [go.opentelemetry.io/otel/metric.Float64UpDownCounter].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Float64UpDownCounter] if you
+// want users to experience a compilation error, signaling they need to update
+// to your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Float64UpDownCounter] interface
+// is extended (which is something that can happen without a major version bump
+// of the API package).
+type Float64UpDownCounter interface{ float64UpDownCounter() }
+
+// Int64Counter is embedded in
+// [go.opentelemetry.io/otel/metric.Int64Counter].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Int64Counter] if you want users
+// to experience a compilation error, signaling they need to update to your
+// latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Int64Counter] interface is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+type Int64Counter interface{ int64Counter() }
+
+// Int64Histogram is embedded in
+// [go.opentelemetry.io/otel/metric.Int64Histogram].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Int64Histogram] if you want
+// users to experience a compilation error, signaling they need to update to
+// your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Int64Histogram] interface is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+type Int64Histogram interface{ int64Histogram() }
+
+// Int64ObservableCounter is embedded in
+// [go.opentelemetry.io/otel/metric.Int64ObservableCounter].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Int64ObservableCounter] if you
+// want users to experience a compilation error, signaling they need to update
+// to your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Int64ObservableCounter]
+// interface is extended (which is something that can happen without a major
+// version bump of the API package).
+type Int64ObservableCounter interface{ int64ObservableCounter() }
+
+// Int64ObservableGauge is embedded in
+// [go.opentelemetry.io/otel/metric.Int64ObservableGauge].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Int64ObservableGauge] if you
+// want users to experience a compilation error, signaling they need to update
+// to your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Int64ObservableGauge] interface
+// is extended (which is something that can happen without a major version bump
+// of the API package).
+type Int64ObservableGauge interface{ int64ObservableGauge() }
+
+// Int64ObservableUpDownCounter is embedded in
+// [go.opentelemetry.io/otel/metric.Int64ObservableUpDownCounter].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Int64ObservableUpDownCounter] if
+// you want users to experience a compilation error, signaling they need to
+// update to your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Int64ObservableUpDownCounter]
+// interface is extended (which is something that can happen without a major
+// version bump of the API package).
+type Int64ObservableUpDownCounter interface{ int64ObservableUpDownCounter() }
+
+// Int64UpDownCounter is embedded in
+// [go.opentelemetry.io/otel/metric.Int64UpDownCounter].
+//
+// Embed this interface in your implementation of the
+// [go.opentelemetry.io/otel/metric.Int64UpDownCounter] if you want
+// users to experience a compilation error, signaling they need to update to
+// your latest implementation, when the
+// [go.opentelemetry.io/otel/metric.Int64UpDownCounter] interface is
+// extended (which is something that can happen without a major version bump of
+// the API package).
+type Int64UpDownCounter interface{ int64UpDownCounter() }
diff --git a/vendor/go.opentelemetry.io/otel/metric/global/global.go b/vendor/go.opentelemetry.io/otel/metric/global/metric.go
similarity index 51%
rename from vendor/go.opentelemetry.io/otel/metric/global/global.go
rename to vendor/go.opentelemetry.io/otel/metric/global/metric.go
index cb0896d38..2723df292 100644
--- a/vendor/go.opentelemetry.io/otel/metric/global/global.go
+++ b/vendor/go.opentelemetry.io/otel/metric/global/metric.go
@@ -19,24 +19,31 @@ import (
 	"go.opentelemetry.io/otel/metric/internal/global"
 )
 
-// Meter returns a Meter from the global MeterProvider. The
-// instrumentationName must be the name of the library providing
-// instrumentation. This name may be the same as the instrumented code only if
-// that code provides built-in instrumentation. If the instrumentationName is
-// empty, then a implementation defined default name will be used instead.
+// Meter returns a Meter from the global MeterProvider. The name must be the
+// name of the library providing instrumentation. This name may be the same as
+// the instrumented code only if that code provides built-in instrumentation.
+// If the name is empty, then a implementation defined default name will be
+// used instead.
 //
-// This is short for MeterProvider().Meter(name).
+// If this is called before a global MeterProvider is registered the returned
+// Meter will be a No-op implementation of a Meter. When a global MeterProvider
+// is registered for the first time, the returned Meter, and all the
+// instruments it has created or will create, are recreated automatically from
+// the new MeterProvider.
+//
+// This is short for GetMeterProvider().Meter(name).
 func Meter(instrumentationName string, opts ...metric.MeterOption) metric.Meter {
 	return MeterProvider().Meter(instrumentationName, opts...)
 }
 
 // MeterProvider returns the registered global meter provider.
-// If none is registered then a No-op MeterProvider is returned.
+//
+// If no global MeterProvider has been registered, a No-op MeterProvider implementation is returned. When a global MeterProvider is registered for the first time, the returned MeterProvider, and all the Meters it has created or will create, are recreated automatically from the new MeterProvider.
 func MeterProvider() metric.MeterProvider {
 	return global.MeterProvider()
 }
 
-// SetMeterProvider registers `mp` as the global meter provider.
+// SetMeterProvider registers mp as the global MeterProvider.
 func SetMeterProvider(mp metric.MeterProvider) {
 	global.SetMeterProvider(mp)
 }
diff --git a/vendor/go.opentelemetry.io/otel/metric/instrument.go b/vendor/go.opentelemetry.io/otel/metric/instrument.go
new file mode 100644
index 000000000..268b2f155
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/metric/instrument.go
@@ -0,0 +1,332 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metric // import "go.opentelemetry.io/otel/metric"
+
+import "go.opentelemetry.io/otel/attribute"
+
+// Observable is used as a grouping mechanism for all instruments that are
+// updated within a Callback.
+type Observable interface {
+	observable()
+}
+
+// InstrumentOption applies options to all instruments.
+type InstrumentOption interface {
+	Int64CounterOption
+	Int64UpDownCounterOption
+	Int64HistogramOption
+	Int64ObservableCounterOption
+	Int64ObservableUpDownCounterOption
+	Int64ObservableGaugeOption
+
+	Float64CounterOption
+	Float64UpDownCounterOption
+	Float64HistogramOption
+	Float64ObservableCounterOption
+	Float64ObservableUpDownCounterOption
+	Float64ObservableGaugeOption
+}
+
+type descOpt string
+
+func (o descOpt) applyFloat64Counter(c Float64CounterConfig) Float64CounterConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyFloat64UpDownCounter(c Float64UpDownCounterConfig) Float64UpDownCounterConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyFloat64Histogram(c Float64HistogramConfig) Float64HistogramConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyFloat64ObservableCounter(c Float64ObservableCounterConfig) Float64ObservableCounterConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyFloat64ObservableUpDownCounter(c Float64ObservableUpDownCounterConfig) Float64ObservableUpDownCounterConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyFloat64ObservableGauge(c Float64ObservableGaugeConfig) Float64ObservableGaugeConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyInt64Counter(c Int64CounterConfig) Int64CounterConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyInt64UpDownCounter(c Int64UpDownCounterConfig) Int64UpDownCounterConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyInt64Histogram(c Int64HistogramConfig) Int64HistogramConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyInt64ObservableCounter(c Int64ObservableCounterConfig) Int64ObservableCounterConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyInt64ObservableUpDownCounter(c Int64ObservableUpDownCounterConfig) Int64ObservableUpDownCounterConfig {
+	c.description = string(o)
+	return c
+}
+
+func (o descOpt) applyInt64ObservableGauge(c Int64ObservableGaugeConfig) Int64ObservableGaugeConfig {
+	c.description = string(o)
+	return c
+}
+
+// WithDescription sets the instrument description.
+func WithDescription(desc string) InstrumentOption { return descOpt(desc) }
+
+type unitOpt string
+
+func (o unitOpt) applyFloat64Counter(c Float64CounterConfig) Float64CounterConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyFloat64UpDownCounter(c Float64UpDownCounterConfig) Float64UpDownCounterConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyFloat64Histogram(c Float64HistogramConfig) Float64HistogramConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyFloat64ObservableCounter(c Float64ObservableCounterConfig) Float64ObservableCounterConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyFloat64ObservableUpDownCounter(c Float64ObservableUpDownCounterConfig) Float64ObservableUpDownCounterConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyFloat64ObservableGauge(c Float64ObservableGaugeConfig) Float64ObservableGaugeConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyInt64Counter(c Int64CounterConfig) Int64CounterConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyInt64UpDownCounter(c Int64UpDownCounterConfig) Int64UpDownCounterConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyInt64Histogram(c Int64HistogramConfig) Int64HistogramConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyInt64ObservableCounter(c Int64ObservableCounterConfig) Int64ObservableCounterConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyInt64ObservableUpDownCounter(c Int64ObservableUpDownCounterConfig) Int64ObservableUpDownCounterConfig {
+	c.unit = string(o)
+	return c
+}
+
+func (o unitOpt) applyInt64ObservableGauge(c Int64ObservableGaugeConfig) Int64ObservableGaugeConfig {
+	c.unit = string(o)
+	return c
+}
+
+// WithUnit sets the instrument unit.
+func WithUnit(u string) InstrumentOption { return unitOpt(u) }
+
+// AddOption applies options to an addition measurement. See
+// [MeasurementOption] for other options that can be used as a AddOption.
+type AddOption interface {
+	applyAdd(AddConfig) AddConfig
+}
+
+// AddConfig contains options for an addition measurement.
+type AddConfig struct {
+	attrs attribute.Set
+}
+
+// NewAddConfig returns a new [AddConfig] with all opts applied.
+func NewAddConfig(opts []AddOption) AddConfig {
+	config := AddConfig{attrs: *attribute.EmptySet()}
+	for _, o := range opts {
+		config = o.applyAdd(config)
+	}
+	return config
+}
+
+// Attributes returns the configured attribute set.
+func (c AddConfig) Attributes() attribute.Set {
+	return c.attrs
+}
+
+// RecordOption applies options to an addition measurement. See
+// [MeasurementOption] for other options that can be used as a RecordOption.
+type RecordOption interface {
+	applyRecord(RecordConfig) RecordConfig
+}
+
+// RecordConfig contains options for a recorded measurement.
+type RecordConfig struct {
+	attrs attribute.Set
+}
+
+// NewRecordConfig returns a new [RecordConfig] with all opts applied.
+func NewRecordConfig(opts []RecordOption) RecordConfig {
+	config := RecordConfig{attrs: *attribute.EmptySet()}
+	for _, o := range opts {
+		config = o.applyRecord(config)
+	}
+	return config
+}
+
+// Attributes returns the configured attribute set.
+func (c RecordConfig) Attributes() attribute.Set {
+	return c.attrs
+}
+
+// ObserveOption applies options to an addition measurement. See
+// [MeasurementOption] for other options that can be used as a ObserveOption.
+type ObserveOption interface {
+	applyObserve(ObserveConfig) ObserveConfig
+}
+
+// ObserveConfig contains options for an observed measurement.
+type ObserveConfig struct {
+	attrs attribute.Set
+}
+
+// NewObserveConfig returns a new [ObserveConfig] with all opts applied.
+func NewObserveConfig(opts []ObserveOption) ObserveConfig {
+	config := ObserveConfig{attrs: *attribute.EmptySet()}
+	for _, o := range opts {
+		config = o.applyObserve(config)
+	}
+	return config
+}
+
+// Attributes returns the configured attribute set.
+func (c ObserveConfig) Attributes() attribute.Set {
+	return c.attrs
+}
+
+// MeasurementOption applies options to all instrument measurement.
+type MeasurementOption interface {
+	AddOption
+	RecordOption
+	ObserveOption
+}
+
+type attrOpt struct {
+	set attribute.Set
+}
+
+// mergeSets returns the union of keys between a and b. Any duplicate keys will
+// use the value associated with b.
+func mergeSets(a, b attribute.Set) attribute.Set {
+	// NewMergeIterator uses the first value for any duplicates.
+	iter := attribute.NewMergeIterator(&b, &a)
+	merged := make([]attribute.KeyValue, 0, a.Len()+b.Len())
+	for iter.Next() {
+		merged = append(merged, iter.Attribute())
+	}
+	return attribute.NewSet(merged...)
+}
+
+func (o attrOpt) applyAdd(c AddConfig) AddConfig {
+	switch {
+	case o.set.Len() == 0:
+	case c.attrs.Len() == 0:
+		c.attrs = o.set
+	default:
+		c.attrs = mergeSets(c.attrs, o.set)
+	}
+	return c
+}
+
+func (o attrOpt) applyRecord(c RecordConfig) RecordConfig {
+	switch {
+	case o.set.Len() == 0:
+	case c.attrs.Len() == 0:
+		c.attrs = o.set
+	default:
+		c.attrs = mergeSets(c.attrs, o.set)
+	}
+	return c
+}
+
+func (o attrOpt) applyObserve(c ObserveConfig) ObserveConfig {
+	switch {
+	case o.set.Len() == 0:
+	case c.attrs.Len() == 0:
+		c.attrs = o.set
+	default:
+		c.attrs = mergeSets(c.attrs, o.set)
+	}
+	return c
+}
+
+// WithAttributeSet sets the attribute Set associated with a measurement is
+// made with.
+//
+// If multiple WithAttributeSet or WithAttributes options are passed the
+// attributes will be merged together in the order they are passed. Attributes
+// with duplicate keys will use the last value passed.
+func WithAttributeSet(attributes attribute.Set) MeasurementOption {
+	return attrOpt{set: attributes}
+}
+
+// WithAttributes converts attributes into an attribute Set and sets the Set to
+// be associated with a measurement. This is shorthand for:
+//
+//	cp := make([]attribute.KeyValue, len(attributes))
+//	copy(cp, attributes)
+//	WithAttributes(attribute.NewSet(cp...))
+//
+// [attribute.NewSet] may modify the passed attributes so this will make a copy
+// of attributes before creating a set in order to ensure this function is
+// concurrent safe. This makes this option function less optimized in
+// comparison to [WithAttributeSet]. Therefore, [WithAttributeSet] should be
+// preferred for performance sensitive code.
+//
+// See [WithAttributeSet] for information about how multiple WithAttributes are
+// merged.
+func WithAttributes(attributes ...attribute.KeyValue) MeasurementOption {
+	cp := make([]attribute.KeyValue, len(attributes))
+	copy(cp, attributes)
+	return attrOpt{set: attribute.NewSet(cp...)}
+}
diff --git a/vendor/go.opentelemetry.io/otel/metric/instrument/asyncfloat64.go b/vendor/go.opentelemetry.io/otel/metric/instrument/asyncfloat64.go
deleted file mode 100644
index 0b5d5a99c..000000000
--- a/vendor/go.opentelemetry.io/otel/metric/instrument/asyncfloat64.go
+++ /dev/null
@@ -1,130 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package instrument // import "go.opentelemetry.io/otel/metric/instrument"
-
-import (
-	"context"
-
-	"go.opentelemetry.io/otel/attribute"
-)
-
-// Float64Observable describes a set of instruments used asynchronously to
-// record float64 measurements once per collection cycle. Observations of
-// these instruments are only made within a callback.
-//
-// Warning: methods may be added to this interface in minor releases.
-type Float64Observable interface {
-	Asynchronous
-
-	float64Observable()
-}
-
-// Float64ObservableCounter is an instrument used to asynchronously record
-// increasing float64 measurements once per collection cycle. Observations are
-// only made within a callback for this instrument. The value observed is
-// assumed the to be the cumulative sum of the count.
-//
-// Warning: methods may be added to this interface in minor releases.
-type Float64ObservableCounter interface{ Float64Observable }
-
-// Float64ObservableUpDownCounter is an instrument used to asynchronously
-// record float64 measurements once per collection cycle. Observations are only
-// made within a callback for this instrument. The value observed is assumed
-// the to be the cumulative sum of the count.
-//
-// Warning: methods may be added to this interface in minor releases.
-type Float64ObservableUpDownCounter interface{ Float64Observable }
-
-// Float64ObservableGauge is an instrument used to asynchronously record
-// instantaneous float64 measurements once per collection cycle. Observations
-// are only made within a callback for this instrument.
-//
-// Warning: methods may be added to this interface in minor releases.
-type Float64ObservableGauge interface{ Float64Observable }
-
-// Float64Observer is a recorder of float64 measurements.
-//
-// Warning: methods may be added to this interface in minor releases.
-type Float64Observer interface {
-	Observe(value float64, attributes ...attribute.KeyValue)
-}
-
-// Float64Callback is a function registered with a Meter that makes
-// observations for a Float64Observerable instrument it is registered with.
-// Calls to the Float64Observer record measurement values for the
-// Float64Observable.
-//
-// The function needs to complete in a finite amount of time and the deadline
-// of the passed context is expected to be honored.
-//
-// The function needs to make unique observations across all registered
-// Float64Callbacks. Meaning, it should not report measurements with the same
-// attributes as another Float64Callbacks also registered for the same
-// instrument.
-//
-// The function needs to be concurrent safe.
-type Float64Callback func(context.Context, Float64Observer) error
-
-// Float64ObserverConfig contains options for Asynchronous instruments that
-// observe float64 values.
-type Float64ObserverConfig struct {
-	description string
-	unit        string
-	callbacks   []Float64Callback
-}
-
-// NewFloat64ObserverConfig returns a new Float64ObserverConfig with all opts
-// applied.
-func NewFloat64ObserverConfig(opts ...Float64ObserverOption) Float64ObserverConfig {
-	var config Float64ObserverConfig
-	for _, o := range opts {
-		config = o.applyFloat64Observer(config)
-	}
-	return config
-}
-
-// Description returns the Config description.
-func (c Float64ObserverConfig) Description() string {
-	return c.description
-}
-
-// Unit returns the Config unit.
-func (c Float64ObserverConfig) Unit() string {
-	return c.unit
-}
-
-// Callbacks returns the Config callbacks.
-func (c Float64ObserverConfig) Callbacks() []Float64Callback {
-	return c.callbacks
-}
-
-// Float64ObserverOption applies options to float64 Observer instruments.
-type Float64ObserverOption interface {
-	applyFloat64Observer(Float64ObserverConfig) Float64ObserverConfig
-}
-
-type float64ObserverOptionFunc func(Float64ObserverConfig) Float64ObserverConfig
-
-func (fn float64ObserverOptionFunc) applyFloat64Observer(cfg Float64ObserverConfig) Float64ObserverConfig {
-	return fn(cfg)
-}
-
-// WithFloat64Callback adds callback to be called for an instrument.
-func WithFloat64Callback(callback Float64Callback) Float64ObserverOption {
-	return float64ObserverOptionFunc(func(cfg Float64ObserverConfig) Float64ObserverConfig {
-		cfg.callbacks = append(cfg.callbacks, callback)
-		return cfg
-	})
-}
diff --git a/vendor/go.opentelemetry.io/otel/metric/instrument/asyncint64.go b/vendor/go.opentelemetry.io/otel/metric/instrument/asyncint64.go
deleted file mode 100644
index 05feeacb0..000000000
--- a/vendor/go.opentelemetry.io/otel/metric/instrument/asyncint64.go
+++ /dev/null
@@ -1,130 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package instrument // import "go.opentelemetry.io/otel/metric/instrument"
-
-import (
-	"context"
-
-	"go.opentelemetry.io/otel/attribute"
-)
-
-// Int64Observable describes a set of instruments used asynchronously to record
-// int64 measurements once per collection cycle. Observations of these
-// instruments are only made within a callback.
-//
-// Warning: methods may be added to this interface in minor releases.
-type Int64Observable interface {
-	Asynchronous
-
-	int64Observable()
-}
-
-// Int64ObservableCounter is an instrument used to asynchronously record
-// increasing int64 measurements once per collection cycle. Observations are
-// only made within a callback for this instrument. The value observed is
-// assumed the to be the cumulative sum of the count.
-//
-// Warning: methods may be added to this interface in minor releases.
-type Int64ObservableCounter interface{ Int64Observable }
-
-// Int64ObservableUpDownCounter is an instrument used to asynchronously record
-// int64 measurements once per collection cycle. Observations are only made
-// within a callback for this instrument. The value observed is assumed the to
-// be the cumulative sum of the count.
-//
-// Warning: methods may be added to this interface in minor releases.
-type Int64ObservableUpDownCounter interface{ Int64Observable }
-
-// Int64ObservableGauge is an instrument used to asynchronously record
-// instantaneous int64 measurements once per collection cycle. Observations are
-// only made within a callback for this instrument.
-//
-// Warning: methods may be added to this interface in minor releases.
-type Int64ObservableGauge interface{ Int64Observable }
-
-// Int64Observer is a recorder of int64 measurements.
-//
-// Warning: methods may be added to this interface in minor releases.
-type Int64Observer interface {
-	Observe(value int64, attributes ...attribute.KeyValue)
-}
-
-// Int64Callback is a function registered with a Meter that makes
-// observations for a Int64Observerable instrument it is registered with.
-// Calls to the Int64Observer record measurement values for the
-// Int64Observable.
-//
-// The function needs to complete in a finite amount of time and the deadline
-// of the passed context is expected to be honored.
-//
-// The function needs to make unique observations across all registered
-// Int64Callback. Meaning, it should not report measurements with the same
-// attributes as another Int64Callbacks also registered for the same
-// instrument.
-//
-// The function needs to be concurrent safe.
-type Int64Callback func(context.Context, Int64Observer) error
-
-// Int64ObserverConfig contains options for Asynchronous instruments that
-// observe int64 values.
-type Int64ObserverConfig struct {
-	description string
-	unit        string
-	callbacks   []Int64Callback
-}
-
-// NewInt64ObserverConfig returns a new Int64ObserverConfig with all opts
-// applied.
-func NewInt64ObserverConfig(opts ...Int64ObserverOption) Int64ObserverConfig {
-	var config Int64ObserverConfig
-	for _, o := range opts {
-		config = o.applyInt64Observer(config)
-	}
-	return config
-}
-
-// Description returns the Config description.
-func (c Int64ObserverConfig) Description() string {
-	return c.description
-}
-
-// Unit returns the Config unit.
-func (c Int64ObserverConfig) Unit() string {
-	return c.unit
-}
-
-// Callbacks returns the Config callbacks.
-func (c Int64ObserverConfig) Callbacks() []Int64Callback {
-	return c.callbacks
-}
-
-// Int64ObserverOption applies options to int64 Observer instruments.
-type Int64ObserverOption interface {
-	applyInt64Observer(Int64ObserverConfig) Int64ObserverConfig
-}
-
-type int64ObserverOptionFunc func(Int64ObserverConfig) Int64ObserverConfig
-
-func (fn int64ObserverOptionFunc) applyInt64Observer(cfg Int64ObserverConfig) Int64ObserverConfig {
-	return fn(cfg)
-}
-
-// WithInt64Callback adds callback to be called for an instrument.
-func WithInt64Callback(callback Int64Callback) Int64ObserverOption {
-	return int64ObserverOptionFunc(func(cfg Int64ObserverConfig) Int64ObserverConfig {
-		cfg.callbacks = append(cfg.callbacks, callback)
-		return cfg
-	})
-}
diff --git a/vendor/go.opentelemetry.io/otel/metric/instrument/instrument.go b/vendor/go.opentelemetry.io/otel/metric/instrument/instrument.go
deleted file mode 100644
index f6dd9e890..000000000
--- a/vendor/go.opentelemetry.io/otel/metric/instrument/instrument.go
+++ /dev/null
@@ -1,88 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package instrument // import "go.opentelemetry.io/otel/metric/instrument"
-
-// Asynchronous instruments are instruments that are updated within a Callback.
-// If an instrument is observed outside of it's callback it should be an error.
-//
-// This interface is used as a grouping mechanism.
-type Asynchronous interface {
-	asynchronous()
-}
-
-// Synchronous instruments are updated in line with application code.
-//
-// This interface is used as a grouping mechanism.
-type Synchronous interface {
-	synchronous()
-}
-
-// Option applies options to all instruments.
-type Option interface {
-	Float64ObserverOption
-	Int64ObserverOption
-	Float64Option
-	Int64Option
-}
-
-type descOpt string
-
-func (o descOpt) applyFloat64(c Float64Config) Float64Config {
-	c.description = string(o)
-	return c
-}
-
-func (o descOpt) applyInt64(c Int64Config) Int64Config {
-	c.description = string(o)
-	return c
-}
-
-func (o descOpt) applyFloat64Observer(c Float64ObserverConfig) Float64ObserverConfig {
-	c.description = string(o)
-	return c
-}
-
-func (o descOpt) applyInt64Observer(c Int64ObserverConfig) Int64ObserverConfig {
-	c.description = string(o)
-	return c
-}
-
-// WithDescription sets the instrument description.
-func WithDescription(desc string) Option { return descOpt(desc) }
-
-type unitOpt string
-
-func (o unitOpt) applyFloat64(c Float64Config) Float64Config {
-	c.unit = string(o)
-	return c
-}
-
-func (o unitOpt) applyInt64(c Int64Config) Int64Config {
-	c.unit = string(o)
-	return c
-}
-
-func (o unitOpt) applyFloat64Observer(c Float64ObserverConfig) Float64ObserverConfig {
-	c.unit = string(o)
-	return c
-}
-
-func (o unitOpt) applyInt64Observer(c Int64ObserverConfig) Int64ObserverConfig {
-	c.unit = string(o)
-	return c
-}
-
-// WithUnit sets the instrument unit.
-func WithUnit(u string) Option { return unitOpt(u) }
diff --git a/vendor/go.opentelemetry.io/otel/metric/instrument/syncfloat64.go b/vendor/go.opentelemetry.io/otel/metric/instrument/syncfloat64.go
deleted file mode 100644
index 2cdfeb269..000000000
--- a/vendor/go.opentelemetry.io/otel/metric/instrument/syncfloat64.go
+++ /dev/null
@@ -1,85 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package instrument // import "go.opentelemetry.io/otel/metric/instrument"
-
-import (
-	"context"
-
-	"go.opentelemetry.io/otel/attribute"
-)
-
-// Float64Counter is an instrument that records increasing float64 values.
-//
-// Warning: methods may be added to this interface in minor releases.
-type Float64Counter interface {
-	// Add records a change to the counter.
-	Add(ctx context.Context, incr float64, attrs ...attribute.KeyValue)
-
-	Synchronous
-}
-
-// Float64UpDownCounter is an instrument that records increasing or decreasing
-// float64 values.
-//
-// Warning: methods may be added to this interface in minor releases.
-type Float64UpDownCounter interface {
-	// Add records a change to the counter.
-	Add(ctx context.Context, incr float64, attrs ...attribute.KeyValue)
-
-	Synchronous
-}
-
-// Float64Histogram is an instrument that records a distribution of float64
-// values.
-//
-// Warning: methods may be added to this interface in minor releases.
-type Float64Histogram interface {
-	// Record adds an additional value to the distribution.
-	Record(ctx context.Context, incr float64, attrs ...attribute.KeyValue)
-
-	Synchronous
-}
-
-// Float64Config contains options for Asynchronous instruments that
-// observe float64 values.
-type Float64Config struct {
-	description string
-	unit        string
-}
-
-// Float64Config contains options for Synchronous instruments that record
-// float64 values.
-func NewFloat64Config(opts ...Float64Option) Float64Config {
-	var config Float64Config
-	for _, o := range opts {
-		config = o.applyFloat64(config)
-	}
-	return config
-}
-
-// Description returns the Config description.
-func (c Float64Config) Description() string {
-	return c.description
-}
-
-// Unit returns the Config unit.
-func (c Float64Config) Unit() string {
-	return c.unit
-}
-
-// Float64Option applies options to synchronous float64 instruments.
-type Float64Option interface {
-	applyFloat64(Float64Config) Float64Config
-}
diff --git a/vendor/go.opentelemetry.io/otel/metric/instrument/syncint64.go b/vendor/go.opentelemetry.io/otel/metric/instrument/syncint64.go
deleted file mode 100644
index e212c6d69..000000000
--- a/vendor/go.opentelemetry.io/otel/metric/instrument/syncint64.go
+++ /dev/null
@@ -1,85 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package instrument // import "go.opentelemetry.io/otel/metric/instrument"
-
-import (
-	"context"
-
-	"go.opentelemetry.io/otel/attribute"
-)
-
-// Int64Counter is an instrument that records increasing int64 values.
-//
-// Warning: methods may be added to this interface in minor releases.
-type Int64Counter interface {
-	// Add records a change to the counter.
-	Add(ctx context.Context, incr int64, attrs ...attribute.KeyValue)
-
-	Synchronous
-}
-
-// Int64UpDownCounter is an instrument that records increasing or decreasing
-// int64 values.
-//
-// Warning: methods may be added to this interface in minor releases.
-type Int64UpDownCounter interface {
-	// Add records a change to the counter.
-	Add(ctx context.Context, incr int64, attrs ...attribute.KeyValue)
-
-	Synchronous
-}
-
-// Int64Histogram is an instrument that records a distribution of int64
-// values.
-//
-// Warning: methods may be added to this interface in minor releases.
-type Int64Histogram interface {
-	// Record adds an additional value to the distribution.
-	Record(ctx context.Context, incr int64, attrs ...attribute.KeyValue)
-
-	Synchronous
-}
-
-// Int64Config contains options for Synchronous instruments that record int64
-// values.
-type Int64Config struct {
-	description string
-	unit        string
-}
-
-// NewInt64Config returns a new Int64Config with all opts
-// applied.
-func NewInt64Config(opts ...Int64Option) Int64Config {
-	var config Int64Config
-	for _, o := range opts {
-		config = o.applyInt64(config)
-	}
-	return config
-}
-
-// Description returns the Config description.
-func (c Int64Config) Description() string {
-	return c.description
-}
-
-// Unit returns the Config unit.
-func (c Int64Config) Unit() string {
-	return c.unit
-}
-
-// Int64Option applies options to synchronous int64 instruments.
-type Int64Option interface {
-	applyInt64(Int64Config) Int64Config
-}
diff --git a/vendor/go.opentelemetry.io/otel/metric/internal/global/instruments.go b/vendor/go.opentelemetry.io/otel/metric/internal/global/instruments.go
index d1480fa5f..a3b898bfd 100644
--- a/vendor/go.opentelemetry.io/otel/metric/internal/global/instruments.go
+++ b/vendor/go.opentelemetry.io/otel/metric/internal/global/instruments.go
@@ -19,27 +19,27 @@ import (
 	"sync/atomic"
 
 	"go.opentelemetry.io/otel"
-	"go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/metric"
-	"go.opentelemetry.io/otel/metric/instrument"
+	"go.opentelemetry.io/otel/metric/embedded"
 )
 
 // unwrapper unwraps to return the underlying instrument implementation.
 type unwrapper interface {
-	Unwrap() instrument.Asynchronous
+	Unwrap() metric.Observable
 }
 
 type afCounter struct {
-	instrument.Float64Observable
+	embedded.Float64ObservableCounter
+	metric.Float64Observable
 
 	name string
-	opts []instrument.Float64ObserverOption
+	opts []metric.Float64ObservableCounterOption
 
-	delegate atomic.Value //instrument.Float64ObservableCounter
+	delegate atomic.Value //metric.Float64ObservableCounter
 }
 
 var _ unwrapper = (*afCounter)(nil)
-var _ instrument.Float64ObservableCounter = (*afCounter)(nil)
+var _ metric.Float64ObservableCounter = (*afCounter)(nil)
 
 func (i *afCounter) setDelegate(m metric.Meter) {
 	ctr, err := m.Float64ObservableCounter(i.name, i.opts...)
@@ -50,24 +50,25 @@ func (i *afCounter) setDelegate(m metric.Meter) {
 	i.delegate.Store(ctr)
 }
 
-func (i *afCounter) Unwrap() instrument.Asynchronous {
+func (i *afCounter) Unwrap() metric.Observable {
 	if ctr := i.delegate.Load(); ctr != nil {
-		return ctr.(instrument.Float64ObservableCounter)
+		return ctr.(metric.Float64ObservableCounter)
 	}
 	return nil
 }
 
 type afUpDownCounter struct {
-	instrument.Float64Observable
+	embedded.Float64ObservableUpDownCounter
+	metric.Float64Observable
 
 	name string
-	opts []instrument.Float64ObserverOption
+	opts []metric.Float64ObservableUpDownCounterOption
 
-	delegate atomic.Value //instrument.Float64ObservableUpDownCounter
+	delegate atomic.Value //metric.Float64ObservableUpDownCounter
 }
 
 var _ unwrapper = (*afUpDownCounter)(nil)
-var _ instrument.Float64ObservableUpDownCounter = (*afUpDownCounter)(nil)
+var _ metric.Float64ObservableUpDownCounter = (*afUpDownCounter)(nil)
 
 func (i *afUpDownCounter) setDelegate(m metric.Meter) {
 	ctr, err := m.Float64ObservableUpDownCounter(i.name, i.opts...)
@@ -78,24 +79,25 @@ func (i *afUpDownCounter) setDelegate(m metric.Meter) {
 	i.delegate.Store(ctr)
 }
 
-func (i *afUpDownCounter) Unwrap() instrument.Asynchronous {
+func (i *afUpDownCounter) Unwrap() metric.Observable {
 	if ctr := i.delegate.Load(); ctr != nil {
-		return ctr.(instrument.Float64ObservableUpDownCounter)
+		return ctr.(metric.Float64ObservableUpDownCounter)
 	}
 	return nil
 }
 
 type afGauge struct {
-	instrument.Float64Observable
+	embedded.Float64ObservableGauge
+	metric.Float64Observable
 
 	name string
-	opts []instrument.Float64ObserverOption
+	opts []metric.Float64ObservableGaugeOption
 
-	delegate atomic.Value //instrument.Float64ObservableGauge
+	delegate atomic.Value //metric.Float64ObservableGauge
 }
 
 var _ unwrapper = (*afGauge)(nil)
-var _ instrument.Float64ObservableGauge = (*afGauge)(nil)
+var _ metric.Float64ObservableGauge = (*afGauge)(nil)
 
 func (i *afGauge) setDelegate(m metric.Meter) {
 	ctr, err := m.Float64ObservableGauge(i.name, i.opts...)
@@ -106,24 +108,25 @@ func (i *afGauge) setDelegate(m metric.Meter) {
 	i.delegate.Store(ctr)
 }
 
-func (i *afGauge) Unwrap() instrument.Asynchronous {
+func (i *afGauge) Unwrap() metric.Observable {
 	if ctr := i.delegate.Load(); ctr != nil {
-		return ctr.(instrument.Float64ObservableGauge)
+		return ctr.(metric.Float64ObservableGauge)
 	}
 	return nil
 }
 
 type aiCounter struct {
-	instrument.Int64Observable
+	embedded.Int64ObservableCounter
+	metric.Int64Observable
 
 	name string
-	opts []instrument.Int64ObserverOption
+	opts []metric.Int64ObservableCounterOption
 
-	delegate atomic.Value //instrument.Int64ObservableCounter
+	delegate atomic.Value //metric.Int64ObservableCounter
 }
 
 var _ unwrapper = (*aiCounter)(nil)
-var _ instrument.Int64ObservableCounter = (*aiCounter)(nil)
+var _ metric.Int64ObservableCounter = (*aiCounter)(nil)
 
 func (i *aiCounter) setDelegate(m metric.Meter) {
 	ctr, err := m.Int64ObservableCounter(i.name, i.opts...)
@@ -134,24 +137,25 @@ func (i *aiCounter) setDelegate(m metric.Meter) {
 	i.delegate.Store(ctr)
 }
 
-func (i *aiCounter) Unwrap() instrument.Asynchronous {
+func (i *aiCounter) Unwrap() metric.Observable {
 	if ctr := i.delegate.Load(); ctr != nil {
-		return ctr.(instrument.Int64ObservableCounter)
+		return ctr.(metric.Int64ObservableCounter)
 	}
 	return nil
 }
 
 type aiUpDownCounter struct {
-	instrument.Int64Observable
+	embedded.Int64ObservableUpDownCounter
+	metric.Int64Observable
 
 	name string
-	opts []instrument.Int64ObserverOption
+	opts []metric.Int64ObservableUpDownCounterOption
 
-	delegate atomic.Value //instrument.Int64ObservableUpDownCounter
+	delegate atomic.Value //metric.Int64ObservableUpDownCounter
 }
 
 var _ unwrapper = (*aiUpDownCounter)(nil)
-var _ instrument.Int64ObservableUpDownCounter = (*aiUpDownCounter)(nil)
+var _ metric.Int64ObservableUpDownCounter = (*aiUpDownCounter)(nil)
 
 func (i *aiUpDownCounter) setDelegate(m metric.Meter) {
 	ctr, err := m.Int64ObservableUpDownCounter(i.name, i.opts...)
@@ -162,24 +166,25 @@ func (i *aiUpDownCounter) setDelegate(m metric.Meter) {
 	i.delegate.Store(ctr)
 }
 
-func (i *aiUpDownCounter) Unwrap() instrument.Asynchronous {
+func (i *aiUpDownCounter) Unwrap() metric.Observable {
 	if ctr := i.delegate.Load(); ctr != nil {
-		return ctr.(instrument.Int64ObservableUpDownCounter)
+		return ctr.(metric.Int64ObservableUpDownCounter)
 	}
 	return nil
 }
 
 type aiGauge struct {
-	instrument.Int64Observable
+	embedded.Int64ObservableGauge
+	metric.Int64Observable
 
 	name string
-	opts []instrument.Int64ObserverOption
+	opts []metric.Int64ObservableGaugeOption
 
-	delegate atomic.Value //instrument.Int64ObservableGauge
+	delegate atomic.Value //metric.Int64ObservableGauge
 }
 
 var _ unwrapper = (*aiGauge)(nil)
-var _ instrument.Int64ObservableGauge = (*aiGauge)(nil)
+var _ metric.Int64ObservableGauge = (*aiGauge)(nil)
 
 func (i *aiGauge) setDelegate(m metric.Meter) {
 	ctr, err := m.Int64ObservableGauge(i.name, i.opts...)
@@ -190,24 +195,24 @@ func (i *aiGauge) setDelegate(m metric.Meter) {
 	i.delegate.Store(ctr)
 }
 
-func (i *aiGauge) Unwrap() instrument.Asynchronous {
+func (i *aiGauge) Unwrap() metric.Observable {
 	if ctr := i.delegate.Load(); ctr != nil {
-		return ctr.(instrument.Int64ObservableGauge)
+		return ctr.(metric.Int64ObservableGauge)
 	}
 	return nil
 }
 
 // Sync Instruments.
 type sfCounter struct {
+	embedded.Float64Counter
+
 	name string
-	opts []instrument.Float64Option
+	opts []metric.Float64CounterOption
 
-	delegate atomic.Value //instrument.Float64Counter
-
-	instrument.Synchronous
+	delegate atomic.Value //metric.Float64Counter
 }
 
-var _ instrument.Float64Counter = (*sfCounter)(nil)
+var _ metric.Float64Counter = (*sfCounter)(nil)
 
 func (i *sfCounter) setDelegate(m metric.Meter) {
 	ctr, err := m.Float64Counter(i.name, i.opts...)
@@ -218,22 +223,22 @@ func (i *sfCounter) setDelegate(m metric.Meter) {
 	i.delegate.Store(ctr)
 }
 
-func (i *sfCounter) Add(ctx context.Context, incr float64, attrs ...attribute.KeyValue) {
+func (i *sfCounter) Add(ctx context.Context, incr float64, opts ...metric.AddOption) {
 	if ctr := i.delegate.Load(); ctr != nil {
-		ctr.(instrument.Float64Counter).Add(ctx, incr, attrs...)
+		ctr.(metric.Float64Counter).Add(ctx, incr, opts...)
 	}
 }
 
 type sfUpDownCounter struct {
+	embedded.Float64UpDownCounter
+
 	name string
-	opts []instrument.Float64Option
+	opts []metric.Float64UpDownCounterOption
 
-	delegate atomic.Value //instrument.Float64UpDownCounter
-
-	instrument.Synchronous
+	delegate atomic.Value //metric.Float64UpDownCounter
 }
 
-var _ instrument.Float64UpDownCounter = (*sfUpDownCounter)(nil)
+var _ metric.Float64UpDownCounter = (*sfUpDownCounter)(nil)
 
 func (i *sfUpDownCounter) setDelegate(m metric.Meter) {
 	ctr, err := m.Float64UpDownCounter(i.name, i.opts...)
@@ -244,22 +249,22 @@ func (i *sfUpDownCounter) setDelegate(m metric.Meter) {
 	i.delegate.Store(ctr)
 }
 
-func (i *sfUpDownCounter) Add(ctx context.Context, incr float64, attrs ...attribute.KeyValue) {
+func (i *sfUpDownCounter) Add(ctx context.Context, incr float64, opts ...metric.AddOption) {
 	if ctr := i.delegate.Load(); ctr != nil {
-		ctr.(instrument.Float64UpDownCounter).Add(ctx, incr, attrs...)
+		ctr.(metric.Float64UpDownCounter).Add(ctx, incr, opts...)
 	}
 }
 
 type sfHistogram struct {
+	embedded.Float64Histogram
+
 	name string
-	opts []instrument.Float64Option
+	opts []metric.Float64HistogramOption
 
-	delegate atomic.Value //instrument.Float64Histogram
-
-	instrument.Synchronous
+	delegate atomic.Value //metric.Float64Histogram
 }
 
-var _ instrument.Float64Histogram = (*sfHistogram)(nil)
+var _ metric.Float64Histogram = (*sfHistogram)(nil)
 
 func (i *sfHistogram) setDelegate(m metric.Meter) {
 	ctr, err := m.Float64Histogram(i.name, i.opts...)
@@ -270,22 +275,22 @@ func (i *sfHistogram) setDelegate(m metric.Meter) {
 	i.delegate.Store(ctr)
 }
 
-func (i *sfHistogram) Record(ctx context.Context, x float64, attrs ...attribute.KeyValue) {
+func (i *sfHistogram) Record(ctx context.Context, x float64, opts ...metric.RecordOption) {
 	if ctr := i.delegate.Load(); ctr != nil {
-		ctr.(instrument.Float64Histogram).Record(ctx, x, attrs...)
+		ctr.(metric.Float64Histogram).Record(ctx, x, opts...)
 	}
 }
 
 type siCounter struct {
+	embedded.Int64Counter
+
 	name string
-	opts []instrument.Int64Option
+	opts []metric.Int64CounterOption
 
-	delegate atomic.Value //instrument.Int64Counter
-
-	instrument.Synchronous
+	delegate atomic.Value //metric.Int64Counter
 }
 
-var _ instrument.Int64Counter = (*siCounter)(nil)
+var _ metric.Int64Counter = (*siCounter)(nil)
 
 func (i *siCounter) setDelegate(m metric.Meter) {
 	ctr, err := m.Int64Counter(i.name, i.opts...)
@@ -296,22 +301,22 @@ func (i *siCounter) setDelegate(m metric.Meter) {
 	i.delegate.Store(ctr)
 }
 
-func (i *siCounter) Add(ctx context.Context, x int64, attrs ...attribute.KeyValue) {
+func (i *siCounter) Add(ctx context.Context, x int64, opts ...metric.AddOption) {
 	if ctr := i.delegate.Load(); ctr != nil {
-		ctr.(instrument.Int64Counter).Add(ctx, x, attrs...)
+		ctr.(metric.Int64Counter).Add(ctx, x, opts...)
 	}
 }
 
 type siUpDownCounter struct {
+	embedded.Int64UpDownCounter
+
 	name string
-	opts []instrument.Int64Option
+	opts []metric.Int64UpDownCounterOption
 
-	delegate atomic.Value //instrument.Int64UpDownCounter
-
-	instrument.Synchronous
+	delegate atomic.Value //metric.Int64UpDownCounter
 }
 
-var _ instrument.Int64UpDownCounter = (*siUpDownCounter)(nil)
+var _ metric.Int64UpDownCounter = (*siUpDownCounter)(nil)
 
 func (i *siUpDownCounter) setDelegate(m metric.Meter) {
 	ctr, err := m.Int64UpDownCounter(i.name, i.opts...)
@@ -322,22 +327,22 @@ func (i *siUpDownCounter) setDelegate(m metric.Meter) {
 	i.delegate.Store(ctr)
 }
 
-func (i *siUpDownCounter) Add(ctx context.Context, x int64, attrs ...attribute.KeyValue) {
+func (i *siUpDownCounter) Add(ctx context.Context, x int64, opts ...metric.AddOption) {
 	if ctr := i.delegate.Load(); ctr != nil {
-		ctr.(instrument.Int64UpDownCounter).Add(ctx, x, attrs...)
+		ctr.(metric.Int64UpDownCounter).Add(ctx, x, opts...)
 	}
 }
 
 type siHistogram struct {
+	embedded.Int64Histogram
+
 	name string
-	opts []instrument.Int64Option
+	opts []metric.Int64HistogramOption
 
-	delegate atomic.Value //instrument.Int64Histogram
-
-	instrument.Synchronous
+	delegate atomic.Value //metric.Int64Histogram
 }
 
-var _ instrument.Int64Histogram = (*siHistogram)(nil)
+var _ metric.Int64Histogram = (*siHistogram)(nil)
 
 func (i *siHistogram) setDelegate(m metric.Meter) {
 	ctr, err := m.Int64Histogram(i.name, i.opts...)
@@ -348,8 +353,8 @@ func (i *siHistogram) setDelegate(m metric.Meter) {
 	i.delegate.Store(ctr)
 }
 
-func (i *siHistogram) Record(ctx context.Context, x int64, attrs ...attribute.KeyValue) {
+func (i *siHistogram) Record(ctx context.Context, x int64, opts ...metric.RecordOption) {
 	if ctr := i.delegate.Load(); ctr != nil {
-		ctr.(instrument.Int64Histogram).Record(ctx, x, attrs...)
+		ctr.(metric.Int64Histogram).Record(ctx, x, opts...)
 	}
 }
diff --git a/vendor/go.opentelemetry.io/otel/metric/internal/global/meter.go b/vendor/go.opentelemetry.io/otel/metric/internal/global/meter.go
index 8acf63286..a00b99085 100644
--- a/vendor/go.opentelemetry.io/otel/metric/internal/global/meter.go
+++ b/vendor/go.opentelemetry.io/otel/metric/internal/global/meter.go
@@ -21,7 +21,7 @@ import (
 
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/metric"
-	"go.opentelemetry.io/otel/metric/instrument"
+	"go.opentelemetry.io/otel/metric/embedded"
 )
 
 // meterProvider is a placeholder for a configured SDK MeterProvider.
@@ -29,6 +29,8 @@ import (
 // All MeterProvider functionality is forwarded to a delegate once
 // configured.
 type meterProvider struct {
+	embedded.MeterProvider
+
 	mtx    sync.Mutex
 	meters map[il]*meter
 
@@ -100,6 +102,8 @@ func (p *meterProvider) Meter(name string, opts ...metric.MeterOption) metric.Me
 // All Meter functionality is forwarded to a delegate once configured.
 // Otherwise, all functionality is forwarded to a NoopMeter.
 type meter struct {
+	embedded.Meter
+
 	name string
 	opts []metric.MeterOption
 
@@ -142,7 +146,7 @@ func (m *meter) setDelegate(provider metric.MeterProvider) {
 	m.registry.Init()
 }
 
-func (m *meter) Int64Counter(name string, options ...instrument.Int64Option) (instrument.Int64Counter, error) {
+func (m *meter) Int64Counter(name string, options ...metric.Int64CounterOption) (metric.Int64Counter, error) {
 	if del, ok := m.delegate.Load().(metric.Meter); ok {
 		return del.Int64Counter(name, options...)
 	}
@@ -153,7 +157,7 @@ func (m *meter) Int64Counter(name string, options ...instrument.Int64Option) (in
 	return i, nil
 }
 
-func (m *meter) Int64UpDownCounter(name string, options ...instrument.Int64Option) (instrument.Int64UpDownCounter, error) {
+func (m *meter) Int64UpDownCounter(name string, options ...metric.Int64UpDownCounterOption) (metric.Int64UpDownCounter, error) {
 	if del, ok := m.delegate.Load().(metric.Meter); ok {
 		return del.Int64UpDownCounter(name, options...)
 	}
@@ -164,7 +168,7 @@ func (m *meter) Int64UpDownCounter(name string, options ...instrument.Int64Optio
 	return i, nil
 }
 
-func (m *meter) Int64Histogram(name string, options ...instrument.Int64Option) (instrument.Int64Histogram, error) {
+func (m *meter) Int64Histogram(name string, options ...metric.Int64HistogramOption) (metric.Int64Histogram, error) {
 	if del, ok := m.delegate.Load().(metric.Meter); ok {
 		return del.Int64Histogram(name, options...)
 	}
@@ -175,7 +179,7 @@ func (m *meter) Int64Histogram(name string, options ...instrument.Int64Option) (
 	return i, nil
 }
 
-func (m *meter) Int64ObservableCounter(name string, options ...instrument.Int64ObserverOption) (instrument.Int64ObservableCounter, error) {
+func (m *meter) Int64ObservableCounter(name string, options ...metric.Int64ObservableCounterOption) (metric.Int64ObservableCounter, error) {
 	if del, ok := m.delegate.Load().(metric.Meter); ok {
 		return del.Int64ObservableCounter(name, options...)
 	}
@@ -186,7 +190,7 @@ func (m *meter) Int64ObservableCounter(name string, options ...instrument.Int64O
 	return i, nil
 }
 
-func (m *meter) Int64ObservableUpDownCounter(name string, options ...instrument.Int64ObserverOption) (instrument.Int64ObservableUpDownCounter, error) {
+func (m *meter) Int64ObservableUpDownCounter(name string, options ...metric.Int64ObservableUpDownCounterOption) (metric.Int64ObservableUpDownCounter, error) {
 	if del, ok := m.delegate.Load().(metric.Meter); ok {
 		return del.Int64ObservableUpDownCounter(name, options...)
 	}
@@ -197,7 +201,7 @@ func (m *meter) Int64ObservableUpDownCounter(name string, options ...instrument.
 	return i, nil
 }
 
-func (m *meter) Int64ObservableGauge(name string, options ...instrument.Int64ObserverOption) (instrument.Int64ObservableGauge, error) {
+func (m *meter) Int64ObservableGauge(name string, options ...metric.Int64ObservableGaugeOption) (metric.Int64ObservableGauge, error) {
 	if del, ok := m.delegate.Load().(metric.Meter); ok {
 		return del.Int64ObservableGauge(name, options...)
 	}
@@ -208,7 +212,7 @@ func (m *meter) Int64ObservableGauge(name string, options ...instrument.Int64Obs
 	return i, nil
 }
 
-func (m *meter) Float64Counter(name string, options ...instrument.Float64Option) (instrument.Float64Counter, error) {
+func (m *meter) Float64Counter(name string, options ...metric.Float64CounterOption) (metric.Float64Counter, error) {
 	if del, ok := m.delegate.Load().(metric.Meter); ok {
 		return del.Float64Counter(name, options...)
 	}
@@ -219,7 +223,7 @@ func (m *meter) Float64Counter(name string, options ...instrument.Float64Option)
 	return i, nil
 }
 
-func (m *meter) Float64UpDownCounter(name string, options ...instrument.Float64Option) (instrument.Float64UpDownCounter, error) {
+func (m *meter) Float64UpDownCounter(name string, options ...metric.Float64UpDownCounterOption) (metric.Float64UpDownCounter, error) {
 	if del, ok := m.delegate.Load().(metric.Meter); ok {
 		return del.Float64UpDownCounter(name, options...)
 	}
@@ -230,7 +234,7 @@ func (m *meter) Float64UpDownCounter(name string, options ...instrument.Float64O
 	return i, nil
 }
 
-func (m *meter) Float64Histogram(name string, options ...instrument.Float64Option) (instrument.Float64Histogram, error) {
+func (m *meter) Float64Histogram(name string, options ...metric.Float64HistogramOption) (metric.Float64Histogram, error) {
 	if del, ok := m.delegate.Load().(metric.Meter); ok {
 		return del.Float64Histogram(name, options...)
 	}
@@ -241,7 +245,7 @@ func (m *meter) Float64Histogram(name string, options ...instrument.Float64Optio
 	return i, nil
 }
 
-func (m *meter) Float64ObservableCounter(name string, options ...instrument.Float64ObserverOption) (instrument.Float64ObservableCounter, error) {
+func (m *meter) Float64ObservableCounter(name string, options ...metric.Float64ObservableCounterOption) (metric.Float64ObservableCounter, error) {
 	if del, ok := m.delegate.Load().(metric.Meter); ok {
 		return del.Float64ObservableCounter(name, options...)
 	}
@@ -252,7 +256,7 @@ func (m *meter) Float64ObservableCounter(name string, options ...instrument.Floa
 	return i, nil
 }
 
-func (m *meter) Float64ObservableUpDownCounter(name string, options ...instrument.Float64ObserverOption) (instrument.Float64ObservableUpDownCounter, error) {
+func (m *meter) Float64ObservableUpDownCounter(name string, options ...metric.Float64ObservableUpDownCounterOption) (metric.Float64ObservableUpDownCounter, error) {
 	if del, ok := m.delegate.Load().(metric.Meter); ok {
 		return del.Float64ObservableUpDownCounter(name, options...)
 	}
@@ -263,7 +267,7 @@ func (m *meter) Float64ObservableUpDownCounter(name string, options ...instrumen
 	return i, nil
 }
 
-func (m *meter) Float64ObservableGauge(name string, options ...instrument.Float64ObserverOption) (instrument.Float64ObservableGauge, error) {
+func (m *meter) Float64ObservableGauge(name string, options ...metric.Float64ObservableGaugeOption) (metric.Float64ObservableGauge, error) {
 	if del, ok := m.delegate.Load().(metric.Meter); ok {
 		return del.Float64ObservableGauge(name, options...)
 	}
@@ -275,7 +279,7 @@ func (m *meter) Float64ObservableGauge(name string, options ...instrument.Float6
 }
 
 // RegisterCallback captures the function that will be called during Collect.
-func (m *meter) RegisterCallback(f metric.Callback, insts ...instrument.Asynchronous) (metric.Registration, error) {
+func (m *meter) RegisterCallback(f metric.Callback, insts ...metric.Observable) (metric.Registration, error) {
 	if del, ok := m.delegate.Load().(metric.Meter); ok {
 		insts = unwrapInstruments(insts)
 		return del.RegisterCallback(f, insts...)
@@ -296,11 +300,11 @@ func (m *meter) RegisterCallback(f metric.Callback, insts ...instrument.Asynchro
 }
 
 type wrapped interface {
-	unwrap() instrument.Asynchronous
+	unwrap() metric.Observable
 }
 
-func unwrapInstruments(instruments []instrument.Asynchronous) []instrument.Asynchronous {
-	out := make([]instrument.Asynchronous, 0, len(instruments))
+func unwrapInstruments(instruments []metric.Observable) []metric.Observable {
+	out := make([]metric.Observable, 0, len(instruments))
 
 	for _, inst := range instruments {
 		if in, ok := inst.(wrapped); ok {
@@ -314,7 +318,9 @@ func unwrapInstruments(instruments []instrument.Asynchronous) []instrument.Async
 }
 
 type registration struct {
-	instruments []instrument.Asynchronous
+	embedded.Registration
+
+	instruments []metric.Observable
 	function    metric.Callback
 
 	unreg   func() error
diff --git a/vendor/go.opentelemetry.io/otel/metric/meter.go b/vendor/go.opentelemetry.io/otel/metric/meter.go
index 2f69d2ae5..1d60cf57a 100644
--- a/vendor/go.opentelemetry.io/otel/metric/meter.go
+++ b/vendor/go.opentelemetry.io/otel/metric/meter.go
@@ -17,80 +17,91 @@ package metric // import "go.opentelemetry.io/otel/metric"
 import (
 	"context"
 
-	"go.opentelemetry.io/otel/attribute"
-	"go.opentelemetry.io/otel/metric/instrument"
+	"go.opentelemetry.io/otel/metric/embedded"
 )
 
 // MeterProvider provides access to named Meter instances, for instrumenting
-// an application or library.
+// an application or package.
 //
-// Warning: methods may be added to this interface in minor releases.
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
 type MeterProvider interface {
-	// Meter creates an instance of a `Meter` interface. The name must be the
-	// name of the library providing instrumentation. This name may be the same
-	// as the instrumented code only if that code provides built-in
-	// instrumentation. If the name is empty, then a implementation defined
-	// default name will be used instead.
+	embedded.MeterProvider
+
+	// Meter returns a new Meter with the provided name and configuration.
+	//
+	// A Meter should be scoped at most to a single package. The name needs to
+	// be unique so it does not collide with other names used by
+	// an application, nor other applications. To achieve this, the import path
+	// of the instrumentation package is recommended to be used as name.
+	//
+	// If the name is empty, then an implementation defined default name will
+	// be used instead.
 	Meter(name string, opts ...MeterOption) Meter
 }
 
 // Meter provides access to instrument instances for recording metrics.
 //
-// Warning: methods may be added to this interface in minor releases.
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
 type Meter interface {
+	embedded.Meter
+
 	// Int64Counter returns a new instrument identified by name and configured
 	// with options. The instrument is used to synchronously record increasing
 	// int64 measurements during a computational operation.
-	Int64Counter(name string, options ...instrument.Int64Option) (instrument.Int64Counter, error)
+	Int64Counter(name string, options ...Int64CounterOption) (Int64Counter, error)
 	// Int64UpDownCounter returns a new instrument identified by name and
 	// configured with options. The instrument is used to synchronously record
 	// int64 measurements during a computational operation.
-	Int64UpDownCounter(name string, options ...instrument.Int64Option) (instrument.Int64UpDownCounter, error)
+	Int64UpDownCounter(name string, options ...Int64UpDownCounterOption) (Int64UpDownCounter, error)
 	// Int64Histogram returns a new instrument identified by name and
 	// configured with options. The instrument is used to synchronously record
 	// the distribution of int64 measurements during a computational operation.
-	Int64Histogram(name string, options ...instrument.Int64Option) (instrument.Int64Histogram, error)
+	Int64Histogram(name string, options ...Int64HistogramOption) (Int64Histogram, error)
 	// Int64ObservableCounter returns a new instrument identified by name and
 	// configured with options. The instrument is used to asynchronously record
 	// increasing int64 measurements once per a measurement collection cycle.
-	Int64ObservableCounter(name string, options ...instrument.Int64ObserverOption) (instrument.Int64ObservableCounter, error)
+	Int64ObservableCounter(name string, options ...Int64ObservableCounterOption) (Int64ObservableCounter, error)
 	// Int64ObservableUpDownCounter returns a new instrument identified by name
 	// and configured with options. The instrument is used to asynchronously
 	// record int64 measurements once per a measurement collection cycle.
-	Int64ObservableUpDownCounter(name string, options ...instrument.Int64ObserverOption) (instrument.Int64ObservableUpDownCounter, error)
+	Int64ObservableUpDownCounter(name string, options ...Int64ObservableUpDownCounterOption) (Int64ObservableUpDownCounter, error)
 	// Int64ObservableGauge returns a new instrument identified by name and
 	// configured with options. The instrument is used to asynchronously record
 	// instantaneous int64 measurements once per a measurement collection
 	// cycle.
-	Int64ObservableGauge(name string, options ...instrument.Int64ObserverOption) (instrument.Int64ObservableGauge, error)
+	Int64ObservableGauge(name string, options ...Int64ObservableGaugeOption) (Int64ObservableGauge, error)
 
 	// Float64Counter returns a new instrument identified by name and
 	// configured with options. The instrument is used to synchronously record
 	// increasing float64 measurements during a computational operation.
-	Float64Counter(name string, options ...instrument.Float64Option) (instrument.Float64Counter, error)
+	Float64Counter(name string, options ...Float64CounterOption) (Float64Counter, error)
 	// Float64UpDownCounter returns a new instrument identified by name and
 	// configured with options. The instrument is used to synchronously record
 	// float64 measurements during a computational operation.
-	Float64UpDownCounter(name string, options ...instrument.Float64Option) (instrument.Float64UpDownCounter, error)
+	Float64UpDownCounter(name string, options ...Float64UpDownCounterOption) (Float64UpDownCounter, error)
 	// Float64Histogram returns a new instrument identified by name and
 	// configured with options. The instrument is used to synchronously record
 	// the distribution of float64 measurements during a computational
 	// operation.
-	Float64Histogram(name string, options ...instrument.Float64Option) (instrument.Float64Histogram, error)
+	Float64Histogram(name string, options ...Float64HistogramOption) (Float64Histogram, error)
 	// Float64ObservableCounter returns a new instrument identified by name and
 	// configured with options. The instrument is used to asynchronously record
 	// increasing float64 measurements once per a measurement collection cycle.
-	Float64ObservableCounter(name string, options ...instrument.Float64ObserverOption) (instrument.Float64ObservableCounter, error)
+	Float64ObservableCounter(name string, options ...Float64ObservableCounterOption) (Float64ObservableCounter, error)
 	// Float64ObservableUpDownCounter returns a new instrument identified by
 	// name and configured with options. The instrument is used to
 	// asynchronously record float64 measurements once per a measurement
 	// collection cycle.
-	Float64ObservableUpDownCounter(name string, options ...instrument.Float64ObserverOption) (instrument.Float64ObservableUpDownCounter, error)
+	Float64ObservableUpDownCounter(name string, options ...Float64ObservableUpDownCounterOption) (Float64ObservableUpDownCounter, error)
 	// Float64ObservableGauge returns a new instrument identified by name and
 	// configured with options. The instrument is used to asynchronously record
 	// instantaneous float64 measurements once per a measurement collection
 	// cycle.
-	Float64ObservableGauge(name string, options ...instrument.Float64ObserverOption) (instrument.Float64ObservableGauge, error)
+	Float64ObservableGauge(name string, options ...Float64ObservableGaugeOption) (Float64ObservableGauge, error)
 
 	// RegisterCallback registers f to be called during the collection of a
 	// measurement cycle.
@@ -103,12 +114,12 @@ type Meter interface {
 	//
 	// If no instruments are passed, f should not be registered nor called
 	// during collection.
-	RegisterCallback(f Callback, instruments ...instrument.Asynchronous) (Registration, error)
+	RegisterCallback(f Callback, instruments ...Observable) (Registration, error)
 }
 
 // Callback is a function registered with a Meter that makes observations for
 // the set of instruments it is registered with. The Observer parameter is used
-// to record measurment observations for these instruments.
+// to record measurement observations for these instruments.
 //
 // The function needs to complete in a finite amount of time and the deadline
 // of the passed context is expected to be honored.
@@ -121,16 +132,28 @@ type Meter interface {
 type Callback func(context.Context, Observer) error
 
 // Observer records measurements for multiple instruments in a Callback.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
 type Observer interface {
-	// ObserveFloat64 records the float64 value with attributes for obsrv.
-	ObserveFloat64(obsrv instrument.Float64Observable, value float64, attributes ...attribute.KeyValue)
-	// ObserveInt64 records the int64 value with attributes for obsrv.
-	ObserveInt64(obsrv instrument.Int64Observable, value int64, attributes ...attribute.KeyValue)
+	embedded.Observer
+
+	// ObserveFloat64 records the float64 value for obsrv.
+	ObserveFloat64(obsrv Float64Observable, value float64, opts ...ObserveOption)
+	// ObserveInt64 records the int64 value for obsrv.
+	ObserveInt64(obsrv Int64Observable, value int64, opts ...ObserveOption)
 }
 
 // Registration is an token representing the unique registration of a callback
 // for a set of instruments with a Meter.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// package documentation on API implementation for information on how to set
+// default behavior for unimplemented methods.
 type Registration interface {
+	embedded.Registration
+
 	// Unregister removes the callback registration from a Meter.
 	//
 	// This method needs to be idempotent and concurrent safe.
diff --git a/vendor/go.opentelemetry.io/otel/metric/noop.go b/vendor/go.opentelemetry.io/otel/metric/noop.go
deleted file mode 100644
index f38619e39..000000000
--- a/vendor/go.opentelemetry.io/otel/metric/noop.go
+++ /dev/null
@@ -1,143 +0,0 @@
-// Copyright The OpenTelemetry Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package metric // import "go.opentelemetry.io/otel/metric"
-
-import (
-	"context"
-
-	"go.opentelemetry.io/otel/attribute"
-	"go.opentelemetry.io/otel/metric/instrument"
-)
-
-// NewNoopMeterProvider creates a MeterProvider that does not record any metrics.
-func NewNoopMeterProvider() MeterProvider {
-	return noopMeterProvider{}
-}
-
-type noopMeterProvider struct{}
-
-func (noopMeterProvider) Meter(string, ...MeterOption) Meter {
-	return noopMeter{}
-}
-
-// NewNoopMeter creates a Meter that does not record any metrics.
-func NewNoopMeter() Meter {
-	return noopMeter{}
-}
-
-type noopMeter struct{}
-
-func (noopMeter) Int64Counter(string, ...instrument.Int64Option) (instrument.Int64Counter, error) {
-	return nonrecordingSyncInt64Instrument{}, nil
-}
-
-func (noopMeter) Int64UpDownCounter(string, ...instrument.Int64Option) (instrument.Int64UpDownCounter, error) {
-	return nonrecordingSyncInt64Instrument{}, nil
-}
-
-func (noopMeter) Int64Histogram(string, ...instrument.Int64Option) (instrument.Int64Histogram, error) {
-	return nonrecordingSyncInt64Instrument{}, nil
-}
-
-func (noopMeter) Int64ObservableCounter(string, ...instrument.Int64ObserverOption) (instrument.Int64ObservableCounter, error) {
-	return nonrecordingAsyncInt64Instrument{}, nil
-}
-
-func (noopMeter) Int64ObservableUpDownCounter(string, ...instrument.Int64ObserverOption) (instrument.Int64ObservableUpDownCounter, error) {
-	return nonrecordingAsyncInt64Instrument{}, nil
-}
-
-func (noopMeter) Int64ObservableGauge(string, ...instrument.Int64ObserverOption) (instrument.Int64ObservableGauge, error) {
-	return nonrecordingAsyncInt64Instrument{}, nil
-}
-
-func (noopMeter) Float64Counter(string, ...instrument.Float64Option) (instrument.Float64Counter, error) {
-	return nonrecordingSyncFloat64Instrument{}, nil
-}
-
-func (noopMeter) Float64UpDownCounter(string, ...instrument.Float64Option) (instrument.Float64UpDownCounter, error) {
-	return nonrecordingSyncFloat64Instrument{}, nil
-}
-
-func (noopMeter) Float64Histogram(string, ...instrument.Float64Option) (instrument.Float64Histogram, error) {
-	return nonrecordingSyncFloat64Instrument{}, nil
-}
-
-func (noopMeter) Float64ObservableCounter(string, ...instrument.Float64ObserverOption) (instrument.Float64ObservableCounter, error) {
-	return nonrecordingAsyncFloat64Instrument{}, nil
-}
-
-func (noopMeter) Float64ObservableUpDownCounter(string, ...instrument.Float64ObserverOption) (instrument.Float64ObservableUpDownCounter, error) {
-	return nonrecordingAsyncFloat64Instrument{}, nil
-}
-
-func (noopMeter) Float64ObservableGauge(string, ...instrument.Float64ObserverOption) (instrument.Float64ObservableGauge, error) {
-	return nonrecordingAsyncFloat64Instrument{}, nil
-}
-
-// RegisterCallback creates a register callback that does not record any metrics.
-func (noopMeter) RegisterCallback(Callback, ...instrument.Asynchronous) (Registration, error) {
-	return noopReg{}, nil
-}
-
-type noopReg struct{}
-
-func (noopReg) Unregister() error { return nil }
-
-type nonrecordingAsyncFloat64Instrument struct {
-	instrument.Float64Observable
-}
-
-var (
-	_ instrument.Float64ObservableCounter       = nonrecordingAsyncFloat64Instrument{}
-	_ instrument.Float64ObservableUpDownCounter = nonrecordingAsyncFloat64Instrument{}
-	_ instrument.Float64ObservableGauge         = nonrecordingAsyncFloat64Instrument{}
-)
-
-type nonrecordingAsyncInt64Instrument struct {
-	instrument.Int64Observable
-}
-
-var (
-	_ instrument.Int64ObservableCounter       = nonrecordingAsyncInt64Instrument{}
-	_ instrument.Int64ObservableUpDownCounter = nonrecordingAsyncInt64Instrument{}
-	_ instrument.Int64ObservableGauge         = nonrecordingAsyncInt64Instrument{}
-)
-
-type nonrecordingSyncFloat64Instrument struct {
-	instrument.Synchronous
-}
-
-var (
-	_ instrument.Float64Counter       = nonrecordingSyncFloat64Instrument{}
-	_ instrument.Float64UpDownCounter = nonrecordingSyncFloat64Instrument{}
-	_ instrument.Float64Histogram     = nonrecordingSyncFloat64Instrument{}
-)
-
-func (nonrecordingSyncFloat64Instrument) Add(context.Context, float64, ...attribute.KeyValue)    {}
-func (nonrecordingSyncFloat64Instrument) Record(context.Context, float64, ...attribute.KeyValue) {}
-
-type nonrecordingSyncInt64Instrument struct {
-	instrument.Synchronous
-}
-
-var (
-	_ instrument.Int64Counter       = nonrecordingSyncInt64Instrument{}
-	_ instrument.Int64UpDownCounter = nonrecordingSyncInt64Instrument{}
-	_ instrument.Int64Histogram     = nonrecordingSyncInt64Instrument{}
-)
-
-func (nonrecordingSyncInt64Instrument) Add(context.Context, int64, ...attribute.KeyValue)    {}
-func (nonrecordingSyncInt64Instrument) Record(context.Context, int64, ...attribute.KeyValue) {}
diff --git a/vendor/go.opentelemetry.io/otel/metric/syncfloat64.go b/vendor/go.opentelemetry.io/otel/metric/syncfloat64.go
new file mode 100644
index 000000000..0b2023c35
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/metric/syncfloat64.go
@@ -0,0 +1,162 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metric // import "go.opentelemetry.io/otel/metric"
+
+import (
+	"context"
+
+	"go.opentelemetry.io/otel/metric/embedded"
+)
+
+// Float64Counter is an instrument that records increasing float64 values.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// [go.opentelemetry.io/otel/metric] package documentation on API
+// implementation for information on how to set default behavior for
+// unimplemented methods.
+type Float64Counter interface {
+	embedded.Float64Counter
+
+	// Add records a change to the counter.
+	Add(ctx context.Context, incr float64, opts ...AddOption)
+}
+
+// Float64CounterConfig contains options for synchronous counter instruments that
+// record int64 values.
+type Float64CounterConfig struct {
+	description string
+	unit        string
+}
+
+// NewFloat64CounterConfig returns a new [Float64CounterConfig] with all opts
+// applied.
+func NewFloat64CounterConfig(opts ...Float64CounterOption) Float64CounterConfig {
+	var config Float64CounterConfig
+	for _, o := range opts {
+		config = o.applyFloat64Counter(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Float64CounterConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Float64CounterConfig) Unit() string {
+	return c.unit
+}
+
+// Float64CounterOption applies options to a [Float64CounterConfig]. See
+// [Option] for other options that can be used as a Float64CounterOption.
+type Float64CounterOption interface {
+	applyFloat64Counter(Float64CounterConfig) Float64CounterConfig
+}
+
+// Float64UpDownCounter is an instrument that records increasing or decreasing
+// float64 values.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// [go.opentelemetry.io/otel/metric] package documentation on API
+// implementation for information on how to set default behavior for
+// unimplemented methods.
+type Float64UpDownCounter interface {
+	embedded.Float64UpDownCounter
+
+	// Add records a change to the counter.
+	Add(ctx context.Context, incr float64, opts ...AddOption)
+}
+
+// Float64UpDownCounterConfig contains options for synchronous counter
+// instruments that record int64 values.
+type Float64UpDownCounterConfig struct {
+	description string
+	unit        string
+}
+
+// NewFloat64UpDownCounterConfig returns a new [Float64UpDownCounterConfig]
+// with all opts applied.
+func NewFloat64UpDownCounterConfig(opts ...Float64UpDownCounterOption) Float64UpDownCounterConfig {
+	var config Float64UpDownCounterConfig
+	for _, o := range opts {
+		config = o.applyFloat64UpDownCounter(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Float64UpDownCounterConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Float64UpDownCounterConfig) Unit() string {
+	return c.unit
+}
+
+// Float64UpDownCounterOption applies options to a
+// [Float64UpDownCounterConfig]. See [Option] for other options that can be
+// used as a Float64UpDownCounterOption.
+type Float64UpDownCounterOption interface {
+	applyFloat64UpDownCounter(Float64UpDownCounterConfig) Float64UpDownCounterConfig
+}
+
+// Float64Histogram is an instrument that records a distribution of float64
+// values.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// [go.opentelemetry.io/otel/metric] package documentation on API
+// implementation for information on how to set default behavior for
+// unimplemented methods.
+type Float64Histogram interface {
+	embedded.Float64Histogram
+
+	// Record adds an additional value to the distribution.
+	Record(ctx context.Context, incr float64, opts ...RecordOption)
+}
+
+// Float64HistogramConfig contains options for synchronous counter instruments
+// that record int64 values.
+type Float64HistogramConfig struct {
+	description string
+	unit        string
+}
+
+// NewFloat64HistogramConfig returns a new [Float64HistogramConfig] with all
+// opts applied.
+func NewFloat64HistogramConfig(opts ...Float64HistogramOption) Float64HistogramConfig {
+	var config Float64HistogramConfig
+	for _, o := range opts {
+		config = o.applyFloat64Histogram(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Float64HistogramConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Float64HistogramConfig) Unit() string {
+	return c.unit
+}
+
+// Float64HistogramOption applies options to a [Float64HistogramConfig]. See
+// [Option] for other options that can be used as a Float64HistogramOption.
+type Float64HistogramOption interface {
+	applyFloat64Histogram(Float64HistogramConfig) Float64HistogramConfig
+}
diff --git a/vendor/go.opentelemetry.io/otel/metric/syncint64.go b/vendor/go.opentelemetry.io/otel/metric/syncint64.go
new file mode 100644
index 000000000..9a1a9dba8
--- /dev/null
+++ b/vendor/go.opentelemetry.io/otel/metric/syncint64.go
@@ -0,0 +1,162 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metric // import "go.opentelemetry.io/otel/metric"
+
+import (
+	"context"
+
+	"go.opentelemetry.io/otel/metric/embedded"
+)
+
+// Int64Counter is an instrument that records increasing int64 values.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// [go.opentelemetry.io/otel/metric] package documentation on API
+// implementation for information on how to set default behavior for
+// unimplemented methods.
+type Int64Counter interface {
+	embedded.Int64Counter
+
+	// Add records a change to the counter.
+	Add(ctx context.Context, incr int64, opts ...AddOption)
+}
+
+// Int64CounterConfig contains options for synchronous counter instruments that
+// record int64 values.
+type Int64CounterConfig struct {
+	description string
+	unit        string
+}
+
+// NewInt64CounterConfig returns a new [Int64CounterConfig] with all opts
+// applied.
+func NewInt64CounterConfig(opts ...Int64CounterOption) Int64CounterConfig {
+	var config Int64CounterConfig
+	for _, o := range opts {
+		config = o.applyInt64Counter(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Int64CounterConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Int64CounterConfig) Unit() string {
+	return c.unit
+}
+
+// Int64CounterOption applies options to a [Int64CounterConfig]. See [Option]
+// for other options that can be used as an Int64CounterOption.
+type Int64CounterOption interface {
+	applyInt64Counter(Int64CounterConfig) Int64CounterConfig
+}
+
+// Int64UpDownCounter is an instrument that records increasing or decreasing
+// int64 values.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// [go.opentelemetry.io/otel/metric] package documentation on API
+// implementation for information on how to set default behavior for
+// unimplemented methods.
+type Int64UpDownCounter interface {
+	embedded.Int64UpDownCounter
+
+	// Add records a change to the counter.
+	Add(ctx context.Context, incr int64, opts ...AddOption)
+}
+
+// Int64UpDownCounterConfig contains options for synchronous counter
+// instruments that record int64 values.
+type Int64UpDownCounterConfig struct {
+	description string
+	unit        string
+}
+
+// NewInt64UpDownCounterConfig returns a new [Int64UpDownCounterConfig] with
+// all opts applied.
+func NewInt64UpDownCounterConfig(opts ...Int64UpDownCounterOption) Int64UpDownCounterConfig {
+	var config Int64UpDownCounterConfig
+	for _, o := range opts {
+		config = o.applyInt64UpDownCounter(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Int64UpDownCounterConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Int64UpDownCounterConfig) Unit() string {
+	return c.unit
+}
+
+// Int64UpDownCounterOption applies options to a [Int64UpDownCounterConfig].
+// See [Option] for other options that can be used as an
+// Int64UpDownCounterOption.
+type Int64UpDownCounterOption interface {
+	applyInt64UpDownCounter(Int64UpDownCounterConfig) Int64UpDownCounterConfig
+}
+
+// Int64Histogram is an instrument that records a distribution of int64
+// values.
+//
+// Warning: Methods may be added to this interface in minor releases. See
+// [go.opentelemetry.io/otel/metric] package documentation on API
+// implementation for information on how to set default behavior for
+// unimplemented methods.
+type Int64Histogram interface {
+	embedded.Int64Histogram
+
+	// Record adds an additional value to the distribution.
+	Record(ctx context.Context, incr int64, opts ...RecordOption)
+}
+
+// Int64HistogramConfig contains options for synchronous counter instruments
+// that record int64 values.
+type Int64HistogramConfig struct {
+	description string
+	unit        string
+}
+
+// NewInt64HistogramConfig returns a new [Int64HistogramConfig] with all opts
+// applied.
+func NewInt64HistogramConfig(opts ...Int64HistogramOption) Int64HistogramConfig {
+	var config Int64HistogramConfig
+	for _, o := range opts {
+		config = o.applyInt64Histogram(config)
+	}
+	return config
+}
+
+// Description returns the configured description.
+func (c Int64HistogramConfig) Description() string {
+	return c.description
+}
+
+// Unit returns the configured unit.
+func (c Int64HistogramConfig) Unit() string {
+	return c.unit
+}
+
+// Int64HistogramOption applies options to a [Int64HistogramConfig]. See
+// [Option] for other options that can be used as an Int64HistogramOption.
+type Int64HistogramOption interface {
+	applyInt64Histogram(Int64HistogramConfig) Int64HistogramConfig
+}
diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/httpconv/http.go b/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/httpconv/http.go
index c60b2a6bb..fc43808fe 100644
--- a/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/httpconv/http.go
+++ b/vendor/go.opentelemetry.io/otel/semconv/v1.17.0/httpconv/http.go
@@ -12,8 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// Package httpconv provides OpenTelemetry semantic convetions for the net/http
-// package from the standard library.
+// Package httpconv provides OpenTelemetry HTTP semantic conventions for
+// tracing telemetry.
 package httpconv // import "go.opentelemetry.io/otel/semconv/v1.17.0/httpconv"
 
 import (
@@ -58,9 +58,10 @@ var (
 	}
 )
 
-// ClientResponse returns attributes for an HTTP response received by a client
-// from a server. It will return the following attributes if the related values
-// are defined in resp: "http.status.code", "http.response_content_length".
+// ClientResponse returns trace attributes for an HTTP response received by a
+// client from a server. It will return the following attributes if the related
+// values are defined in resp: "http.status.code",
+// "http.response_content_length".
 //
 // This does not add all OpenTelemetry required attributes for an HTTP event,
 // it assumes ClientRequest was used to create the span with a complete set of
@@ -72,8 +73,8 @@ func ClientResponse(resp *http.Response) []attribute.KeyValue {
 	return hc.ClientResponse(resp)
 }
 
-// ClientRequest returns attributes for an HTTP request made by a client. The
-// following attributes are always returned: "http.url", "http.flavor",
+// ClientRequest returns trace attributes for an HTTP request made by a client.
+// The following attributes are always returned: "http.url", "http.flavor",
 // "http.method", "net.peer.name". The following attributes are returned if the
 // related values are defined in req: "net.peer.port", "http.user_agent",
 // "http.request_content_length", "enduser.id".
@@ -87,7 +88,8 @@ func ClientStatus(code int) (codes.Code, string) {
 	return hc.ClientStatus(code)
 }
 
-// ServerRequest returns attributes for an HTTP request received by a server.
+// ServerRequest returns trace attributes for an HTTP request received by a
+// server.
 //
 // The server must be the primary server name if it is known. For example this
 // would be the ServerName directive
diff --git a/vendor/go.opentelemetry.io/otel/trace/noop.go b/vendor/go.opentelemetry.io/otel/trace/noop.go
index 73950f207..7cf6c7f3e 100644
--- a/vendor/go.opentelemetry.io/otel/trace/noop.go
+++ b/vendor/go.opentelemetry.io/otel/trace/noop.go
@@ -37,7 +37,7 @@ func (p noopTracerProvider) Tracer(string, ...TracerOption) Tracer {
 	return noopTracer{}
 }
 
-// noopTracer is an implementation of Tracer that preforms no operations.
+// noopTracer is an implementation of Tracer that performs no operations.
 type noopTracer struct{}
 
 var _ Tracer = noopTracer{}
@@ -53,7 +53,7 @@ func (t noopTracer) Start(ctx context.Context, name string, _ ...SpanStartOption
 	return ContextWithSpan(ctx, span), span
 }
 
-// noopSpan is an implementation of Span that preforms no operations.
+// noopSpan is an implementation of Span that performs no operations.
 type noopSpan struct{}
 
 var _ Span = noopSpan{}
diff --git a/vendor/go.opentelemetry.io/otel/version.go b/vendor/go.opentelemetry.io/otel/version.go
index 0e8e5e023..6c7fe114b 100644
--- a/vendor/go.opentelemetry.io/otel/version.go
+++ b/vendor/go.opentelemetry.io/otel/version.go
@@ -16,5 +16,5 @@ package otel // import "go.opentelemetry.io/otel"
 
 // Version is the current release version of OpenTelemetry in use.
 func Version() string {
-	return "1.14.0"
+	return "1.15.1"
 }
diff --git a/vendor/go.opentelemetry.io/otel/versions.yaml b/vendor/go.opentelemetry.io/otel/versions.yaml
index 40df1fae4..b49ec1029 100644
--- a/vendor/go.opentelemetry.io/otel/versions.yaml
+++ b/vendor/go.opentelemetry.io/otel/versions.yaml
@@ -14,7 +14,7 @@
 
 module-sets:
   stable-v1:
-    version: v1.14.0
+    version: v1.15.1
     modules:
       - go.opentelemetry.io/otel
       - go.opentelemetry.io/otel/bridge/opentracing
@@ -26,16 +26,16 @@ module-sets:
       - go.opentelemetry.io/otel/example/passthrough
       - go.opentelemetry.io/otel/example/zipkin
       - go.opentelemetry.io/otel/exporters/jaeger
-      - go.opentelemetry.io/otel/exporters/zipkin
+      - go.opentelemetry.io/otel/exporters/otlp/internal/retry
       - go.opentelemetry.io/otel/exporters/otlp/otlptrace
       - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
       - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
-      - go.opentelemetry.io/otel/exporters/otlp/internal/retry
       - go.opentelemetry.io/otel/exporters/stdout/stdouttrace
-      - go.opentelemetry.io/otel/trace
+      - go.opentelemetry.io/otel/exporters/zipkin
       - go.opentelemetry.io/otel/sdk
+      - go.opentelemetry.io/otel/trace
   experimental-metrics:
-    version: v0.37.0
+    version: v0.38.1
     modules:
       - go.opentelemetry.io/otel/example/opencensus
       - go.opentelemetry.io/otel/example/prometheus
diff --git a/vendor/go.uber.org/atomic/CHANGELOG.md b/vendor/go.uber.org/atomic/CHANGELOG.md
index 5fe03f21b..6f87f33fa 100644
--- a/vendor/go.uber.org/atomic/CHANGELOG.md
+++ b/vendor/go.uber.org/atomic/CHANGELOG.md
@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.11.0] - 2023-05-02
+### Fixed
+- Fix initialization of `Value` wrappers.
+
+### Added
+- Add `String` method to `atomic.Pointer[T]` type allowing users to safely print
+underlying values of pointers.
+
+[1.11.0]: https://github.com/uber-go/atomic/compare/v1.10.0...v1.11.0
+
 ## [1.10.0] - 2022-08-11
 ### Added
 - Add `atomic.Float32` type for atomic operations on `float32`.
diff --git a/vendor/go.uber.org/atomic/bool.go b/vendor/go.uber.org/atomic/bool.go
index dfa2085f4..f0a2ddd14 100644
--- a/vendor/go.uber.org/atomic/bool.go
+++ b/vendor/go.uber.org/atomic/bool.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicwrapper.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/atomic/duration.go b/vendor/go.uber.org/atomic/duration.go
index 6f4157445..7c23868fc 100644
--- a/vendor/go.uber.org/atomic/duration.go
+++ b/vendor/go.uber.org/atomic/duration.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicwrapper.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/atomic/error.go b/vendor/go.uber.org/atomic/error.go
index 27b23ea16..b7e3f1291 100644
--- a/vendor/go.uber.org/atomic/error.go
+++ b/vendor/go.uber.org/atomic/error.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicwrapper.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
@@ -52,7 +52,17 @@ func (x *Error) Store(val error) {
 
 // CompareAndSwap is an atomic compare-and-swap for error values.
 func (x *Error) CompareAndSwap(old, new error) (swapped bool) {
-	return x.v.CompareAndSwap(packError(old), packError(new))
+	if x.v.CompareAndSwap(packError(old), packError(new)) {
+		return true
+	}
+
+	if old == _zeroError {
+		// If the old value is the empty value, then it's possible the
+		// underlying Value hasn't been set and is nil, so retry with nil.
+		return x.v.CompareAndSwap(nil, packError(new))
+	}
+
+	return false
 }
 
 // Swap atomically stores the given error and returns the old
diff --git a/vendor/go.uber.org/atomic/float32.go b/vendor/go.uber.org/atomic/float32.go
index 5d535a6d2..62c36334f 100644
--- a/vendor/go.uber.org/atomic/float32.go
+++ b/vendor/go.uber.org/atomic/float32.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicwrapper.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/atomic/float64.go b/vendor/go.uber.org/atomic/float64.go
index 11d5189a5..5bc11caab 100644
--- a/vendor/go.uber.org/atomic/float64.go
+++ b/vendor/go.uber.org/atomic/float64.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicwrapper.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/atomic/int32.go b/vendor/go.uber.org/atomic/int32.go
index b9a68f42c..5320eac10 100644
--- a/vendor/go.uber.org/atomic/int32.go
+++ b/vendor/go.uber.org/atomic/int32.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicint.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/atomic/int64.go b/vendor/go.uber.org/atomic/int64.go
index 78d260976..460821d00 100644
--- a/vendor/go.uber.org/atomic/int64.go
+++ b/vendor/go.uber.org/atomic/int64.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicint.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/atomic/pointer_go118.go b/vendor/go.uber.org/atomic/pointer_go118.go
index e0f47dba4..1fb6c03b2 100644
--- a/vendor/go.uber.org/atomic/pointer_go118.go
+++ b/vendor/go.uber.org/atomic/pointer_go118.go
@@ -18,43 +18,14 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 // THE SOFTWARE.
 
-//go:build go1.18 && !go1.19
-// +build go1.18,!go1.19
+//go:build go1.18
+// +build go1.18
 
 package atomic
 
-import "unsafe"
+import "fmt"
 
-type Pointer[T any] struct {
-	_ nocmp // disallow non-atomic comparison
-	p UnsafePointer
-}
-
-// NewPointer creates a new Pointer.
-func NewPointer[T any](v *T) *Pointer[T] {
-	var p Pointer[T]
-	if v != nil {
-		p.p.Store(unsafe.Pointer(v))
-	}
-	return &p
-}
-
-// Load atomically loads the wrapped value.
-func (p *Pointer[T]) Load() *T {
-	return (*T)(p.p.Load())
-}
-
-// Store atomically stores the passed value.
-func (p *Pointer[T]) Store(val *T) {
-	p.p.Store(unsafe.Pointer(val))
-}
-
-// Swap atomically swaps the wrapped pointer and returns the old value.
-func (p *Pointer[T]) Swap(val *T) (old *T) {
-	return (*T)(p.p.Swap(unsafe.Pointer(val)))
-}
-
-// CompareAndSwap is an atomic compare-and-swap.
-func (p *Pointer[T]) CompareAndSwap(old, new *T) (swapped bool) {
-	return p.p.CompareAndSwap(unsafe.Pointer(old), unsafe.Pointer(new))
+// String returns a human readable representation of a Pointer's underlying value.
+func (p *Pointer[T]) String() string {
+	return fmt.Sprint(p.Load())
 }
diff --git a/vendor/go.uber.org/atomic/pointer_go118_pre119.go b/vendor/go.uber.org/atomic/pointer_go118_pre119.go
new file mode 100644
index 000000000..e0f47dba4
--- /dev/null
+++ b/vendor/go.uber.org/atomic/pointer_go118_pre119.go
@@ -0,0 +1,60 @@
+// Copyright (c) 2022 Uber Technologies, Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+//go:build go1.18 && !go1.19
+// +build go1.18,!go1.19
+
+package atomic
+
+import "unsafe"
+
+type Pointer[T any] struct {
+	_ nocmp // disallow non-atomic comparison
+	p UnsafePointer
+}
+
+// NewPointer creates a new Pointer.
+func NewPointer[T any](v *T) *Pointer[T] {
+	var p Pointer[T]
+	if v != nil {
+		p.p.Store(unsafe.Pointer(v))
+	}
+	return &p
+}
+
+// Load atomically loads the wrapped value.
+func (p *Pointer[T]) Load() *T {
+	return (*T)(p.p.Load())
+}
+
+// Store atomically stores the passed value.
+func (p *Pointer[T]) Store(val *T) {
+	p.p.Store(unsafe.Pointer(val))
+}
+
+// Swap atomically swaps the wrapped pointer and returns the old value.
+func (p *Pointer[T]) Swap(val *T) (old *T) {
+	return (*T)(p.p.Swap(unsafe.Pointer(val)))
+}
+
+// CompareAndSwap is an atomic compare-and-swap.
+func (p *Pointer[T]) CompareAndSwap(old, new *T) (swapped bool) {
+	return p.p.CompareAndSwap(unsafe.Pointer(old), unsafe.Pointer(new))
+}
diff --git a/vendor/go.uber.org/atomic/string.go b/vendor/go.uber.org/atomic/string.go
index c4bea70f4..061466c5b 100644
--- a/vendor/go.uber.org/atomic/string.go
+++ b/vendor/go.uber.org/atomic/string.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicwrapper.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
@@ -42,24 +42,31 @@ func NewString(val string) *String {
 
 // Load atomically loads the wrapped string.
 func (x *String) Load() string {
-	if v := x.v.Load(); v != nil {
-		return v.(string)
-	}
-	return _zeroString
+	return unpackString(x.v.Load())
 }
 
 // Store atomically stores the passed string.
 func (x *String) Store(val string) {
-	x.v.Store(val)
+	x.v.Store(packString(val))
 }
 
 // CompareAndSwap is an atomic compare-and-swap for string values.
 func (x *String) CompareAndSwap(old, new string) (swapped bool) {
-	return x.v.CompareAndSwap(old, new)
+	if x.v.CompareAndSwap(packString(old), packString(new)) {
+		return true
+	}
+
+	if old == _zeroString {
+		// If the old value is the empty value, then it's possible the
+		// underlying Value hasn't been set and is nil, so retry with nil.
+		return x.v.CompareAndSwap(nil, packString(new))
+	}
+
+	return false
 }
 
 // Swap atomically stores the given string and returns the old
 // value.
 func (x *String) Swap(val string) (old string) {
-	return x.v.Swap(val).(string)
+	return unpackString(x.v.Swap(packString(val)))
 }
diff --git a/vendor/go.uber.org/atomic/string_ext.go b/vendor/go.uber.org/atomic/string_ext.go
index 1f63dfd5b..019109c86 100644
--- a/vendor/go.uber.org/atomic/string_ext.go
+++ b/vendor/go.uber.org/atomic/string_ext.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
@@ -20,7 +20,18 @@
 
 package atomic
 
-//go:generate bin/gen-atomicwrapper -name=String -type=string -wrapped=Value -compareandswap -swap -file=string.go
+//go:generate bin/gen-atomicwrapper -name=String -type=string -wrapped Value -pack packString -unpack unpackString -compareandswap -swap -file=string.go
+
+func packString(s string) interface{} {
+	return s
+}
+
+func unpackString(v interface{}) string {
+	if s, ok := v.(string); ok {
+		return s
+	}
+	return ""
+}
 
 // String returns the wrapped value.
 func (s *String) String() string {
diff --git a/vendor/go.uber.org/atomic/time.go b/vendor/go.uber.org/atomic/time.go
index 1660feb14..cc2a230c0 100644
--- a/vendor/go.uber.org/atomic/time.go
+++ b/vendor/go.uber.org/atomic/time.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicwrapper.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/atomic/uint32.go b/vendor/go.uber.org/atomic/uint32.go
index d6f04a96d..4adc294ac 100644
--- a/vendor/go.uber.org/atomic/uint32.go
+++ b/vendor/go.uber.org/atomic/uint32.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicint.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/atomic/uint64.go b/vendor/go.uber.org/atomic/uint64.go
index 2574bdd5e..0e2eddb30 100644
--- a/vendor/go.uber.org/atomic/uint64.go
+++ b/vendor/go.uber.org/atomic/uint64.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicint.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/go.uber.org/atomic/uintptr.go b/vendor/go.uber.org/atomic/uintptr.go
index 81b275a7a..7d5b000d6 100644
--- a/vendor/go.uber.org/atomic/uintptr.go
+++ b/vendor/go.uber.org/atomic/uintptr.go
@@ -1,6 +1,6 @@
 // @generated Code generated by gen-atomicint.
 
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2020-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/golang.org/x/crypto/LICENSE b/vendor/golang.org/x/crypto/LICENSE
new file mode 100644
index 000000000..6a66aea5e
--- /dev/null
+++ b/vendor/golang.org/x/crypto/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/golang.org/x/crypto/PATENTS b/vendor/golang.org/x/crypto/PATENTS
new file mode 100644
index 000000000..733099041
--- /dev/null
+++ b/vendor/golang.org/x/crypto/PATENTS
@@ -0,0 +1,22 @@
+Additional IP Rights Grant (Patents)
+
+"This implementation" means the copyrightable works distributed by
+Google as part of the Go project.
+
+Google hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section)
+patent license to make, have made, use, offer to sell, sell, import,
+transfer and otherwise run, modify and propagate the contents of this
+implementation of Go, where such license applies only to those patent
+claims, both currently owned or controlled by Google and acquired in
+the future, licensable by Google that are necessarily infringed by this
+implementation of Go.  This grant does not include claims that would be
+infringed only as a consequence of further modification of this
+implementation.  If you or your agent or exclusive licensee institute or
+order or agree to the institution of patent litigation against any
+entity (including a cross-claim or counterclaim in a lawsuit) alleging
+that this implementation of Go or any code incorporated within this
+implementation of Go constitutes direct or contributory patent
+infringement, or inducement of patent infringement, then any patent
+rights granted to you under this License for this implementation of Go
+shall terminate as of the date such litigation is filed.
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
new file mode 100644
index 000000000..94c71ac1a
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
@@ -0,0 +1,17 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.11 && gc && !purego
+// +build go1.11,gc,!purego
+
+package chacha20
+
+const bufSize = 256
+
+//go:noescape
+func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+
+func (c *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter)
+}
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
new file mode 100644
index 000000000..63cae9e6f
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
@@ -0,0 +1,308 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.11 && gc && !purego
+// +build go1.11,gc,!purego
+
+#include "textflag.h"
+
+#define NUM_ROUNDS 10
+
+// func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+TEXT ·xorKeyStreamVX(SB), NOSPLIT, $0
+	MOVD	dst+0(FP), R1
+	MOVD	src+24(FP), R2
+	MOVD	src_len+32(FP), R3
+	MOVD	key+48(FP), R4
+	MOVD	nonce+56(FP), R6
+	MOVD	counter+64(FP), R7
+
+	MOVD	$·constants(SB), R10
+	MOVD	$·incRotMatrix(SB), R11
+
+	MOVW	(R7), R20
+
+	AND	$~255, R3, R13
+	ADD	R2, R13, R12 // R12 for block end
+	AND	$255, R3, R13
+loop:
+	MOVD	$NUM_ROUNDS, R21
+	VLD1	(R11), [V30.S4, V31.S4]
+
+	// load contants
+	// VLD4R (R10), [V0.S4, V1.S4, V2.S4, V3.S4]
+	WORD	$0x4D60E940
+
+	// load keys
+	// VLD4R 16(R4), [V4.S4, V5.S4, V6.S4, V7.S4]
+	WORD	$0x4DFFE884
+	// VLD4R 16(R4), [V8.S4, V9.S4, V10.S4, V11.S4]
+	WORD	$0x4DFFE888
+	SUB	$32, R4
+
+	// load counter + nonce
+	// VLD1R (R7), [V12.S4]
+	WORD	$0x4D40C8EC
+
+	// VLD3R (R6), [V13.S4, V14.S4, V15.S4]
+	WORD	$0x4D40E8CD
+
+	// update counter
+	VADD	V30.S4, V12.S4, V12.S4
+
+chacha:
+	// V0..V3 += V4..V7
+	// V12..V15 <<<= ((V12..V15 XOR V0..V3), 16)
+	VADD	V0.S4, V4.S4, V0.S4
+	VADD	V1.S4, V5.S4, V1.S4
+	VADD	V2.S4, V6.S4, V2.S4
+	VADD	V3.S4, V7.S4, V3.S4
+	VEOR	V12.B16, V0.B16, V12.B16
+	VEOR	V13.B16, V1.B16, V13.B16
+	VEOR	V14.B16, V2.B16, V14.B16
+	VEOR	V15.B16, V3.B16, V15.B16
+	VREV32	V12.H8, V12.H8
+	VREV32	V13.H8, V13.H8
+	VREV32	V14.H8, V14.H8
+	VREV32	V15.H8, V15.H8
+	// V8..V11 += V12..V15
+	// V4..V7 <<<= ((V4..V7 XOR V8..V11), 12)
+	VADD	V8.S4, V12.S4, V8.S4
+	VADD	V9.S4, V13.S4, V9.S4
+	VADD	V10.S4, V14.S4, V10.S4
+	VADD	V11.S4, V15.S4, V11.S4
+	VEOR	V8.B16, V4.B16, V16.B16
+	VEOR	V9.B16, V5.B16, V17.B16
+	VEOR	V10.B16, V6.B16, V18.B16
+	VEOR	V11.B16, V7.B16, V19.B16
+	VSHL	$12, V16.S4, V4.S4
+	VSHL	$12, V17.S4, V5.S4
+	VSHL	$12, V18.S4, V6.S4
+	VSHL	$12, V19.S4, V7.S4
+	VSRI	$20, V16.S4, V4.S4
+	VSRI	$20, V17.S4, V5.S4
+	VSRI	$20, V18.S4, V6.S4
+	VSRI	$20, V19.S4, V7.S4
+
+	// V0..V3 += V4..V7
+	// V12..V15 <<<= ((V12..V15 XOR V0..V3), 8)
+	VADD	V0.S4, V4.S4, V0.S4
+	VADD	V1.S4, V5.S4, V1.S4
+	VADD	V2.S4, V6.S4, V2.S4
+	VADD	V3.S4, V7.S4, V3.S4
+	VEOR	V12.B16, V0.B16, V12.B16
+	VEOR	V13.B16, V1.B16, V13.B16
+	VEOR	V14.B16, V2.B16, V14.B16
+	VEOR	V15.B16, V3.B16, V15.B16
+	VTBL	V31.B16, [V12.B16], V12.B16
+	VTBL	V31.B16, [V13.B16], V13.B16
+	VTBL	V31.B16, [V14.B16], V14.B16
+	VTBL	V31.B16, [V15.B16], V15.B16
+
+	// V8..V11 += V12..V15
+	// V4..V7 <<<= ((V4..V7 XOR V8..V11), 7)
+	VADD	V12.S4, V8.S4, V8.S4
+	VADD	V13.S4, V9.S4, V9.S4
+	VADD	V14.S4, V10.S4, V10.S4
+	VADD	V15.S4, V11.S4, V11.S4
+	VEOR	V8.B16, V4.B16, V16.B16
+	VEOR	V9.B16, V5.B16, V17.B16
+	VEOR	V10.B16, V6.B16, V18.B16
+	VEOR	V11.B16, V7.B16, V19.B16
+	VSHL	$7, V16.S4, V4.S4
+	VSHL	$7, V17.S4, V5.S4
+	VSHL	$7, V18.S4, V6.S4
+	VSHL	$7, V19.S4, V7.S4
+	VSRI	$25, V16.S4, V4.S4
+	VSRI	$25, V17.S4, V5.S4
+	VSRI	$25, V18.S4, V6.S4
+	VSRI	$25, V19.S4, V7.S4
+
+	// V0..V3 += V5..V7, V4
+	// V15,V12-V14 <<<= ((V15,V12-V14 XOR V0..V3), 16)
+	VADD	V0.S4, V5.S4, V0.S4
+	VADD	V1.S4, V6.S4, V1.S4
+	VADD	V2.S4, V7.S4, V2.S4
+	VADD	V3.S4, V4.S4, V3.S4
+	VEOR	V15.B16, V0.B16, V15.B16
+	VEOR	V12.B16, V1.B16, V12.B16
+	VEOR	V13.B16, V2.B16, V13.B16
+	VEOR	V14.B16, V3.B16, V14.B16
+	VREV32	V12.H8, V12.H8
+	VREV32	V13.H8, V13.H8
+	VREV32	V14.H8, V14.H8
+	VREV32	V15.H8, V15.H8
+
+	// V10 += V15; V5 <<<= ((V10 XOR V5), 12)
+	// ...
+	VADD	V15.S4, V10.S4, V10.S4
+	VADD	V12.S4, V11.S4, V11.S4
+	VADD	V13.S4, V8.S4, V8.S4
+	VADD	V14.S4, V9.S4, V9.S4
+	VEOR	V10.B16, V5.B16, V16.B16
+	VEOR	V11.B16, V6.B16, V17.B16
+	VEOR	V8.B16, V7.B16, V18.B16
+	VEOR	V9.B16, V4.B16, V19.B16
+	VSHL	$12, V16.S4, V5.S4
+	VSHL	$12, V17.S4, V6.S4
+	VSHL	$12, V18.S4, V7.S4
+	VSHL	$12, V19.S4, V4.S4
+	VSRI	$20, V16.S4, V5.S4
+	VSRI	$20, V17.S4, V6.S4
+	VSRI	$20, V18.S4, V7.S4
+	VSRI	$20, V19.S4, V4.S4
+
+	// V0 += V5; V15 <<<= ((V0 XOR V15), 8)
+	// ...
+	VADD	V5.S4, V0.S4, V0.S4
+	VADD	V6.S4, V1.S4, V1.S4
+	VADD	V7.S4, V2.S4, V2.S4
+	VADD	V4.S4, V3.S4, V3.S4
+	VEOR	V0.B16, V15.B16, V15.B16
+	VEOR	V1.B16, V12.B16, V12.B16
+	VEOR	V2.B16, V13.B16, V13.B16
+	VEOR	V3.B16, V14.B16, V14.B16
+	VTBL	V31.B16, [V12.B16], V12.B16
+	VTBL	V31.B16, [V13.B16], V13.B16
+	VTBL	V31.B16, [V14.B16], V14.B16
+	VTBL	V31.B16, [V15.B16], V15.B16
+
+	// V10 += V15; V5 <<<= ((V10 XOR V5), 7)
+	// ...
+	VADD	V15.S4, V10.S4, V10.S4
+	VADD	V12.S4, V11.S4, V11.S4
+	VADD	V13.S4, V8.S4, V8.S4
+	VADD	V14.S4, V9.S4, V9.S4
+	VEOR	V10.B16, V5.B16, V16.B16
+	VEOR	V11.B16, V6.B16, V17.B16
+	VEOR	V8.B16, V7.B16, V18.B16
+	VEOR	V9.B16, V4.B16, V19.B16
+	VSHL	$7, V16.S4, V5.S4
+	VSHL	$7, V17.S4, V6.S4
+	VSHL	$7, V18.S4, V7.S4
+	VSHL	$7, V19.S4, V4.S4
+	VSRI	$25, V16.S4, V5.S4
+	VSRI	$25, V17.S4, V6.S4
+	VSRI	$25, V18.S4, V7.S4
+	VSRI	$25, V19.S4, V4.S4
+
+	SUB	$1, R21
+	CBNZ	R21, chacha
+
+	// VLD4R (R10), [V16.S4, V17.S4, V18.S4, V19.S4]
+	WORD	$0x4D60E950
+
+	// VLD4R 16(R4), [V20.S4, V21.S4, V22.S4, V23.S4]
+	WORD	$0x4DFFE894
+	VADD	V30.S4, V12.S4, V12.S4
+	VADD	V16.S4, V0.S4, V0.S4
+	VADD	V17.S4, V1.S4, V1.S4
+	VADD	V18.S4, V2.S4, V2.S4
+	VADD	V19.S4, V3.S4, V3.S4
+	// VLD4R 16(R4), [V24.S4, V25.S4, V26.S4, V27.S4]
+	WORD	$0x4DFFE898
+	// restore R4
+	SUB	$32, R4
+
+	// load counter + nonce
+	// VLD1R (R7), [V28.S4]
+	WORD	$0x4D40C8FC
+	// VLD3R (R6), [V29.S4, V30.S4, V31.S4]
+	WORD	$0x4D40E8DD
+
+	VADD	V20.S4, V4.S4, V4.S4
+	VADD	V21.S4, V5.S4, V5.S4
+	VADD	V22.S4, V6.S4, V6.S4
+	VADD	V23.S4, V7.S4, V7.S4
+	VADD	V24.S4, V8.S4, V8.S4
+	VADD	V25.S4, V9.S4, V9.S4
+	VADD	V26.S4, V10.S4, V10.S4
+	VADD	V27.S4, V11.S4, V11.S4
+	VADD	V28.S4, V12.S4, V12.S4
+	VADD	V29.S4, V13.S4, V13.S4
+	VADD	V30.S4, V14.S4, V14.S4
+	VADD	V31.S4, V15.S4, V15.S4
+
+	VZIP1	V1.S4, V0.S4, V16.S4
+	VZIP2	V1.S4, V0.S4, V17.S4
+	VZIP1	V3.S4, V2.S4, V18.S4
+	VZIP2	V3.S4, V2.S4, V19.S4
+	VZIP1	V5.S4, V4.S4, V20.S4
+	VZIP2	V5.S4, V4.S4, V21.S4
+	VZIP1	V7.S4, V6.S4, V22.S4
+	VZIP2	V7.S4, V6.S4, V23.S4
+	VZIP1	V9.S4, V8.S4, V24.S4
+	VZIP2	V9.S4, V8.S4, V25.S4
+	VZIP1	V11.S4, V10.S4, V26.S4
+	VZIP2	V11.S4, V10.S4, V27.S4
+	VZIP1	V13.S4, V12.S4, V28.S4
+	VZIP2	V13.S4, V12.S4, V29.S4
+	VZIP1	V15.S4, V14.S4, V30.S4
+	VZIP2	V15.S4, V14.S4, V31.S4
+	VZIP1	V18.D2, V16.D2, V0.D2
+	VZIP2	V18.D2, V16.D2, V4.D2
+	VZIP1	V19.D2, V17.D2, V8.D2
+	VZIP2	V19.D2, V17.D2, V12.D2
+	VLD1.P	64(R2), [V16.B16, V17.B16, V18.B16, V19.B16]
+
+	VZIP1	V22.D2, V20.D2, V1.D2
+	VZIP2	V22.D2, V20.D2, V5.D2
+	VZIP1	V23.D2, V21.D2, V9.D2
+	VZIP2	V23.D2, V21.D2, V13.D2
+	VLD1.P	64(R2), [V20.B16, V21.B16, V22.B16, V23.B16]
+	VZIP1	V26.D2, V24.D2, V2.D2
+	VZIP2	V26.D2, V24.D2, V6.D2
+	VZIP1	V27.D2, V25.D2, V10.D2
+	VZIP2	V27.D2, V25.D2, V14.D2
+	VLD1.P	64(R2), [V24.B16, V25.B16, V26.B16, V27.B16]
+	VZIP1	V30.D2, V28.D2, V3.D2
+	VZIP2	V30.D2, V28.D2, V7.D2
+	VZIP1	V31.D2, V29.D2, V11.D2
+	VZIP2	V31.D2, V29.D2, V15.D2
+	VLD1.P	64(R2), [V28.B16, V29.B16, V30.B16, V31.B16]
+	VEOR	V0.B16, V16.B16, V16.B16
+	VEOR	V1.B16, V17.B16, V17.B16
+	VEOR	V2.B16, V18.B16, V18.B16
+	VEOR	V3.B16, V19.B16, V19.B16
+	VST1.P	[V16.B16, V17.B16, V18.B16, V19.B16], 64(R1)
+	VEOR	V4.B16, V20.B16, V20.B16
+	VEOR	V5.B16, V21.B16, V21.B16
+	VEOR	V6.B16, V22.B16, V22.B16
+	VEOR	V7.B16, V23.B16, V23.B16
+	VST1.P	[V20.B16, V21.B16, V22.B16, V23.B16], 64(R1)
+	VEOR	V8.B16, V24.B16, V24.B16
+	VEOR	V9.B16, V25.B16, V25.B16
+	VEOR	V10.B16, V26.B16, V26.B16
+	VEOR	V11.B16, V27.B16, V27.B16
+	VST1.P	[V24.B16, V25.B16, V26.B16, V27.B16], 64(R1)
+	VEOR	V12.B16, V28.B16, V28.B16
+	VEOR	V13.B16, V29.B16, V29.B16
+	VEOR	V14.B16, V30.B16, V30.B16
+	VEOR	V15.B16, V31.B16, V31.B16
+	VST1.P	[V28.B16, V29.B16, V30.B16, V31.B16], 64(R1)
+
+	ADD	$4, R20
+	MOVW	R20, (R7) // update counter
+
+	CMP	R2, R12
+	BGT	loop
+
+	RET
+
+
+DATA	·constants+0x00(SB)/4, $0x61707865
+DATA	·constants+0x04(SB)/4, $0x3320646e
+DATA	·constants+0x08(SB)/4, $0x79622d32
+DATA	·constants+0x0c(SB)/4, $0x6b206574
+GLOBL	·constants(SB), NOPTR|RODATA, $32
+
+DATA	·incRotMatrix+0x00(SB)/4, $0x00000000
+DATA	·incRotMatrix+0x04(SB)/4, $0x00000001
+DATA	·incRotMatrix+0x08(SB)/4, $0x00000002
+DATA	·incRotMatrix+0x0c(SB)/4, $0x00000003
+DATA	·incRotMatrix+0x10(SB)/4, $0x02010003
+DATA	·incRotMatrix+0x14(SB)/4, $0x06050407
+DATA	·incRotMatrix+0x18(SB)/4, $0x0A09080B
+DATA	·incRotMatrix+0x1c(SB)/4, $0x0E0D0C0F
+GLOBL	·incRotMatrix(SB), NOPTR|RODATA, $32
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_generic.go b/vendor/golang.org/x/crypto/chacha20/chacha_generic.go
new file mode 100644
index 000000000..93eb5ae6d
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_generic.go
@@ -0,0 +1,398 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package chacha20 implements the ChaCha20 and XChaCha20 encryption algorithms
+// as specified in RFC 8439 and draft-irtf-cfrg-xchacha-01.
+package chacha20
+
+import (
+	"crypto/cipher"
+	"encoding/binary"
+	"errors"
+	"math/bits"
+
+	"golang.org/x/crypto/internal/alias"
+)
+
+const (
+	// KeySize is the size of the key used by this cipher, in bytes.
+	KeySize = 32
+
+	// NonceSize is the size of the nonce used with the standard variant of this
+	// cipher, in bytes.
+	//
+	// Note that this is too short to be safely generated at random if the same
+	// key is reused more than 2³² times.
+	NonceSize = 12
+
+	// NonceSizeX is the size of the nonce used with the XChaCha20 variant of
+	// this cipher, in bytes.
+	NonceSizeX = 24
+)
+
+// Cipher is a stateful instance of ChaCha20 or XChaCha20 using a particular key
+// and nonce. A *Cipher implements the cipher.Stream interface.
+type Cipher struct {
+	// The ChaCha20 state is 16 words: 4 constant, 8 of key, 1 of counter
+	// (incremented after each block), and 3 of nonce.
+	key     [8]uint32
+	counter uint32
+	nonce   [3]uint32
+
+	// The last len bytes of buf are leftover key stream bytes from the previous
+	// XORKeyStream invocation. The size of buf depends on how many blocks are
+	// computed at a time by xorKeyStreamBlocks.
+	buf [bufSize]byte
+	len int
+
+	// overflow is set when the counter overflowed, no more blocks can be
+	// generated, and the next XORKeyStream call should panic.
+	overflow bool
+
+	// The counter-independent results of the first round are cached after they
+	// are computed the first time.
+	precompDone      bool
+	p1, p5, p9, p13  uint32
+	p2, p6, p10, p14 uint32
+	p3, p7, p11, p15 uint32
+}
+
+var _ cipher.Stream = (*Cipher)(nil)
+
+// NewUnauthenticatedCipher creates a new ChaCha20 stream cipher with the given
+// 32 bytes key and a 12 or 24 bytes nonce. If a nonce of 24 bytes is provided,
+// the XChaCha20 construction will be used. It returns an error if key or nonce
+// have any other length.
+//
+// Note that ChaCha20, like all stream ciphers, is not authenticated and allows
+// attackers to silently tamper with the plaintext. For this reason, it is more
+// appropriate as a building block than as a standalone encryption mechanism.
+// Instead, consider using package golang.org/x/crypto/chacha20poly1305.
+func NewUnauthenticatedCipher(key, nonce []byte) (*Cipher, error) {
+	// This function is split into a wrapper so that the Cipher allocation will
+	// be inlined, and depending on how the caller uses the return value, won't
+	// escape to the heap.
+	c := &Cipher{}
+	return newUnauthenticatedCipher(c, key, nonce)
+}
+
+func newUnauthenticatedCipher(c *Cipher, key, nonce []byte) (*Cipher, error) {
+	if len(key) != KeySize {
+		return nil, errors.New("chacha20: wrong key size")
+	}
+	if len(nonce) == NonceSizeX {
+		// XChaCha20 uses the ChaCha20 core to mix 16 bytes of the nonce into a
+		// derived key, allowing it to operate on a nonce of 24 bytes. See
+		// draft-irtf-cfrg-xchacha-01, Section 2.3.
+		key, _ = HChaCha20(key, nonce[0:16])
+		cNonce := make([]byte, NonceSize)
+		copy(cNonce[4:12], nonce[16:24])
+		nonce = cNonce
+	} else if len(nonce) != NonceSize {
+		return nil, errors.New("chacha20: wrong nonce size")
+	}
+
+	key, nonce = key[:KeySize], nonce[:NonceSize] // bounds check elimination hint
+	c.key = [8]uint32{
+		binary.LittleEndian.Uint32(key[0:4]),
+		binary.LittleEndian.Uint32(key[4:8]),
+		binary.LittleEndian.Uint32(key[8:12]),
+		binary.LittleEndian.Uint32(key[12:16]),
+		binary.LittleEndian.Uint32(key[16:20]),
+		binary.LittleEndian.Uint32(key[20:24]),
+		binary.LittleEndian.Uint32(key[24:28]),
+		binary.LittleEndian.Uint32(key[28:32]),
+	}
+	c.nonce = [3]uint32{
+		binary.LittleEndian.Uint32(nonce[0:4]),
+		binary.LittleEndian.Uint32(nonce[4:8]),
+		binary.LittleEndian.Uint32(nonce[8:12]),
+	}
+	return c, nil
+}
+
+// The constant first 4 words of the ChaCha20 state.
+const (
+	j0 uint32 = 0x61707865 // expa
+	j1 uint32 = 0x3320646e // nd 3
+	j2 uint32 = 0x79622d32 // 2-by
+	j3 uint32 = 0x6b206574 // te k
+)
+
+const blockSize = 64
+
+// quarterRound is the core of ChaCha20. It shuffles the bits of 4 state words.
+// It's executed 4 times for each of the 20 ChaCha20 rounds, operating on all 16
+// words each round, in columnar or diagonal groups of 4 at a time.
+func quarterRound(a, b, c, d uint32) (uint32, uint32, uint32, uint32) {
+	a += b
+	d ^= a
+	d = bits.RotateLeft32(d, 16)
+	c += d
+	b ^= c
+	b = bits.RotateLeft32(b, 12)
+	a += b
+	d ^= a
+	d = bits.RotateLeft32(d, 8)
+	c += d
+	b ^= c
+	b = bits.RotateLeft32(b, 7)
+	return a, b, c, d
+}
+
+// SetCounter sets the Cipher counter. The next invocation of XORKeyStream will
+// behave as if (64 * counter) bytes had been encrypted so far.
+//
+// To prevent accidental counter reuse, SetCounter panics if counter is less
+// than the current value.
+//
+// Note that the execution time of XORKeyStream is not independent of the
+// counter value.
+func (s *Cipher) SetCounter(counter uint32) {
+	// Internally, s may buffer multiple blocks, which complicates this
+	// implementation slightly. When checking whether the counter has rolled
+	// back, we must use both s.counter and s.len to determine how many blocks
+	// we have already output.
+	outputCounter := s.counter - uint32(s.len)/blockSize
+	if s.overflow || counter < outputCounter {
+		panic("chacha20: SetCounter attempted to rollback counter")
+	}
+
+	// In the general case, we set the new counter value and reset s.len to 0,
+	// causing the next call to XORKeyStream to refill the buffer. However, if
+	// we're advancing within the existing buffer, we can save work by simply
+	// setting s.len.
+	if counter < s.counter {
+		s.len = int(s.counter-counter) * blockSize
+	} else {
+		s.counter = counter
+		s.len = 0
+	}
+}
+
+// XORKeyStream XORs each byte in the given slice with a byte from the
+// cipher's key stream. Dst and src must overlap entirely or not at all.
+//
+// If len(dst) < len(src), XORKeyStream will panic. It is acceptable
+// to pass a dst bigger than src, and in that case, XORKeyStream will
+// only update dst[:len(src)] and will not touch the rest of dst.
+//
+// Multiple calls to XORKeyStream behave as if the concatenation of
+// the src buffers was passed in a single run. That is, Cipher
+// maintains state and does not reset at each XORKeyStream call.
+func (s *Cipher) XORKeyStream(dst, src []byte) {
+	if len(src) == 0 {
+		return
+	}
+	if len(dst) < len(src) {
+		panic("chacha20: output smaller than input")
+	}
+	dst = dst[:len(src)]
+	if alias.InexactOverlap(dst, src) {
+		panic("chacha20: invalid buffer overlap")
+	}
+
+	// First, drain any remaining key stream from a previous XORKeyStream.
+	if s.len != 0 {
+		keyStream := s.buf[bufSize-s.len:]
+		if len(src) < len(keyStream) {
+			keyStream = keyStream[:len(src)]
+		}
+		_ = src[len(keyStream)-1] // bounds check elimination hint
+		for i, b := range keyStream {
+			dst[i] = src[i] ^ b
+		}
+		s.len -= len(keyStream)
+		dst, src = dst[len(keyStream):], src[len(keyStream):]
+	}
+	if len(src) == 0 {
+		return
+	}
+
+	// If we'd need to let the counter overflow and keep generating output,
+	// panic immediately. If instead we'd only reach the last block, remember
+	// not to generate any more output after the buffer is drained.
+	numBlocks := (uint64(len(src)) + blockSize - 1) / blockSize
+	if s.overflow || uint64(s.counter)+numBlocks > 1<<32 {
+		panic("chacha20: counter overflow")
+	} else if uint64(s.counter)+numBlocks == 1<<32 {
+		s.overflow = true
+	}
+
+	// xorKeyStreamBlocks implementations expect input lengths that are a
+	// multiple of bufSize. Platform-specific ones process multiple blocks at a
+	// time, so have bufSizes that are a multiple of blockSize.
+
+	full := len(src) - len(src)%bufSize
+	if full > 0 {
+		s.xorKeyStreamBlocks(dst[:full], src[:full])
+	}
+	dst, src = dst[full:], src[full:]
+
+	// If using a multi-block xorKeyStreamBlocks would overflow, use the generic
+	// one that does one block at a time.
+	const blocksPerBuf = bufSize / blockSize
+	if uint64(s.counter)+blocksPerBuf > 1<<32 {
+		s.buf = [bufSize]byte{}
+		numBlocks := (len(src) + blockSize - 1) / blockSize
+		buf := s.buf[bufSize-numBlocks*blockSize:]
+		copy(buf, src)
+		s.xorKeyStreamBlocksGeneric(buf, buf)
+		s.len = len(buf) - copy(dst, buf)
+		return
+	}
+
+	// If we have a partial (multi-)block, pad it for xorKeyStreamBlocks, and
+	// keep the leftover keystream for the next XORKeyStream invocation.
+	if len(src) > 0 {
+		s.buf = [bufSize]byte{}
+		copy(s.buf[:], src)
+		s.xorKeyStreamBlocks(s.buf[:], s.buf[:])
+		s.len = bufSize - copy(dst, s.buf[:])
+	}
+}
+
+func (s *Cipher) xorKeyStreamBlocksGeneric(dst, src []byte) {
+	if len(dst) != len(src) || len(dst)%blockSize != 0 {
+		panic("chacha20: internal error: wrong dst and/or src length")
+	}
+
+	// To generate each block of key stream, the initial cipher state
+	// (represented below) is passed through 20 rounds of shuffling,
+	// alternatively applying quarterRounds by columns (like 1, 5, 9, 13)
+	// or by diagonals (like 1, 6, 11, 12).
+	//
+	//      0:cccccccc   1:cccccccc   2:cccccccc   3:cccccccc
+	//      4:kkkkkkkk   5:kkkkkkkk   6:kkkkkkkk   7:kkkkkkkk
+	//      8:kkkkkkkk   9:kkkkkkkk  10:kkkkkkkk  11:kkkkkkkk
+	//     12:bbbbbbbb  13:nnnnnnnn  14:nnnnnnnn  15:nnnnnnnn
+	//
+	//            c=constant k=key b=blockcount n=nonce
+	var (
+		c0, c1, c2, c3   = j0, j1, j2, j3
+		c4, c5, c6, c7   = s.key[0], s.key[1], s.key[2], s.key[3]
+		c8, c9, c10, c11 = s.key[4], s.key[5], s.key[6], s.key[7]
+		_, c13, c14, c15 = s.counter, s.nonce[0], s.nonce[1], s.nonce[2]
+	)
+
+	// Three quarters of the first round don't depend on the counter, so we can
+	// calculate them here, and reuse them for multiple blocks in the loop, and
+	// for future XORKeyStream invocations.
+	if !s.precompDone {
+		s.p1, s.p5, s.p9, s.p13 = quarterRound(c1, c5, c9, c13)
+		s.p2, s.p6, s.p10, s.p14 = quarterRound(c2, c6, c10, c14)
+		s.p3, s.p7, s.p11, s.p15 = quarterRound(c3, c7, c11, c15)
+		s.precompDone = true
+	}
+
+	// A condition of len(src) > 0 would be sufficient, but this also
+	// acts as a bounds check elimination hint.
+	for len(src) >= 64 && len(dst) >= 64 {
+		// The remainder of the first column round.
+		fcr0, fcr4, fcr8, fcr12 := quarterRound(c0, c4, c8, s.counter)
+
+		// The second diagonal round.
+		x0, x5, x10, x15 := quarterRound(fcr0, s.p5, s.p10, s.p15)
+		x1, x6, x11, x12 := quarterRound(s.p1, s.p6, s.p11, fcr12)
+		x2, x7, x8, x13 := quarterRound(s.p2, s.p7, fcr8, s.p13)
+		x3, x4, x9, x14 := quarterRound(s.p3, fcr4, s.p9, s.p14)
+
+		// The remaining 18 rounds.
+		for i := 0; i < 9; i++ {
+			// Column round.
+			x0, x4, x8, x12 = quarterRound(x0, x4, x8, x12)
+			x1, x5, x9, x13 = quarterRound(x1, x5, x9, x13)
+			x2, x6, x10, x14 = quarterRound(x2, x6, x10, x14)
+			x3, x7, x11, x15 = quarterRound(x3, x7, x11, x15)
+
+			// Diagonal round.
+			x0, x5, x10, x15 = quarterRound(x0, x5, x10, x15)
+			x1, x6, x11, x12 = quarterRound(x1, x6, x11, x12)
+			x2, x7, x8, x13 = quarterRound(x2, x7, x8, x13)
+			x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
+		}
+
+		// Add back the initial state to generate the key stream, then
+		// XOR the key stream with the source and write out the result.
+		addXor(dst[0:4], src[0:4], x0, c0)
+		addXor(dst[4:8], src[4:8], x1, c1)
+		addXor(dst[8:12], src[8:12], x2, c2)
+		addXor(dst[12:16], src[12:16], x3, c3)
+		addXor(dst[16:20], src[16:20], x4, c4)
+		addXor(dst[20:24], src[20:24], x5, c5)
+		addXor(dst[24:28], src[24:28], x6, c6)
+		addXor(dst[28:32], src[28:32], x7, c7)
+		addXor(dst[32:36], src[32:36], x8, c8)
+		addXor(dst[36:40], src[36:40], x9, c9)
+		addXor(dst[40:44], src[40:44], x10, c10)
+		addXor(dst[44:48], src[44:48], x11, c11)
+		addXor(dst[48:52], src[48:52], x12, s.counter)
+		addXor(dst[52:56], src[52:56], x13, c13)
+		addXor(dst[56:60], src[56:60], x14, c14)
+		addXor(dst[60:64], src[60:64], x15, c15)
+
+		s.counter += 1
+
+		src, dst = src[blockSize:], dst[blockSize:]
+	}
+}
+
+// HChaCha20 uses the ChaCha20 core to generate a derived key from a 32 bytes
+// key and a 16 bytes nonce. It returns an error if key or nonce have any other
+// length. It is used as part of the XChaCha20 construction.
+func HChaCha20(key, nonce []byte) ([]byte, error) {
+	// This function is split into a wrapper so that the slice allocation will
+	// be inlined, and depending on how the caller uses the return value, won't
+	// escape to the heap.
+	out := make([]byte, 32)
+	return hChaCha20(out, key, nonce)
+}
+
+func hChaCha20(out, key, nonce []byte) ([]byte, error) {
+	if len(key) != KeySize {
+		return nil, errors.New("chacha20: wrong HChaCha20 key size")
+	}
+	if len(nonce) != 16 {
+		return nil, errors.New("chacha20: wrong HChaCha20 nonce size")
+	}
+
+	x0, x1, x2, x3 := j0, j1, j2, j3
+	x4 := binary.LittleEndian.Uint32(key[0:4])
+	x5 := binary.LittleEndian.Uint32(key[4:8])
+	x6 := binary.LittleEndian.Uint32(key[8:12])
+	x7 := binary.LittleEndian.Uint32(key[12:16])
+	x8 := binary.LittleEndian.Uint32(key[16:20])
+	x9 := binary.LittleEndian.Uint32(key[20:24])
+	x10 := binary.LittleEndian.Uint32(key[24:28])
+	x11 := binary.LittleEndian.Uint32(key[28:32])
+	x12 := binary.LittleEndian.Uint32(nonce[0:4])
+	x13 := binary.LittleEndian.Uint32(nonce[4:8])
+	x14 := binary.LittleEndian.Uint32(nonce[8:12])
+	x15 := binary.LittleEndian.Uint32(nonce[12:16])
+
+	for i := 0; i < 10; i++ {
+		// Diagonal round.
+		x0, x4, x8, x12 = quarterRound(x0, x4, x8, x12)
+		x1, x5, x9, x13 = quarterRound(x1, x5, x9, x13)
+		x2, x6, x10, x14 = quarterRound(x2, x6, x10, x14)
+		x3, x7, x11, x15 = quarterRound(x3, x7, x11, x15)
+
+		// Column round.
+		x0, x5, x10, x15 = quarterRound(x0, x5, x10, x15)
+		x1, x6, x11, x12 = quarterRound(x1, x6, x11, x12)
+		x2, x7, x8, x13 = quarterRound(x2, x7, x8, x13)
+		x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
+	}
+
+	_ = out[31] // bounds check elimination hint
+	binary.LittleEndian.PutUint32(out[0:4], x0)
+	binary.LittleEndian.PutUint32(out[4:8], x1)
+	binary.LittleEndian.PutUint32(out[8:12], x2)
+	binary.LittleEndian.PutUint32(out[12:16], x3)
+	binary.LittleEndian.PutUint32(out[16:20], x12)
+	binary.LittleEndian.PutUint32(out[20:24], x13)
+	binary.LittleEndian.PutUint32(out[24:28], x14)
+	binary.LittleEndian.PutUint32(out[28:32], x15)
+	return out, nil
+}
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go b/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
new file mode 100644
index 000000000..025b49897
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
@@ -0,0 +1,14 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (!arm64 && !s390x && !ppc64le) || (arm64 && !go1.11) || !gc || purego
+// +build !arm64,!s390x,!ppc64le arm64,!go1.11 !gc purego
+
+package chacha20
+
+const bufSize = blockSize
+
+func (s *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	s.xorKeyStreamBlocksGeneric(dst, src)
+}
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
new file mode 100644
index 000000000..da420b2e9
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
@@ -0,0 +1,17 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package chacha20
+
+const bufSize = 256
+
+//go:noescape
+func chaCha20_ctr32_vsx(out, inp *byte, len int, key *[8]uint32, counter *uint32)
+
+func (c *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	chaCha20_ctr32_vsx(&dst[0], &src[0], len(src), &c.key, &c.counter)
+}
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
new file mode 100644
index 000000000..5c0fed26f
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
@@ -0,0 +1,450 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Based on CRYPTOGAMS code with the following comment:
+// # ====================================================================
+// # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+// # project. The module is, however, dual licensed under OpenSSL and
+// # CRYPTOGAMS licenses depending on where you obtain it. For further
+// # details see http://www.openssl.org/~appro/cryptogams/.
+// # ====================================================================
+
+// Code for the perl script that generates the ppc64 assembler
+// can be found in the cryptogams repository at the link below. It is based on
+// the original from openssl.
+
+// https://github.com/dot-asm/cryptogams/commit/a60f5b50ed908e91
+
+// The differences in this and the original implementation are
+// due to the calling conventions and initialization of constants.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+#include "textflag.h"
+
+#define OUT  R3
+#define INP  R4
+#define LEN  R5
+#define KEY  R6
+#define CNT  R7
+#define TMP  R15
+
+#define CONSTBASE  R16
+#define BLOCKS R17
+
+DATA consts<>+0x00(SB)/8, $0x3320646e61707865
+DATA consts<>+0x08(SB)/8, $0x6b20657479622d32
+DATA consts<>+0x10(SB)/8, $0x0000000000000001
+DATA consts<>+0x18(SB)/8, $0x0000000000000000
+DATA consts<>+0x20(SB)/8, $0x0000000000000004
+DATA consts<>+0x28(SB)/8, $0x0000000000000000
+DATA consts<>+0x30(SB)/8, $0x0a0b08090e0f0c0d
+DATA consts<>+0x38(SB)/8, $0x0203000106070405
+DATA consts<>+0x40(SB)/8, $0x090a0b080d0e0f0c
+DATA consts<>+0x48(SB)/8, $0x0102030005060704
+DATA consts<>+0x50(SB)/8, $0x6170786561707865
+DATA consts<>+0x58(SB)/8, $0x6170786561707865
+DATA consts<>+0x60(SB)/8, $0x3320646e3320646e
+DATA consts<>+0x68(SB)/8, $0x3320646e3320646e
+DATA consts<>+0x70(SB)/8, $0x79622d3279622d32
+DATA consts<>+0x78(SB)/8, $0x79622d3279622d32
+DATA consts<>+0x80(SB)/8, $0x6b2065746b206574
+DATA consts<>+0x88(SB)/8, $0x6b2065746b206574
+DATA consts<>+0x90(SB)/8, $0x0000000100000000
+DATA consts<>+0x98(SB)/8, $0x0000000300000002
+GLOBL consts<>(SB), RODATA, $0xa0
+
+//func chaCha20_ctr32_vsx(out, inp *byte, len int, key *[8]uint32, counter *uint32)
+TEXT ·chaCha20_ctr32_vsx(SB),NOSPLIT,$64-40
+	MOVD out+0(FP), OUT
+	MOVD inp+8(FP), INP
+	MOVD len+16(FP), LEN
+	MOVD key+24(FP), KEY
+	MOVD counter+32(FP), CNT
+
+	// Addressing for constants
+	MOVD $consts<>+0x00(SB), CONSTBASE
+	MOVD $16, R8
+	MOVD $32, R9
+	MOVD $48, R10
+	MOVD $64, R11
+	SRD $6, LEN, BLOCKS
+	// V16
+	LXVW4X (CONSTBASE)(R0), VS48
+	ADD $80,CONSTBASE
+
+	// Load key into V17,V18
+	LXVW4X (KEY)(R0), VS49
+	LXVW4X (KEY)(R8), VS50
+
+	// Load CNT, NONCE into V19
+	LXVW4X (CNT)(R0), VS51
+
+	// Clear V27
+	VXOR V27, V27, V27
+
+	// V28
+	LXVW4X (CONSTBASE)(R11), VS60
+
+	// splat slot from V19 -> V26
+	VSPLTW $0, V19, V26
+
+	VSLDOI $4, V19, V27, V19
+	VSLDOI $12, V27, V19, V19
+
+	VADDUWM V26, V28, V26
+
+	MOVD $10, R14
+	MOVD R14, CTR
+
+loop_outer_vsx:
+	// V0, V1, V2, V3
+	LXVW4X (R0)(CONSTBASE), VS32
+	LXVW4X (R8)(CONSTBASE), VS33
+	LXVW4X (R9)(CONSTBASE), VS34
+	LXVW4X (R10)(CONSTBASE), VS35
+
+	// splat values from V17, V18 into V4-V11
+	VSPLTW $0, V17, V4
+	VSPLTW $1, V17, V5
+	VSPLTW $2, V17, V6
+	VSPLTW $3, V17, V7
+	VSPLTW $0, V18, V8
+	VSPLTW $1, V18, V9
+	VSPLTW $2, V18, V10
+	VSPLTW $3, V18, V11
+
+	// VOR
+	VOR V26, V26, V12
+
+	// splat values from V19 -> V13, V14, V15
+	VSPLTW $1, V19, V13
+	VSPLTW $2, V19, V14
+	VSPLTW $3, V19, V15
+
+	// splat   const values
+	VSPLTISW $-16, V27
+	VSPLTISW $12, V28
+	VSPLTISW $8, V29
+	VSPLTISW $7, V30
+
+loop_vsx:
+	VADDUWM V0, V4, V0
+	VADDUWM V1, V5, V1
+	VADDUWM V2, V6, V2
+	VADDUWM V3, V7, V3
+
+	VXOR V12, V0, V12
+	VXOR V13, V1, V13
+	VXOR V14, V2, V14
+	VXOR V15, V3, V15
+
+	VRLW V12, V27, V12
+	VRLW V13, V27, V13
+	VRLW V14, V27, V14
+	VRLW V15, V27, V15
+
+	VADDUWM V8, V12, V8
+	VADDUWM V9, V13, V9
+	VADDUWM V10, V14, V10
+	VADDUWM V11, V15, V11
+
+	VXOR V4, V8, V4
+	VXOR V5, V9, V5
+	VXOR V6, V10, V6
+	VXOR V7, V11, V7
+
+	VRLW V4, V28, V4
+	VRLW V5, V28, V5
+	VRLW V6, V28, V6
+	VRLW V7, V28, V7
+
+	VADDUWM V0, V4, V0
+	VADDUWM V1, V5, V1
+	VADDUWM V2, V6, V2
+	VADDUWM V3, V7, V3
+
+	VXOR V12, V0, V12
+	VXOR V13, V1, V13
+	VXOR V14, V2, V14
+	VXOR V15, V3, V15
+
+	VRLW V12, V29, V12
+	VRLW V13, V29, V13
+	VRLW V14, V29, V14
+	VRLW V15, V29, V15
+
+	VADDUWM V8, V12, V8
+	VADDUWM V9, V13, V9
+	VADDUWM V10, V14, V10
+	VADDUWM V11, V15, V11
+
+	VXOR V4, V8, V4
+	VXOR V5, V9, V5
+	VXOR V6, V10, V6
+	VXOR V7, V11, V7
+
+	VRLW V4, V30, V4
+	VRLW V5, V30, V5
+	VRLW V6, V30, V6
+	VRLW V7, V30, V7
+
+	VADDUWM V0, V5, V0
+	VADDUWM V1, V6, V1
+	VADDUWM V2, V7, V2
+	VADDUWM V3, V4, V3
+
+	VXOR V15, V0, V15
+	VXOR V12, V1, V12
+	VXOR V13, V2, V13
+	VXOR V14, V3, V14
+
+	VRLW V15, V27, V15
+	VRLW V12, V27, V12
+	VRLW V13, V27, V13
+	VRLW V14, V27, V14
+
+	VADDUWM V10, V15, V10
+	VADDUWM V11, V12, V11
+	VADDUWM V8, V13, V8
+	VADDUWM V9, V14, V9
+
+	VXOR V5, V10, V5
+	VXOR V6, V11, V6
+	VXOR V7, V8, V7
+	VXOR V4, V9, V4
+
+	VRLW V5, V28, V5
+	VRLW V6, V28, V6
+	VRLW V7, V28, V7
+	VRLW V4, V28, V4
+
+	VADDUWM V0, V5, V0
+	VADDUWM V1, V6, V1
+	VADDUWM V2, V7, V2
+	VADDUWM V3, V4, V3
+
+	VXOR V15, V0, V15
+	VXOR V12, V1, V12
+	VXOR V13, V2, V13
+	VXOR V14, V3, V14
+
+	VRLW V15, V29, V15
+	VRLW V12, V29, V12
+	VRLW V13, V29, V13
+	VRLW V14, V29, V14
+
+	VADDUWM V10, V15, V10
+	VADDUWM V11, V12, V11
+	VADDUWM V8, V13, V8
+	VADDUWM V9, V14, V9
+
+	VXOR V5, V10, V5
+	VXOR V6, V11, V6
+	VXOR V7, V8, V7
+	VXOR V4, V9, V4
+
+	VRLW V5, V30, V5
+	VRLW V6, V30, V6
+	VRLW V7, V30, V7
+	VRLW V4, V30, V4
+	BC   16, LT, loop_vsx
+
+	VADDUWM V12, V26, V12
+
+	WORD $0x13600F8C		// VMRGEW V0, V1, V27
+	WORD $0x13821F8C		// VMRGEW V2, V3, V28
+
+	WORD $0x10000E8C		// VMRGOW V0, V1, V0
+	WORD $0x10421E8C		// VMRGOW V2, V3, V2
+
+	WORD $0x13A42F8C		// VMRGEW V4, V5, V29
+	WORD $0x13C63F8C		// VMRGEW V6, V7, V30
+
+	XXPERMDI VS32, VS34, $0, VS33
+	XXPERMDI VS32, VS34, $3, VS35
+	XXPERMDI VS59, VS60, $0, VS32
+	XXPERMDI VS59, VS60, $3, VS34
+
+	WORD $0x10842E8C		// VMRGOW V4, V5, V4
+	WORD $0x10C63E8C		// VMRGOW V6, V7, V6
+
+	WORD $0x13684F8C		// VMRGEW V8, V9, V27
+	WORD $0x138A5F8C		// VMRGEW V10, V11, V28
+
+	XXPERMDI VS36, VS38, $0, VS37
+	XXPERMDI VS36, VS38, $3, VS39
+	XXPERMDI VS61, VS62, $0, VS36
+	XXPERMDI VS61, VS62, $3, VS38
+
+	WORD $0x11084E8C		// VMRGOW V8, V9, V8
+	WORD $0x114A5E8C		// VMRGOW V10, V11, V10
+
+	WORD $0x13AC6F8C		// VMRGEW V12, V13, V29
+	WORD $0x13CE7F8C		// VMRGEW V14, V15, V30
+
+	XXPERMDI VS40, VS42, $0, VS41
+	XXPERMDI VS40, VS42, $3, VS43
+	XXPERMDI VS59, VS60, $0, VS40
+	XXPERMDI VS59, VS60, $3, VS42
+
+	WORD $0x118C6E8C		// VMRGOW V12, V13, V12
+	WORD $0x11CE7E8C		// VMRGOW V14, V15, V14
+
+	VSPLTISW $4, V27
+	VADDUWM V26, V27, V26
+
+	XXPERMDI VS44, VS46, $0, VS45
+	XXPERMDI VS44, VS46, $3, VS47
+	XXPERMDI VS61, VS62, $0, VS44
+	XXPERMDI VS61, VS62, $3, VS46
+
+	VADDUWM V0, V16, V0
+	VADDUWM V4, V17, V4
+	VADDUWM V8, V18, V8
+	VADDUWM V12, V19, V12
+
+	CMPU LEN, $64
+	BLT tail_vsx
+
+	// Bottom of loop
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+
+	VXOR V27, V0, V27
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(R10)
+	ADD     $64, OUT
+	BEQ     done_vsx
+
+	VADDUWM V1, V16, V0
+	VADDUWM V5, V17, V4
+	VADDUWM V9, V18, V8
+	VADDUWM V13, V19, V12
+
+	CMPU  LEN, $64
+	BLT   tail_vsx
+
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+	VXOR   V27, V0, V27
+
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(V10)
+	ADD     $64, OUT
+	BEQ     done_vsx
+
+	VADDUWM V2, V16, V0
+	VADDUWM V6, V17, V4
+	VADDUWM V10, V18, V8
+	VADDUWM V14, V19, V12
+
+	CMPU LEN, $64
+	BLT  tail_vsx
+
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+
+	VXOR V27, V0, V27
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(R10)
+	ADD     $64, OUT
+	BEQ     done_vsx
+
+	VADDUWM V3, V16, V0
+	VADDUWM V7, V17, V4
+	VADDUWM V11, V18, V8
+	VADDUWM V15, V19, V12
+
+	CMPU  LEN, $64
+	BLT   tail_vsx
+
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+
+	VXOR V27, V0, V27
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(R10)
+	ADD     $64, OUT
+
+	MOVD $10, R14
+	MOVD R14, CTR
+	BNE  loop_outer_vsx
+
+done_vsx:
+	// Increment counter by number of 64 byte blocks
+	MOVD (CNT), R14
+	ADD  BLOCKS, R14
+	MOVD R14, (CNT)
+	RET
+
+tail_vsx:
+	ADD  $32, R1, R11
+	MOVD LEN, CTR
+
+	// Save values on stack to copy from
+	STXVW4X VS32, (R11)(R0)
+	STXVW4X VS36, (R11)(R8)
+	STXVW4X VS40, (R11)(R9)
+	STXVW4X VS44, (R11)(R10)
+	ADD $-1, R11, R12
+	ADD $-1, INP
+	ADD $-1, OUT
+
+looptail_vsx:
+	// Copying the result to OUT
+	// in bytes.
+	MOVBZU 1(R12), KEY
+	MOVBZU 1(INP), TMP
+	XOR    KEY, TMP, KEY
+	MOVBU  KEY, 1(OUT)
+	BC     16, LT, looptail_vsx
+
+	// Clear the stack values
+	STXVW4X VS48, (R11)(R0)
+	STXVW4X VS48, (R11)(R8)
+	STXVW4X VS48, (R11)(R9)
+	STXVW4X VS48, (R11)(R10)
+	BR      done_vsx
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
new file mode 100644
index 000000000..4652247b8
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
@@ -0,0 +1,28 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package chacha20
+
+import "golang.org/x/sys/cpu"
+
+var haveAsm = cpu.S390X.HasVX
+
+const bufSize = 256
+
+// xorKeyStreamVX is an assembly implementation of XORKeyStream. It must only
+// be called when the vector facility is available. Implementation in asm_s390x.s.
+//
+//go:noescape
+func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+
+func (c *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	if cpu.S390X.HasVX {
+		xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter)
+	} else {
+		c.xorKeyStreamBlocksGeneric(dst, src)
+	}
+}
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
new file mode 100644
index 000000000..f3ef5a019
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
@@ -0,0 +1,225 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+#include "go_asm.h"
+#include "textflag.h"
+
+// This is an implementation of the ChaCha20 encryption algorithm as
+// specified in RFC 7539. It uses vector instructions to compute
+// 4 keystream blocks in parallel (256 bytes) which are then XORed
+// with the bytes in the input slice.
+
+GLOBL ·constants<>(SB), RODATA|NOPTR, $32
+// BSWAP: swap bytes in each 4-byte element
+DATA ·constants<>+0x00(SB)/4, $0x03020100
+DATA ·constants<>+0x04(SB)/4, $0x07060504
+DATA ·constants<>+0x08(SB)/4, $0x0b0a0908
+DATA ·constants<>+0x0c(SB)/4, $0x0f0e0d0c
+// J0: [j0, j1, j2, j3]
+DATA ·constants<>+0x10(SB)/4, $0x61707865
+DATA ·constants<>+0x14(SB)/4, $0x3320646e
+DATA ·constants<>+0x18(SB)/4, $0x79622d32
+DATA ·constants<>+0x1c(SB)/4, $0x6b206574
+
+#define BSWAP V5
+#define J0    V6
+#define KEY0  V7
+#define KEY1  V8
+#define NONCE V9
+#define CTR   V10
+#define M0    V11
+#define M1    V12
+#define M2    V13
+#define M3    V14
+#define INC   V15
+#define X0    V16
+#define X1    V17
+#define X2    V18
+#define X3    V19
+#define X4    V20
+#define X5    V21
+#define X6    V22
+#define X7    V23
+#define X8    V24
+#define X9    V25
+#define X10   V26
+#define X11   V27
+#define X12   V28
+#define X13   V29
+#define X14   V30
+#define X15   V31
+
+#define NUM_ROUNDS 20
+
+#define ROUND4(a0, a1, a2, a3, b0, b1, b2, b3, c0, c1, c2, c3, d0, d1, d2, d3) \
+	VAF    a1, a0, a0  \
+	VAF    b1, b0, b0  \
+	VAF    c1, c0, c0  \
+	VAF    d1, d0, d0  \
+	VX     a0, a2, a2  \
+	VX     b0, b2, b2  \
+	VX     c0, c2, c2  \
+	VX     d0, d2, d2  \
+	VERLLF $16, a2, a2 \
+	VERLLF $16, b2, b2 \
+	VERLLF $16, c2, c2 \
+	VERLLF $16, d2, d2 \
+	VAF    a2, a3, a3  \
+	VAF    b2, b3, b3  \
+	VAF    c2, c3, c3  \
+	VAF    d2, d3, d3  \
+	VX     a3, a1, a1  \
+	VX     b3, b1, b1  \
+	VX     c3, c1, c1  \
+	VX     d3, d1, d1  \
+	VERLLF $12, a1, a1 \
+	VERLLF $12, b1, b1 \
+	VERLLF $12, c1, c1 \
+	VERLLF $12, d1, d1 \
+	VAF    a1, a0, a0  \
+	VAF    b1, b0, b0  \
+	VAF    c1, c0, c0  \
+	VAF    d1, d0, d0  \
+	VX     a0, a2, a2  \
+	VX     b0, b2, b2  \
+	VX     c0, c2, c2  \
+	VX     d0, d2, d2  \
+	VERLLF $8, a2, a2  \
+	VERLLF $8, b2, b2  \
+	VERLLF $8, c2, c2  \
+	VERLLF $8, d2, d2  \
+	VAF    a2, a3, a3  \
+	VAF    b2, b3, b3  \
+	VAF    c2, c3, c3  \
+	VAF    d2, d3, d3  \
+	VX     a3, a1, a1  \
+	VX     b3, b1, b1  \
+	VX     c3, c1, c1  \
+	VX     d3, d1, d1  \
+	VERLLF $7, a1, a1  \
+	VERLLF $7, b1, b1  \
+	VERLLF $7, c1, c1  \
+	VERLLF $7, d1, d1
+
+#define PERMUTE(mask, v0, v1, v2, v3) \
+	VPERM v0, v0, mask, v0 \
+	VPERM v1, v1, mask, v1 \
+	VPERM v2, v2, mask, v2 \
+	VPERM v3, v3, mask, v3
+
+#define ADDV(x, v0, v1, v2, v3) \
+	VAF x, v0, v0 \
+	VAF x, v1, v1 \
+	VAF x, v2, v2 \
+	VAF x, v3, v3
+
+#define XORV(off, dst, src, v0, v1, v2, v3) \
+	VLM  off(src), M0, M3          \
+	PERMUTE(BSWAP, v0, v1, v2, v3) \
+	VX   v0, M0, M0                \
+	VX   v1, M1, M1                \
+	VX   v2, M2, M2                \
+	VX   v3, M3, M3                \
+	VSTM M0, M3, off(dst)
+
+#define SHUFFLE(a, b, c, d, t, u, v, w) \
+	VMRHF a, c, t \ // t = {a[0], c[0], a[1], c[1]}
+	VMRHF b, d, u \ // u = {b[0], d[0], b[1], d[1]}
+	VMRLF a, c, v \ // v = {a[2], c[2], a[3], c[3]}
+	VMRLF b, d, w \ // w = {b[2], d[2], b[3], d[3]}
+	VMRHF t, u, a \ // a = {a[0], b[0], c[0], d[0]}
+	VMRLF t, u, b \ // b = {a[1], b[1], c[1], d[1]}
+	VMRHF v, w, c \ // c = {a[2], b[2], c[2], d[2]}
+	VMRLF v, w, d // d = {a[3], b[3], c[3], d[3]}
+
+// func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+TEXT ·xorKeyStreamVX(SB), NOSPLIT, $0
+	MOVD $·constants<>(SB), R1
+	MOVD dst+0(FP), R2         // R2=&dst[0]
+	LMG  src+24(FP), R3, R4    // R3=&src[0] R4=len(src)
+	MOVD key+48(FP), R5        // R5=key
+	MOVD nonce+56(FP), R6      // R6=nonce
+	MOVD counter+64(FP), R7    // R7=counter
+
+	// load BSWAP and J0
+	VLM (R1), BSWAP, J0
+
+	// setup
+	MOVD  $95, R0
+	VLM   (R5), KEY0, KEY1
+	VLL   R0, (R6), NONCE
+	VZERO M0
+	VLEIB $7, $32, M0
+	VSRLB M0, NONCE, NONCE
+
+	// initialize counter values
+	VLREPF (R7), CTR
+	VZERO  INC
+	VLEIF  $1, $1, INC
+	VLEIF  $2, $2, INC
+	VLEIF  $3, $3, INC
+	VAF    INC, CTR, CTR
+	VREPIF $4, INC
+
+chacha:
+	VREPF $0, J0, X0
+	VREPF $1, J0, X1
+	VREPF $2, J0, X2
+	VREPF $3, J0, X3
+	VREPF $0, KEY0, X4
+	VREPF $1, KEY0, X5
+	VREPF $2, KEY0, X6
+	VREPF $3, KEY0, X7
+	VREPF $0, KEY1, X8
+	VREPF $1, KEY1, X9
+	VREPF $2, KEY1, X10
+	VREPF $3, KEY1, X11
+	VLR   CTR, X12
+	VREPF $1, NONCE, X13
+	VREPF $2, NONCE, X14
+	VREPF $3, NONCE, X15
+
+	MOVD $(NUM_ROUNDS/2), R1
+
+loop:
+	ROUND4(X0, X4, X12,  X8, X1, X5, X13,  X9, X2, X6, X14, X10, X3, X7, X15, X11)
+	ROUND4(X0, X5, X15, X10, X1, X6, X12, X11, X2, X7, X13, X8,  X3, X4, X14, X9)
+
+	ADD $-1, R1
+	BNE loop
+
+	// decrement length
+	ADD $-256, R4
+
+	// rearrange vectors
+	SHUFFLE(X0, X1, X2, X3, M0, M1, M2, M3)
+	ADDV(J0, X0, X1, X2, X3)
+	SHUFFLE(X4, X5, X6, X7, M0, M1, M2, M3)
+	ADDV(KEY0, X4, X5, X6, X7)
+	SHUFFLE(X8, X9, X10, X11, M0, M1, M2, M3)
+	ADDV(KEY1, X8, X9, X10, X11)
+	VAF CTR, X12, X12
+	SHUFFLE(X12, X13, X14, X15, M0, M1, M2, M3)
+	ADDV(NONCE, X12, X13, X14, X15)
+
+	// increment counters
+	VAF INC, CTR, CTR
+
+	// xor keystream with plaintext
+	XORV(0*64, R2, R3, X0, X4,  X8, X12)
+	XORV(1*64, R2, R3, X1, X5,  X9, X13)
+	XORV(2*64, R2, R3, X2, X6, X10, X14)
+	XORV(3*64, R2, R3, X3, X7, X11, X15)
+
+	// increment pointers
+	MOVD $256(R2), R2
+	MOVD $256(R3), R3
+
+	CMPBNE  R4, $0, chacha
+
+	VSTEF $0, CTR, (R7)
+	RET
diff --git a/vendor/golang.org/x/crypto/chacha20/xor.go b/vendor/golang.org/x/crypto/chacha20/xor.go
new file mode 100644
index 000000000..c2d04851e
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20/xor.go
@@ -0,0 +1,42 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found src the LICENSE file.
+
+package chacha20
+
+import "runtime"
+
+// Platforms that have fast unaligned 32-bit little endian accesses.
+const unaligned = runtime.GOARCH == "386" ||
+	runtime.GOARCH == "amd64" ||
+	runtime.GOARCH == "arm64" ||
+	runtime.GOARCH == "ppc64le" ||
+	runtime.GOARCH == "s390x"
+
+// addXor reads a little endian uint32 from src, XORs it with (a + b) and
+// places the result in little endian byte order in dst.
+func addXor(dst, src []byte, a, b uint32) {
+	_, _ = src[3], dst[3] // bounds check elimination hint
+	if unaligned {
+		// The compiler should optimize this code into
+		// 32-bit unaligned little endian loads and stores.
+		// TODO: delete once the compiler does a reliably
+		// good job with the generic code below.
+		// See issue #25111 for more details.
+		v := uint32(src[0])
+		v |= uint32(src[1]) << 8
+		v |= uint32(src[2]) << 16
+		v |= uint32(src[3]) << 24
+		v ^= a + b
+		dst[0] = byte(v)
+		dst[1] = byte(v >> 8)
+		dst[2] = byte(v >> 16)
+		dst[3] = byte(v >> 24)
+	} else {
+		a += b
+		dst[0] = src[0] ^ byte(a)
+		dst[1] = src[1] ^ byte(a>>8)
+		dst[2] = src[2] ^ byte(a>>16)
+		dst[3] = src[3] ^ byte(a>>24)
+	}
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go
new file mode 100644
index 000000000..93da7322b
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go
@@ -0,0 +1,98 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package chacha20poly1305 implements the ChaCha20-Poly1305 AEAD and its
+// extended nonce variant XChaCha20-Poly1305, as specified in RFC 8439 and
+// draft-irtf-cfrg-xchacha-01.
+package chacha20poly1305 // import "golang.org/x/crypto/chacha20poly1305"
+
+import (
+	"crypto/cipher"
+	"errors"
+)
+
+const (
+	// KeySize is the size of the key used by this AEAD, in bytes.
+	KeySize = 32
+
+	// NonceSize is the size of the nonce used with the standard variant of this
+	// AEAD, in bytes.
+	//
+	// Note that this is too short to be safely generated at random if the same
+	// key is reused more than 2³² times.
+	NonceSize = 12
+
+	// NonceSizeX is the size of the nonce used with the XChaCha20-Poly1305
+	// variant of this AEAD, in bytes.
+	NonceSizeX = 24
+
+	// Overhead is the size of the Poly1305 authentication tag, and the
+	// difference between a ciphertext length and its plaintext.
+	Overhead = 16
+)
+
+type chacha20poly1305 struct {
+	key [KeySize]byte
+}
+
+// New returns a ChaCha20-Poly1305 AEAD that uses the given 256-bit key.
+func New(key []byte) (cipher.AEAD, error) {
+	if len(key) != KeySize {
+		return nil, errors.New("chacha20poly1305: bad key length")
+	}
+	ret := new(chacha20poly1305)
+	copy(ret.key[:], key)
+	return ret, nil
+}
+
+func (c *chacha20poly1305) NonceSize() int {
+	return NonceSize
+}
+
+func (c *chacha20poly1305) Overhead() int {
+	return Overhead
+}
+
+func (c *chacha20poly1305) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
+	if len(nonce) != NonceSize {
+		panic("chacha20poly1305: bad nonce length passed to Seal")
+	}
+
+	if uint64(len(plaintext)) > (1<<38)-64 {
+		panic("chacha20poly1305: plaintext too large")
+	}
+
+	return c.seal(dst, nonce, plaintext, additionalData)
+}
+
+var errOpen = errors.New("chacha20poly1305: message authentication failed")
+
+func (c *chacha20poly1305) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+	if len(nonce) != NonceSize {
+		panic("chacha20poly1305: bad nonce length passed to Open")
+	}
+	if len(ciphertext) < 16 {
+		return nil, errOpen
+	}
+	if uint64(len(ciphertext)) > (1<<38)-48 {
+		panic("chacha20poly1305: ciphertext too large")
+	}
+
+	return c.open(dst, nonce, ciphertext, additionalData)
+}
+
+// sliceForAppend takes a slice and a requested number of bytes. It returns a
+// slice with the contents of the given slice followed by that many bytes and a
+// second slice that aliases into it and contains only the extra bytes. If the
+// original slice has sufficient capacity then no allocation is performed.
+func sliceForAppend(in []byte, n int) (head, tail []byte) {
+	if total := len(in) + n; cap(in) >= total {
+		head = in[:total]
+	} else {
+		head = make([]byte, total)
+		copy(head, in)
+	}
+	tail = head[len(in):]
+	return
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
new file mode 100644
index 000000000..0c408c570
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
@@ -0,0 +1,87 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package chacha20poly1305
+
+import (
+	"encoding/binary"
+
+	"golang.org/x/crypto/internal/alias"
+	"golang.org/x/sys/cpu"
+)
+
+//go:noescape
+func chacha20Poly1305Open(dst []byte, key []uint32, src, ad []byte) bool
+
+//go:noescape
+func chacha20Poly1305Seal(dst []byte, key []uint32, src, ad []byte)
+
+var (
+	useAVX2 = cpu.X86.HasAVX2 && cpu.X86.HasBMI2
+)
+
+// setupState writes a ChaCha20 input matrix to state. See
+// https://tools.ietf.org/html/rfc7539#section-2.3.
+func setupState(state *[16]uint32, key *[32]byte, nonce []byte) {
+	state[0] = 0x61707865
+	state[1] = 0x3320646e
+	state[2] = 0x79622d32
+	state[3] = 0x6b206574
+
+	state[4] = binary.LittleEndian.Uint32(key[0:4])
+	state[5] = binary.LittleEndian.Uint32(key[4:8])
+	state[6] = binary.LittleEndian.Uint32(key[8:12])
+	state[7] = binary.LittleEndian.Uint32(key[12:16])
+	state[8] = binary.LittleEndian.Uint32(key[16:20])
+	state[9] = binary.LittleEndian.Uint32(key[20:24])
+	state[10] = binary.LittleEndian.Uint32(key[24:28])
+	state[11] = binary.LittleEndian.Uint32(key[28:32])
+
+	state[12] = 0
+	state[13] = binary.LittleEndian.Uint32(nonce[0:4])
+	state[14] = binary.LittleEndian.Uint32(nonce[4:8])
+	state[15] = binary.LittleEndian.Uint32(nonce[8:12])
+}
+
+func (c *chacha20poly1305) seal(dst, nonce, plaintext, additionalData []byte) []byte {
+	if !cpu.X86.HasSSSE3 {
+		return c.sealGeneric(dst, nonce, plaintext, additionalData)
+	}
+
+	var state [16]uint32
+	setupState(&state, &c.key, nonce)
+
+	ret, out := sliceForAppend(dst, len(plaintext)+16)
+	if alias.InexactOverlap(out, plaintext) {
+		panic("chacha20poly1305: invalid buffer overlap")
+	}
+	chacha20Poly1305Seal(out[:], state[:], plaintext, additionalData)
+	return ret
+}
+
+func (c *chacha20poly1305) open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+	if !cpu.X86.HasSSSE3 {
+		return c.openGeneric(dst, nonce, ciphertext, additionalData)
+	}
+
+	var state [16]uint32
+	setupState(&state, &c.key, nonce)
+
+	ciphertext = ciphertext[:len(ciphertext)-16]
+	ret, out := sliceForAppend(dst, len(ciphertext))
+	if alias.InexactOverlap(out, ciphertext) {
+		panic("chacha20poly1305: invalid buffer overlap")
+	}
+	if !chacha20Poly1305Open(out, state[:], ciphertext, additionalData) {
+		for i := range out {
+			out[i] = 0
+		}
+		return nil, errOpen
+	}
+
+	return ret, nil
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s
new file mode 100644
index 000000000..867c181a1
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s
@@ -0,0 +1,2696 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This file was originally from https://golang.org/cl/24717 by Vlad Krasnov of CloudFlare.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+#include "textflag.h"
+// General register allocation
+#define oup DI
+#define inp SI
+#define inl BX
+#define adp CX // free to reuse, after we hash the additional data
+#define keyp R8 // free to reuse, when we copy the key to stack
+#define itr2 R9 // general iterator
+#define itr1 CX // general iterator
+#define acc0 R10
+#define acc1 R11
+#define acc2 R12
+#define t0 R13
+#define t1 R14
+#define t2 R15
+#define t3 R8
+// Register and stack allocation for the SSE code
+#define rStore (0*16)(BP)
+#define sStore (1*16)(BP)
+#define state1Store (2*16)(BP)
+#define state2Store (3*16)(BP)
+#define tmpStore (4*16)(BP)
+#define ctr0Store (5*16)(BP)
+#define ctr1Store (6*16)(BP)
+#define ctr2Store (7*16)(BP)
+#define ctr3Store (8*16)(BP)
+#define A0 X0
+#define A1 X1
+#define A2 X2
+#define B0 X3
+#define B1 X4
+#define B2 X5
+#define C0 X6
+#define C1 X7
+#define C2 X8
+#define D0 X9
+#define D1 X10
+#define D2 X11
+#define T0 X12
+#define T1 X13
+#define T2 X14
+#define T3 X15
+#define A3 T0
+#define B3 T1
+#define C3 T2
+#define D3 T3
+// Register and stack allocation for the AVX2 code
+#define rsStoreAVX2 (0*32)(BP)
+#define state1StoreAVX2 (1*32)(BP)
+#define state2StoreAVX2 (2*32)(BP)
+#define ctr0StoreAVX2 (3*32)(BP)
+#define ctr1StoreAVX2 (4*32)(BP)
+#define ctr2StoreAVX2 (5*32)(BP)
+#define ctr3StoreAVX2 (6*32)(BP)
+#define tmpStoreAVX2 (7*32)(BP) // 256 bytes on stack
+#define AA0 Y0
+#define AA1 Y5
+#define AA2 Y6
+#define AA3 Y7
+#define BB0 Y14
+#define BB1 Y9
+#define BB2 Y10
+#define BB3 Y11
+#define CC0 Y12
+#define CC1 Y13
+#define CC2 Y8
+#define CC3 Y15
+#define DD0 Y4
+#define DD1 Y1
+#define DD2 Y2
+#define DD3 Y3
+#define TT0 DD3
+#define TT1 AA3
+#define TT2 BB3
+#define TT3 CC3
+// ChaCha20 constants
+DATA ·chacha20Constants<>+0x00(SB)/4, $0x61707865
+DATA ·chacha20Constants<>+0x04(SB)/4, $0x3320646e
+DATA ·chacha20Constants<>+0x08(SB)/4, $0x79622d32
+DATA ·chacha20Constants<>+0x0c(SB)/4, $0x6b206574
+DATA ·chacha20Constants<>+0x10(SB)/4, $0x61707865
+DATA ·chacha20Constants<>+0x14(SB)/4, $0x3320646e
+DATA ·chacha20Constants<>+0x18(SB)/4, $0x79622d32
+DATA ·chacha20Constants<>+0x1c(SB)/4, $0x6b206574
+// <<< 16 with PSHUFB
+DATA ·rol16<>+0x00(SB)/8, $0x0504070601000302
+DATA ·rol16<>+0x08(SB)/8, $0x0D0C0F0E09080B0A
+DATA ·rol16<>+0x10(SB)/8, $0x0504070601000302
+DATA ·rol16<>+0x18(SB)/8, $0x0D0C0F0E09080B0A
+// <<< 8 with PSHUFB
+DATA ·rol8<>+0x00(SB)/8, $0x0605040702010003
+DATA ·rol8<>+0x08(SB)/8, $0x0E0D0C0F0A09080B
+DATA ·rol8<>+0x10(SB)/8, $0x0605040702010003
+DATA ·rol8<>+0x18(SB)/8, $0x0E0D0C0F0A09080B
+
+DATA ·avx2InitMask<>+0x00(SB)/8, $0x0
+DATA ·avx2InitMask<>+0x08(SB)/8, $0x0
+DATA ·avx2InitMask<>+0x10(SB)/8, $0x1
+DATA ·avx2InitMask<>+0x18(SB)/8, $0x0
+
+DATA ·avx2IncMask<>+0x00(SB)/8, $0x2
+DATA ·avx2IncMask<>+0x08(SB)/8, $0x0
+DATA ·avx2IncMask<>+0x10(SB)/8, $0x2
+DATA ·avx2IncMask<>+0x18(SB)/8, $0x0
+// Poly1305 key clamp
+DATA ·polyClampMask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF
+DATA ·polyClampMask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
+DATA ·polyClampMask<>+0x10(SB)/8, $0xFFFFFFFFFFFFFFFF
+DATA ·polyClampMask<>+0x18(SB)/8, $0xFFFFFFFFFFFFFFFF
+
+DATA ·sseIncMask<>+0x00(SB)/8, $0x1
+DATA ·sseIncMask<>+0x08(SB)/8, $0x0
+// To load/store the last < 16 bytes in a buffer
+DATA ·andMask<>+0x00(SB)/8, $0x00000000000000ff
+DATA ·andMask<>+0x08(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x10(SB)/8, $0x000000000000ffff
+DATA ·andMask<>+0x18(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x20(SB)/8, $0x0000000000ffffff
+DATA ·andMask<>+0x28(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x30(SB)/8, $0x00000000ffffffff
+DATA ·andMask<>+0x38(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x40(SB)/8, $0x000000ffffffffff
+DATA ·andMask<>+0x48(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x50(SB)/8, $0x0000ffffffffffff
+DATA ·andMask<>+0x58(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x60(SB)/8, $0x00ffffffffffffff
+DATA ·andMask<>+0x68(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x70(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0x78(SB)/8, $0x0000000000000000
+DATA ·andMask<>+0x80(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0x88(SB)/8, $0x00000000000000ff
+DATA ·andMask<>+0x90(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0x98(SB)/8, $0x000000000000ffff
+DATA ·andMask<>+0xa0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xa8(SB)/8, $0x0000000000ffffff
+DATA ·andMask<>+0xb0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xb8(SB)/8, $0x00000000ffffffff
+DATA ·andMask<>+0xc0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xc8(SB)/8, $0x000000ffffffffff
+DATA ·andMask<>+0xd0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xd8(SB)/8, $0x0000ffffffffffff
+DATA ·andMask<>+0xe0(SB)/8, $0xffffffffffffffff
+DATA ·andMask<>+0xe8(SB)/8, $0x00ffffffffffffff
+
+GLOBL ·chacha20Constants<>(SB), (NOPTR+RODATA), $32
+GLOBL ·rol16<>(SB), (NOPTR+RODATA), $32
+GLOBL ·rol8<>(SB), (NOPTR+RODATA), $32
+GLOBL ·sseIncMask<>(SB), (NOPTR+RODATA), $16
+GLOBL ·avx2IncMask<>(SB), (NOPTR+RODATA), $32
+GLOBL ·avx2InitMask<>(SB), (NOPTR+RODATA), $32
+GLOBL ·polyClampMask<>(SB), (NOPTR+RODATA), $32
+GLOBL ·andMask<>(SB), (NOPTR+RODATA), $240
+// No PALIGNR in Go ASM yet (but VPALIGNR is present).
+#define shiftB0Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x04 // PALIGNR $4, X3, X3
+#define shiftB1Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xe4; BYTE $0x04 // PALIGNR $4, X4, X4
+#define shiftB2Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x04 // PALIGNR $4, X5, X5
+#define shiftB3Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x04 // PALIGNR $4, X13, X13
+#define shiftC0Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xf6; BYTE $0x08 // PALIGNR $8, X6, X6
+#define shiftC1Left BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x08 // PALIGNR $8, X7, X7
+#define shiftC2Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xc0; BYTE $0x08 // PALIGNR $8, X8, X8
+#define shiftC3Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xf6; BYTE $0x08 // PALIGNR $8, X14, X14
+#define shiftD0Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xc9; BYTE $0x0c // PALIGNR $12, X9, X9
+#define shiftD1Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xd2; BYTE $0x0c // PALIGNR $12, X10, X10
+#define shiftD2Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x0c // PALIGNR $12, X11, X11
+#define shiftD3Left BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x0c // PALIGNR $12, X15, X15
+#define shiftB0Right BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x0c // PALIGNR $12, X3, X3
+#define shiftB1Right BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xe4; BYTE $0x0c // PALIGNR $12, X4, X4
+#define shiftB2Right BYTE $0x66; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x0c // PALIGNR $12, X5, X5
+#define shiftB3Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xed; BYTE $0x0c // PALIGNR $12, X13, X13
+#define shiftC0Right shiftC0Left
+#define shiftC1Right shiftC1Left
+#define shiftC2Right shiftC2Left
+#define shiftC3Right shiftC3Left
+#define shiftD0Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xc9; BYTE $0x04 // PALIGNR $4, X9, X9
+#define shiftD1Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xd2; BYTE $0x04 // PALIGNR $4, X10, X10
+#define shiftD2Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x04 // PALIGNR $4, X11, X11
+#define shiftD3Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x04 // PALIGNR $4, X15, X15
+// Some macros
+#define chachaQR(A, B, C, D, T) \
+	PADDD B, A; PXOR A, D; PSHUFB ·rol16<>(SB), D                            \
+	PADDD D, C; PXOR C, B; MOVO B, T; PSLLL $12, T; PSRLL $20, B; PXOR T, B \
+	PADDD B, A; PXOR A, D; PSHUFB ·rol8<>(SB), D                             \
+	PADDD D, C; PXOR C, B; MOVO B, T; PSLLL $7, T; PSRLL $25, B; PXOR T, B
+
+#define chachaQR_AVX2(A, B, C, D, T) \
+	VPADDD B, A, A; VPXOR A, D, D; VPSHUFB ·rol16<>(SB), D, D                         \
+	VPADDD D, C, C; VPXOR C, B, B; VPSLLD $12, B, T; VPSRLD $20, B, B; VPXOR T, B, B \
+	VPADDD B, A, A; VPXOR A, D, D; VPSHUFB ·rol8<>(SB), D, D                          \
+	VPADDD D, C, C; VPXOR C, B, B; VPSLLD $7, B, T; VPSRLD $25, B, B; VPXOR T, B, B
+
+#define polyAdd(S) ADDQ S, acc0; ADCQ 8+S, acc1; ADCQ $1, acc2
+#define polyMulStage1 MOVQ (0*8)(BP), AX; MOVQ AX, t2; MULQ acc0; MOVQ AX, t0; MOVQ DX, t1; MOVQ (0*8)(BP), AX; MULQ acc1; IMULQ acc2, t2; ADDQ AX, t1; ADCQ DX, t2
+#define polyMulStage2 MOVQ (1*8)(BP), AX; MOVQ AX, t3; MULQ acc0; ADDQ AX, t1; ADCQ $0, DX; MOVQ DX, acc0; MOVQ (1*8)(BP), AX; MULQ acc1; ADDQ AX, t2; ADCQ $0, DX
+#define polyMulStage3 IMULQ acc2, t3; ADDQ acc0, t2; ADCQ DX, t3
+#define polyMulReduceStage MOVQ t0, acc0; MOVQ t1, acc1; MOVQ t2, acc2; ANDQ $3, acc2; MOVQ t2, t0; ANDQ $-4, t0; MOVQ t3, t1; SHRQ $2, t3, t2; SHRQ $2, t3; ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $0, acc2; ADDQ t2, acc0; ADCQ t3, acc1; ADCQ $0, acc2
+
+#define polyMulStage1_AVX2 MOVQ (0*8)(BP), DX; MOVQ DX, t2; MULXQ acc0, t0, t1; IMULQ acc2, t2; MULXQ acc1, AX, DX; ADDQ AX, t1; ADCQ DX, t2
+#define polyMulStage2_AVX2 MOVQ (1*8)(BP), DX; MULXQ acc0, acc0, AX; ADDQ acc0, t1; MULXQ acc1, acc1, t3; ADCQ acc1, t2; ADCQ $0, t3
+#define polyMulStage3_AVX2 IMULQ acc2, DX; ADDQ AX, t2; ADCQ DX, t3
+
+#define polyMul polyMulStage1; polyMulStage2; polyMulStage3; polyMulReduceStage
+#define polyMulAVX2 polyMulStage1_AVX2; polyMulStage2_AVX2; polyMulStage3_AVX2; polyMulReduceStage
+// ----------------------------------------------------------------------------
+TEXT polyHashADInternal<>(SB), NOSPLIT, $0
+	// adp points to beginning of additional data
+	// itr2 holds ad length
+	XORQ acc0, acc0
+	XORQ acc1, acc1
+	XORQ acc2, acc2
+	CMPQ itr2, $13
+	JNE  hashADLoop
+
+openFastTLSAD:
+	// Special treatment for the TLS case of 13 bytes
+	MOVQ (adp), acc0
+	MOVQ 5(adp), acc1
+	SHRQ $24, acc1
+	MOVQ $1, acc2
+	polyMul
+	RET
+
+hashADLoop:
+	// Hash in 16 byte chunks
+	CMPQ itr2, $16
+	JB   hashADTail
+	polyAdd(0(adp))
+	LEAQ (1*16)(adp), adp
+	SUBQ $16, itr2
+	polyMul
+	JMP  hashADLoop
+
+hashADTail:
+	CMPQ itr2, $0
+	JE   hashADDone
+
+	// Hash last < 16 byte tail
+	XORQ t0, t0
+	XORQ t1, t1
+	XORQ t2, t2
+	ADDQ itr2, adp
+
+hashADTailLoop:
+	SHLQ $8, t0, t1
+	SHLQ $8, t0
+	MOVB -1(adp), t2
+	XORQ t2, t0
+	DECQ adp
+	DECQ itr2
+	JNE  hashADTailLoop
+
+hashADTailFinish:
+	ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
+	polyMul
+
+	// Finished AD
+hashADDone:
+	RET
+
+// ----------------------------------------------------------------------------
+// func chacha20Poly1305Open(dst, key, src, ad []byte) bool
+TEXT ·chacha20Poly1305Open(SB), 0, $288-97
+	// For aligned stack access
+	MOVQ SP, BP
+	ADDQ $32, BP
+	ANDQ $-32, BP
+	MOVQ dst+0(FP), oup
+	MOVQ key+24(FP), keyp
+	MOVQ src+48(FP), inp
+	MOVQ src_len+56(FP), inl
+	MOVQ ad+72(FP), adp
+
+	// Check for AVX2 support
+	CMPB ·useAVX2(SB), $1
+	JE   chacha20Poly1305Open_AVX2
+
+	// Special optimization, for very short buffers
+	CMPQ inl, $128
+	JBE  openSSE128 // About 16% faster
+
+	// For long buffers, prepare the poly key first
+	MOVOU ·chacha20Constants<>(SB), A0
+	MOVOU (1*16)(keyp), B0
+	MOVOU (2*16)(keyp), C0
+	MOVOU (3*16)(keyp), D0
+	MOVO  D0, T1
+
+	// Store state on stack for future use
+	MOVO B0, state1Store
+	MOVO C0, state2Store
+	MOVO D0, ctr3Store
+	MOVQ $10, itr2
+
+openSSEPreparePolyKey:
+	chachaQR(A0, B0, C0, D0, T0)
+	shiftB0Left;  shiftC0Left; shiftD0Left
+	chachaQR(A0, B0, C0, D0, T0)
+	shiftB0Right; shiftC0Right; shiftD0Right
+	DECQ          itr2
+	JNE           openSSEPreparePolyKey
+
+	// A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded
+	PADDL ·chacha20Constants<>(SB), A0; PADDL state1Store, B0
+
+	// Clamp and store the key
+	PAND ·polyClampMask<>(SB), A0
+	MOVO A0, rStore; MOVO B0, sStore
+
+	// Hash AAD
+	MOVQ ad_len+80(FP), itr2
+	CALL polyHashADInternal<>(SB)
+
+openSSEMainLoop:
+	CMPQ inl, $256
+	JB   openSSEMainLoopDone
+
+	// Load state, increment counter blocks
+	MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0
+	MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+	MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+	MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
+
+	// Store counters
+	MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
+
+	// There are 10 ChaCha20 iterations of 2QR each, so for 6 iterations we hash 2 blocks, and for the remaining 4 only 1 block - for a total of 16
+	MOVQ $4, itr1
+	MOVQ inp, itr2
+
+openSSEInternalLoop:
+	MOVO          C3, tmpStore
+	chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+	MOVO          tmpStore, C3
+	MOVO          C1, tmpStore
+	chachaQR(A3, B3, C3, D3, C1)
+	MOVO          tmpStore, C1
+	polyAdd(0(itr2))
+	shiftB0Left;  shiftB1Left; shiftB2Left; shiftB3Left
+	shiftC0Left;  shiftC1Left; shiftC2Left; shiftC3Left
+	shiftD0Left;  shiftD1Left; shiftD2Left; shiftD3Left
+	polyMulStage1
+	polyMulStage2
+	LEAQ          (2*8)(itr2), itr2
+	MOVO          C3, tmpStore
+	chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+	MOVO          tmpStore, C3
+	MOVO          C1, tmpStore
+	polyMulStage3
+	chachaQR(A3, B3, C3, D3, C1)
+	MOVO          tmpStore, C1
+	polyMulReduceStage
+	shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
+	shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
+	shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
+	DECQ          itr1
+	JGE           openSSEInternalLoop
+
+	polyAdd(0(itr2))
+	polyMul
+	LEAQ (2*8)(itr2), itr2
+
+	CMPQ itr1, $-6
+	JG   openSSEInternalLoop
+
+	// Add in the state
+	PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
+	PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
+	PADDD state2Store, C0; PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
+	PADDD ctr0Store, D0; PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
+
+	// Load - xor - store
+	MOVO  D3, tmpStore
+	MOVOU (0*16)(inp), D3; PXOR D3, A0; MOVOU A0, (0*16)(oup)
+	MOVOU (1*16)(inp), D3; PXOR D3, B0; MOVOU B0, (1*16)(oup)
+	MOVOU (2*16)(inp), D3; PXOR D3, C0; MOVOU C0, (2*16)(oup)
+	MOVOU (3*16)(inp), D3; PXOR D3, D0; MOVOU D0, (3*16)(oup)
+	MOVOU (4*16)(inp), D0; PXOR D0, A1; MOVOU A1, (4*16)(oup)
+	MOVOU (5*16)(inp), D0; PXOR D0, B1; MOVOU B1, (5*16)(oup)
+	MOVOU (6*16)(inp), D0; PXOR D0, C1; MOVOU C1, (6*16)(oup)
+	MOVOU (7*16)(inp), D0; PXOR D0, D1; MOVOU D1, (7*16)(oup)
+	MOVOU (8*16)(inp), D0; PXOR D0, A2; MOVOU A2, (8*16)(oup)
+	MOVOU (9*16)(inp), D0; PXOR D0, B2; MOVOU B2, (9*16)(oup)
+	MOVOU (10*16)(inp), D0; PXOR D0, C2; MOVOU C2, (10*16)(oup)
+	MOVOU (11*16)(inp), D0; PXOR D0, D2; MOVOU D2, (11*16)(oup)
+	MOVOU (12*16)(inp), D0; PXOR D0, A3; MOVOU A3, (12*16)(oup)
+	MOVOU (13*16)(inp), D0; PXOR D0, B3; MOVOU B3, (13*16)(oup)
+	MOVOU (14*16)(inp), D0; PXOR D0, C3; MOVOU C3, (14*16)(oup)
+	MOVOU (15*16)(inp), D0; PXOR tmpStore, D0; MOVOU D0, (15*16)(oup)
+	LEAQ  256(inp), inp
+	LEAQ  256(oup), oup
+	SUBQ  $256, inl
+	JMP   openSSEMainLoop
+
+openSSEMainLoopDone:
+	// Handle the various tail sizes efficiently
+	TESTQ inl, inl
+	JE    openSSEFinalize
+	CMPQ  inl, $64
+	JBE   openSSETail64
+	CMPQ  inl, $128
+	JBE   openSSETail128
+	CMPQ  inl, $192
+	JBE   openSSETail192
+	JMP   openSSETail256
+
+openSSEFinalize:
+	// Hash in the PT, AAD lengths
+	ADDQ ad_len+80(FP), acc0; ADCQ src_len+56(FP), acc1; ADCQ $1, acc2
+	polyMul
+
+	// Final reduce
+	MOVQ    acc0, t0
+	MOVQ    acc1, t1
+	MOVQ    acc2, t2
+	SUBQ    $-5, acc0
+	SBBQ    $-1, acc1
+	SBBQ    $3, acc2
+	CMOVQCS t0, acc0
+	CMOVQCS t1, acc1
+	CMOVQCS t2, acc2
+
+	// Add in the "s" part of the key
+	ADDQ 0+sStore, acc0
+	ADCQ 8+sStore, acc1
+
+	// Finally, constant time compare to the tag at the end of the message
+	XORQ    AX, AX
+	MOVQ    $1, DX
+	XORQ    (0*8)(inp), acc0
+	XORQ    (1*8)(inp), acc1
+	ORQ     acc1, acc0
+	CMOVQEQ DX, AX
+
+	// Return true iff tags are equal
+	MOVB AX, ret+96(FP)
+	RET
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 129 bytes
+openSSE128:
+	// For up to 128 bytes of ciphertext and 64 bytes for the poly key, we require to process three blocks
+	MOVOU ·chacha20Constants<>(SB), A0; MOVOU (1*16)(keyp), B0; MOVOU (2*16)(keyp), C0; MOVOU (3*16)(keyp), D0
+	MOVO  A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+	MOVO  A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+	MOVO  B0, T1; MOVO C0, T2; MOVO D1, T3
+	MOVQ  $10, itr2
+
+openSSE128InnerCipherLoop:
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+	shiftB0Left;  shiftB1Left; shiftB2Left
+	shiftC0Left;  shiftC1Left; shiftC2Left
+	shiftD0Left;  shiftD1Left; shiftD2Left
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+	shiftB0Right; shiftB1Right; shiftB2Right
+	shiftC0Right; shiftC1Right; shiftC2Right
+	shiftD0Right; shiftD1Right; shiftD2Right
+	DECQ          itr2
+	JNE           openSSE128InnerCipherLoop
+
+	// A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded
+	PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
+	PADDL T1, B0; PADDL T1, B1; PADDL T1, B2
+	PADDL T2, C1; PADDL T2, C2
+	PADDL T3, D1; PADDL ·sseIncMask<>(SB), T3; PADDL T3, D2
+
+	// Clamp and store the key
+	PAND  ·polyClampMask<>(SB), A0
+	MOVOU A0, rStore; MOVOU B0, sStore
+
+	// Hash
+	MOVQ ad_len+80(FP), itr2
+	CALL polyHashADInternal<>(SB)
+
+openSSE128Open:
+	CMPQ inl, $16
+	JB   openSSETail16
+	SUBQ $16, inl
+
+	// Load for hashing
+	polyAdd(0(inp))
+
+	// Load for decryption
+	MOVOU (inp), T0; PXOR T0, A1; MOVOU A1, (oup)
+	LEAQ  (1*16)(inp), inp
+	LEAQ  (1*16)(oup), oup
+	polyMul
+
+	// Shift the stream "left"
+	MOVO B1, A1
+	MOVO C1, B1
+	MOVO D1, C1
+	MOVO A2, D1
+	MOVO B2, A2
+	MOVO C2, B2
+	MOVO D2, C2
+	JMP  openSSE128Open
+
+openSSETail16:
+	TESTQ inl, inl
+	JE    openSSEFinalize
+
+	// We can safely load the CT from the end, because it is padded with the MAC
+	MOVQ   inl, itr2
+	SHLQ   $4, itr2
+	LEAQ   ·andMask<>(SB), t0
+	MOVOU  (inp), T0
+	ADDQ   inl, inp
+	PAND   -16(t0)(itr2*1), T0
+	MOVO   T0, 0+tmpStore
+	MOVQ   T0, t0
+	MOVQ   8+tmpStore, t1
+	PXOR   A1, T0
+
+	// We can only store one byte at a time, since plaintext can be shorter than 16 bytes
+openSSETail16Store:
+	MOVQ T0, t3
+	MOVB t3, (oup)
+	PSRLDQ $1, T0
+	INCQ   oup
+	DECQ   inl
+	JNE    openSSETail16Store
+	ADDQ   t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
+	polyMul
+	JMP    openSSEFinalize
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 64 bytes of ciphertext
+openSSETail64:
+	// Need to decrypt up to 64 bytes - prepare single block
+	MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr0Store
+	XORQ itr2, itr2
+	MOVQ inl, itr1
+	CMPQ itr1, $16
+	JB   openSSETail64LoopB
+
+openSSETail64LoopA:
+	// Perform ChaCha rounds, while hashing the remaining input
+	polyAdd(0(inp)(itr2*1))
+	polyMul
+	SUBQ $16, itr1
+
+openSSETail64LoopB:
+	ADDQ          $16, itr2
+	chachaQR(A0, B0, C0, D0, T0)
+	shiftB0Left;  shiftC0Left; shiftD0Left
+	chachaQR(A0, B0, C0, D0, T0)
+	shiftB0Right; shiftC0Right; shiftD0Right
+
+	CMPQ itr1, $16
+	JAE  openSSETail64LoopA
+
+	CMPQ itr2, $160
+	JNE  openSSETail64LoopB
+
+	PADDL ·chacha20Constants<>(SB), A0; PADDL state1Store, B0; PADDL state2Store, C0; PADDL ctr0Store, D0
+
+openSSETail64DecLoop:
+	CMPQ  inl, $16
+	JB    openSSETail64DecLoopDone
+	SUBQ  $16, inl
+	MOVOU (inp), T0
+	PXOR  T0, A0
+	MOVOU A0, (oup)
+	LEAQ  16(inp), inp
+	LEAQ  16(oup), oup
+	MOVO  B0, A0
+	MOVO  C0, B0
+	MOVO  D0, C0
+	JMP   openSSETail64DecLoop
+
+openSSETail64DecLoopDone:
+	MOVO A0, A1
+	JMP  openSSETail16
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 128 bytes of ciphertext
+openSSETail128:
+	// Need to decrypt up to 128 bytes - prepare two blocks
+	MOVO ·chacha20Constants<>(SB), A1; MOVO state1Store, B1; MOVO state2Store, C1; MOVO ctr3Store, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr0Store
+	MOVO A1, A0; MOVO B1, B0; MOVO C1, C0; MOVO D1, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr1Store
+	XORQ itr2, itr2
+	MOVQ inl, itr1
+	ANDQ $-16, itr1
+
+openSSETail128LoopA:
+	// Perform ChaCha rounds, while hashing the remaining input
+	polyAdd(0(inp)(itr2*1))
+	polyMul
+
+openSSETail128LoopB:
+	ADDQ          $16, itr2
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
+	shiftB0Left;  shiftC0Left; shiftD0Left
+	shiftB1Left;  shiftC1Left; shiftD1Left
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
+	shiftB0Right; shiftC0Right; shiftD0Right
+	shiftB1Right; shiftC1Right; shiftD1Right
+
+	CMPQ itr2, itr1
+	JB   openSSETail128LoopA
+
+	CMPQ itr2, $160
+	JNE  openSSETail128LoopB
+
+	PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1
+	PADDL state1Store, B0; PADDL state1Store, B1
+	PADDL state2Store, C0; PADDL state2Store, C1
+	PADDL ctr1Store, D0; PADDL ctr0Store, D1
+
+	MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
+	PXOR  T0, A1; PXOR T1, B1; PXOR T2, C1; PXOR T3, D1
+	MOVOU A1, (0*16)(oup); MOVOU B1, (1*16)(oup); MOVOU C1, (2*16)(oup); MOVOU D1, (3*16)(oup)
+
+	SUBQ $64, inl
+	LEAQ 64(inp), inp
+	LEAQ 64(oup), oup
+	JMP  openSSETail64DecLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 192 bytes of ciphertext
+openSSETail192:
+	// Need to decrypt up to 192 bytes - prepare three blocks
+	MOVO ·chacha20Constants<>(SB), A2; MOVO state1Store, B2; MOVO state2Store, C2; MOVO ctr3Store, D2; PADDL ·sseIncMask<>(SB), D2; MOVO D2, ctr0Store
+	MOVO A2, A1; MOVO B2, B1; MOVO C2, C1; MOVO D2, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr1Store
+	MOVO A1, A0; MOVO B1, B0; MOVO C1, C0; MOVO D1, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr2Store
+
+	MOVQ    inl, itr1
+	MOVQ    $160, itr2
+	CMPQ    itr1, $160
+	CMOVQGT itr2, itr1
+	ANDQ    $-16, itr1
+	XORQ    itr2, itr2
+
+openSSLTail192LoopA:
+	// Perform ChaCha rounds, while hashing the remaining input
+	polyAdd(0(inp)(itr2*1))
+	polyMul
+
+openSSLTail192LoopB:
+	ADDQ         $16, itr2
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+	shiftB0Left; shiftC0Left; shiftD0Left
+	shiftB1Left; shiftC1Left; shiftD1Left
+	shiftB2Left; shiftC2Left; shiftD2Left
+
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+	shiftB0Right; shiftC0Right; shiftD0Right
+	shiftB1Right; shiftC1Right; shiftD1Right
+	shiftB2Right; shiftC2Right; shiftD2Right
+
+	CMPQ itr2, itr1
+	JB   openSSLTail192LoopA
+
+	CMPQ itr2, $160
+	JNE  openSSLTail192LoopB
+
+	CMPQ inl, $176
+	JB   openSSLTail192Store
+
+	polyAdd(160(inp))
+	polyMul
+
+	CMPQ inl, $192
+	JB   openSSLTail192Store
+
+	polyAdd(176(inp))
+	polyMul
+
+openSSLTail192Store:
+	PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
+	PADDL state1Store, B0; PADDL state1Store, B1; PADDL state1Store, B2
+	PADDL state2Store, C0; PADDL state2Store, C1; PADDL state2Store, C2
+	PADDL ctr2Store, D0; PADDL ctr1Store, D1; PADDL ctr0Store, D2
+
+	MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
+	PXOR  T0, A2; PXOR T1, B2; PXOR T2, C2; PXOR T3, D2
+	MOVOU A2, (0*16)(oup); MOVOU B2, (1*16)(oup); MOVOU C2, (2*16)(oup); MOVOU D2, (3*16)(oup)
+
+	MOVOU (4*16)(inp), T0; MOVOU (5*16)(inp), T1; MOVOU (6*16)(inp), T2; MOVOU (7*16)(inp), T3
+	PXOR  T0, A1; PXOR T1, B1; PXOR T2, C1; PXOR T3, D1
+	MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
+
+	SUBQ $128, inl
+	LEAQ 128(inp), inp
+	LEAQ 128(oup), oup
+	JMP  openSSETail64DecLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 256 bytes of ciphertext
+openSSETail256:
+	// Need to decrypt up to 256 bytes - prepare four blocks
+	MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0
+	MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+	MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+	MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
+
+	// Store counters
+	MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
+	XORQ itr2, itr2
+
+openSSETail256Loop:
+	// This loop inteleaves 8 ChaCha quarter rounds with 1 poly multiplication
+	polyAdd(0(inp)(itr2*1))
+	MOVO          C3, tmpStore
+	chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+	MOVO          tmpStore, C3
+	MOVO          C1, tmpStore
+	chachaQR(A3, B3, C3, D3, C1)
+	MOVO          tmpStore, C1
+	shiftB0Left;  shiftB1Left; shiftB2Left; shiftB3Left
+	shiftC0Left;  shiftC1Left; shiftC2Left; shiftC3Left
+	shiftD0Left;  shiftD1Left; shiftD2Left; shiftD3Left
+	polyMulStage1
+	polyMulStage2
+	MOVO          C3, tmpStore
+	chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+	MOVO          tmpStore, C3
+	MOVO          C1, tmpStore
+	chachaQR(A3, B3, C3, D3, C1)
+	MOVO          tmpStore, C1
+	polyMulStage3
+	polyMulReduceStage
+	shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
+	shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
+	shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
+	ADDQ          $2*8, itr2
+	CMPQ          itr2, $160
+	JB            openSSETail256Loop
+	MOVQ          inl, itr1
+	ANDQ          $-16, itr1
+
+openSSETail256HashLoop:
+	polyAdd(0(inp)(itr2*1))
+	polyMul
+	ADDQ $2*8, itr2
+	CMPQ itr2, itr1
+	JB   openSSETail256HashLoop
+
+	// Add in the state
+	PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
+	PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
+	PADDD state2Store, C0; PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
+	PADDD ctr0Store, D0; PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
+	MOVO  D3, tmpStore
+
+	// Load - xor - store
+	MOVOU (0*16)(inp), D3; PXOR D3, A0
+	MOVOU (1*16)(inp), D3; PXOR D3, B0
+	MOVOU (2*16)(inp), D3; PXOR D3, C0
+	MOVOU (3*16)(inp), D3; PXOR D3, D0
+	MOVOU A0, (0*16)(oup)
+	MOVOU B0, (1*16)(oup)
+	MOVOU C0, (2*16)(oup)
+	MOVOU D0, (3*16)(oup)
+	MOVOU (4*16)(inp), A0; MOVOU (5*16)(inp), B0; MOVOU (6*16)(inp), C0; MOVOU (7*16)(inp), D0
+	PXOR  A0, A1; PXOR B0, B1; PXOR C0, C1; PXOR D0, D1
+	MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
+	MOVOU (8*16)(inp), A0; MOVOU (9*16)(inp), B0; MOVOU (10*16)(inp), C0; MOVOU (11*16)(inp), D0
+	PXOR  A0, A2; PXOR B0, B2; PXOR C0, C2; PXOR D0, D2
+	MOVOU A2, (8*16)(oup); MOVOU B2, (9*16)(oup); MOVOU C2, (10*16)(oup); MOVOU D2, (11*16)(oup)
+	LEAQ  192(inp), inp
+	LEAQ  192(oup), oup
+	SUBQ  $192, inl
+	MOVO  A3, A0
+	MOVO  B3, B0
+	MOVO  C3, C0
+	MOVO  tmpStore, D0
+
+	JMP openSSETail64DecLoop
+
+// ----------------------------------------------------------------------------
+// ------------------------- AVX2 Code ----------------------------------------
+chacha20Poly1305Open_AVX2:
+	VZEROUPPER
+	VMOVDQU ·chacha20Constants<>(SB), AA0
+	BYTE    $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x70; BYTE $0x10 // broadcasti128 16(r8), ymm14
+	BYTE    $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x20 // broadcasti128 32(r8), ymm12
+	BYTE    $0xc4; BYTE $0xc2; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x30 // broadcasti128 48(r8), ymm4
+	VPADDD  ·avx2InitMask<>(SB), DD0, DD0
+
+	// Special optimization, for very short buffers
+	CMPQ inl, $192
+	JBE  openAVX2192
+	CMPQ inl, $320
+	JBE  openAVX2320
+
+	// For the general key prepare the key first - as a byproduct we have 64 bytes of cipher stream
+	VMOVDQA BB0, state1StoreAVX2
+	VMOVDQA CC0, state2StoreAVX2
+	VMOVDQA DD0, ctr3StoreAVX2
+	MOVQ    $10, itr2
+
+openAVX2PreparePolyKey:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $12, DD0, DD0, DD0
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $4, DD0, DD0, DD0
+	DECQ     itr2
+	JNE      openAVX2PreparePolyKey
+
+	VPADDD ·chacha20Constants<>(SB), AA0, AA0
+	VPADDD state1StoreAVX2, BB0, BB0
+	VPADDD state2StoreAVX2, CC0, CC0
+	VPADDD ctr3StoreAVX2, DD0, DD0
+
+	VPERM2I128 $0x02, AA0, BB0, TT0
+
+	// Clamp and store poly key
+	VPAND   ·polyClampMask<>(SB), TT0, TT0
+	VMOVDQA TT0, rsStoreAVX2
+
+	// Stream for the first 64 bytes
+	VPERM2I128 $0x13, AA0, BB0, AA0
+	VPERM2I128 $0x13, CC0, DD0, BB0
+
+	// Hash AD + first 64 bytes
+	MOVQ ad_len+80(FP), itr2
+	CALL polyHashADInternal<>(SB)
+	XORQ itr1, itr1
+
+openAVX2InitialHash64:
+	polyAdd(0(inp)(itr1*1))
+	polyMulAVX2
+	ADDQ $16, itr1
+	CMPQ itr1, $64
+	JNE  openAVX2InitialHash64
+
+	// Decrypt the first 64 bytes
+	VPXOR   (0*32)(inp), AA0, AA0
+	VPXOR   (1*32)(inp), BB0, BB0
+	VMOVDQU AA0, (0*32)(oup)
+	VMOVDQU BB0, (1*32)(oup)
+	LEAQ    (2*32)(inp), inp
+	LEAQ    (2*32)(oup), oup
+	SUBQ    $64, inl
+
+openAVX2MainLoop:
+	CMPQ inl, $512
+	JB   openAVX2MainLoopDone
+
+	// Load state, increment counter blocks, store the incremented counters
+	VMOVDQU ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+	VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+	VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+	VMOVDQA ctr3StoreAVX2, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+	VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+	XORQ    itr1, itr1
+
+openAVX2InternalLoop:
+	// Lets just say this spaghetti loop interleaves 2 quarter rounds with 3 poly multiplications
+	// Effectively per 512 bytes of stream we hash 480 bytes of ciphertext
+	polyAdd(0*8(inp)(itr1*1))
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	polyMulStage1_AVX2
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+	polyMulStage2_AVX2
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	polyMulStage3_AVX2
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	polyMulReduceStage
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+	polyAdd(2*8(inp)(itr1*1))
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	polyMulStage1_AVX2
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	polyMulStage2_AVX2
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	polyMulStage3_AVX2
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+	polyMulReduceStage
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	polyAdd(4*8(inp)(itr1*1))
+	LEAQ     (6*8)(itr1), itr1
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	polyMulStage1_AVX2
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	polyMulStage2_AVX2
+	VPSHUFB  ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	polyMulStage3_AVX2
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	polyMulReduceStage
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
+	CMPQ     itr1, $480
+	JNE      openAVX2InternalLoop
+
+	VPADDD  ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+	VPADDD  state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+	VPADDD  state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+	VPADDD  ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+	VMOVDQA CC3, tmpStoreAVX2
+
+	// We only hashed 480 of the 512 bytes available - hash the remaining 32 here
+	polyAdd(480(inp))
+	polyMulAVX2
+	VPERM2I128 $0x02, AA0, BB0, CC3; VPERM2I128 $0x13, AA0, BB0, BB0; VPERM2I128 $0x02, CC0, DD0, AA0; VPERM2I128 $0x13, CC0, DD0, CC0
+	VPXOR      (0*32)(inp), CC3, CC3; VPXOR (1*32)(inp), AA0, AA0; VPXOR (2*32)(inp), BB0, BB0; VPXOR (3*32)(inp), CC0, CC0
+	VMOVDQU    CC3, (0*32)(oup); VMOVDQU AA0, (1*32)(oup); VMOVDQU BB0, (2*32)(oup); VMOVDQU CC0, (3*32)(oup)
+	VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+	VPXOR      (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
+
+	// and here
+	polyAdd(496(inp))
+	polyMulAVX2
+	VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+	VPXOR      (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
+	VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
+	VPXOR      (12*32)(inp), AA0, AA0; VPXOR (13*32)(inp), BB0, BB0; VPXOR (14*32)(inp), CC0, CC0; VPXOR (15*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (12*32)(oup); VMOVDQU BB0, (13*32)(oup); VMOVDQU CC0, (14*32)(oup); VMOVDQU DD0, (15*32)(oup)
+	LEAQ       (32*16)(inp), inp
+	LEAQ       (32*16)(oup), oup
+	SUBQ       $(32*16), inl
+	JMP        openAVX2MainLoop
+
+openAVX2MainLoopDone:
+	// Handle the various tail sizes efficiently
+	TESTQ inl, inl
+	JE    openSSEFinalize
+	CMPQ  inl, $128
+	JBE   openAVX2Tail128
+	CMPQ  inl, $256
+	JBE   openAVX2Tail256
+	CMPQ  inl, $384
+	JBE   openAVX2Tail384
+	JMP   openAVX2Tail512
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 193 bytes
+openAVX2192:
+	// For up to 192 bytes of ciphertext and 64 bytes for the poly key, we process four blocks
+	VMOVDQA AA0, AA1
+	VMOVDQA BB0, BB1
+	VMOVDQA CC0, CC1
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD1
+	VMOVDQA AA0, AA2
+	VMOVDQA BB0, BB2
+	VMOVDQA CC0, CC2
+	VMOVDQA DD0, DD2
+	VMOVDQA DD1, TT3
+	MOVQ    $10, itr2
+
+openAVX2192InnerCipherLoop:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	VPALIGNR   $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
+	VPALIGNR   $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR   $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	VPALIGNR   $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
+	VPALIGNR   $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR   $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
+	DECQ       itr2
+	JNE        openAVX2192InnerCipherLoop
+	VPADDD     AA2, AA0, AA0; VPADDD AA2, AA1, AA1
+	VPADDD     BB2, BB0, BB0; VPADDD BB2, BB1, BB1
+	VPADDD     CC2, CC0, CC0; VPADDD CC2, CC1, CC1
+	VPADDD     DD2, DD0, DD0; VPADDD TT3, DD1, DD1
+	VPERM2I128 $0x02, AA0, BB0, TT0
+
+	// Clamp and store poly key
+	VPAND   ·polyClampMask<>(SB), TT0, TT0
+	VMOVDQA TT0, rsStoreAVX2
+
+	// Stream for up to 192 bytes
+	VPERM2I128 $0x13, AA0, BB0, AA0
+	VPERM2I128 $0x13, CC0, DD0, BB0
+	VPERM2I128 $0x02, AA1, BB1, CC0
+	VPERM2I128 $0x02, CC1, DD1, DD0
+	VPERM2I128 $0x13, AA1, BB1, AA1
+	VPERM2I128 $0x13, CC1, DD1, BB1
+
+openAVX2ShortOpen:
+	// Hash
+	MOVQ ad_len+80(FP), itr2
+	CALL polyHashADInternal<>(SB)
+
+openAVX2ShortOpenLoop:
+	CMPQ inl, $32
+	JB   openAVX2ShortTail32
+	SUBQ $32, inl
+
+	// Load for hashing
+	polyAdd(0*8(inp))
+	polyMulAVX2
+	polyAdd(2*8(inp))
+	polyMulAVX2
+
+	// Load for decryption
+	VPXOR   (inp), AA0, AA0
+	VMOVDQU AA0, (oup)
+	LEAQ    (1*32)(inp), inp
+	LEAQ    (1*32)(oup), oup
+
+	// Shift stream left
+	VMOVDQA BB0, AA0
+	VMOVDQA CC0, BB0
+	VMOVDQA DD0, CC0
+	VMOVDQA AA1, DD0
+	VMOVDQA BB1, AA1
+	VMOVDQA CC1, BB1
+	VMOVDQA DD1, CC1
+	VMOVDQA AA2, DD1
+	VMOVDQA BB2, AA2
+	JMP     openAVX2ShortOpenLoop
+
+openAVX2ShortTail32:
+	CMPQ    inl, $16
+	VMOVDQA A0, A1
+	JB      openAVX2ShortDone
+
+	SUBQ $16, inl
+
+	// Load for hashing
+	polyAdd(0*8(inp))
+	polyMulAVX2
+
+	// Load for decryption
+	VPXOR      (inp), A0, T0
+	VMOVDQU    T0, (oup)
+	LEAQ       (1*16)(inp), inp
+	LEAQ       (1*16)(oup), oup
+	VPERM2I128 $0x11, AA0, AA0, AA0
+	VMOVDQA    A0, A1
+
+openAVX2ShortDone:
+	VZEROUPPER
+	JMP openSSETail16
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 321 bytes
+openAVX2320:
+	// For up to 320 bytes of ciphertext and 64 bytes for the poly key, we process six blocks
+	VMOVDQA AA0, AA1; VMOVDQA BB0, BB1; VMOVDQA CC0, CC1; VPADDD ·avx2IncMask<>(SB), DD0, DD1
+	VMOVDQA AA0, AA2; VMOVDQA BB0, BB2; VMOVDQA CC0, CC2; VPADDD ·avx2IncMask<>(SB), DD1, DD2
+	VMOVDQA BB0, TT1; VMOVDQA CC0, TT2; VMOVDQA DD0, TT3
+	MOVQ    $10, itr2
+
+openAVX2320InnerCipherLoop:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
+	DECQ     itr2
+	JNE      openAVX2320InnerCipherLoop
+
+	VMOVDQA ·chacha20Constants<>(SB), TT0
+	VPADDD  TT0, AA0, AA0; VPADDD TT0, AA1, AA1; VPADDD TT0, AA2, AA2
+	VPADDD  TT1, BB0, BB0; VPADDD TT1, BB1, BB1; VPADDD TT1, BB2, BB2
+	VPADDD  TT2, CC0, CC0; VPADDD TT2, CC1, CC1; VPADDD TT2, CC2, CC2
+	VMOVDQA ·avx2IncMask<>(SB), TT0
+	VPADDD  TT3, DD0, DD0; VPADDD TT0, TT3, TT3
+	VPADDD  TT3, DD1, DD1; VPADDD TT0, TT3, TT3
+	VPADDD  TT3, DD2, DD2
+
+	// Clamp and store poly key
+	VPERM2I128 $0x02, AA0, BB0, TT0
+	VPAND      ·polyClampMask<>(SB), TT0, TT0
+	VMOVDQA    TT0, rsStoreAVX2
+
+	// Stream for up to 320 bytes
+	VPERM2I128 $0x13, AA0, BB0, AA0
+	VPERM2I128 $0x13, CC0, DD0, BB0
+	VPERM2I128 $0x02, AA1, BB1, CC0
+	VPERM2I128 $0x02, CC1, DD1, DD0
+	VPERM2I128 $0x13, AA1, BB1, AA1
+	VPERM2I128 $0x13, CC1, DD1, BB1
+	VPERM2I128 $0x02, AA2, BB2, CC1
+	VPERM2I128 $0x02, CC2, DD2, DD1
+	VPERM2I128 $0x13, AA2, BB2, AA2
+	VPERM2I128 $0x13, CC2, DD2, BB2
+	JMP        openAVX2ShortOpen
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 128 bytes of ciphertext
+openAVX2Tail128:
+	// Need to decrypt up to 128 bytes - prepare two blocks
+	VMOVDQA ·chacha20Constants<>(SB), AA1
+	VMOVDQA state1StoreAVX2, BB1
+	VMOVDQA state2StoreAVX2, CC1
+	VMOVDQA ctr3StoreAVX2, DD1
+	VPADDD  ·avx2IncMask<>(SB), DD1, DD1
+	VMOVDQA DD1, DD0
+
+	XORQ  itr2, itr2
+	MOVQ  inl, itr1
+	ANDQ  $-16, itr1
+	TESTQ itr1, itr1
+	JE    openAVX2Tail128LoopB
+
+openAVX2Tail128LoopA:
+	// Perform ChaCha rounds, while hashing the remaining input
+	polyAdd(0(inp)(itr2*1))
+	polyMulAVX2
+
+openAVX2Tail128LoopB:
+	ADDQ     $16, itr2
+	chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	VPALIGNR $4, BB1, BB1, BB1
+	VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR $12, DD1, DD1, DD1
+	chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	VPALIGNR $12, BB1, BB1, BB1
+	VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR $4, DD1, DD1, DD1
+	CMPQ     itr2, itr1
+	JB       openAVX2Tail128LoopA
+	CMPQ     itr2, $160
+	JNE      openAVX2Tail128LoopB
+
+	VPADDD     ·chacha20Constants<>(SB), AA1, AA1
+	VPADDD     state1StoreAVX2, BB1, BB1
+	VPADDD     state2StoreAVX2, CC1, CC1
+	VPADDD     DD0, DD1, DD1
+	VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+
+openAVX2TailLoop:
+	CMPQ inl, $32
+	JB   openAVX2Tail
+	SUBQ $32, inl
+
+	// Load for decryption
+	VPXOR   (inp), AA0, AA0
+	VMOVDQU AA0, (oup)
+	LEAQ    (1*32)(inp), inp
+	LEAQ    (1*32)(oup), oup
+	VMOVDQA BB0, AA0
+	VMOVDQA CC0, BB0
+	VMOVDQA DD0, CC0
+	JMP     openAVX2TailLoop
+
+openAVX2Tail:
+	CMPQ    inl, $16
+	VMOVDQA A0, A1
+	JB      openAVX2TailDone
+	SUBQ    $16, inl
+
+	// Load for decryption
+	VPXOR      (inp), A0, T0
+	VMOVDQU    T0, (oup)
+	LEAQ       (1*16)(inp), inp
+	LEAQ       (1*16)(oup), oup
+	VPERM2I128 $0x11, AA0, AA0, AA0
+	VMOVDQA    A0, A1
+
+openAVX2TailDone:
+	VZEROUPPER
+	JMP openSSETail16
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 256 bytes of ciphertext
+openAVX2Tail256:
+	// Need to decrypt up to 256 bytes - prepare four blocks
+	VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1
+	VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1
+	VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1
+	VMOVDQA ctr3StoreAVX2, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD1
+	VMOVDQA DD0, TT1
+	VMOVDQA DD1, TT2
+
+	// Compute the number of iterations that will hash data
+	MOVQ    inl, tmpStoreAVX2
+	MOVQ    inl, itr1
+	SUBQ    $128, itr1
+	SHRQ    $4, itr1
+	MOVQ    $10, itr2
+	CMPQ    itr1, $10
+	CMOVQGT itr2, itr1
+	MOVQ    inp, inl
+	XORQ    itr2, itr2
+
+openAVX2Tail256LoopA:
+	polyAdd(0(inl))
+	polyMulAVX2
+	LEAQ 16(inl), inl
+
+	// Perform ChaCha rounds, while hashing the remaining input
+openAVX2Tail256LoopB:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
+	INCQ     itr2
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
+	CMPQ     itr2, itr1
+	JB       openAVX2Tail256LoopA
+
+	CMPQ itr2, $10
+	JNE  openAVX2Tail256LoopB
+
+	MOVQ inl, itr2
+	SUBQ inp, inl
+	MOVQ inl, itr1
+	MOVQ tmpStoreAVX2, inl
+
+	// Hash the remainder of data (if any)
+openAVX2Tail256Hash:
+	ADDQ $16, itr1
+	CMPQ itr1, inl
+	JGT  openAVX2Tail256HashEnd
+	polyAdd (0(itr2))
+	polyMulAVX2
+	LEAQ 16(itr2), itr2
+	JMP  openAVX2Tail256Hash
+
+// Store 128 bytes safely, then go to store loop
+openAVX2Tail256HashEnd:
+	VPADDD     ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1
+	VPADDD     state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1
+	VPADDD     state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1
+	VPADDD     TT1, DD0, DD0; VPADDD TT2, DD1, DD1
+	VPERM2I128 $0x02, AA0, BB0, AA2; VPERM2I128 $0x02, CC0, DD0, BB2; VPERM2I128 $0x13, AA0, BB0, CC2; VPERM2I128 $0x13, CC0, DD0, DD2
+	VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+
+	VPXOR   (0*32)(inp), AA2, AA2; VPXOR (1*32)(inp), BB2, BB2; VPXOR (2*32)(inp), CC2, CC2; VPXOR (3*32)(inp), DD2, DD2
+	VMOVDQU AA2, (0*32)(oup); VMOVDQU BB2, (1*32)(oup); VMOVDQU CC2, (2*32)(oup); VMOVDQU DD2, (3*32)(oup)
+	LEAQ    (4*32)(inp), inp
+	LEAQ    (4*32)(oup), oup
+	SUBQ    $4*32, inl
+
+	JMP openAVX2TailLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 384 bytes of ciphertext
+openAVX2Tail384:
+	// Need to decrypt up to 384 bytes - prepare six blocks
+	VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2
+	VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2
+	VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2
+	VMOVDQA ctr3StoreAVX2, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD1
+	VPADDD  ·avx2IncMask<>(SB), DD1, DD2
+	VMOVDQA DD0, ctr0StoreAVX2
+	VMOVDQA DD1, ctr1StoreAVX2
+	VMOVDQA DD2, ctr2StoreAVX2
+
+	// Compute the number of iterations that will hash two blocks of data
+	MOVQ    inl, tmpStoreAVX2
+	MOVQ    inl, itr1
+	SUBQ    $256, itr1
+	SHRQ    $4, itr1
+	ADDQ    $6, itr1
+	MOVQ    $10, itr2
+	CMPQ    itr1, $10
+	CMOVQGT itr2, itr1
+	MOVQ    inp, inl
+	XORQ    itr2, itr2
+
+	// Perform ChaCha rounds, while hashing the remaining input
+openAVX2Tail384LoopB:
+	polyAdd(0(inl))
+	polyMulAVX2
+	LEAQ 16(inl), inl
+
+openAVX2Tail384LoopA:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
+	polyAdd(0(inl))
+	polyMulAVX2
+	LEAQ     16(inl), inl
+	INCQ     itr2
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
+
+	CMPQ itr2, itr1
+	JB   openAVX2Tail384LoopB
+
+	CMPQ itr2, $10
+	JNE  openAVX2Tail384LoopA
+
+	MOVQ inl, itr2
+	SUBQ inp, inl
+	MOVQ inl, itr1
+	MOVQ tmpStoreAVX2, inl
+
+openAVX2Tail384Hash:
+	ADDQ $16, itr1
+	CMPQ itr1, inl
+	JGT  openAVX2Tail384HashEnd
+	polyAdd(0(itr2))
+	polyMulAVX2
+	LEAQ 16(itr2), itr2
+	JMP  openAVX2Tail384Hash
+
+// Store 256 bytes safely, then go to store loop
+openAVX2Tail384HashEnd:
+	VPADDD     ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2
+	VPADDD     state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2
+	VPADDD     state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2
+	VPADDD     ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2
+	VPERM2I128 $0x02, AA0, BB0, TT0; VPERM2I128 $0x02, CC0, DD0, TT1; VPERM2I128 $0x13, AA0, BB0, TT2; VPERM2I128 $0x13, CC0, DD0, TT3
+	VPXOR      (0*32)(inp), TT0, TT0; VPXOR (1*32)(inp), TT1, TT1; VPXOR (2*32)(inp), TT2, TT2; VPXOR (3*32)(inp), TT3, TT3
+	VMOVDQU    TT0, (0*32)(oup); VMOVDQU TT1, (1*32)(oup); VMOVDQU TT2, (2*32)(oup); VMOVDQU TT3, (3*32)(oup)
+	VPERM2I128 $0x02, AA1, BB1, TT0; VPERM2I128 $0x02, CC1, DD1, TT1; VPERM2I128 $0x13, AA1, BB1, TT2; VPERM2I128 $0x13, CC1, DD1, TT3
+	VPXOR      (4*32)(inp), TT0, TT0; VPXOR (5*32)(inp), TT1, TT1; VPXOR (6*32)(inp), TT2, TT2; VPXOR (7*32)(inp), TT3, TT3
+	VMOVDQU    TT0, (4*32)(oup); VMOVDQU TT1, (5*32)(oup); VMOVDQU TT2, (6*32)(oup); VMOVDQU TT3, (7*32)(oup)
+	VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+	LEAQ       (8*32)(inp), inp
+	LEAQ       (8*32)(oup), oup
+	SUBQ       $8*32, inl
+	JMP        openAVX2TailLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 512 bytes of ciphertext
+openAVX2Tail512:
+	VMOVDQU ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+	VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+	VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+	VMOVDQA ctr3StoreAVX2, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+	VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+	XORQ    itr1, itr1
+	MOVQ    inp, itr2
+
+openAVX2Tail512LoopB:
+	polyAdd(0(itr2))
+	polyMulAVX2
+	LEAQ (2*8)(itr2), itr2
+
+openAVX2Tail512LoopA:
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	polyAdd(0*8(itr2))
+	polyMulAVX2
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	polyAdd(2*8(itr2))
+	polyMulAVX2
+	LEAQ     (4*8)(itr2), itr2
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
+	INCQ     itr1
+	CMPQ     itr1, $4
+	JLT      openAVX2Tail512LoopB
+
+	CMPQ itr1, $10
+	JNE  openAVX2Tail512LoopA
+
+	MOVQ inl, itr1
+	SUBQ $384, itr1
+	ANDQ $-16, itr1
+
+openAVX2Tail512HashLoop:
+	TESTQ itr1, itr1
+	JE    openAVX2Tail512HashEnd
+	polyAdd(0(itr2))
+	polyMulAVX2
+	LEAQ  16(itr2), itr2
+	SUBQ  $16, itr1
+	JMP   openAVX2Tail512HashLoop
+
+openAVX2Tail512HashEnd:
+	VPADDD     ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+	VPADDD     state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+	VPADDD     state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+	VPADDD     ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+	VMOVDQA    CC3, tmpStoreAVX2
+	VPERM2I128 $0x02, AA0, BB0, CC3; VPERM2I128 $0x13, AA0, BB0, BB0; VPERM2I128 $0x02, CC0, DD0, AA0; VPERM2I128 $0x13, CC0, DD0, CC0
+	VPXOR      (0*32)(inp), CC3, CC3; VPXOR (1*32)(inp), AA0, AA0; VPXOR (2*32)(inp), BB0, BB0; VPXOR (3*32)(inp), CC0, CC0
+	VMOVDQU    CC3, (0*32)(oup); VMOVDQU AA0, (1*32)(oup); VMOVDQU BB0, (2*32)(oup); VMOVDQU CC0, (3*32)(oup)
+	VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+	VPXOR      (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
+	VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+	VPXOR      (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
+	VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
+
+	LEAQ (12*32)(inp), inp
+	LEAQ (12*32)(oup), oup
+	SUBQ $12*32, inl
+
+	JMP openAVX2TailLoop
+
+// ----------------------------------------------------------------------------
+// ----------------------------------------------------------------------------
+// func chacha20Poly1305Seal(dst, key, src, ad []byte)
+TEXT ·chacha20Poly1305Seal(SB), 0, $288-96
+	// For aligned stack access
+	MOVQ SP, BP
+	ADDQ $32, BP
+	ANDQ $-32, BP
+	MOVQ dst+0(FP), oup
+	MOVQ key+24(FP), keyp
+	MOVQ src+48(FP), inp
+	MOVQ src_len+56(FP), inl
+	MOVQ ad+72(FP), adp
+
+	CMPB ·useAVX2(SB), $1
+	JE   chacha20Poly1305Seal_AVX2
+
+	// Special optimization, for very short buffers
+	CMPQ inl, $128
+	JBE  sealSSE128 // About 15% faster
+
+	// In the seal case - prepare the poly key + 3 blocks of stream in the first iteration
+	MOVOU ·chacha20Constants<>(SB), A0
+	MOVOU (1*16)(keyp), B0
+	MOVOU (2*16)(keyp), C0
+	MOVOU (3*16)(keyp), D0
+
+	// Store state on stack for future use
+	MOVO B0, state1Store
+	MOVO C0, state2Store
+
+	// Load state, increment counter blocks
+	MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+	MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+	MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
+
+	// Store counters
+	MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
+	MOVQ $10, itr2
+
+sealSSEIntroLoop:
+	MOVO         C3, tmpStore
+	chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+	MOVO         tmpStore, C3
+	MOVO         C1, tmpStore
+	chachaQR(A3, B3, C3, D3, C1)
+	MOVO         tmpStore, C1
+	shiftB0Left; shiftB1Left; shiftB2Left; shiftB3Left
+	shiftC0Left; shiftC1Left; shiftC2Left; shiftC3Left
+	shiftD0Left; shiftD1Left; shiftD2Left; shiftD3Left
+
+	MOVO          C3, tmpStore
+	chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+	MOVO          tmpStore, C3
+	MOVO          C1, tmpStore
+	chachaQR(A3, B3, C3, D3, C1)
+	MOVO          tmpStore, C1
+	shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
+	shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
+	shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
+	DECQ          itr2
+	JNE           sealSSEIntroLoop
+
+	// Add in the state
+	PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
+	PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
+	PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
+	PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
+
+	// Clamp and store the key
+	PAND ·polyClampMask<>(SB), A0
+	MOVO A0, rStore
+	MOVO B0, sStore
+
+	// Hash AAD
+	MOVQ ad_len+80(FP), itr2
+	CALL polyHashADInternal<>(SB)
+
+	MOVOU (0*16)(inp), A0; MOVOU (1*16)(inp), B0; MOVOU (2*16)(inp), C0; MOVOU (3*16)(inp), D0
+	PXOR  A0, A1; PXOR B0, B1; PXOR C0, C1; PXOR D0, D1
+	MOVOU A1, (0*16)(oup); MOVOU B1, (1*16)(oup); MOVOU C1, (2*16)(oup); MOVOU D1, (3*16)(oup)
+	MOVOU (4*16)(inp), A0; MOVOU (5*16)(inp), B0; MOVOU (6*16)(inp), C0; MOVOU (7*16)(inp), D0
+	PXOR  A0, A2; PXOR B0, B2; PXOR C0, C2; PXOR D0, D2
+	MOVOU A2, (4*16)(oup); MOVOU B2, (5*16)(oup); MOVOU C2, (6*16)(oup); MOVOU D2, (7*16)(oup)
+
+	MOVQ $128, itr1
+	SUBQ $128, inl
+	LEAQ 128(inp), inp
+
+	MOVO A3, A1; MOVO B3, B1; MOVO C3, C1; MOVO D3, D1
+
+	CMPQ inl, $64
+	JBE  sealSSE128SealHash
+
+	MOVOU (0*16)(inp), A0; MOVOU (1*16)(inp), B0; MOVOU (2*16)(inp), C0; MOVOU (3*16)(inp), D0
+	PXOR  A0, A3; PXOR B0, B3; PXOR C0, C3; PXOR D0, D3
+	MOVOU A3, (8*16)(oup); MOVOU B3, (9*16)(oup); MOVOU C3, (10*16)(oup); MOVOU D3, (11*16)(oup)
+
+	ADDQ $64, itr1
+	SUBQ $64, inl
+	LEAQ 64(inp), inp
+
+	MOVQ $2, itr1
+	MOVQ $8, itr2
+
+	CMPQ inl, $64
+	JBE  sealSSETail64
+	CMPQ inl, $128
+	JBE  sealSSETail128
+	CMPQ inl, $192
+	JBE  sealSSETail192
+
+sealSSEMainLoop:
+	// Load state, increment counter blocks
+	MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0
+	MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+	MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+	MOVO A2, A3; MOVO B2, B3; MOVO C2, C3; MOVO D2, D3; PADDL ·sseIncMask<>(SB), D3
+
+	// Store counters
+	MOVO D0, ctr0Store; MOVO D1, ctr1Store; MOVO D2, ctr2Store; MOVO D3, ctr3Store
+
+sealSSEInnerLoop:
+	MOVO          C3, tmpStore
+	chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+	MOVO          tmpStore, C3
+	MOVO          C1, tmpStore
+	chachaQR(A3, B3, C3, D3, C1)
+	MOVO          tmpStore, C1
+	polyAdd(0(oup))
+	shiftB0Left;  shiftB1Left; shiftB2Left; shiftB3Left
+	shiftC0Left;  shiftC1Left; shiftC2Left; shiftC3Left
+	shiftD0Left;  shiftD1Left; shiftD2Left; shiftD3Left
+	polyMulStage1
+	polyMulStage2
+	LEAQ          (2*8)(oup), oup
+	MOVO          C3, tmpStore
+	chachaQR(A0, B0, C0, D0, C3); chachaQR(A1, B1, C1, D1, C3); chachaQR(A2, B2, C2, D2, C3)
+	MOVO          tmpStore, C3
+	MOVO          C1, tmpStore
+	polyMulStage3
+	chachaQR(A3, B3, C3, D3, C1)
+	MOVO          tmpStore, C1
+	polyMulReduceStage
+	shiftB0Right; shiftB1Right; shiftB2Right; shiftB3Right
+	shiftC0Right; shiftC1Right; shiftC2Right; shiftC3Right
+	shiftD0Right; shiftD1Right; shiftD2Right; shiftD3Right
+	DECQ          itr2
+	JGE           sealSSEInnerLoop
+	polyAdd(0(oup))
+	polyMul
+	LEAQ          (2*8)(oup), oup
+	DECQ          itr1
+	JG            sealSSEInnerLoop
+
+	// Add in the state
+	PADDD ·chacha20Constants<>(SB), A0; PADDD ·chacha20Constants<>(SB), A1; PADDD ·chacha20Constants<>(SB), A2; PADDD ·chacha20Constants<>(SB), A3
+	PADDD state1Store, B0; PADDD state1Store, B1; PADDD state1Store, B2; PADDD state1Store, B3
+	PADDD state2Store, C0; PADDD state2Store, C1; PADDD state2Store, C2; PADDD state2Store, C3
+	PADDD ctr0Store, D0; PADDD ctr1Store, D1; PADDD ctr2Store, D2; PADDD ctr3Store, D3
+	MOVO  D3, tmpStore
+
+	// Load - xor - store
+	MOVOU (0*16)(inp), D3; PXOR D3, A0
+	MOVOU (1*16)(inp), D3; PXOR D3, B0
+	MOVOU (2*16)(inp), D3; PXOR D3, C0
+	MOVOU (3*16)(inp), D3; PXOR D3, D0
+	MOVOU A0, (0*16)(oup)
+	MOVOU B0, (1*16)(oup)
+	MOVOU C0, (2*16)(oup)
+	MOVOU D0, (3*16)(oup)
+	MOVO  tmpStore, D3
+
+	MOVOU (4*16)(inp), A0; MOVOU (5*16)(inp), B0; MOVOU (6*16)(inp), C0; MOVOU (7*16)(inp), D0
+	PXOR  A0, A1; PXOR B0, B1; PXOR C0, C1; PXOR D0, D1
+	MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
+	MOVOU (8*16)(inp), A0; MOVOU (9*16)(inp), B0; MOVOU (10*16)(inp), C0; MOVOU (11*16)(inp), D0
+	PXOR  A0, A2; PXOR B0, B2; PXOR C0, C2; PXOR D0, D2
+	MOVOU A2, (8*16)(oup); MOVOU B2, (9*16)(oup); MOVOU C2, (10*16)(oup); MOVOU D2, (11*16)(oup)
+	ADDQ  $192, inp
+	MOVQ  $192, itr1
+	SUBQ  $192, inl
+	MOVO  A3, A1
+	MOVO  B3, B1
+	MOVO  C3, C1
+	MOVO  D3, D1
+	CMPQ  inl, $64
+	JBE   sealSSE128SealHash
+	MOVOU (0*16)(inp), A0; MOVOU (1*16)(inp), B0; MOVOU (2*16)(inp), C0; MOVOU (3*16)(inp), D0
+	PXOR  A0, A3; PXOR B0, B3; PXOR C0, C3; PXOR D0, D3
+	MOVOU A3, (12*16)(oup); MOVOU B3, (13*16)(oup); MOVOU C3, (14*16)(oup); MOVOU D3, (15*16)(oup)
+	LEAQ  64(inp), inp
+	SUBQ  $64, inl
+	MOVQ  $6, itr1
+	MOVQ  $4, itr2
+	CMPQ  inl, $192
+	JG    sealSSEMainLoop
+
+	MOVQ  inl, itr1
+	TESTQ inl, inl
+	JE    sealSSE128SealHash
+	MOVQ  $6, itr1
+	CMPQ  inl, $64
+	JBE   sealSSETail64
+	CMPQ  inl, $128
+	JBE   sealSSETail128
+	JMP   sealSSETail192
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 64 bytes of plaintext
+sealSSETail64:
+	// Need to encrypt up to 64 bytes - prepare single block, hash 192 or 256 bytes
+	MOVO  ·chacha20Constants<>(SB), A1
+	MOVO  state1Store, B1
+	MOVO  state2Store, C1
+	MOVO  ctr3Store, D1
+	PADDL ·sseIncMask<>(SB), D1
+	MOVO  D1, ctr0Store
+
+sealSSETail64LoopA:
+	// Perform ChaCha rounds, while hashing the previously encrypted ciphertext
+	polyAdd(0(oup))
+	polyMul
+	LEAQ 16(oup), oup
+
+sealSSETail64LoopB:
+	chachaQR(A1, B1, C1, D1, T1)
+	shiftB1Left;  shiftC1Left; shiftD1Left
+	chachaQR(A1, B1, C1, D1, T1)
+	shiftB1Right; shiftC1Right; shiftD1Right
+	polyAdd(0(oup))
+	polyMul
+	LEAQ          16(oup), oup
+
+	DECQ itr1
+	JG   sealSSETail64LoopA
+
+	DECQ  itr2
+	JGE   sealSSETail64LoopB
+	PADDL ·chacha20Constants<>(SB), A1
+	PADDL state1Store, B1
+	PADDL state2Store, C1
+	PADDL ctr0Store, D1
+
+	JMP sealSSE128Seal
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 128 bytes of plaintext
+sealSSETail128:
+	// Need to encrypt up to 128 bytes - prepare two blocks, hash 192 or 256 bytes
+	MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr0Store
+	MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr1Store
+
+sealSSETail128LoopA:
+	// Perform ChaCha rounds, while hashing the previously encrypted ciphertext
+	polyAdd(0(oup))
+	polyMul
+	LEAQ 16(oup), oup
+
+sealSSETail128LoopB:
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
+	shiftB0Left;  shiftC0Left; shiftD0Left
+	shiftB1Left;  shiftC1Left; shiftD1Left
+	polyAdd(0(oup))
+	polyMul
+	LEAQ          16(oup), oup
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0)
+	shiftB0Right; shiftC0Right; shiftD0Right
+	shiftB1Right; shiftC1Right; shiftD1Right
+
+	DECQ itr1
+	JG   sealSSETail128LoopA
+
+	DECQ itr2
+	JGE  sealSSETail128LoopB
+
+	PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1
+	PADDL state1Store, B0; PADDL state1Store, B1
+	PADDL state2Store, C0; PADDL state2Store, C1
+	PADDL ctr0Store, D0; PADDL ctr1Store, D1
+
+	MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
+	PXOR  T0, A0; PXOR T1, B0; PXOR T2, C0; PXOR T3, D0
+	MOVOU A0, (0*16)(oup); MOVOU B0, (1*16)(oup); MOVOU C0, (2*16)(oup); MOVOU D0, (3*16)(oup)
+
+	MOVQ $64, itr1
+	LEAQ 64(inp), inp
+	SUBQ $64, inl
+
+	JMP sealSSE128SealHash
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 192 bytes of plaintext
+sealSSETail192:
+	// Need to encrypt up to 192 bytes - prepare three blocks, hash 192 or 256 bytes
+	MOVO ·chacha20Constants<>(SB), A0; MOVO state1Store, B0; MOVO state2Store, C0; MOVO ctr3Store, D0; PADDL ·sseIncMask<>(SB), D0; MOVO D0, ctr0Store
+	MOVO A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1; MOVO D1, ctr1Store
+	MOVO A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2; MOVO D2, ctr2Store
+
+sealSSETail192LoopA:
+	// Perform ChaCha rounds, while hashing the previously encrypted ciphertext
+	polyAdd(0(oup))
+	polyMul
+	LEAQ 16(oup), oup
+
+sealSSETail192LoopB:
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+	shiftB0Left; shiftC0Left; shiftD0Left
+	shiftB1Left; shiftC1Left; shiftD1Left
+	shiftB2Left; shiftC2Left; shiftD2Left
+
+	polyAdd(0(oup))
+	polyMul
+	LEAQ 16(oup), oup
+
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+	shiftB0Right; shiftC0Right; shiftD0Right
+	shiftB1Right; shiftC1Right; shiftD1Right
+	shiftB2Right; shiftC2Right; shiftD2Right
+
+	DECQ itr1
+	JG   sealSSETail192LoopA
+
+	DECQ itr2
+	JGE  sealSSETail192LoopB
+
+	PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
+	PADDL state1Store, B0; PADDL state1Store, B1; PADDL state1Store, B2
+	PADDL state2Store, C0; PADDL state2Store, C1; PADDL state2Store, C2
+	PADDL ctr0Store, D0; PADDL ctr1Store, D1; PADDL ctr2Store, D2
+
+	MOVOU (0*16)(inp), T0; MOVOU (1*16)(inp), T1; MOVOU (2*16)(inp), T2; MOVOU (3*16)(inp), T3
+	PXOR  T0, A0; PXOR T1, B0; PXOR T2, C0; PXOR T3, D0
+	MOVOU A0, (0*16)(oup); MOVOU B0, (1*16)(oup); MOVOU C0, (2*16)(oup); MOVOU D0, (3*16)(oup)
+	MOVOU (4*16)(inp), T0; MOVOU (5*16)(inp), T1; MOVOU (6*16)(inp), T2; MOVOU (7*16)(inp), T3
+	PXOR  T0, A1; PXOR T1, B1; PXOR T2, C1; PXOR T3, D1
+	MOVOU A1, (4*16)(oup); MOVOU B1, (5*16)(oup); MOVOU C1, (6*16)(oup); MOVOU D1, (7*16)(oup)
+
+	MOVO A2, A1
+	MOVO B2, B1
+	MOVO C2, C1
+	MOVO D2, D1
+	MOVQ $128, itr1
+	LEAQ 128(inp), inp
+	SUBQ $128, inl
+
+	JMP sealSSE128SealHash
+
+// ----------------------------------------------------------------------------
+// Special seal optimization for buffers smaller than 129 bytes
+sealSSE128:
+	// For up to 128 bytes of ciphertext and 64 bytes for the poly key, we require to process three blocks
+	MOVOU ·chacha20Constants<>(SB), A0; MOVOU (1*16)(keyp), B0; MOVOU (2*16)(keyp), C0; MOVOU (3*16)(keyp), D0
+	MOVO  A0, A1; MOVO B0, B1; MOVO C0, C1; MOVO D0, D1; PADDL ·sseIncMask<>(SB), D1
+	MOVO  A1, A2; MOVO B1, B2; MOVO C1, C2; MOVO D1, D2; PADDL ·sseIncMask<>(SB), D2
+	MOVO  B0, T1; MOVO C0, T2; MOVO D1, T3
+	MOVQ  $10, itr2
+
+sealSSE128InnerCipherLoop:
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+	shiftB0Left;  shiftB1Left; shiftB2Left
+	shiftC0Left;  shiftC1Left; shiftC2Left
+	shiftD0Left;  shiftD1Left; shiftD2Left
+	chachaQR(A0, B0, C0, D0, T0); chachaQR(A1, B1, C1, D1, T0); chachaQR(A2, B2, C2, D2, T0)
+	shiftB0Right; shiftB1Right; shiftB2Right
+	shiftC0Right; shiftC1Right; shiftC2Right
+	shiftD0Right; shiftD1Right; shiftD2Right
+	DECQ          itr2
+	JNE           sealSSE128InnerCipherLoop
+
+	// A0|B0 hold the Poly1305 32-byte key, C0,D0 can be discarded
+	PADDL ·chacha20Constants<>(SB), A0; PADDL ·chacha20Constants<>(SB), A1; PADDL ·chacha20Constants<>(SB), A2
+	PADDL T1, B0; PADDL T1, B1; PADDL T1, B2
+	PADDL T2, C1; PADDL T2, C2
+	PADDL T3, D1; PADDL ·sseIncMask<>(SB), T3; PADDL T3, D2
+	PAND  ·polyClampMask<>(SB), A0
+	MOVOU A0, rStore
+	MOVOU B0, sStore
+
+	// Hash
+	MOVQ ad_len+80(FP), itr2
+	CALL polyHashADInternal<>(SB)
+	XORQ itr1, itr1
+
+sealSSE128SealHash:
+	// itr1 holds the number of bytes encrypted but not yet hashed
+	CMPQ itr1, $16
+	JB   sealSSE128Seal
+	polyAdd(0(oup))
+	polyMul
+
+	SUBQ $16, itr1
+	ADDQ $16, oup
+
+	JMP sealSSE128SealHash
+
+sealSSE128Seal:
+	CMPQ inl, $16
+	JB   sealSSETail
+	SUBQ $16, inl
+
+	// Load for decryption
+	MOVOU (inp), T0
+	PXOR  T0, A1
+	MOVOU A1, (oup)
+	LEAQ  (1*16)(inp), inp
+	LEAQ  (1*16)(oup), oup
+
+	// Extract for hashing
+	MOVQ   A1, t0
+	PSRLDQ $8, A1
+	MOVQ A1, t1
+	ADDQ   t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
+	polyMul
+
+	// Shift the stream "left"
+	MOVO B1, A1
+	MOVO C1, B1
+	MOVO D1, C1
+	MOVO A2, D1
+	MOVO B2, A2
+	MOVO C2, B2
+	MOVO D2, C2
+	JMP  sealSSE128Seal
+
+sealSSETail:
+	TESTQ inl, inl
+	JE    sealSSEFinalize
+
+	// We can only load the PT one byte at a time to avoid read after end of buffer
+	MOVQ inl, itr2
+	SHLQ $4, itr2
+	LEAQ ·andMask<>(SB), t0
+	MOVQ inl, itr1
+	LEAQ -1(inp)(inl*1), inp
+	XORQ t2, t2
+	XORQ t3, t3
+	XORQ AX, AX
+
+sealSSETailLoadLoop:
+	SHLQ $8, t2, t3
+	SHLQ $8, t2
+	MOVB (inp), AX
+	XORQ AX, t2
+	LEAQ   -1(inp), inp
+	DECQ   itr1
+	JNE    sealSSETailLoadLoop
+	MOVQ t2, 0+tmpStore
+	MOVQ t3, 8+tmpStore
+	PXOR 0+tmpStore, A1
+	MOVOU  A1, (oup)
+	MOVOU  -16(t0)(itr2*1), T0
+	PAND   T0, A1
+	MOVQ   A1, t0
+	PSRLDQ $8, A1
+	MOVQ   A1, t1
+	ADDQ   t0, acc0; ADCQ t1, acc1; ADCQ $1, acc2
+	polyMul
+
+	ADDQ inl, oup
+
+sealSSEFinalize:
+	// Hash in the buffer lengths
+	ADDQ ad_len+80(FP), acc0
+	ADCQ src_len+56(FP), acc1
+	ADCQ $1, acc2
+	polyMul
+
+	// Final reduce
+	MOVQ    acc0, t0
+	MOVQ    acc1, t1
+	MOVQ    acc2, t2
+	SUBQ    $-5, acc0
+	SBBQ    $-1, acc1
+	SBBQ    $3, acc2
+	CMOVQCS t0, acc0
+	CMOVQCS t1, acc1
+	CMOVQCS t2, acc2
+
+	// Add in the "s" part of the key
+	ADDQ 0+sStore, acc0
+	ADCQ 8+sStore, acc1
+
+	// Finally store the tag at the end of the message
+	MOVQ acc0, (0*8)(oup)
+	MOVQ acc1, (1*8)(oup)
+	RET
+
+// ----------------------------------------------------------------------------
+// ------------------------- AVX2 Code ----------------------------------------
+chacha20Poly1305Seal_AVX2:
+	VZEROUPPER
+	VMOVDQU ·chacha20Constants<>(SB), AA0
+	BYTE    $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x70; BYTE $0x10 // broadcasti128 16(r8), ymm14
+	BYTE    $0xc4; BYTE $0x42; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x20 // broadcasti128 32(r8), ymm12
+	BYTE    $0xc4; BYTE $0xc2; BYTE $0x7d; BYTE $0x5a; BYTE $0x60; BYTE $0x30 // broadcasti128 48(r8), ymm4
+	VPADDD  ·avx2InitMask<>(SB), DD0, DD0
+
+	// Special optimizations, for very short buffers
+	CMPQ inl, $192
+	JBE  seal192AVX2 // 33% faster
+	CMPQ inl, $320
+	JBE  seal320AVX2 // 17% faster
+
+	// For the general key prepare the key first - as a byproduct we have 64 bytes of cipher stream
+	VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+	VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3; VMOVDQA BB0, state1StoreAVX2
+	VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3; VMOVDQA CC0, state2StoreAVX2
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD1; VMOVDQA DD0, ctr0StoreAVX2
+	VPADDD  ·avx2IncMask<>(SB), DD1, DD2; VMOVDQA DD1, ctr1StoreAVX2
+	VPADDD  ·avx2IncMask<>(SB), DD2, DD3; VMOVDQA DD2, ctr2StoreAVX2
+	VMOVDQA DD3, ctr3StoreAVX2
+	MOVQ    $10, itr2
+
+sealAVX2IntroLoop:
+	VMOVDQA CC3, tmpStoreAVX2
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
+	VMOVDQA tmpStoreAVX2, CC3
+	VMOVDQA CC1, tmpStoreAVX2
+	chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
+	VMOVDQA tmpStoreAVX2, CC1
+
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $12, DD0, DD0, DD0
+	VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $12, DD1, DD1, DD1
+	VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $12, DD2, DD2, DD2
+	VPALIGNR $4, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $12, DD3, DD3, DD3
+
+	VMOVDQA CC3, tmpStoreAVX2
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
+	VMOVDQA tmpStoreAVX2, CC3
+	VMOVDQA CC1, tmpStoreAVX2
+	chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
+	VMOVDQA tmpStoreAVX2, CC1
+
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $4, DD0, DD0, DD0
+	VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $4, DD1, DD1, DD1
+	VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $4, DD2, DD2, DD2
+	VPALIGNR $12, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $4, DD3, DD3, DD3
+	DECQ     itr2
+	JNE      sealAVX2IntroLoop
+
+	VPADDD ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+	VPADDD state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+	VPADDD state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+	VPADDD ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+
+	VPERM2I128 $0x13, CC0, DD0, CC0 // Stream bytes 96 - 127
+	VPERM2I128 $0x02, AA0, BB0, DD0 // The Poly1305 key
+	VPERM2I128 $0x13, AA0, BB0, AA0 // Stream bytes 64 - 95
+
+	// Clamp and store poly key
+	VPAND   ·polyClampMask<>(SB), DD0, DD0
+	VMOVDQA DD0, rsStoreAVX2
+
+	// Hash AD
+	MOVQ ad_len+80(FP), itr2
+	CALL polyHashADInternal<>(SB)
+
+	// Can store at least 320 bytes
+	VPXOR   (0*32)(inp), AA0, AA0
+	VPXOR   (1*32)(inp), CC0, CC0
+	VMOVDQU AA0, (0*32)(oup)
+	VMOVDQU CC0, (1*32)(oup)
+
+	VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+	VPXOR      (2*32)(inp), AA0, AA0; VPXOR (3*32)(inp), BB0, BB0; VPXOR (4*32)(inp), CC0, CC0; VPXOR (5*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (2*32)(oup); VMOVDQU BB0, (3*32)(oup); VMOVDQU CC0, (4*32)(oup); VMOVDQU DD0, (5*32)(oup)
+	VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+	VPXOR      (6*32)(inp), AA0, AA0; VPXOR (7*32)(inp), BB0, BB0; VPXOR (8*32)(inp), CC0, CC0; VPXOR (9*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (6*32)(oup); VMOVDQU BB0, (7*32)(oup); VMOVDQU CC0, (8*32)(oup); VMOVDQU DD0, (9*32)(oup)
+
+	MOVQ $320, itr1
+	SUBQ $320, inl
+	LEAQ 320(inp), inp
+
+	VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, CC3, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, CC3, DD3, DD0
+	CMPQ       inl, $128
+	JBE        sealAVX2SealHash
+
+	VPXOR   (0*32)(inp), AA0, AA0; VPXOR (1*32)(inp), BB0, BB0; VPXOR (2*32)(inp), CC0, CC0; VPXOR (3*32)(inp), DD0, DD0
+	VMOVDQU AA0, (10*32)(oup); VMOVDQU BB0, (11*32)(oup); VMOVDQU CC0, (12*32)(oup); VMOVDQU DD0, (13*32)(oup)
+	SUBQ    $128, inl
+	LEAQ    128(inp), inp
+
+	MOVQ $8, itr1
+	MOVQ $2, itr2
+
+	CMPQ inl, $128
+	JBE  sealAVX2Tail128
+	CMPQ inl, $256
+	JBE  sealAVX2Tail256
+	CMPQ inl, $384
+	JBE  sealAVX2Tail384
+	CMPQ inl, $512
+	JBE  sealAVX2Tail512
+
+	// We have 448 bytes to hash, but main loop hashes 512 bytes at a time - perform some rounds, before the main loop
+	VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+	VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+	VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+	VMOVDQA ctr3StoreAVX2, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+	VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+
+	VMOVDQA CC3, tmpStoreAVX2
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
+	VMOVDQA tmpStoreAVX2, CC3
+	VMOVDQA CC1, tmpStoreAVX2
+	chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
+	VMOVDQA tmpStoreAVX2, CC1
+
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $12, DD0, DD0, DD0
+	VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $12, DD1, DD1, DD1
+	VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $12, DD2, DD2, DD2
+	VPALIGNR $4, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $12, DD3, DD3, DD3
+
+	VMOVDQA CC3, tmpStoreAVX2
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, CC3); chachaQR_AVX2(AA1, BB1, CC1, DD1, CC3); chachaQR_AVX2(AA2, BB2, CC2, DD2, CC3)
+	VMOVDQA tmpStoreAVX2, CC3
+	VMOVDQA CC1, tmpStoreAVX2
+	chachaQR_AVX2(AA3, BB3, CC3, DD3, CC1)
+	VMOVDQA tmpStoreAVX2, CC1
+
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $4, DD0, DD0, DD0
+	VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $4, DD1, DD1, DD1
+	VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $4, DD2, DD2, DD2
+	VPALIGNR $12, BB3, BB3, BB3; VPALIGNR $8, CC3, CC3, CC3; VPALIGNR $4, DD3, DD3, DD3
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+
+	SUBQ $16, oup                  // Adjust the pointer
+	MOVQ $9, itr1
+	JMP  sealAVX2InternalLoopStart
+
+sealAVX2MainLoop:
+	// Load state, increment counter blocks, store the incremented counters
+	VMOVDQU ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+	VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+	VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+	VMOVDQA ctr3StoreAVX2, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+	VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+	MOVQ    $10, itr1
+
+sealAVX2InternalLoop:
+	polyAdd(0*8(oup))
+	VPADDD  BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	polyMulStage1_AVX2
+	VPXOR   AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+	polyMulStage2_AVX2
+	VPADDD  DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR   CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	polyMulStage3_AVX2
+	VMOVDQA CC3, tmpStoreAVX2
+	VPSLLD  $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD  $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD  $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD  $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA tmpStoreAVX2, CC3
+	polyMulReduceStage
+
+sealAVX2InternalLoopStart:
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+	polyAdd(2*8(oup))
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	polyMulStage1_AVX2
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	polyMulStage2_AVX2
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	polyMulStage3_AVX2
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+	polyMulReduceStage
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	polyAdd(4*8(oup))
+	LEAQ     (6*8)(oup), oup
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	polyMulStage1_AVX2
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	polyMulStage2_AVX2
+	VPSHUFB  ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	polyMulStage3_AVX2
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	polyMulReduceStage
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
+	DECQ     itr1
+	JNE      sealAVX2InternalLoop
+
+	VPADDD  ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+	VPADDD  state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+	VPADDD  state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+	VPADDD  ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+	VMOVDQA CC3, tmpStoreAVX2
+
+	// We only hashed 480 of the 512 bytes available - hash the remaining 32 here
+	polyAdd(0*8(oup))
+	polyMulAVX2
+	LEAQ       (4*8)(oup), oup
+	VPERM2I128 $0x02, AA0, BB0, CC3; VPERM2I128 $0x13, AA0, BB0, BB0; VPERM2I128 $0x02, CC0, DD0, AA0; VPERM2I128 $0x13, CC0, DD0, CC0
+	VPXOR      (0*32)(inp), CC3, CC3; VPXOR (1*32)(inp), AA0, AA0; VPXOR (2*32)(inp), BB0, BB0; VPXOR (3*32)(inp), CC0, CC0
+	VMOVDQU    CC3, (0*32)(oup); VMOVDQU AA0, (1*32)(oup); VMOVDQU BB0, (2*32)(oup); VMOVDQU CC0, (3*32)(oup)
+	VPERM2I128 $0x02, AA1, BB1, AA0; VPERM2I128 $0x02, CC1, DD1, BB0; VPERM2I128 $0x13, AA1, BB1, CC0; VPERM2I128 $0x13, CC1, DD1, DD0
+	VPXOR      (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
+
+	// and here
+	polyAdd(-2*8(oup))
+	polyMulAVX2
+	VPERM2I128 $0x02, AA2, BB2, AA0; VPERM2I128 $0x02, CC2, DD2, BB0; VPERM2I128 $0x13, AA2, BB2, CC0; VPERM2I128 $0x13, CC2, DD2, DD0
+	VPXOR      (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
+	VPERM2I128 $0x02, AA3, BB3, AA0; VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0; VPERM2I128 $0x13, AA3, BB3, CC0; VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
+	VPXOR      (12*32)(inp), AA0, AA0; VPXOR (13*32)(inp), BB0, BB0; VPXOR (14*32)(inp), CC0, CC0; VPXOR (15*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (12*32)(oup); VMOVDQU BB0, (13*32)(oup); VMOVDQU CC0, (14*32)(oup); VMOVDQU DD0, (15*32)(oup)
+	LEAQ       (32*16)(inp), inp
+	SUBQ       $(32*16), inl
+	CMPQ       inl, $512
+	JG         sealAVX2MainLoop
+
+	// Tail can only hash 480 bytes
+	polyAdd(0*8(oup))
+	polyMulAVX2
+	polyAdd(2*8(oup))
+	polyMulAVX2
+	LEAQ 32(oup), oup
+
+	MOVQ $10, itr1
+	MOVQ $0, itr2
+	CMPQ inl, $128
+	JBE  sealAVX2Tail128
+	CMPQ inl, $256
+	JBE  sealAVX2Tail256
+	CMPQ inl, $384
+	JBE  sealAVX2Tail384
+	JMP  sealAVX2Tail512
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 193 bytes
+seal192AVX2:
+	// For up to 192 bytes of ciphertext and 64 bytes for the poly key, we process four blocks
+	VMOVDQA AA0, AA1
+	VMOVDQA BB0, BB1
+	VMOVDQA CC0, CC1
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD1
+	VMOVDQA AA0, AA2
+	VMOVDQA BB0, BB2
+	VMOVDQA CC0, CC2
+	VMOVDQA DD0, DD2
+	VMOVDQA DD1, TT3
+	MOVQ    $10, itr2
+
+sealAVX2192InnerCipherLoop:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	VPALIGNR   $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
+	VPALIGNR   $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR   $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	VPALIGNR   $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
+	VPALIGNR   $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR   $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
+	DECQ       itr2
+	JNE        sealAVX2192InnerCipherLoop
+	VPADDD     AA2, AA0, AA0; VPADDD AA2, AA1, AA1
+	VPADDD     BB2, BB0, BB0; VPADDD BB2, BB1, BB1
+	VPADDD     CC2, CC0, CC0; VPADDD CC2, CC1, CC1
+	VPADDD     DD2, DD0, DD0; VPADDD TT3, DD1, DD1
+	VPERM2I128 $0x02, AA0, BB0, TT0
+
+	// Clamp and store poly key
+	VPAND   ·polyClampMask<>(SB), TT0, TT0
+	VMOVDQA TT0, rsStoreAVX2
+
+	// Stream for up to 192 bytes
+	VPERM2I128 $0x13, AA0, BB0, AA0
+	VPERM2I128 $0x13, CC0, DD0, BB0
+	VPERM2I128 $0x02, AA1, BB1, CC0
+	VPERM2I128 $0x02, CC1, DD1, DD0
+	VPERM2I128 $0x13, AA1, BB1, AA1
+	VPERM2I128 $0x13, CC1, DD1, BB1
+
+sealAVX2ShortSeal:
+	// Hash aad
+	MOVQ ad_len+80(FP), itr2
+	CALL polyHashADInternal<>(SB)
+	XORQ itr1, itr1
+
+sealAVX2SealHash:
+	// itr1 holds the number of bytes encrypted but not yet hashed
+	CMPQ itr1, $16
+	JB   sealAVX2ShortSealLoop
+	polyAdd(0(oup))
+	polyMul
+	SUBQ $16, itr1
+	ADDQ $16, oup
+	JMP  sealAVX2SealHash
+
+sealAVX2ShortSealLoop:
+	CMPQ inl, $32
+	JB   sealAVX2ShortTail32
+	SUBQ $32, inl
+
+	// Load for encryption
+	VPXOR   (inp), AA0, AA0
+	VMOVDQU AA0, (oup)
+	LEAQ    (1*32)(inp), inp
+
+	// Now can hash
+	polyAdd(0*8(oup))
+	polyMulAVX2
+	polyAdd(2*8(oup))
+	polyMulAVX2
+	LEAQ (1*32)(oup), oup
+
+	// Shift stream left
+	VMOVDQA BB0, AA0
+	VMOVDQA CC0, BB0
+	VMOVDQA DD0, CC0
+	VMOVDQA AA1, DD0
+	VMOVDQA BB1, AA1
+	VMOVDQA CC1, BB1
+	VMOVDQA DD1, CC1
+	VMOVDQA AA2, DD1
+	VMOVDQA BB2, AA2
+	JMP     sealAVX2ShortSealLoop
+
+sealAVX2ShortTail32:
+	CMPQ    inl, $16
+	VMOVDQA A0, A1
+	JB      sealAVX2ShortDone
+
+	SUBQ $16, inl
+
+	// Load for encryption
+	VPXOR   (inp), A0, T0
+	VMOVDQU T0, (oup)
+	LEAQ    (1*16)(inp), inp
+
+	// Hash
+	polyAdd(0*8(oup))
+	polyMulAVX2
+	LEAQ       (1*16)(oup), oup
+	VPERM2I128 $0x11, AA0, AA0, AA0
+	VMOVDQA    A0, A1
+
+sealAVX2ShortDone:
+	VZEROUPPER
+	JMP sealSSETail
+
+// ----------------------------------------------------------------------------
+// Special optimization for buffers smaller than 321 bytes
+seal320AVX2:
+	// For up to 320 bytes of ciphertext and 64 bytes for the poly key, we process six blocks
+	VMOVDQA AA0, AA1; VMOVDQA BB0, BB1; VMOVDQA CC0, CC1; VPADDD ·avx2IncMask<>(SB), DD0, DD1
+	VMOVDQA AA0, AA2; VMOVDQA BB0, BB2; VMOVDQA CC0, CC2; VPADDD ·avx2IncMask<>(SB), DD1, DD2
+	VMOVDQA BB0, TT1; VMOVDQA CC0, TT2; VMOVDQA DD0, TT3
+	MOVQ    $10, itr2
+
+sealAVX2320InnerCipherLoop:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
+	DECQ     itr2
+	JNE      sealAVX2320InnerCipherLoop
+
+	VMOVDQA ·chacha20Constants<>(SB), TT0
+	VPADDD  TT0, AA0, AA0; VPADDD TT0, AA1, AA1; VPADDD TT0, AA2, AA2
+	VPADDD  TT1, BB0, BB0; VPADDD TT1, BB1, BB1; VPADDD TT1, BB2, BB2
+	VPADDD  TT2, CC0, CC0; VPADDD TT2, CC1, CC1; VPADDD TT2, CC2, CC2
+	VMOVDQA ·avx2IncMask<>(SB), TT0
+	VPADDD  TT3, DD0, DD0; VPADDD TT0, TT3, TT3
+	VPADDD  TT3, DD1, DD1; VPADDD TT0, TT3, TT3
+	VPADDD  TT3, DD2, DD2
+
+	// Clamp and store poly key
+	VPERM2I128 $0x02, AA0, BB0, TT0
+	VPAND      ·polyClampMask<>(SB), TT0, TT0
+	VMOVDQA    TT0, rsStoreAVX2
+
+	// Stream for up to 320 bytes
+	VPERM2I128 $0x13, AA0, BB0, AA0
+	VPERM2I128 $0x13, CC0, DD0, BB0
+	VPERM2I128 $0x02, AA1, BB1, CC0
+	VPERM2I128 $0x02, CC1, DD1, DD0
+	VPERM2I128 $0x13, AA1, BB1, AA1
+	VPERM2I128 $0x13, CC1, DD1, BB1
+	VPERM2I128 $0x02, AA2, BB2, CC1
+	VPERM2I128 $0x02, CC2, DD2, DD1
+	VPERM2I128 $0x13, AA2, BB2, AA2
+	VPERM2I128 $0x13, CC2, DD2, BB2
+	JMP        sealAVX2ShortSeal
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 128 bytes of ciphertext
+sealAVX2Tail128:
+	// Need to decrypt up to 128 bytes - prepare two blocks
+	// If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
+	// If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
+	VMOVDQA ·chacha20Constants<>(SB), AA0
+	VMOVDQA state1StoreAVX2, BB0
+	VMOVDQA state2StoreAVX2, CC0
+	VMOVDQA ctr3StoreAVX2, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD0
+	VMOVDQA DD0, DD1
+
+sealAVX2Tail128LoopA:
+	polyAdd(0(oup))
+	polyMul
+	LEAQ 16(oup), oup
+
+sealAVX2Tail128LoopB:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
+	polyAdd(0(oup))
+	polyMul
+	VPALIGNR $4, BB0, BB0, BB0
+	VPALIGNR $8, CC0, CC0, CC0
+	VPALIGNR $12, DD0, DD0, DD0
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0)
+	polyAdd(16(oup))
+	polyMul
+	LEAQ     32(oup), oup
+	VPALIGNR $12, BB0, BB0, BB0
+	VPALIGNR $8, CC0, CC0, CC0
+	VPALIGNR $4, DD0, DD0, DD0
+	DECQ     itr1
+	JG       sealAVX2Tail128LoopA
+	DECQ     itr2
+	JGE      sealAVX2Tail128LoopB
+
+	VPADDD ·chacha20Constants<>(SB), AA0, AA1
+	VPADDD state1StoreAVX2, BB0, BB1
+	VPADDD state2StoreAVX2, CC0, CC1
+	VPADDD DD1, DD0, DD1
+
+	VPERM2I128 $0x02, AA1, BB1, AA0
+	VPERM2I128 $0x02, CC1, DD1, BB0
+	VPERM2I128 $0x13, AA1, BB1, CC0
+	VPERM2I128 $0x13, CC1, DD1, DD0
+	JMP        sealAVX2ShortSealLoop
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 256 bytes of ciphertext
+sealAVX2Tail256:
+	// Need to decrypt up to 256 bytes - prepare two blocks
+	// If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
+	// If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
+	VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA ·chacha20Constants<>(SB), AA1
+	VMOVDQA state1StoreAVX2, BB0; VMOVDQA state1StoreAVX2, BB1
+	VMOVDQA state2StoreAVX2, CC0; VMOVDQA state2StoreAVX2, CC1
+	VMOVDQA ctr3StoreAVX2, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD1
+	VMOVDQA DD0, TT1
+	VMOVDQA DD1, TT2
+
+sealAVX2Tail256LoopA:
+	polyAdd(0(oup))
+	polyMul
+	LEAQ 16(oup), oup
+
+sealAVX2Tail256LoopB:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	polyAdd(0(oup))
+	polyMul
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0)
+	polyAdd(16(oup))
+	polyMul
+	LEAQ     32(oup), oup
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1
+	DECQ     itr1
+	JG       sealAVX2Tail256LoopA
+	DECQ     itr2
+	JGE      sealAVX2Tail256LoopB
+
+	VPADDD     ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1
+	VPADDD     state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1
+	VPADDD     state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1
+	VPADDD     TT1, DD0, DD0; VPADDD TT2, DD1, DD1
+	VPERM2I128 $0x02, AA0, BB0, TT0
+	VPERM2I128 $0x02, CC0, DD0, TT1
+	VPERM2I128 $0x13, AA0, BB0, TT2
+	VPERM2I128 $0x13, CC0, DD0, TT3
+	VPXOR      (0*32)(inp), TT0, TT0; VPXOR (1*32)(inp), TT1, TT1; VPXOR (2*32)(inp), TT2, TT2; VPXOR (3*32)(inp), TT3, TT3
+	VMOVDQU    TT0, (0*32)(oup); VMOVDQU TT1, (1*32)(oup); VMOVDQU TT2, (2*32)(oup); VMOVDQU TT3, (3*32)(oup)
+	MOVQ       $128, itr1
+	LEAQ       128(inp), inp
+	SUBQ       $128, inl
+	VPERM2I128 $0x02, AA1, BB1, AA0
+	VPERM2I128 $0x02, CC1, DD1, BB0
+	VPERM2I128 $0x13, AA1, BB1, CC0
+	VPERM2I128 $0x13, CC1, DD1, DD0
+
+	JMP sealAVX2SealHash
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 384 bytes of ciphertext
+sealAVX2Tail384:
+	// Need to decrypt up to 384 bytes - prepare two blocks
+	// If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
+	// If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
+	VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2
+	VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2
+	VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2
+	VMOVDQA ctr3StoreAVX2, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2
+	VMOVDQA DD0, TT1; VMOVDQA DD1, TT2; VMOVDQA DD2, TT3
+
+sealAVX2Tail384LoopA:
+	polyAdd(0(oup))
+	polyMul
+	LEAQ 16(oup), oup
+
+sealAVX2Tail384LoopB:
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+	polyAdd(0(oup))
+	polyMul
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2
+	chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, TT0)
+	polyAdd(16(oup))
+	polyMul
+	LEAQ     32(oup), oup
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2
+	DECQ     itr1
+	JG       sealAVX2Tail384LoopA
+	DECQ     itr2
+	JGE      sealAVX2Tail384LoopB
+
+	VPADDD     ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2
+	VPADDD     state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2
+	VPADDD     state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2
+	VPADDD     TT1, DD0, DD0; VPADDD TT2, DD1, DD1; VPADDD TT3, DD2, DD2
+	VPERM2I128 $0x02, AA0, BB0, TT0
+	VPERM2I128 $0x02, CC0, DD0, TT1
+	VPERM2I128 $0x13, AA0, BB0, TT2
+	VPERM2I128 $0x13, CC0, DD0, TT3
+	VPXOR      (0*32)(inp), TT0, TT0; VPXOR (1*32)(inp), TT1, TT1; VPXOR (2*32)(inp), TT2, TT2; VPXOR (3*32)(inp), TT3, TT3
+	VMOVDQU    TT0, (0*32)(oup); VMOVDQU TT1, (1*32)(oup); VMOVDQU TT2, (2*32)(oup); VMOVDQU TT3, (3*32)(oup)
+	VPERM2I128 $0x02, AA1, BB1, TT0
+	VPERM2I128 $0x02, CC1, DD1, TT1
+	VPERM2I128 $0x13, AA1, BB1, TT2
+	VPERM2I128 $0x13, CC1, DD1, TT3
+	VPXOR      (4*32)(inp), TT0, TT0; VPXOR (5*32)(inp), TT1, TT1; VPXOR (6*32)(inp), TT2, TT2; VPXOR (7*32)(inp), TT3, TT3
+	VMOVDQU    TT0, (4*32)(oup); VMOVDQU TT1, (5*32)(oup); VMOVDQU TT2, (6*32)(oup); VMOVDQU TT3, (7*32)(oup)
+	MOVQ       $256, itr1
+	LEAQ       256(inp), inp
+	SUBQ       $256, inl
+	VPERM2I128 $0x02, AA2, BB2, AA0
+	VPERM2I128 $0x02, CC2, DD2, BB0
+	VPERM2I128 $0x13, AA2, BB2, CC0
+	VPERM2I128 $0x13, CC2, DD2, DD0
+
+	JMP sealAVX2SealHash
+
+// ----------------------------------------------------------------------------
+// Special optimization for the last 512 bytes of ciphertext
+sealAVX2Tail512:
+	// Need to decrypt up to 512 bytes - prepare two blocks
+	// If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
+	// If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
+	VMOVDQA ·chacha20Constants<>(SB), AA0; VMOVDQA AA0, AA1; VMOVDQA AA0, AA2; VMOVDQA AA0, AA3
+	VMOVDQA state1StoreAVX2, BB0; VMOVDQA BB0, BB1; VMOVDQA BB0, BB2; VMOVDQA BB0, BB3
+	VMOVDQA state2StoreAVX2, CC0; VMOVDQA CC0, CC1; VMOVDQA CC0, CC2; VMOVDQA CC0, CC3
+	VMOVDQA ctr3StoreAVX2, DD0
+	VPADDD  ·avx2IncMask<>(SB), DD0, DD0; VPADDD ·avx2IncMask<>(SB), DD0, DD1; VPADDD ·avx2IncMask<>(SB), DD1, DD2; VPADDD ·avx2IncMask<>(SB), DD2, DD3
+	VMOVDQA DD0, ctr0StoreAVX2; VMOVDQA DD1, ctr1StoreAVX2; VMOVDQA DD2, ctr2StoreAVX2; VMOVDQA DD3, ctr3StoreAVX2
+
+sealAVX2Tail512LoopA:
+	polyAdd(0(oup))
+	polyMul
+	LEAQ 16(oup), oup
+
+sealAVX2Tail512LoopB:
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	polyAdd(0*8(oup))
+	polyMulAVX2
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2; VPALIGNR $4, BB3, BB3, BB3
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+	VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2; VPALIGNR $12, DD3, DD3, DD3
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	polyAdd(2*8(oup))
+	polyMulAVX2
+	LEAQ     (4*8)(oup), oup
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	VPADDD   BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3
+	VPXOR    AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3
+	VPSHUFB  ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), DD3, DD3
+	VPADDD   DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3
+	VPXOR    CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3
+	VMOVDQA  CC3, tmpStoreAVX2
+	VPSLLD   $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0
+	VPSLLD   $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1
+	VPSLLD   $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2
+	VPSLLD   $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3
+	VMOVDQA  tmpStoreAVX2, CC3
+	VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2; VPALIGNR $12, BB3, BB3, BB3
+	VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2; VPALIGNR $8, CC3, CC3, CC3
+	VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2; VPALIGNR $4, DD3, DD3, DD3
+
+	DECQ itr1
+	JG   sealAVX2Tail512LoopA
+	DECQ itr2
+	JGE  sealAVX2Tail512LoopB
+
+	VPADDD     ·chacha20Constants<>(SB), AA0, AA0; VPADDD ·chacha20Constants<>(SB), AA1, AA1; VPADDD ·chacha20Constants<>(SB), AA2, AA2; VPADDD ·chacha20Constants<>(SB), AA3, AA3
+	VPADDD     state1StoreAVX2, BB0, BB0; VPADDD state1StoreAVX2, BB1, BB1; VPADDD state1StoreAVX2, BB2, BB2; VPADDD state1StoreAVX2, BB3, BB3
+	VPADDD     state2StoreAVX2, CC0, CC0; VPADDD state2StoreAVX2, CC1, CC1; VPADDD state2StoreAVX2, CC2, CC2; VPADDD state2StoreAVX2, CC3, CC3
+	VPADDD     ctr0StoreAVX2, DD0, DD0; VPADDD ctr1StoreAVX2, DD1, DD1; VPADDD ctr2StoreAVX2, DD2, DD2; VPADDD ctr3StoreAVX2, DD3, DD3
+	VMOVDQA    CC3, tmpStoreAVX2
+	VPERM2I128 $0x02, AA0, BB0, CC3
+	VPXOR      (0*32)(inp), CC3, CC3
+	VMOVDQU    CC3, (0*32)(oup)
+	VPERM2I128 $0x02, CC0, DD0, CC3
+	VPXOR      (1*32)(inp), CC3, CC3
+	VMOVDQU    CC3, (1*32)(oup)
+	VPERM2I128 $0x13, AA0, BB0, CC3
+	VPXOR      (2*32)(inp), CC3, CC3
+	VMOVDQU    CC3, (2*32)(oup)
+	VPERM2I128 $0x13, CC0, DD0, CC3
+	VPXOR      (3*32)(inp), CC3, CC3
+	VMOVDQU    CC3, (3*32)(oup)
+
+	VPERM2I128 $0x02, AA1, BB1, AA0
+	VPERM2I128 $0x02, CC1, DD1, BB0
+	VPERM2I128 $0x13, AA1, BB1, CC0
+	VPERM2I128 $0x13, CC1, DD1, DD0
+	VPXOR      (4*32)(inp), AA0, AA0; VPXOR (5*32)(inp), BB0, BB0; VPXOR (6*32)(inp), CC0, CC0; VPXOR (7*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (4*32)(oup); VMOVDQU BB0, (5*32)(oup); VMOVDQU CC0, (6*32)(oup); VMOVDQU DD0, (7*32)(oup)
+
+	VPERM2I128 $0x02, AA2, BB2, AA0
+	VPERM2I128 $0x02, CC2, DD2, BB0
+	VPERM2I128 $0x13, AA2, BB2, CC0
+	VPERM2I128 $0x13, CC2, DD2, DD0
+	VPXOR      (8*32)(inp), AA0, AA0; VPXOR (9*32)(inp), BB0, BB0; VPXOR (10*32)(inp), CC0, CC0; VPXOR (11*32)(inp), DD0, DD0
+	VMOVDQU    AA0, (8*32)(oup); VMOVDQU BB0, (9*32)(oup); VMOVDQU CC0, (10*32)(oup); VMOVDQU DD0, (11*32)(oup)
+
+	MOVQ       $384, itr1
+	LEAQ       384(inp), inp
+	SUBQ       $384, inl
+	VPERM2I128 $0x02, AA3, BB3, AA0
+	VPERM2I128 $0x02, tmpStoreAVX2, DD3, BB0
+	VPERM2I128 $0x13, AA3, BB3, CC0
+	VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
+
+	JMP sealAVX2SealHash
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
new file mode 100644
index 000000000..6313898f0
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
@@ -0,0 +1,81 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package chacha20poly1305
+
+import (
+	"encoding/binary"
+
+	"golang.org/x/crypto/chacha20"
+	"golang.org/x/crypto/internal/alias"
+	"golang.org/x/crypto/internal/poly1305"
+)
+
+func writeWithPadding(p *poly1305.MAC, b []byte) {
+	p.Write(b)
+	if rem := len(b) % 16; rem != 0 {
+		var buf [16]byte
+		padLen := 16 - rem
+		p.Write(buf[:padLen])
+	}
+}
+
+func writeUint64(p *poly1305.MAC, n int) {
+	var buf [8]byte
+	binary.LittleEndian.PutUint64(buf[:], uint64(n))
+	p.Write(buf[:])
+}
+
+func (c *chacha20poly1305) sealGeneric(dst, nonce, plaintext, additionalData []byte) []byte {
+	ret, out := sliceForAppend(dst, len(plaintext)+poly1305.TagSize)
+	ciphertext, tag := out[:len(plaintext)], out[len(plaintext):]
+	if alias.InexactOverlap(out, plaintext) {
+		panic("chacha20poly1305: invalid buffer overlap")
+	}
+
+	var polyKey [32]byte
+	s, _ := chacha20.NewUnauthenticatedCipher(c.key[:], nonce)
+	s.XORKeyStream(polyKey[:], polyKey[:])
+	s.SetCounter(1) // set the counter to 1, skipping 32 bytes
+	s.XORKeyStream(ciphertext, plaintext)
+
+	p := poly1305.New(&polyKey)
+	writeWithPadding(p, additionalData)
+	writeWithPadding(p, ciphertext)
+	writeUint64(p, len(additionalData))
+	writeUint64(p, len(plaintext))
+	p.Sum(tag[:0])
+
+	return ret
+}
+
+func (c *chacha20poly1305) openGeneric(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+	tag := ciphertext[len(ciphertext)-16:]
+	ciphertext = ciphertext[:len(ciphertext)-16]
+
+	var polyKey [32]byte
+	s, _ := chacha20.NewUnauthenticatedCipher(c.key[:], nonce)
+	s.XORKeyStream(polyKey[:], polyKey[:])
+	s.SetCounter(1) // set the counter to 1, skipping 32 bytes
+
+	p := poly1305.New(&polyKey)
+	writeWithPadding(p, additionalData)
+	writeWithPadding(p, ciphertext)
+	writeUint64(p, len(additionalData))
+	writeUint64(p, len(ciphertext))
+
+	ret, out := sliceForAppend(dst, len(ciphertext))
+	if alias.InexactOverlap(out, ciphertext) {
+		panic("chacha20poly1305: invalid buffer overlap")
+	}
+	if !p.Verify(tag) {
+		for i := range out {
+			out[i] = 0
+		}
+		return nil, errOpen
+	}
+
+	s.XORKeyStream(out, ciphertext)
+	return ret, nil
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go
new file mode 100644
index 000000000..f832b33d4
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go
@@ -0,0 +1,16 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !amd64 || !gc || purego
+// +build !amd64 !gc purego
+
+package chacha20poly1305
+
+func (c *chacha20poly1305) seal(dst, nonce, plaintext, additionalData []byte) []byte {
+	return c.sealGeneric(dst, nonce, plaintext, additionalData)
+}
+
+func (c *chacha20poly1305) open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+	return c.openGeneric(dst, nonce, ciphertext, additionalData)
+}
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/xchacha20poly1305.go b/vendor/golang.org/x/crypto/chacha20poly1305/xchacha20poly1305.go
new file mode 100644
index 000000000..1cebfe946
--- /dev/null
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/xchacha20poly1305.go
@@ -0,0 +1,86 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package chacha20poly1305
+
+import (
+	"crypto/cipher"
+	"errors"
+
+	"golang.org/x/crypto/chacha20"
+)
+
+type xchacha20poly1305 struct {
+	key [KeySize]byte
+}
+
+// NewX returns a XChaCha20-Poly1305 AEAD that uses the given 256-bit key.
+//
+// XChaCha20-Poly1305 is a ChaCha20-Poly1305 variant that takes a longer nonce,
+// suitable to be generated randomly without risk of collisions. It should be
+// preferred when nonce uniqueness cannot be trivially ensured, or whenever
+// nonces are randomly generated.
+func NewX(key []byte) (cipher.AEAD, error) {
+	if len(key) != KeySize {
+		return nil, errors.New("chacha20poly1305: bad key length")
+	}
+	ret := new(xchacha20poly1305)
+	copy(ret.key[:], key)
+	return ret, nil
+}
+
+func (*xchacha20poly1305) NonceSize() int {
+	return NonceSizeX
+}
+
+func (*xchacha20poly1305) Overhead() int {
+	return Overhead
+}
+
+func (x *xchacha20poly1305) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
+	if len(nonce) != NonceSizeX {
+		panic("chacha20poly1305: bad nonce length passed to Seal")
+	}
+
+	// XChaCha20-Poly1305 technically supports a 64-bit counter, so there is no
+	// size limit. However, since we reuse the ChaCha20-Poly1305 implementation,
+	// the second half of the counter is not available. This is unlikely to be
+	// an issue because the cipher.AEAD API requires the entire message to be in
+	// memory, and the counter overflows at 256 GB.
+	if uint64(len(plaintext)) > (1<<38)-64 {
+		panic("chacha20poly1305: plaintext too large")
+	}
+
+	c := new(chacha20poly1305)
+	hKey, _ := chacha20.HChaCha20(x.key[:], nonce[0:16])
+	copy(c.key[:], hKey)
+
+	// The first 4 bytes of the final nonce are unused counter space.
+	cNonce := make([]byte, NonceSize)
+	copy(cNonce[4:12], nonce[16:24])
+
+	return c.seal(dst, cNonce[:], plaintext, additionalData)
+}
+
+func (x *xchacha20poly1305) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+	if len(nonce) != NonceSizeX {
+		panic("chacha20poly1305: bad nonce length passed to Open")
+	}
+	if len(ciphertext) < 16 {
+		return nil, errOpen
+	}
+	if uint64(len(ciphertext)) > (1<<38)-48 {
+		panic("chacha20poly1305: ciphertext too large")
+	}
+
+	c := new(chacha20poly1305)
+	hKey, _ := chacha20.HChaCha20(x.key[:], nonce[0:16])
+	copy(c.key[:], hKey)
+
+	// The first 4 bytes of the final nonce are unused counter space.
+	cNonce := make([]byte, NonceSize)
+	copy(cNonce[4:12], nonce[16:24])
+
+	return c.open(dst, cNonce[:], ciphertext, additionalData)
+}
diff --git a/vendor/golang.org/x/crypto/cryptobyte/asn1.go b/vendor/golang.org/x/crypto/cryptobyte/asn1.go
new file mode 100644
index 000000000..6fc2838a3
--- /dev/null
+++ b/vendor/golang.org/x/crypto/cryptobyte/asn1.go
@@ -0,0 +1,824 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cryptobyte
+
+import (
+	encoding_asn1 "encoding/asn1"
+	"fmt"
+	"math/big"
+	"reflect"
+	"time"
+
+	"golang.org/x/crypto/cryptobyte/asn1"
+)
+
+// This file contains ASN.1-related methods for String and Builder.
+
+// Builder
+
+// AddASN1Int64 appends a DER-encoded ASN.1 INTEGER.
+func (b *Builder) AddASN1Int64(v int64) {
+	b.addASN1Signed(asn1.INTEGER, v)
+}
+
+// AddASN1Int64WithTag appends a DER-encoded ASN.1 INTEGER with the
+// given tag.
+func (b *Builder) AddASN1Int64WithTag(v int64, tag asn1.Tag) {
+	b.addASN1Signed(tag, v)
+}
+
+// AddASN1Enum appends a DER-encoded ASN.1 ENUMERATION.
+func (b *Builder) AddASN1Enum(v int64) {
+	b.addASN1Signed(asn1.ENUM, v)
+}
+
+func (b *Builder) addASN1Signed(tag asn1.Tag, v int64) {
+	b.AddASN1(tag, func(c *Builder) {
+		length := 1
+		for i := v; i >= 0x80 || i < -0x80; i >>= 8 {
+			length++
+		}
+
+		for ; length > 0; length-- {
+			i := v >> uint((length-1)*8) & 0xff
+			c.AddUint8(uint8(i))
+		}
+	})
+}
+
+// AddASN1Uint64 appends a DER-encoded ASN.1 INTEGER.
+func (b *Builder) AddASN1Uint64(v uint64) {
+	b.AddASN1(asn1.INTEGER, func(c *Builder) {
+		length := 1
+		for i := v; i >= 0x80; i >>= 8 {
+			length++
+		}
+
+		for ; length > 0; length-- {
+			i := v >> uint((length-1)*8) & 0xff
+			c.AddUint8(uint8(i))
+		}
+	})
+}
+
+// AddASN1BigInt appends a DER-encoded ASN.1 INTEGER.
+func (b *Builder) AddASN1BigInt(n *big.Int) {
+	if b.err != nil {
+		return
+	}
+
+	b.AddASN1(asn1.INTEGER, func(c *Builder) {
+		if n.Sign() < 0 {
+			// A negative number has to be converted to two's-complement form. So we
+			// invert and subtract 1. If the most-significant-bit isn't set then
+			// we'll need to pad the beginning with 0xff in order to keep the number
+			// negative.
+			nMinus1 := new(big.Int).Neg(n)
+			nMinus1.Sub(nMinus1, bigOne)
+			bytes := nMinus1.Bytes()
+			for i := range bytes {
+				bytes[i] ^= 0xff
+			}
+			if len(bytes) == 0 || bytes[0]&0x80 == 0 {
+				c.add(0xff)
+			}
+			c.add(bytes...)
+		} else if n.Sign() == 0 {
+			c.add(0)
+		} else {
+			bytes := n.Bytes()
+			if bytes[0]&0x80 != 0 {
+				c.add(0)
+			}
+			c.add(bytes...)
+		}
+	})
+}
+
+// AddASN1OctetString appends a DER-encoded ASN.1 OCTET STRING.
+func (b *Builder) AddASN1OctetString(bytes []byte) {
+	b.AddASN1(asn1.OCTET_STRING, func(c *Builder) {
+		c.AddBytes(bytes)
+	})
+}
+
+const generalizedTimeFormatStr = "20060102150405Z0700"
+
+// AddASN1GeneralizedTime appends a DER-encoded ASN.1 GENERALIZEDTIME.
+func (b *Builder) AddASN1GeneralizedTime(t time.Time) {
+	if t.Year() < 0 || t.Year() > 9999 {
+		b.err = fmt.Errorf("cryptobyte: cannot represent %v as a GeneralizedTime", t)
+		return
+	}
+	b.AddASN1(asn1.GeneralizedTime, func(c *Builder) {
+		c.AddBytes([]byte(t.Format(generalizedTimeFormatStr)))
+	})
+}
+
+// AddASN1UTCTime appends a DER-encoded ASN.1 UTCTime.
+func (b *Builder) AddASN1UTCTime(t time.Time) {
+	b.AddASN1(asn1.UTCTime, func(c *Builder) {
+		// As utilized by the X.509 profile, UTCTime can only
+		// represent the years 1950 through 2049.
+		if t.Year() < 1950 || t.Year() >= 2050 {
+			b.err = fmt.Errorf("cryptobyte: cannot represent %v as a UTCTime", t)
+			return
+		}
+		c.AddBytes([]byte(t.Format(defaultUTCTimeFormatStr)))
+	})
+}
+
+// AddASN1BitString appends a DER-encoded ASN.1 BIT STRING. This does not
+// support BIT STRINGs that are not a whole number of bytes.
+func (b *Builder) AddASN1BitString(data []byte) {
+	b.AddASN1(asn1.BIT_STRING, func(b *Builder) {
+		b.AddUint8(0)
+		b.AddBytes(data)
+	})
+}
+
+func (b *Builder) addBase128Int(n int64) {
+	var length int
+	if n == 0 {
+		length = 1
+	} else {
+		for i := n; i > 0; i >>= 7 {
+			length++
+		}
+	}
+
+	for i := length - 1; i >= 0; i-- {
+		o := byte(n >> uint(i*7))
+		o &= 0x7f
+		if i != 0 {
+			o |= 0x80
+		}
+
+		b.add(o)
+	}
+}
+
+func isValidOID(oid encoding_asn1.ObjectIdentifier) bool {
+	if len(oid) < 2 {
+		return false
+	}
+
+	if oid[0] > 2 || (oid[0] <= 1 && oid[1] >= 40) {
+		return false
+	}
+
+	for _, v := range oid {
+		if v < 0 {
+			return false
+		}
+	}
+
+	return true
+}
+
+func (b *Builder) AddASN1ObjectIdentifier(oid encoding_asn1.ObjectIdentifier) {
+	b.AddASN1(asn1.OBJECT_IDENTIFIER, func(b *Builder) {
+		if !isValidOID(oid) {
+			b.err = fmt.Errorf("cryptobyte: invalid OID: %v", oid)
+			return
+		}
+
+		b.addBase128Int(int64(oid[0])*40 + int64(oid[1]))
+		for _, v := range oid[2:] {
+			b.addBase128Int(int64(v))
+		}
+	})
+}
+
+func (b *Builder) AddASN1Boolean(v bool) {
+	b.AddASN1(asn1.BOOLEAN, func(b *Builder) {
+		if v {
+			b.AddUint8(0xff)
+		} else {
+			b.AddUint8(0)
+		}
+	})
+}
+
+func (b *Builder) AddASN1NULL() {
+	b.add(uint8(asn1.NULL), 0)
+}
+
+// MarshalASN1 calls encoding_asn1.Marshal on its input and appends the result if
+// successful or records an error if one occurred.
+func (b *Builder) MarshalASN1(v interface{}) {
+	// NOTE(martinkr): This is somewhat of a hack to allow propagation of
+	// encoding_asn1.Marshal errors into Builder.err. N.B. if you call MarshalASN1 with a
+	// value embedded into a struct, its tag information is lost.
+	if b.err != nil {
+		return
+	}
+	bytes, err := encoding_asn1.Marshal(v)
+	if err != nil {
+		b.err = err
+		return
+	}
+	b.AddBytes(bytes)
+}
+
+// AddASN1 appends an ASN.1 object. The object is prefixed with the given tag.
+// Tags greater than 30 are not supported and result in an error (i.e.
+// low-tag-number form only). The child builder passed to the
+// BuilderContinuation can be used to build the content of the ASN.1 object.
+func (b *Builder) AddASN1(tag asn1.Tag, f BuilderContinuation) {
+	if b.err != nil {
+		return
+	}
+	// Identifiers with the low five bits set indicate high-tag-number format
+	// (two or more octets), which we don't support.
+	if tag&0x1f == 0x1f {
+		b.err = fmt.Errorf("cryptobyte: high-tag number identifier octects not supported: 0x%x", tag)
+		return
+	}
+	b.AddUint8(uint8(tag))
+	b.addLengthPrefixed(1, true, f)
+}
+
+// String
+
+// ReadASN1Boolean decodes an ASN.1 BOOLEAN and converts it to a boolean
+// representation into out and advances. It reports whether the read
+// was successful.
+func (s *String) ReadASN1Boolean(out *bool) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.BOOLEAN) || len(bytes) != 1 {
+		return false
+	}
+
+	switch bytes[0] {
+	case 0:
+		*out = false
+	case 0xff:
+		*out = true
+	default:
+		return false
+	}
+
+	return true
+}
+
+// ReadASN1Integer decodes an ASN.1 INTEGER into out and advances. If out does
+// not point to an integer, to a big.Int, or to a []byte it panics. Only
+// positive and zero values can be decoded into []byte, and they are returned as
+// big-endian binary values that share memory with s. Positive values will have
+// no leading zeroes, and zero will be returned as a single zero byte.
+// ReadASN1Integer reports whether the read was successful.
+func (s *String) ReadASN1Integer(out interface{}) bool {
+	switch out := out.(type) {
+	case *int, *int8, *int16, *int32, *int64:
+		var i int64
+		if !s.readASN1Int64(&i) || reflect.ValueOf(out).Elem().OverflowInt(i) {
+			return false
+		}
+		reflect.ValueOf(out).Elem().SetInt(i)
+		return true
+	case *uint, *uint8, *uint16, *uint32, *uint64:
+		var u uint64
+		if !s.readASN1Uint64(&u) || reflect.ValueOf(out).Elem().OverflowUint(u) {
+			return false
+		}
+		reflect.ValueOf(out).Elem().SetUint(u)
+		return true
+	case *big.Int:
+		return s.readASN1BigInt(out)
+	case *[]byte:
+		return s.readASN1Bytes(out)
+	default:
+		panic("out does not point to an integer type")
+	}
+}
+
+func checkASN1Integer(bytes []byte) bool {
+	if len(bytes) == 0 {
+		// An INTEGER is encoded with at least one octet.
+		return false
+	}
+	if len(bytes) == 1 {
+		return true
+	}
+	if bytes[0] == 0 && bytes[1]&0x80 == 0 || bytes[0] == 0xff && bytes[1]&0x80 == 0x80 {
+		// Value is not minimally encoded.
+		return false
+	}
+	return true
+}
+
+var bigOne = big.NewInt(1)
+
+func (s *String) readASN1BigInt(out *big.Int) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) {
+		return false
+	}
+	if bytes[0]&0x80 == 0x80 {
+		// Negative number.
+		neg := make([]byte, len(bytes))
+		for i, b := range bytes {
+			neg[i] = ^b
+		}
+		out.SetBytes(neg)
+		out.Add(out, bigOne)
+		out.Neg(out)
+	} else {
+		out.SetBytes(bytes)
+	}
+	return true
+}
+
+func (s *String) readASN1Bytes(out *[]byte) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) {
+		return false
+	}
+	if bytes[0]&0x80 == 0x80 {
+		return false
+	}
+	for len(bytes) > 1 && bytes[0] == 0 {
+		bytes = bytes[1:]
+	}
+	*out = bytes
+	return true
+}
+
+func (s *String) readASN1Int64(out *int64) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) || !asn1Signed(out, bytes) {
+		return false
+	}
+	return true
+}
+
+func asn1Signed(out *int64, n []byte) bool {
+	length := len(n)
+	if length > 8 {
+		return false
+	}
+	for i := 0; i < length; i++ {
+		*out <<= 8
+		*out |= int64(n[i])
+	}
+	// Shift up and down in order to sign extend the result.
+	*out <<= 64 - uint8(length)*8
+	*out >>= 64 - uint8(length)*8
+	return true
+}
+
+func (s *String) readASN1Uint64(out *uint64) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) || !asn1Unsigned(out, bytes) {
+		return false
+	}
+	return true
+}
+
+func asn1Unsigned(out *uint64, n []byte) bool {
+	length := len(n)
+	if length > 9 || length == 9 && n[0] != 0 {
+		// Too large for uint64.
+		return false
+	}
+	if n[0]&0x80 != 0 {
+		// Negative number.
+		return false
+	}
+	for i := 0; i < length; i++ {
+		*out <<= 8
+		*out |= uint64(n[i])
+	}
+	return true
+}
+
+// ReadASN1Int64WithTag decodes an ASN.1 INTEGER with the given tag into out
+// and advances. It reports whether the read was successful and resulted in a
+// value that can be represented in an int64.
+func (s *String) ReadASN1Int64WithTag(out *int64, tag asn1.Tag) bool {
+	var bytes String
+	return s.ReadASN1(&bytes, tag) && checkASN1Integer(bytes) && asn1Signed(out, bytes)
+}
+
+// ReadASN1Enum decodes an ASN.1 ENUMERATION into out and advances. It reports
+// whether the read was successful.
+func (s *String) ReadASN1Enum(out *int) bool {
+	var bytes String
+	var i int64
+	if !s.ReadASN1(&bytes, asn1.ENUM) || !checkASN1Integer(bytes) || !asn1Signed(&i, bytes) {
+		return false
+	}
+	if int64(int(i)) != i {
+		return false
+	}
+	*out = int(i)
+	return true
+}
+
+func (s *String) readBase128Int(out *int) bool {
+	ret := 0
+	for i := 0; len(*s) > 0; i++ {
+		if i == 5 {
+			return false
+		}
+		// Avoid overflowing int on a 32-bit platform.
+		// We don't want different behavior based on the architecture.
+		if ret >= 1<<(31-7) {
+			return false
+		}
+		ret <<= 7
+		b := s.read(1)[0]
+
+		// ITU-T X.690, section 8.19.2:
+		// The subidentifier shall be encoded in the fewest possible octets,
+		// that is, the leading octet of the subidentifier shall not have the value 0x80.
+		if i == 0 && b == 0x80 {
+			return false
+		}
+
+		ret |= int(b & 0x7f)
+		if b&0x80 == 0 {
+			*out = ret
+			return true
+		}
+	}
+	return false // truncated
+}
+
+// ReadASN1ObjectIdentifier decodes an ASN.1 OBJECT IDENTIFIER into out and
+// advances. It reports whether the read was successful.
+func (s *String) ReadASN1ObjectIdentifier(out *encoding_asn1.ObjectIdentifier) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.OBJECT_IDENTIFIER) || len(bytes) == 0 {
+		return false
+	}
+
+	// In the worst case, we get two elements from the first byte (which is
+	// encoded differently) and then every varint is a single byte long.
+	components := make([]int, len(bytes)+1)
+
+	// The first varint is 40*value1 + value2:
+	// According to this packing, value1 can take the values 0, 1 and 2 only.
+	// When value1 = 0 or value1 = 1, then value2 is <= 39. When value1 = 2,
+	// then there are no restrictions on value2.
+	var v int
+	if !bytes.readBase128Int(&v) {
+		return false
+	}
+	if v < 80 {
+		components[0] = v / 40
+		components[1] = v % 40
+	} else {
+		components[0] = 2
+		components[1] = v - 80
+	}
+
+	i := 2
+	for ; len(bytes) > 0; i++ {
+		if !bytes.readBase128Int(&v) {
+			return false
+		}
+		components[i] = v
+	}
+	*out = components[:i]
+	return true
+}
+
+// ReadASN1GeneralizedTime decodes an ASN.1 GENERALIZEDTIME into out and
+// advances. It reports whether the read was successful.
+func (s *String) ReadASN1GeneralizedTime(out *time.Time) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.GeneralizedTime) {
+		return false
+	}
+	t := string(bytes)
+	res, err := time.Parse(generalizedTimeFormatStr, t)
+	if err != nil {
+		return false
+	}
+	if serialized := res.Format(generalizedTimeFormatStr); serialized != t {
+		return false
+	}
+	*out = res
+	return true
+}
+
+const defaultUTCTimeFormatStr = "060102150405Z0700"
+
+// ReadASN1UTCTime decodes an ASN.1 UTCTime into out and advances.
+// It reports whether the read was successful.
+func (s *String) ReadASN1UTCTime(out *time.Time) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.UTCTime) {
+		return false
+	}
+	t := string(bytes)
+
+	formatStr := defaultUTCTimeFormatStr
+	var err error
+	res, err := time.Parse(formatStr, t)
+	if err != nil {
+		// Fallback to minute precision if we can't parse second
+		// precision. If we are following X.509 or X.690 we shouldn't
+		// support this, but we do.
+		formatStr = "0601021504Z0700"
+		res, err = time.Parse(formatStr, t)
+	}
+	if err != nil {
+		return false
+	}
+
+	if serialized := res.Format(formatStr); serialized != t {
+		return false
+	}
+
+	if res.Year() >= 2050 {
+		// UTCTime interprets the low order digits 50-99 as 1950-99.
+		// This only applies to its use in the X.509 profile.
+		// See https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1
+		res = res.AddDate(-100, 0, 0)
+	}
+	*out = res
+	return true
+}
+
+// ReadASN1BitString decodes an ASN.1 BIT STRING into out and advances.
+// It reports whether the read was successful.
+func (s *String) ReadASN1BitString(out *encoding_asn1.BitString) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 ||
+		len(bytes)*8/8 != len(bytes) {
+		return false
+	}
+
+	paddingBits := bytes[0]
+	bytes = bytes[1:]
+	if paddingBits > 7 ||
+		len(bytes) == 0 && paddingBits != 0 ||
+		len(bytes) > 0 && bytes[len(bytes)-1]&(1<<paddingBits-1) != 0 {
+		return false
+	}
+
+	out.BitLength = len(bytes)*8 - int(paddingBits)
+	out.Bytes = bytes
+	return true
+}
+
+// ReadASN1BitStringAsBytes decodes an ASN.1 BIT STRING into out and advances. It is
+// an error if the BIT STRING is not a whole number of bytes. It reports
+// whether the read was successful.
+func (s *String) ReadASN1BitStringAsBytes(out *[]byte) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 {
+		return false
+	}
+
+	paddingBits := bytes[0]
+	if paddingBits != 0 {
+		return false
+	}
+	*out = bytes[1:]
+	return true
+}
+
+// ReadASN1Bytes reads the contents of a DER-encoded ASN.1 element (not including
+// tag and length bytes) into out, and advances. The element must match the
+// given tag. It reports whether the read was successful.
+func (s *String) ReadASN1Bytes(out *[]byte, tag asn1.Tag) bool {
+	return s.ReadASN1((*String)(out), tag)
+}
+
+// ReadASN1 reads the contents of a DER-encoded ASN.1 element (not including
+// tag and length bytes) into out, and advances. The element must match the
+// given tag. It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadASN1(out *String, tag asn1.Tag) bool {
+	var t asn1.Tag
+	if !s.ReadAnyASN1(out, &t) || t != tag {
+		return false
+	}
+	return true
+}
+
+// ReadASN1Element reads the contents of a DER-encoded ASN.1 element (including
+// tag and length bytes) into out, and advances. The element must match the
+// given tag. It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadASN1Element(out *String, tag asn1.Tag) bool {
+	var t asn1.Tag
+	if !s.ReadAnyASN1Element(out, &t) || t != tag {
+		return false
+	}
+	return true
+}
+
+// ReadAnyASN1 reads the contents of a DER-encoded ASN.1 element (not including
+// tag and length bytes) into out, sets outTag to its tag, and advances.
+// It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadAnyASN1(out *String, outTag *asn1.Tag) bool {
+	return s.readASN1(out, outTag, true /* skip header */)
+}
+
+// ReadAnyASN1Element reads the contents of a DER-encoded ASN.1 element
+// (including tag and length bytes) into out, sets outTag to is tag, and
+// advances. It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadAnyASN1Element(out *String, outTag *asn1.Tag) bool {
+	return s.readASN1(out, outTag, false /* include header */)
+}
+
+// PeekASN1Tag reports whether the next ASN.1 value on the string starts with
+// the given tag.
+func (s String) PeekASN1Tag(tag asn1.Tag) bool {
+	if len(s) == 0 {
+		return false
+	}
+	return asn1.Tag(s[0]) == tag
+}
+
+// SkipASN1 reads and discards an ASN.1 element with the given tag. It
+// reports whether the operation was successful.
+func (s *String) SkipASN1(tag asn1.Tag) bool {
+	var unused String
+	return s.ReadASN1(&unused, tag)
+}
+
+// ReadOptionalASN1 attempts to read the contents of a DER-encoded ASN.1
+// element (not including tag and length bytes) tagged with the given tag into
+// out. It stores whether an element with the tag was found in outPresent,
+// unless outPresent is nil. It reports whether the read was successful.
+func (s *String) ReadOptionalASN1(out *String, outPresent *bool, tag asn1.Tag) bool {
+	present := s.PeekASN1Tag(tag)
+	if outPresent != nil {
+		*outPresent = present
+	}
+	if present && !s.ReadASN1(out, tag) {
+		return false
+	}
+	return true
+}
+
+// SkipOptionalASN1 advances s over an ASN.1 element with the given tag, or
+// else leaves s unchanged. It reports whether the operation was successful.
+func (s *String) SkipOptionalASN1(tag asn1.Tag) bool {
+	if !s.PeekASN1Tag(tag) {
+		return true
+	}
+	var unused String
+	return s.ReadASN1(&unused, tag)
+}
+
+// ReadOptionalASN1Integer attempts to read an optional ASN.1 INTEGER explicitly
+// tagged with tag into out and advances. If no element with a matching tag is
+// present, it writes defaultValue into out instead. Otherwise, it behaves like
+// ReadASN1Integer.
+func (s *String) ReadOptionalASN1Integer(out interface{}, tag asn1.Tag, defaultValue interface{}) bool {
+	var present bool
+	var i String
+	if !s.ReadOptionalASN1(&i, &present, tag) {
+		return false
+	}
+	if !present {
+		switch out.(type) {
+		case *int, *int8, *int16, *int32, *int64,
+			*uint, *uint8, *uint16, *uint32, *uint64, *[]byte:
+			reflect.ValueOf(out).Elem().Set(reflect.ValueOf(defaultValue))
+		case *big.Int:
+			if defaultValue, ok := defaultValue.(*big.Int); ok {
+				out.(*big.Int).Set(defaultValue)
+			} else {
+				panic("out points to big.Int, but defaultValue does not")
+			}
+		default:
+			panic("invalid integer type")
+		}
+		return true
+	}
+	if !i.ReadASN1Integer(out) || !i.Empty() {
+		return false
+	}
+	return true
+}
+
+// ReadOptionalASN1OctetString attempts to read an optional ASN.1 OCTET STRING
+// explicitly tagged with tag into out and advances. If no element with a
+// matching tag is present, it sets "out" to nil instead. It reports
+// whether the read was successful.
+func (s *String) ReadOptionalASN1OctetString(out *[]byte, outPresent *bool, tag asn1.Tag) bool {
+	var present bool
+	var child String
+	if !s.ReadOptionalASN1(&child, &present, tag) {
+		return false
+	}
+	if outPresent != nil {
+		*outPresent = present
+	}
+	if present {
+		var oct String
+		if !child.ReadASN1(&oct, asn1.OCTET_STRING) || !child.Empty() {
+			return false
+		}
+		*out = oct
+	} else {
+		*out = nil
+	}
+	return true
+}
+
+// ReadOptionalASN1Boolean sets *out to the value of the next ASN.1 BOOLEAN or,
+// if the next bytes are not an ASN.1 BOOLEAN, to the value of defaultValue.
+// It reports whether the operation was successful.
+func (s *String) ReadOptionalASN1Boolean(out *bool, defaultValue bool) bool {
+	var present bool
+	var child String
+	if !s.ReadOptionalASN1(&child, &present, asn1.BOOLEAN) {
+		return false
+	}
+
+	if !present {
+		*out = defaultValue
+		return true
+	}
+
+	return s.ReadASN1Boolean(out)
+}
+
+func (s *String) readASN1(out *String, outTag *asn1.Tag, skipHeader bool) bool {
+	if len(*s) < 2 {
+		return false
+	}
+	tag, lenByte := (*s)[0], (*s)[1]
+
+	if tag&0x1f == 0x1f {
+		// ITU-T X.690 section 8.1.2
+		//
+		// An identifier octet with a tag part of 0x1f indicates a high-tag-number
+		// form identifier with two or more octets. We only support tags less than
+		// 31 (i.e. low-tag-number form, single octet identifier).
+		return false
+	}
+
+	if outTag != nil {
+		*outTag = asn1.Tag(tag)
+	}
+
+	// ITU-T X.690 section 8.1.3
+	//
+	// Bit 8 of the first length byte indicates whether the length is short- or
+	// long-form.
+	var length, headerLen uint32 // length includes headerLen
+	if lenByte&0x80 == 0 {
+		// Short-form length (section 8.1.3.4), encoded in bits 1-7.
+		length = uint32(lenByte) + 2
+		headerLen = 2
+	} else {
+		// Long-form length (section 8.1.3.5). Bits 1-7 encode the number of octets
+		// used to encode the length.
+		lenLen := lenByte & 0x7f
+		var len32 uint32
+
+		if lenLen == 0 || lenLen > 4 || len(*s) < int(2+lenLen) {
+			return false
+		}
+
+		lenBytes := String((*s)[2 : 2+lenLen])
+		if !lenBytes.readUnsigned(&len32, int(lenLen)) {
+			return false
+		}
+
+		// ITU-T X.690 section 10.1 (DER length forms) requires encoding the length
+		// with the minimum number of octets.
+		if len32 < 128 {
+			// Length should have used short-form encoding.
+			return false
+		}
+		if len32>>((lenLen-1)*8) == 0 {
+			// Leading octet is 0. Length should have been at least one byte shorter.
+			return false
+		}
+
+		headerLen = 2 + uint32(lenLen)
+		if headerLen+len32 < len32 {
+			// Overflow.
+			return false
+		}
+		length = headerLen + len32
+	}
+
+	if int(length) < 0 || !s.ReadBytes((*[]byte)(out), int(length)) {
+		return false
+	}
+	if skipHeader && !out.Skip(int(headerLen)) {
+		panic("cryptobyte: internal error")
+	}
+
+	return true
+}
diff --git a/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go b/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go
new file mode 100644
index 000000000..cda8e3edf
--- /dev/null
+++ b/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go
@@ -0,0 +1,46 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package asn1 contains supporting types for parsing and building ASN.1
+// messages with the cryptobyte package.
+package asn1 // import "golang.org/x/crypto/cryptobyte/asn1"
+
+// Tag represents an ASN.1 identifier octet, consisting of a tag number
+// (indicating a type) and class (such as context-specific or constructed).
+//
+// Methods in the cryptobyte package only support the low-tag-number form, i.e.
+// a single identifier octet with bits 7-8 encoding the class and bits 1-6
+// encoding the tag number.
+type Tag uint8
+
+const (
+	classConstructed     = 0x20
+	classContextSpecific = 0x80
+)
+
+// Constructed returns t with the constructed class bit set.
+func (t Tag) Constructed() Tag { return t | classConstructed }
+
+// ContextSpecific returns t with the context-specific class bit set.
+func (t Tag) ContextSpecific() Tag { return t | classContextSpecific }
+
+// The following is a list of standard tag and class combinations.
+const (
+	BOOLEAN           = Tag(1)
+	INTEGER           = Tag(2)
+	BIT_STRING        = Tag(3)
+	OCTET_STRING      = Tag(4)
+	NULL              = Tag(5)
+	OBJECT_IDENTIFIER = Tag(6)
+	ENUM              = Tag(10)
+	UTF8String        = Tag(12)
+	SEQUENCE          = Tag(16 | classConstructed)
+	SET               = Tag(17 | classConstructed)
+	PrintableString   = Tag(19)
+	T61String         = Tag(20)
+	IA5String         = Tag(22)
+	UTCTime           = Tag(23)
+	GeneralizedTime   = Tag(24)
+	GeneralString     = Tag(27)
+)
diff --git a/vendor/golang.org/x/crypto/cryptobyte/builder.go b/vendor/golang.org/x/crypto/cryptobyte/builder.go
new file mode 100644
index 000000000..c05ac7d16
--- /dev/null
+++ b/vendor/golang.org/x/crypto/cryptobyte/builder.go
@@ -0,0 +1,345 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cryptobyte
+
+import (
+	"errors"
+	"fmt"
+)
+
+// A Builder builds byte strings from fixed-length and length-prefixed values.
+// Builders either allocate space as needed, or are ‘fixed’, which means that
+// they write into a given buffer and produce an error if it's exhausted.
+//
+// The zero value is a usable Builder that allocates space as needed.
+//
+// Simple values are marshaled and appended to a Builder using methods on the
+// Builder. Length-prefixed values are marshaled by providing a
+// BuilderContinuation, which is a function that writes the inner contents of
+// the value to a given Builder. See the documentation for BuilderContinuation
+// for details.
+type Builder struct {
+	err            error
+	result         []byte
+	fixedSize      bool
+	child          *Builder
+	offset         int
+	pendingLenLen  int
+	pendingIsASN1  bool
+	inContinuation *bool
+}
+
+// NewBuilder creates a Builder that appends its output to the given buffer.
+// Like append(), the slice will be reallocated if its capacity is exceeded.
+// Use Bytes to get the final buffer.
+func NewBuilder(buffer []byte) *Builder {
+	return &Builder{
+		result: buffer,
+	}
+}
+
+// NewFixedBuilder creates a Builder that appends its output into the given
+// buffer. This builder does not reallocate the output buffer. Writes that
+// would exceed the buffer's capacity are treated as an error.
+func NewFixedBuilder(buffer []byte) *Builder {
+	return &Builder{
+		result:    buffer,
+		fixedSize: true,
+	}
+}
+
+// SetError sets the value to be returned as the error from Bytes. Writes
+// performed after calling SetError are ignored.
+func (b *Builder) SetError(err error) {
+	b.err = err
+}
+
+// Bytes returns the bytes written by the builder or an error if one has
+// occurred during building.
+func (b *Builder) Bytes() ([]byte, error) {
+	if b.err != nil {
+		return nil, b.err
+	}
+	return b.result[b.offset:], nil
+}
+
+// BytesOrPanic returns the bytes written by the builder or panics if an error
+// has occurred during building.
+func (b *Builder) BytesOrPanic() []byte {
+	if b.err != nil {
+		panic(b.err)
+	}
+	return b.result[b.offset:]
+}
+
+// AddUint8 appends an 8-bit value to the byte string.
+func (b *Builder) AddUint8(v uint8) {
+	b.add(byte(v))
+}
+
+// AddUint16 appends a big-endian, 16-bit value to the byte string.
+func (b *Builder) AddUint16(v uint16) {
+	b.add(byte(v>>8), byte(v))
+}
+
+// AddUint24 appends a big-endian, 24-bit value to the byte string. The highest
+// byte of the 32-bit input value is silently truncated.
+func (b *Builder) AddUint24(v uint32) {
+	b.add(byte(v>>16), byte(v>>8), byte(v))
+}
+
+// AddUint32 appends a big-endian, 32-bit value to the byte string.
+func (b *Builder) AddUint32(v uint32) {
+	b.add(byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
+}
+
+// AddUint64 appends a big-endian, 64-bit value to the byte string.
+func (b *Builder) AddUint64(v uint64) {
+	b.add(byte(v>>56), byte(v>>48), byte(v>>40), byte(v>>32), byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
+}
+
+// AddBytes appends a sequence of bytes to the byte string.
+func (b *Builder) AddBytes(v []byte) {
+	b.add(v...)
+}
+
+// BuilderContinuation is a continuation-passing interface for building
+// length-prefixed byte sequences. Builder methods for length-prefixed
+// sequences (AddUint8LengthPrefixed etc) will invoke the BuilderContinuation
+// supplied to them. The child builder passed to the continuation can be used
+// to build the content of the length-prefixed sequence. For example:
+//
+//	parent := cryptobyte.NewBuilder()
+//	parent.AddUint8LengthPrefixed(func (child *Builder) {
+//	  child.AddUint8(42)
+//	  child.AddUint8LengthPrefixed(func (grandchild *Builder) {
+//	    grandchild.AddUint8(5)
+//	  })
+//	})
+//
+// It is an error to write more bytes to the child than allowed by the reserved
+// length prefix. After the continuation returns, the child must be considered
+// invalid, i.e. users must not store any copies or references of the child
+// that outlive the continuation.
+//
+// If the continuation panics with a value of type BuildError then the inner
+// error will be returned as the error from Bytes. If the child panics
+// otherwise then Bytes will repanic with the same value.
+type BuilderContinuation func(child *Builder)
+
+// BuildError wraps an error. If a BuilderContinuation panics with this value,
+// the panic will be recovered and the inner error will be returned from
+// Builder.Bytes.
+type BuildError struct {
+	Err error
+}
+
+// AddUint8LengthPrefixed adds a 8-bit length-prefixed byte sequence.
+func (b *Builder) AddUint8LengthPrefixed(f BuilderContinuation) {
+	b.addLengthPrefixed(1, false, f)
+}
+
+// AddUint16LengthPrefixed adds a big-endian, 16-bit length-prefixed byte sequence.
+func (b *Builder) AddUint16LengthPrefixed(f BuilderContinuation) {
+	b.addLengthPrefixed(2, false, f)
+}
+
+// AddUint24LengthPrefixed adds a big-endian, 24-bit length-prefixed byte sequence.
+func (b *Builder) AddUint24LengthPrefixed(f BuilderContinuation) {
+	b.addLengthPrefixed(3, false, f)
+}
+
+// AddUint32LengthPrefixed adds a big-endian, 32-bit length-prefixed byte sequence.
+func (b *Builder) AddUint32LengthPrefixed(f BuilderContinuation) {
+	b.addLengthPrefixed(4, false, f)
+}
+
+func (b *Builder) callContinuation(f BuilderContinuation, arg *Builder) {
+	if !*b.inContinuation {
+		*b.inContinuation = true
+
+		defer func() {
+			*b.inContinuation = false
+
+			r := recover()
+			if r == nil {
+				return
+			}
+
+			if buildError, ok := r.(BuildError); ok {
+				b.err = buildError.Err
+			} else {
+				panic(r)
+			}
+		}()
+	}
+
+	f(arg)
+}
+
+func (b *Builder) addLengthPrefixed(lenLen int, isASN1 bool, f BuilderContinuation) {
+	// Subsequent writes can be ignored if the builder has encountered an error.
+	if b.err != nil {
+		return
+	}
+
+	offset := len(b.result)
+	b.add(make([]byte, lenLen)...)
+
+	if b.inContinuation == nil {
+		b.inContinuation = new(bool)
+	}
+
+	b.child = &Builder{
+		result:         b.result,
+		fixedSize:      b.fixedSize,
+		offset:         offset,
+		pendingLenLen:  lenLen,
+		pendingIsASN1:  isASN1,
+		inContinuation: b.inContinuation,
+	}
+
+	b.callContinuation(f, b.child)
+	b.flushChild()
+	if b.child != nil {
+		panic("cryptobyte: internal error")
+	}
+}
+
+func (b *Builder) flushChild() {
+	if b.child == nil {
+		return
+	}
+	b.child.flushChild()
+	child := b.child
+	b.child = nil
+
+	if child.err != nil {
+		b.err = child.err
+		return
+	}
+
+	length := len(child.result) - child.pendingLenLen - child.offset
+
+	if length < 0 {
+		panic("cryptobyte: internal error") // result unexpectedly shrunk
+	}
+
+	if child.pendingIsASN1 {
+		// For ASN.1, we reserved a single byte for the length. If that turned out
+		// to be incorrect, we have to move the contents along in order to make
+		// space.
+		if child.pendingLenLen != 1 {
+			panic("cryptobyte: internal error")
+		}
+		var lenLen, lenByte uint8
+		if int64(length) > 0xfffffffe {
+			b.err = errors.New("pending ASN.1 child too long")
+			return
+		} else if length > 0xffffff {
+			lenLen = 5
+			lenByte = 0x80 | 4
+		} else if length > 0xffff {
+			lenLen = 4
+			lenByte = 0x80 | 3
+		} else if length > 0xff {
+			lenLen = 3
+			lenByte = 0x80 | 2
+		} else if length > 0x7f {
+			lenLen = 2
+			lenByte = 0x80 | 1
+		} else {
+			lenLen = 1
+			lenByte = uint8(length)
+			length = 0
+		}
+
+		// Insert the initial length byte, make space for successive length bytes,
+		// and adjust the offset.
+		child.result[child.offset] = lenByte
+		extraBytes := int(lenLen - 1)
+		if extraBytes != 0 {
+			child.add(make([]byte, extraBytes)...)
+			childStart := child.offset + child.pendingLenLen
+			copy(child.result[childStart+extraBytes:], child.result[childStart:])
+		}
+		child.offset++
+		child.pendingLenLen = extraBytes
+	}
+
+	l := length
+	for i := child.pendingLenLen - 1; i >= 0; i-- {
+		child.result[child.offset+i] = uint8(l)
+		l >>= 8
+	}
+	if l != 0 {
+		b.err = fmt.Errorf("cryptobyte: pending child length %d exceeds %d-byte length prefix", length, child.pendingLenLen)
+		return
+	}
+
+	if b.fixedSize && &b.result[0] != &child.result[0] {
+		panic("cryptobyte: BuilderContinuation reallocated a fixed-size buffer")
+	}
+
+	b.result = child.result
+}
+
+func (b *Builder) add(bytes ...byte) {
+	if b.err != nil {
+		return
+	}
+	if b.child != nil {
+		panic("cryptobyte: attempted write while child is pending")
+	}
+	if len(b.result)+len(bytes) < len(bytes) {
+		b.err = errors.New("cryptobyte: length overflow")
+	}
+	if b.fixedSize && len(b.result)+len(bytes) > cap(b.result) {
+		b.err = errors.New("cryptobyte: Builder is exceeding its fixed-size buffer")
+		return
+	}
+	b.result = append(b.result, bytes...)
+}
+
+// Unwrite rolls back non-negative n bytes written directly to the Builder.
+// An attempt by a child builder passed to a continuation to unwrite bytes
+// from its parent will panic.
+func (b *Builder) Unwrite(n int) {
+	if b.err != nil {
+		return
+	}
+	if b.child != nil {
+		panic("cryptobyte: attempted unwrite while child is pending")
+	}
+	length := len(b.result) - b.pendingLenLen - b.offset
+	if length < 0 {
+		panic("cryptobyte: internal error")
+	}
+	if n < 0 {
+		panic("cryptobyte: attempted to unwrite negative number of bytes")
+	}
+	if n > length {
+		panic("cryptobyte: attempted to unwrite more than was written")
+	}
+	b.result = b.result[:len(b.result)-n]
+}
+
+// A MarshalingValue marshals itself into a Builder.
+type MarshalingValue interface {
+	// Marshal is called by Builder.AddValue. It receives a pointer to a builder
+	// to marshal itself into. It may return an error that occurred during
+	// marshaling, such as unset or invalid values.
+	Marshal(b *Builder) error
+}
+
+// AddValue calls Marshal on v, passing a pointer to the builder to append to.
+// If Marshal returns an error, it is set on the Builder so that subsequent
+// appends don't have an effect.
+func (b *Builder) AddValue(v MarshalingValue) {
+	err := v.Marshal(b)
+	if err != nil {
+		b.err = err
+	}
+}
diff --git a/vendor/golang.org/x/crypto/cryptobyte/string.go b/vendor/golang.org/x/crypto/cryptobyte/string.go
new file mode 100644
index 000000000..0531a3d6f
--- /dev/null
+++ b/vendor/golang.org/x/crypto/cryptobyte/string.go
@@ -0,0 +1,172 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cryptobyte contains types that help with parsing and constructing
+// length-prefixed, binary messages, including ASN.1 DER. (The asn1 subpackage
+// contains useful ASN.1 constants.)
+//
+// The String type is for parsing. It wraps a []byte slice and provides helper
+// functions for consuming structures, value by value.
+//
+// The Builder type is for constructing messages. It providers helper functions
+// for appending values and also for appending length-prefixed submessages –
+// without having to worry about calculating the length prefix ahead of time.
+//
+// See the documentation and examples for the Builder and String types to get
+// started.
+package cryptobyte // import "golang.org/x/crypto/cryptobyte"
+
+// String represents a string of bytes. It provides methods for parsing
+// fixed-length and length-prefixed values from it.
+type String []byte
+
+// read advances a String by n bytes and returns them. If less than n bytes
+// remain, it returns nil.
+func (s *String) read(n int) []byte {
+	if len(*s) < n || n < 0 {
+		return nil
+	}
+	v := (*s)[:n]
+	*s = (*s)[n:]
+	return v
+}
+
+// Skip advances the String by n byte and reports whether it was successful.
+func (s *String) Skip(n int) bool {
+	return s.read(n) != nil
+}
+
+// ReadUint8 decodes an 8-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint8(out *uint8) bool {
+	v := s.read(1)
+	if v == nil {
+		return false
+	}
+	*out = uint8(v[0])
+	return true
+}
+
+// ReadUint16 decodes a big-endian, 16-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint16(out *uint16) bool {
+	v := s.read(2)
+	if v == nil {
+		return false
+	}
+	*out = uint16(v[0])<<8 | uint16(v[1])
+	return true
+}
+
+// ReadUint24 decodes a big-endian, 24-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint24(out *uint32) bool {
+	v := s.read(3)
+	if v == nil {
+		return false
+	}
+	*out = uint32(v[0])<<16 | uint32(v[1])<<8 | uint32(v[2])
+	return true
+}
+
+// ReadUint32 decodes a big-endian, 32-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint32(out *uint32) bool {
+	v := s.read(4)
+	if v == nil {
+		return false
+	}
+	*out = uint32(v[0])<<24 | uint32(v[1])<<16 | uint32(v[2])<<8 | uint32(v[3])
+	return true
+}
+
+// ReadUint64 decodes a big-endian, 64-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint64(out *uint64) bool {
+	v := s.read(8)
+	if v == nil {
+		return false
+	}
+	*out = uint64(v[0])<<56 | uint64(v[1])<<48 | uint64(v[2])<<40 | uint64(v[3])<<32 | uint64(v[4])<<24 | uint64(v[5])<<16 | uint64(v[6])<<8 | uint64(v[7])
+	return true
+}
+
+func (s *String) readUnsigned(out *uint32, length int) bool {
+	v := s.read(length)
+	if v == nil {
+		return false
+	}
+	var result uint32
+	for i := 0; i < length; i++ {
+		result <<= 8
+		result |= uint32(v[i])
+	}
+	*out = result
+	return true
+}
+
+func (s *String) readLengthPrefixed(lenLen int, outChild *String) bool {
+	lenBytes := s.read(lenLen)
+	if lenBytes == nil {
+		return false
+	}
+	var length uint32
+	for _, b := range lenBytes {
+		length = length << 8
+		length = length | uint32(b)
+	}
+	v := s.read(int(length))
+	if v == nil {
+		return false
+	}
+	*outChild = v
+	return true
+}
+
+// ReadUint8LengthPrefixed reads the content of an 8-bit length-prefixed value
+// into out and advances over it. It reports whether the read was successful.
+func (s *String) ReadUint8LengthPrefixed(out *String) bool {
+	return s.readLengthPrefixed(1, out)
+}
+
+// ReadUint16LengthPrefixed reads the content of a big-endian, 16-bit
+// length-prefixed value into out and advances over it. It reports whether the
+// read was successful.
+func (s *String) ReadUint16LengthPrefixed(out *String) bool {
+	return s.readLengthPrefixed(2, out)
+}
+
+// ReadUint24LengthPrefixed reads the content of a big-endian, 24-bit
+// length-prefixed value into out and advances over it. It reports whether
+// the read was successful.
+func (s *String) ReadUint24LengthPrefixed(out *String) bool {
+	return s.readLengthPrefixed(3, out)
+}
+
+// ReadBytes reads n bytes into out and advances over them. It reports
+// whether the read was successful.
+func (s *String) ReadBytes(out *[]byte, n int) bool {
+	v := s.read(n)
+	if v == nil {
+		return false
+	}
+	*out = v
+	return true
+}
+
+// CopyBytes copies len(out) bytes into out and advances over them. It reports
+// whether the copy operation was successful
+func (s *String) CopyBytes(out []byte) bool {
+	n := len(out)
+	v := s.read(n)
+	if v == nil {
+		return false
+	}
+	return copy(out, v) == n
+}
+
+// Empty reports whether the string does not contain any bytes.
+func (s String) Empty() bool {
+	return len(s) == 0
+}
diff --git a/vendor/golang.org/x/crypto/hkdf/hkdf.go b/vendor/golang.org/x/crypto/hkdf/hkdf.go
new file mode 100644
index 000000000..dda3f143b
--- /dev/null
+++ b/vendor/golang.org/x/crypto/hkdf/hkdf.go
@@ -0,0 +1,93 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation
+// Function (HKDF) as defined in RFC 5869.
+//
+// HKDF is a cryptographic key derivation function (KDF) with the goal of
+// expanding limited input keying material into one or more cryptographically
+// strong secret keys.
+package hkdf // import "golang.org/x/crypto/hkdf"
+
+import (
+	"crypto/hmac"
+	"errors"
+	"hash"
+	"io"
+)
+
+// Extract generates a pseudorandom key for use with Expand from an input secret
+// and an optional independent salt.
+//
+// Only use this function if you need to reuse the extracted key with multiple
+// Expand invocations and different context values. Most common scenarios,
+// including the generation of multiple keys, should use New instead.
+func Extract(hash func() hash.Hash, secret, salt []byte) []byte {
+	if salt == nil {
+		salt = make([]byte, hash().Size())
+	}
+	extractor := hmac.New(hash, salt)
+	extractor.Write(secret)
+	return extractor.Sum(nil)
+}
+
+type hkdf struct {
+	expander hash.Hash
+	size     int
+
+	info    []byte
+	counter byte
+
+	prev []byte
+	buf  []byte
+}
+
+func (f *hkdf) Read(p []byte) (int, error) {
+	// Check whether enough data can be generated
+	need := len(p)
+	remains := len(f.buf) + int(255-f.counter+1)*f.size
+	if remains < need {
+		return 0, errors.New("hkdf: entropy limit reached")
+	}
+	// Read any leftover from the buffer
+	n := copy(p, f.buf)
+	p = p[n:]
+
+	// Fill the rest of the buffer
+	for len(p) > 0 {
+		f.expander.Reset()
+		f.expander.Write(f.prev)
+		f.expander.Write(f.info)
+		f.expander.Write([]byte{f.counter})
+		f.prev = f.expander.Sum(f.prev[:0])
+		f.counter++
+
+		// Copy the new batch into p
+		f.buf = f.prev
+		n = copy(p, f.buf)
+		p = p[n:]
+	}
+	// Save leftovers for next run
+	f.buf = f.buf[n:]
+
+	return need, nil
+}
+
+// Expand returns a Reader, from which keys can be read, using the given
+// pseudorandom key and optional context info, skipping the extraction step.
+//
+// The pseudorandomKey should have been generated by Extract, or be a uniformly
+// random or pseudorandom cryptographically strong key. See RFC 5869, Section
+// 3.3. Most common scenarios will want to use New instead.
+func Expand(hash func() hash.Hash, pseudorandomKey, info []byte) io.Reader {
+	expander := hmac.New(hash, pseudorandomKey)
+	return &hkdf{expander, expander.Size(), info, 1, nil, nil}
+}
+
+// New returns a Reader, from which keys can be read, using the given hash,
+// secret, salt and context info. Salt and info can be nil.
+func New(hash func() hash.Hash, secret, salt, info []byte) io.Reader {
+	prk := Extract(hash, secret, salt)
+	return Expand(hash, prk, info)
+}
diff --git a/vendor/golang.org/x/crypto/internal/alias/alias.go b/vendor/golang.org/x/crypto/internal/alias/alias.go
new file mode 100644
index 000000000..69c17f822
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/alias/alias.go
@@ -0,0 +1,32 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !purego
+// +build !purego
+
+// Package alias implements memory aliasing tests.
+package alias
+
+import "unsafe"
+
+// AnyOverlap reports whether x and y share memory at any (not necessarily
+// corresponding) index. The memory beyond the slice length is ignored.
+func AnyOverlap(x, y []byte) bool {
+	return len(x) > 0 && len(y) > 0 &&
+		uintptr(unsafe.Pointer(&x[0])) <= uintptr(unsafe.Pointer(&y[len(y)-1])) &&
+		uintptr(unsafe.Pointer(&y[0])) <= uintptr(unsafe.Pointer(&x[len(x)-1]))
+}
+
+// InexactOverlap reports whether x and y share memory at any non-corresponding
+// index. The memory beyond the slice length is ignored. Note that x and y can
+// have different lengths and still not have any inexact overlap.
+//
+// InexactOverlap can be used to implement the requirements of the crypto/cipher
+// AEAD, Block, BlockMode and Stream interfaces.
+func InexactOverlap(x, y []byte) bool {
+	if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] {
+		return false
+	}
+	return AnyOverlap(x, y)
+}
diff --git a/vendor/golang.org/x/crypto/internal/alias/alias_purego.go b/vendor/golang.org/x/crypto/internal/alias/alias_purego.go
new file mode 100644
index 000000000..4775b0a43
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/alias/alias_purego.go
@@ -0,0 +1,35 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build purego
+// +build purego
+
+// Package alias implements memory aliasing tests.
+package alias
+
+// This is the Google App Engine standard variant based on reflect
+// because the unsafe package and cgo are disallowed.
+
+import "reflect"
+
+// AnyOverlap reports whether x and y share memory at any (not necessarily
+// corresponding) index. The memory beyond the slice length is ignored.
+func AnyOverlap(x, y []byte) bool {
+	return len(x) > 0 && len(y) > 0 &&
+		reflect.ValueOf(&x[0]).Pointer() <= reflect.ValueOf(&y[len(y)-1]).Pointer() &&
+		reflect.ValueOf(&y[0]).Pointer() <= reflect.ValueOf(&x[len(x)-1]).Pointer()
+}
+
+// InexactOverlap reports whether x and y share memory at any non-corresponding
+// index. The memory beyond the slice length is ignored. Note that x and y can
+// have different lengths and still not have any inexact overlap.
+//
+// InexactOverlap can be used to implement the requirements of the crypto/cipher
+// AEAD, Block, BlockMode and Stream interfaces.
+func InexactOverlap(x, y []byte) bool {
+	if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] {
+		return false
+	}
+	return AnyOverlap(x, y)
+}
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go b/vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go
new file mode 100644
index 000000000..45b5c966b
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go
@@ -0,0 +1,40 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.13
+// +build !go1.13
+
+package poly1305
+
+// Generic fallbacks for the math/bits intrinsics, copied from
+// src/math/bits/bits.go. They were added in Go 1.12, but Add64 and Sum64 had
+// variable time fallbacks until Go 1.13.
+
+func bitsAdd64(x, y, carry uint64) (sum, carryOut uint64) {
+	sum = x + y + carry
+	carryOut = ((x & y) | ((x | y) &^ sum)) >> 63
+	return
+}
+
+func bitsSub64(x, y, borrow uint64) (diff, borrowOut uint64) {
+	diff = x - y - borrow
+	borrowOut = ((^x & y) | (^(x ^ y) & diff)) >> 63
+	return
+}
+
+func bitsMul64(x, y uint64) (hi, lo uint64) {
+	const mask32 = 1<<32 - 1
+	x0 := x & mask32
+	x1 := x >> 32
+	y0 := y & mask32
+	y1 := y >> 32
+	w0 := x0 * y0
+	t := x1*y0 + w0>>32
+	w1 := t & mask32
+	w2 := t >> 32
+	w1 += x0 * y1
+	hi = x1*y1 + w2 + w1>>32
+	lo = x * y
+	return
+}
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go b/vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go
new file mode 100644
index 000000000..ed52b3418
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go
@@ -0,0 +1,22 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.13
+// +build go1.13
+
+package poly1305
+
+import "math/bits"
+
+func bitsAdd64(x, y, carry uint64) (sum, carryOut uint64) {
+	return bits.Add64(x, y, carry)
+}
+
+func bitsSub64(x, y, borrow uint64) (diff, borrowOut uint64) {
+	return bits.Sub64(x, y, borrow)
+}
+
+func bitsMul64(x, y uint64) (hi, lo uint64) {
+	return bits.Mul64(x, y)
+}
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go b/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go
new file mode 100644
index 000000000..f184b67d9
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go
@@ -0,0 +1,10 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (!amd64 && !ppc64le && !s390x) || !gc || purego
+// +build !amd64,!ppc64le,!s390x !gc purego
+
+package poly1305
+
+type mac struct{ macGeneric }
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/poly1305.go b/vendor/golang.org/x/crypto/internal/poly1305/poly1305.go
new file mode 100644
index 000000000..4aaea810a
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/poly1305.go
@@ -0,0 +1,99 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package poly1305 implements Poly1305 one-time message authentication code as
+// specified in https://cr.yp.to/mac/poly1305-20050329.pdf.
+//
+// Poly1305 is a fast, one-time authentication function. It is infeasible for an
+// attacker to generate an authenticator for a message without the key. However, a
+// key must only be used for a single message. Authenticating two different
+// messages with the same key allows an attacker to forge authenticators for other
+// messages with the same key.
+//
+// Poly1305 was originally coupled with AES in order to make Poly1305-AES. AES was
+// used with a fixed key in order to generate one-time keys from an nonce.
+// However, in this package AES isn't used and the one-time key is specified
+// directly.
+package poly1305
+
+import "crypto/subtle"
+
+// TagSize is the size, in bytes, of a poly1305 authenticator.
+const TagSize = 16
+
+// Sum generates an authenticator for msg using a one-time key and puts the
+// 16-byte result into out. Authenticating two different messages with the same
+// key allows an attacker to forge messages at will.
+func Sum(out *[16]byte, m []byte, key *[32]byte) {
+	h := New(key)
+	h.Write(m)
+	h.Sum(out[:0])
+}
+
+// Verify returns true if mac is a valid authenticator for m with the given key.
+func Verify(mac *[16]byte, m []byte, key *[32]byte) bool {
+	var tmp [16]byte
+	Sum(&tmp, m, key)
+	return subtle.ConstantTimeCompare(tmp[:], mac[:]) == 1
+}
+
+// New returns a new MAC computing an authentication
+// tag of all data written to it with the given key.
+// This allows writing the message progressively instead
+// of passing it as a single slice. Common users should use
+// the Sum function instead.
+//
+// The key must be unique for each message, as authenticating
+// two different messages with the same key allows an attacker
+// to forge messages at will.
+func New(key *[32]byte) *MAC {
+	m := &MAC{}
+	initialize(key, &m.macState)
+	return m
+}
+
+// MAC is an io.Writer computing an authentication tag
+// of the data written to it.
+//
+// MAC cannot be used like common hash.Hash implementations,
+// because using a poly1305 key twice breaks its security.
+// Therefore writing data to a running MAC after calling
+// Sum or Verify causes it to panic.
+type MAC struct {
+	mac // platform-dependent implementation
+
+	finalized bool
+}
+
+// Size returns the number of bytes Sum will return.
+func (h *MAC) Size() int { return TagSize }
+
+// Write adds more data to the running message authentication code.
+// It never returns an error.
+//
+// It must not be called after the first call of Sum or Verify.
+func (h *MAC) Write(p []byte) (n int, err error) {
+	if h.finalized {
+		panic("poly1305: write to MAC after Sum or Verify")
+	}
+	return h.mac.Write(p)
+}
+
+// Sum computes the authenticator of all data written to the
+// message authentication code.
+func (h *MAC) Sum(b []byte) []byte {
+	var mac [TagSize]byte
+	h.mac.Sum(&mac)
+	h.finalized = true
+	return append(b, mac[:]...)
+}
+
+// Verify returns whether the authenticator of all data written to
+// the message authentication code matches the expected value.
+func (h *MAC) Verify(expected []byte) bool {
+	var mac [TagSize]byte
+	h.mac.Sum(&mac)
+	h.finalized = true
+	return subtle.ConstantTimeCompare(expected, mac[:]) == 1
+}
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go
new file mode 100644
index 000000000..6d522333f
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go
@@ -0,0 +1,48 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package poly1305
+
+//go:noescape
+func update(state *macState, msg []byte)
+
+// mac is a wrapper for macGeneric that redirects calls that would have gone to
+// updateGeneric to update.
+//
+// Its Write and Sum methods are otherwise identical to the macGeneric ones, but
+// using function pointers would carry a major performance cost.
+type mac struct{ macGeneric }
+
+func (h *mac) Write(p []byte) (int, error) {
+	nn := len(p)
+	if h.offset > 0 {
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < TagSize {
+			h.offset += n
+			return nn, nil
+		}
+		p = p[n:]
+		h.offset = 0
+		update(&h.macState, h.buffer[:])
+	}
+	if n := len(p) - (len(p) % TagSize); n > 0 {
+		update(&h.macState, p[:n])
+		p = p[n:]
+	}
+	if len(p) > 0 {
+		h.offset += copy(h.buffer[h.offset:], p)
+	}
+	return nn, nil
+}
+
+func (h *mac) Sum(out *[16]byte) {
+	state := h.macState
+	if h.offset > 0 {
+		update(&state, h.buffer[:h.offset])
+	}
+	finalize(out, &state.h, &state.s)
+}
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s
new file mode 100644
index 000000000..1d74f0f88
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s
@@ -0,0 +1,109 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+#include "textflag.h"
+
+#define POLY1305_ADD(msg, h0, h1, h2) \
+	ADDQ 0(msg), h0;  \
+	ADCQ 8(msg), h1;  \
+	ADCQ $1, h2;      \
+	LEAQ 16(msg), msg
+
+#define POLY1305_MUL(h0, h1, h2, r0, r1, t0, t1, t2, t3) \
+	MOVQ  r0, AX;                  \
+	MULQ  h0;                      \
+	MOVQ  AX, t0;                  \
+	MOVQ  DX, t1;                  \
+	MOVQ  r0, AX;                  \
+	MULQ  h1;                      \
+	ADDQ  AX, t1;                  \
+	ADCQ  $0, DX;                  \
+	MOVQ  r0, t2;                  \
+	IMULQ h2, t2;                  \
+	ADDQ  DX, t2;                  \
+	                               \
+	MOVQ  r1, AX;                  \
+	MULQ  h0;                      \
+	ADDQ  AX, t1;                  \
+	ADCQ  $0, DX;                  \
+	MOVQ  DX, h0;                  \
+	MOVQ  r1, t3;                  \
+	IMULQ h2, t3;                  \
+	MOVQ  r1, AX;                  \
+	MULQ  h1;                      \
+	ADDQ  AX, t2;                  \
+	ADCQ  DX, t3;                  \
+	ADDQ  h0, t2;                  \
+	ADCQ  $0, t3;                  \
+	                               \
+	MOVQ  t0, h0;                  \
+	MOVQ  t1, h1;                  \
+	MOVQ  t2, h2;                  \
+	ANDQ  $3, h2;                  \
+	MOVQ  t2, t0;                  \
+	ANDQ  $0xFFFFFFFFFFFFFFFC, t0; \
+	ADDQ  t0, h0;                  \
+	ADCQ  t3, h1;                  \
+	ADCQ  $0, h2;                  \
+	SHRQ  $2, t3, t2;              \
+	SHRQ  $2, t3;                  \
+	ADDQ  t2, h0;                  \
+	ADCQ  t3, h1;                  \
+	ADCQ  $0, h2
+
+// func update(state *[7]uint64, msg []byte)
+TEXT ·update(SB), $0-32
+	MOVQ state+0(FP), DI
+	MOVQ msg_base+8(FP), SI
+	MOVQ msg_len+16(FP), R15
+
+	MOVQ 0(DI), R8   // h0
+	MOVQ 8(DI), R9   // h1
+	MOVQ 16(DI), R10 // h2
+	MOVQ 24(DI), R11 // r0
+	MOVQ 32(DI), R12 // r1
+
+	CMPQ R15, $16
+	JB   bytes_between_0_and_15
+
+loop:
+	POLY1305_ADD(SI, R8, R9, R10)
+
+multiply:
+	POLY1305_MUL(R8, R9, R10, R11, R12, BX, CX, R13, R14)
+	SUBQ $16, R15
+	CMPQ R15, $16
+	JAE  loop
+
+bytes_between_0_and_15:
+	TESTQ R15, R15
+	JZ    done
+	MOVQ  $1, BX
+	XORQ  CX, CX
+	XORQ  R13, R13
+	ADDQ  R15, SI
+
+flush_buffer:
+	SHLQ $8, BX, CX
+	SHLQ $8, BX
+	MOVB -1(SI), R13
+	XORQ R13, BX
+	DECQ SI
+	DECQ R15
+	JNZ  flush_buffer
+
+	ADDQ BX, R8
+	ADCQ CX, R9
+	ADCQ $0, R10
+	MOVQ $16, R15
+	JMP  multiply
+
+done:
+	MOVQ R8, 0(DI)
+	MOVQ R9, 8(DI)
+	MOVQ R10, 16(DI)
+	RET
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_generic.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_generic.go
new file mode 100644
index 000000000..e041da5ea
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_generic.go
@@ -0,0 +1,309 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This file provides the generic implementation of Sum and MAC. Other files
+// might provide optimized assembly implementations of some of this code.
+
+package poly1305
+
+import "encoding/binary"
+
+// Poly1305 [RFC 7539] is a relatively simple algorithm: the authentication tag
+// for a 64 bytes message is approximately
+//
+//     s + m[0:16] * r⁴ + m[16:32] * r³ + m[32:48] * r² + m[48:64] * r  mod  2¹³⁰ - 5
+//
+// for some secret r and s. It can be computed sequentially like
+//
+//     for len(msg) > 0:
+//         h += read(msg, 16)
+//         h *= r
+//         h %= 2¹³⁰ - 5
+//     return h + s
+//
+// All the complexity is about doing performant constant-time math on numbers
+// larger than any available numeric type.
+
+func sumGeneric(out *[TagSize]byte, msg []byte, key *[32]byte) {
+	h := newMACGeneric(key)
+	h.Write(msg)
+	h.Sum(out)
+}
+
+func newMACGeneric(key *[32]byte) macGeneric {
+	m := macGeneric{}
+	initialize(key, &m.macState)
+	return m
+}
+
+// macState holds numbers in saturated 64-bit little-endian limbs. That is,
+// the value of [x0, x1, x2] is x[0] + x[1] * 2⁶⁴ + x[2] * 2¹²⁸.
+type macState struct {
+	// h is the main accumulator. It is to be interpreted modulo 2¹³⁰ - 5, but
+	// can grow larger during and after rounds. It must, however, remain below
+	// 2 * (2¹³⁰ - 5).
+	h [3]uint64
+	// r and s are the private key components.
+	r [2]uint64
+	s [2]uint64
+}
+
+type macGeneric struct {
+	macState
+
+	buffer [TagSize]byte
+	offset int
+}
+
+// Write splits the incoming message into TagSize chunks, and passes them to
+// update. It buffers incomplete chunks.
+func (h *macGeneric) Write(p []byte) (int, error) {
+	nn := len(p)
+	if h.offset > 0 {
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < TagSize {
+			h.offset += n
+			return nn, nil
+		}
+		p = p[n:]
+		h.offset = 0
+		updateGeneric(&h.macState, h.buffer[:])
+	}
+	if n := len(p) - (len(p) % TagSize); n > 0 {
+		updateGeneric(&h.macState, p[:n])
+		p = p[n:]
+	}
+	if len(p) > 0 {
+		h.offset += copy(h.buffer[h.offset:], p)
+	}
+	return nn, nil
+}
+
+// Sum flushes the last incomplete chunk from the buffer, if any, and generates
+// the MAC output. It does not modify its state, in order to allow for multiple
+// calls to Sum, even if no Write is allowed after Sum.
+func (h *macGeneric) Sum(out *[TagSize]byte) {
+	state := h.macState
+	if h.offset > 0 {
+		updateGeneric(&state, h.buffer[:h.offset])
+	}
+	finalize(out, &state.h, &state.s)
+}
+
+// [rMask0, rMask1] is the specified Poly1305 clamping mask in little-endian. It
+// clears some bits of the secret coefficient to make it possible to implement
+// multiplication more efficiently.
+const (
+	rMask0 = 0x0FFFFFFC0FFFFFFF
+	rMask1 = 0x0FFFFFFC0FFFFFFC
+)
+
+// initialize loads the 256-bit key into the two 128-bit secret values r and s.
+func initialize(key *[32]byte, m *macState) {
+	m.r[0] = binary.LittleEndian.Uint64(key[0:8]) & rMask0
+	m.r[1] = binary.LittleEndian.Uint64(key[8:16]) & rMask1
+	m.s[0] = binary.LittleEndian.Uint64(key[16:24])
+	m.s[1] = binary.LittleEndian.Uint64(key[24:32])
+}
+
+// uint128 holds a 128-bit number as two 64-bit limbs, for use with the
+// bits.Mul64 and bits.Add64 intrinsics.
+type uint128 struct {
+	lo, hi uint64
+}
+
+func mul64(a, b uint64) uint128 {
+	hi, lo := bitsMul64(a, b)
+	return uint128{lo, hi}
+}
+
+func add128(a, b uint128) uint128 {
+	lo, c := bitsAdd64(a.lo, b.lo, 0)
+	hi, c := bitsAdd64(a.hi, b.hi, c)
+	if c != 0 {
+		panic("poly1305: unexpected overflow")
+	}
+	return uint128{lo, hi}
+}
+
+func shiftRightBy2(a uint128) uint128 {
+	a.lo = a.lo>>2 | (a.hi&3)<<62
+	a.hi = a.hi >> 2
+	return a
+}
+
+// updateGeneric absorbs msg into the state.h accumulator. For each chunk m of
+// 128 bits of message, it computes
+//
+//	h₊ = (h + m) * r  mod  2¹³⁰ - 5
+//
+// If the msg length is not a multiple of TagSize, it assumes the last
+// incomplete chunk is the final one.
+func updateGeneric(state *macState, msg []byte) {
+	h0, h1, h2 := state.h[0], state.h[1], state.h[2]
+	r0, r1 := state.r[0], state.r[1]
+
+	for len(msg) > 0 {
+		var c uint64
+
+		// For the first step, h + m, we use a chain of bits.Add64 intrinsics.
+		// The resulting value of h might exceed 2¹³⁰ - 5, but will be partially
+		// reduced at the end of the multiplication below.
+		//
+		// The spec requires us to set a bit just above the message size, not to
+		// hide leading zeroes. For full chunks, that's 1 << 128, so we can just
+		// add 1 to the most significant (2¹²⁸) limb, h2.
+		if len(msg) >= TagSize {
+			h0, c = bitsAdd64(h0, binary.LittleEndian.Uint64(msg[0:8]), 0)
+			h1, c = bitsAdd64(h1, binary.LittleEndian.Uint64(msg[8:16]), c)
+			h2 += c + 1
+
+			msg = msg[TagSize:]
+		} else {
+			var buf [TagSize]byte
+			copy(buf[:], msg)
+			buf[len(msg)] = 1
+
+			h0, c = bitsAdd64(h0, binary.LittleEndian.Uint64(buf[0:8]), 0)
+			h1, c = bitsAdd64(h1, binary.LittleEndian.Uint64(buf[8:16]), c)
+			h2 += c
+
+			msg = nil
+		}
+
+		// Multiplication of big number limbs is similar to elementary school
+		// columnar multiplication. Instead of digits, there are 64-bit limbs.
+		//
+		// We are multiplying a 3 limbs number, h, by a 2 limbs number, r.
+		//
+		//                        h2    h1    h0  x
+		//                              r1    r0  =
+		//                       ----------------
+		//                      h2r0  h1r0  h0r0     <-- individual 128-bit products
+		//            +   h2r1  h1r1  h0r1
+		//               ------------------------
+		//                 m3    m2    m1    m0      <-- result in 128-bit overlapping limbs
+		//               ------------------------
+		//         m3.hi m2.hi m1.hi m0.hi           <-- carry propagation
+		//     +         m3.lo m2.lo m1.lo m0.lo
+		//        -------------------------------
+		//           t4    t3    t2    t1    t0      <-- final result in 64-bit limbs
+		//
+		// The main difference from pen-and-paper multiplication is that we do
+		// carry propagation in a separate step, as if we wrote two digit sums
+		// at first (the 128-bit limbs), and then carried the tens all at once.
+
+		h0r0 := mul64(h0, r0)
+		h1r0 := mul64(h1, r0)
+		h2r0 := mul64(h2, r0)
+		h0r1 := mul64(h0, r1)
+		h1r1 := mul64(h1, r1)
+		h2r1 := mul64(h2, r1)
+
+		// Since h2 is known to be at most 7 (5 + 1 + 1), and r0 and r1 have their
+		// top 4 bits cleared by rMask{0,1}, we know that their product is not going
+		// to overflow 64 bits, so we can ignore the high part of the products.
+		//
+		// This also means that the product doesn't have a fifth limb (t4).
+		if h2r0.hi != 0 {
+			panic("poly1305: unexpected overflow")
+		}
+		if h2r1.hi != 0 {
+			panic("poly1305: unexpected overflow")
+		}
+
+		m0 := h0r0
+		m1 := add128(h1r0, h0r1) // These two additions don't overflow thanks again
+		m2 := add128(h2r0, h1r1) // to the 4 masked bits at the top of r0 and r1.
+		m3 := h2r1
+
+		t0 := m0.lo
+		t1, c := bitsAdd64(m1.lo, m0.hi, 0)
+		t2, c := bitsAdd64(m2.lo, m1.hi, c)
+		t3, _ := bitsAdd64(m3.lo, m2.hi, c)
+
+		// Now we have the result as 4 64-bit limbs, and we need to reduce it
+		// modulo 2¹³⁰ - 5. The special shape of this Crandall prime lets us do
+		// a cheap partial reduction according to the reduction identity
+		//
+		//     c * 2¹³⁰ + n  =  c * 5 + n  mod  2¹³⁰ - 5
+		//
+		// because 2¹³⁰ = 5 mod 2¹³⁰ - 5. Partial reduction since the result is
+		// likely to be larger than 2¹³⁰ - 5, but still small enough to fit the
+		// assumptions we make about h in the rest of the code.
+		//
+		// See also https://speakerdeck.com/gtank/engineering-prime-numbers?slide=23
+
+		// We split the final result at the 2¹³⁰ mark into h and cc, the carry.
+		// Note that the carry bits are effectively shifted left by 2, in other
+		// words, cc = c * 4 for the c in the reduction identity.
+		h0, h1, h2 = t0, t1, t2&maskLow2Bits
+		cc := uint128{t2 & maskNotLow2Bits, t3}
+
+		// To add c * 5 to h, we first add cc = c * 4, and then add (cc >> 2) = c.
+
+		h0, c = bitsAdd64(h0, cc.lo, 0)
+		h1, c = bitsAdd64(h1, cc.hi, c)
+		h2 += c
+
+		cc = shiftRightBy2(cc)
+
+		h0, c = bitsAdd64(h0, cc.lo, 0)
+		h1, c = bitsAdd64(h1, cc.hi, c)
+		h2 += c
+
+		// h2 is at most 3 + 1 + 1 = 5, making the whole of h at most
+		//
+		//     5 * 2¹²⁸ + (2¹²⁸ - 1) = 6 * 2¹²⁸ - 1
+	}
+
+	state.h[0], state.h[1], state.h[2] = h0, h1, h2
+}
+
+const (
+	maskLow2Bits    uint64 = 0x0000000000000003
+	maskNotLow2Bits uint64 = ^maskLow2Bits
+)
+
+// select64 returns x if v == 1 and y if v == 0, in constant time.
+func select64(v, x, y uint64) uint64 { return ^(v-1)&x | (v-1)&y }
+
+// [p0, p1, p2] is 2¹³⁰ - 5 in little endian order.
+const (
+	p0 = 0xFFFFFFFFFFFFFFFB
+	p1 = 0xFFFFFFFFFFFFFFFF
+	p2 = 0x0000000000000003
+)
+
+// finalize completes the modular reduction of h and computes
+//
+//	out = h + s  mod  2¹²⁸
+func finalize(out *[TagSize]byte, h *[3]uint64, s *[2]uint64) {
+	h0, h1, h2 := h[0], h[1], h[2]
+
+	// After the partial reduction in updateGeneric, h might be more than
+	// 2¹³⁰ - 5, but will be less than 2 * (2¹³⁰ - 5). To complete the reduction
+	// in constant time, we compute t = h - (2¹³⁰ - 5), and select h as the
+	// result if the subtraction underflows, and t otherwise.
+
+	hMinusP0, b := bitsSub64(h0, p0, 0)
+	hMinusP1, b := bitsSub64(h1, p1, b)
+	_, b = bitsSub64(h2, p2, b)
+
+	// h = h if h < p else h - p
+	h0 = select64(b, h0, hMinusP0)
+	h1 = select64(b, h1, hMinusP1)
+
+	// Finally, we compute the last Poly1305 step
+	//
+	//     tag = h + s  mod  2¹²⁸
+	//
+	// by just doing a wide addition with the 128 low bits of h and discarding
+	// the overflow.
+	h0, c := bitsAdd64(h0, s[0], 0)
+	h1, _ = bitsAdd64(h1, s[1], c)
+
+	binary.LittleEndian.PutUint64(out[0:8], h0)
+	binary.LittleEndian.PutUint64(out[8:16], h1)
+}
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go
new file mode 100644
index 000000000..4a069941a
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go
@@ -0,0 +1,48 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package poly1305
+
+//go:noescape
+func update(state *macState, msg []byte)
+
+// mac is a wrapper for macGeneric that redirects calls that would have gone to
+// updateGeneric to update.
+//
+// Its Write and Sum methods are otherwise identical to the macGeneric ones, but
+// using function pointers would carry a major performance cost.
+type mac struct{ macGeneric }
+
+func (h *mac) Write(p []byte) (int, error) {
+	nn := len(p)
+	if h.offset > 0 {
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < TagSize {
+			h.offset += n
+			return nn, nil
+		}
+		p = p[n:]
+		h.offset = 0
+		update(&h.macState, h.buffer[:])
+	}
+	if n := len(p) - (len(p) % TagSize); n > 0 {
+		update(&h.macState, p[:n])
+		p = p[n:]
+	}
+	if len(p) > 0 {
+		h.offset += copy(h.buffer[h.offset:], p)
+	}
+	return nn, nil
+}
+
+func (h *mac) Sum(out *[16]byte) {
+	state := h.macState
+	if h.offset > 0 {
+		update(&state, h.buffer[:h.offset])
+	}
+	finalize(out, &state.h, &state.s)
+}
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s
new file mode 100644
index 000000000..58422aad2
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s
@@ -0,0 +1,182 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+#include "textflag.h"
+
+// This was ported from the amd64 implementation.
+
+#define POLY1305_ADD(msg, h0, h1, h2, t0, t1, t2) \
+	MOVD (msg), t0;  \
+	MOVD 8(msg), t1; \
+	MOVD $1, t2;     \
+	ADDC t0, h0, h0; \
+	ADDE t1, h1, h1; \
+	ADDE t2, h2;     \
+	ADD  $16, msg
+
+#define POLY1305_MUL(h0, h1, h2, r0, r1, t0, t1, t2, t3, t4, t5) \
+	MULLD  r0, h0, t0;  \
+	MULLD  r0, h1, t4;  \
+	MULHDU r0, h0, t1;  \
+	MULHDU r0, h1, t5;  \
+	ADDC   t4, t1, t1;  \
+	MULLD  r0, h2, t2;  \
+	ADDZE  t5;          \
+	MULHDU r1, h0, t4;  \
+	MULLD  r1, h0, h0;  \
+	ADD    t5, t2, t2;  \
+	ADDC   h0, t1, t1;  \
+	MULLD  h2, r1, t3;  \
+	ADDZE  t4, h0;      \
+	MULHDU r1, h1, t5;  \
+	MULLD  r1, h1, t4;  \
+	ADDC   t4, t2, t2;  \
+	ADDE   t5, t3, t3;  \
+	ADDC   h0, t2, t2;  \
+	MOVD   $-4, t4;     \
+	MOVD   t0, h0;      \
+	MOVD   t1, h1;      \
+	ADDZE  t3;          \
+	ANDCC  $3, t2, h2;  \
+	AND    t2, t4, t0;  \
+	ADDC   t0, h0, h0;  \
+	ADDE   t3, h1, h1;  \
+	SLD    $62, t3, t4; \
+	SRD    $2, t2;      \
+	ADDZE  h2;          \
+	OR     t4, t2, t2;  \
+	SRD    $2, t3;      \
+	ADDC   t2, h0, h0;  \
+	ADDE   t3, h1, h1;  \
+	ADDZE  h2
+
+DATA ·poly1305Mask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF
+DATA ·poly1305Mask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
+GLOBL ·poly1305Mask<>(SB), RODATA, $16
+
+// func update(state *[7]uint64, msg []byte)
+TEXT ·update(SB), $0-32
+	MOVD state+0(FP), R3
+	MOVD msg_base+8(FP), R4
+	MOVD msg_len+16(FP), R5
+
+	MOVD 0(R3), R8   // h0
+	MOVD 8(R3), R9   // h1
+	MOVD 16(R3), R10 // h2
+	MOVD 24(R3), R11 // r0
+	MOVD 32(R3), R12 // r1
+
+	CMP R5, $16
+	BLT bytes_between_0_and_15
+
+loop:
+	POLY1305_ADD(R4, R8, R9, R10, R20, R21, R22)
+
+multiply:
+	POLY1305_MUL(R8, R9, R10, R11, R12, R16, R17, R18, R14, R20, R21)
+	ADD $-16, R5
+	CMP R5, $16
+	BGE loop
+
+bytes_between_0_and_15:
+	CMP  R5, $0
+	BEQ  done
+	MOVD $0, R16 // h0
+	MOVD $0, R17 // h1
+
+flush_buffer:
+	CMP R5, $8
+	BLE just1
+
+	MOVD $8, R21
+	SUB  R21, R5, R21
+
+	// Greater than 8 -- load the rightmost remaining bytes in msg
+	// and put into R17 (h1)
+	MOVD (R4)(R21), R17
+	MOVD $16, R22
+
+	// Find the offset to those bytes
+	SUB R5, R22, R22
+	SLD $3, R22
+
+	// Shift to get only the bytes in msg
+	SRD R22, R17, R17
+
+	// Put 1 at high end
+	MOVD $1, R23
+	SLD  $3, R21
+	SLD  R21, R23, R23
+	OR   R23, R17, R17
+
+	// Remainder is 8
+	MOVD $8, R5
+
+just1:
+	CMP R5, $8
+	BLT less8
+
+	// Exactly 8
+	MOVD (R4), R16
+
+	CMP R17, $0
+
+	// Check if we've already set R17; if not
+	// set 1 to indicate end of msg.
+	BNE  carry
+	MOVD $1, R17
+	BR   carry
+
+less8:
+	MOVD  $0, R16   // h0
+	MOVD  $0, R22   // shift count
+	CMP   R5, $4
+	BLT   less4
+	MOVWZ (R4), R16
+	ADD   $4, R4
+	ADD   $-4, R5
+	MOVD  $32, R22
+
+less4:
+	CMP   R5, $2
+	BLT   less2
+	MOVHZ (R4), R21
+	SLD   R22, R21, R21
+	OR    R16, R21, R16
+	ADD   $16, R22
+	ADD   $-2, R5
+	ADD   $2, R4
+
+less2:
+	CMP   R5, $0
+	BEQ   insert1
+	MOVBZ (R4), R21
+	SLD   R22, R21, R21
+	OR    R16, R21, R16
+	ADD   $8, R22
+
+insert1:
+	// Insert 1 at end of msg
+	MOVD $1, R21
+	SLD  R22, R21, R21
+	OR   R16, R21, R16
+
+carry:
+	// Add new values to h0, h1, h2
+	ADDC  R16, R8
+	ADDE  R17, R9
+	ADDZE R10, R10
+	MOVD  $16, R5
+	ADD   R5, R4
+	BR    multiply
+
+done:
+	// Save h0, h1, h2 in state
+	MOVD R8, 0(R3)
+	MOVD R9, 8(R3)
+	MOVD R10, 16(R3)
+	RET
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go
new file mode 100644
index 000000000..ec9596688
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go
@@ -0,0 +1,77 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package poly1305
+
+import (
+	"golang.org/x/sys/cpu"
+)
+
+// updateVX is an assembly implementation of Poly1305 that uses vector
+// instructions. It must only be called if the vector facility (vx) is
+// available.
+//
+//go:noescape
+func updateVX(state *macState, msg []byte)
+
+// mac is a replacement for macGeneric that uses a larger buffer and redirects
+// calls that would have gone to updateGeneric to updateVX if the vector
+// facility is installed.
+//
+// A larger buffer is required for good performance because the vector
+// implementation has a higher fixed cost per call than the generic
+// implementation.
+type mac struct {
+	macState
+
+	buffer [16 * TagSize]byte // size must be a multiple of block size (16)
+	offset int
+}
+
+func (h *mac) Write(p []byte) (int, error) {
+	nn := len(p)
+	if h.offset > 0 {
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < len(h.buffer) {
+			h.offset += n
+			return nn, nil
+		}
+		p = p[n:]
+		h.offset = 0
+		if cpu.S390X.HasVX {
+			updateVX(&h.macState, h.buffer[:])
+		} else {
+			updateGeneric(&h.macState, h.buffer[:])
+		}
+	}
+
+	tail := len(p) % len(h.buffer) // number of bytes to copy into buffer
+	body := len(p) - tail          // number of bytes to process now
+	if body > 0 {
+		if cpu.S390X.HasVX {
+			updateVX(&h.macState, p[:body])
+		} else {
+			updateGeneric(&h.macState, p[:body])
+		}
+	}
+	h.offset = copy(h.buffer[:], p[body:]) // copy tail bytes - can be 0
+	return nn, nil
+}
+
+func (h *mac) Sum(out *[TagSize]byte) {
+	state := h.macState
+	remainder := h.buffer[:h.offset]
+
+	// Use the generic implementation if we have 2 or fewer blocks left
+	// to sum. The vector implementation has a higher startup time.
+	if cpu.S390X.HasVX && len(remainder) > 2*TagSize {
+		updateVX(&state, remainder)
+	} else if len(remainder) > 0 {
+		updateGeneric(&state, remainder)
+	}
+	finalize(out, &state.h, &state.s)
+}
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s
new file mode 100644
index 000000000..aa9e0494c
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s
@@ -0,0 +1,504 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+#include "textflag.h"
+
+// This implementation of Poly1305 uses the vector facility (vx)
+// to process up to 2 blocks (32 bytes) per iteration using an
+// algorithm based on the one described in:
+//
+// NEON crypto, Daniel J. Bernstein & Peter Schwabe
+// https://cryptojedi.org/papers/neoncrypto-20120320.pdf
+//
+// This algorithm uses 5 26-bit limbs to represent a 130-bit
+// value. These limbs are, for the most part, zero extended and
+// placed into 64-bit vector register elements. Each vector
+// register is 128-bits wide and so holds 2 of these elements.
+// Using 26-bit limbs allows us plenty of headroom to accommodate
+// accumulations before and after multiplication without
+// overflowing either 32-bits (before multiplication) or 64-bits
+// (after multiplication).
+//
+// In order to parallelise the operations required to calculate
+// the sum we use two separate accumulators and then sum those
+// in an extra final step. For compatibility with the generic
+// implementation we perform this summation at the end of every
+// updateVX call.
+//
+// To use two accumulators we must multiply the message blocks
+// by r² rather than r. Only the final message block should be
+// multiplied by r.
+//
+// Example:
+//
+// We want to calculate the sum (h) for a 64 byte message (m):
+//
+//   h = m[0:16]r⁴ + m[16:32]r³ + m[32:48]r² + m[48:64]r
+//
+// To do this we split the calculation into the even indices
+// and odd indices of the message. These form our SIMD 'lanes':
+//
+//   h = m[ 0:16]r⁴ + m[32:48]r² +   <- lane 0
+//       m[16:32]r³ + m[48:64]r      <- lane 1
+//
+// To calculate this iteratively we refactor so that both lanes
+// are written in terms of r² and r:
+//
+//   h = (m[ 0:16]r² + m[32:48])r² + <- lane 0
+//       (m[16:32]r² + m[48:64])r    <- lane 1
+//                ^             ^
+//                |             coefficients for second iteration
+//                coefficients for first iteration
+//
+// So in this case we would have two iterations. In the first
+// both lanes are multiplied by r². In the second only the
+// first lane is multiplied by r² and the second lane is
+// instead multiplied by r. This gives use the odd and even
+// powers of r that we need from the original equation.
+//
+// Notation:
+//
+//   h - accumulator
+//   r - key
+//   m - message
+//
+//   [a, b]       - SIMD register holding two 64-bit values
+//   [a, b, c, d] - SIMD register holding four 32-bit values
+//   xᵢ[n]        - limb n of variable x with bit width i
+//
+// Limbs are expressed in little endian order, so for 26-bit
+// limbs x₂₆[4] will be the most significant limb and x₂₆[0]
+// will be the least significant limb.
+
+// masking constants
+#define MOD24 V0 // [0x0000000000ffffff, 0x0000000000ffffff] - mask low 24-bits
+#define MOD26 V1 // [0x0000000003ffffff, 0x0000000003ffffff] - mask low 26-bits
+
+// expansion constants (see EXPAND macro)
+#define EX0 V2
+#define EX1 V3
+#define EX2 V4
+
+// key (r², r or 1 depending on context)
+#define R_0 V5
+#define R_1 V6
+#define R_2 V7
+#define R_3 V8
+#define R_4 V9
+
+// precalculated coefficients (5r², 5r or 0 depending on context)
+#define R5_1 V10
+#define R5_2 V11
+#define R5_3 V12
+#define R5_4 V13
+
+// message block (m)
+#define M_0 V14
+#define M_1 V15
+#define M_2 V16
+#define M_3 V17
+#define M_4 V18
+
+// accumulator (h)
+#define H_0 V19
+#define H_1 V20
+#define H_2 V21
+#define H_3 V22
+#define H_4 V23
+
+// temporary registers (for short-lived values)
+#define T_0 V24
+#define T_1 V25
+#define T_2 V26
+#define T_3 V27
+#define T_4 V28
+
+GLOBL ·constants<>(SB), RODATA, $0x30
+// EX0
+DATA ·constants<>+0x00(SB)/8, $0x0006050403020100
+DATA ·constants<>+0x08(SB)/8, $0x1016151413121110
+// EX1
+DATA ·constants<>+0x10(SB)/8, $0x060c0b0a09080706
+DATA ·constants<>+0x18(SB)/8, $0x161c1b1a19181716
+// EX2
+DATA ·constants<>+0x20(SB)/8, $0x0d0d0d0d0d0f0e0d
+DATA ·constants<>+0x28(SB)/8, $0x1d1d1d1d1d1f1e1d
+
+// MULTIPLY multiplies each lane of f and g, partially reduced
+// modulo 2¹³⁰ - 5. The result, h, consists of partial products
+// in each lane that need to be reduced further to produce the
+// final result.
+//
+//   h₁₃₀ = (f₁₃₀g₁₃₀) % 2¹³⁰ + (5f₁₃₀g₁₃₀) / 2¹³⁰
+//
+// Note that the multiplication by 5 of the high bits is
+// achieved by precalculating the multiplication of four of the
+// g coefficients by 5. These are g51-g54.
+#define MULTIPLY(f0, f1, f2, f3, f4, g0, g1, g2, g3, g4, g51, g52, g53, g54, h0, h1, h2, h3, h4) \
+	VMLOF  f0, g0, h0        \
+	VMLOF  f0, g3, h3        \
+	VMLOF  f0, g1, h1        \
+	VMLOF  f0, g4, h4        \
+	VMLOF  f0, g2, h2        \
+	VMLOF  f1, g54, T_0      \
+	VMLOF  f1, g2, T_3       \
+	VMLOF  f1, g0, T_1       \
+	VMLOF  f1, g3, T_4       \
+	VMLOF  f1, g1, T_2       \
+	VMALOF f2, g53, h0, h0   \
+	VMALOF f2, g1, h3, h3    \
+	VMALOF f2, g54, h1, h1   \
+	VMALOF f2, g2, h4, h4    \
+	VMALOF f2, g0, h2, h2    \
+	VMALOF f3, g52, T_0, T_0 \
+	VMALOF f3, g0, T_3, T_3  \
+	VMALOF f3, g53, T_1, T_1 \
+	VMALOF f3, g1, T_4, T_4  \
+	VMALOF f3, g54, T_2, T_2 \
+	VMALOF f4, g51, h0, h0   \
+	VMALOF f4, g54, h3, h3   \
+	VMALOF f4, g52, h1, h1   \
+	VMALOF f4, g0, h4, h4    \
+	VMALOF f4, g53, h2, h2   \
+	VAG    T_0, h0, h0       \
+	VAG    T_3, h3, h3       \
+	VAG    T_1, h1, h1       \
+	VAG    T_4, h4, h4       \
+	VAG    T_2, h2, h2
+
+// REDUCE performs the following carry operations in four
+// stages, as specified in Bernstein & Schwabe:
+//
+//   1: h₂₆[0]->h₂₆[1] h₂₆[3]->h₂₆[4]
+//   2: h₂₆[1]->h₂₆[2] h₂₆[4]->h₂₆[0]
+//   3: h₂₆[0]->h₂₆[1] h₂₆[2]->h₂₆[3]
+//   4: h₂₆[3]->h₂₆[4]
+//
+// The result is that all of the limbs are limited to 26-bits
+// except for h₂₆[1] and h₂₆[4] which are limited to 27-bits.
+//
+// Note that although each limb is aligned at 26-bit intervals
+// they may contain values that exceed 2²⁶ - 1, hence the need
+// to carry the excess bits in each limb.
+#define REDUCE(h0, h1, h2, h3, h4) \
+	VESRLG $26, h0, T_0  \
+	VESRLG $26, h3, T_1  \
+	VN     MOD26, h0, h0 \
+	VN     MOD26, h3, h3 \
+	VAG    T_0, h1, h1   \
+	VAG    T_1, h4, h4   \
+	VESRLG $26, h1, T_2  \
+	VESRLG $26, h4, T_3  \
+	VN     MOD26, h1, h1 \
+	VN     MOD26, h4, h4 \
+	VESLG  $2, T_3, T_4  \
+	VAG    T_3, T_4, T_4 \
+	VAG    T_2, h2, h2   \
+	VAG    T_4, h0, h0   \
+	VESRLG $26, h2, T_0  \
+	VESRLG $26, h0, T_1  \
+	VN     MOD26, h2, h2 \
+	VN     MOD26, h0, h0 \
+	VAG    T_0, h3, h3   \
+	VAG    T_1, h1, h1   \
+	VESRLG $26, h3, T_2  \
+	VN     MOD26, h3, h3 \
+	VAG    T_2, h4, h4
+
+// EXPAND splits the 128-bit little-endian values in0 and in1
+// into 26-bit big-endian limbs and places the results into
+// the first and second lane of d₂₆[0:4] respectively.
+//
+// The EX0, EX1 and EX2 constants are arrays of byte indices
+// for permutation. The permutation both reverses the bytes
+// in the input and ensures the bytes are copied into the
+// destination limb ready to be shifted into their final
+// position.
+#define EXPAND(in0, in1, d0, d1, d2, d3, d4) \
+	VPERM  in0, in1, EX0, d0 \
+	VPERM  in0, in1, EX1, d2 \
+	VPERM  in0, in1, EX2, d4 \
+	VESRLG $26, d0, d1       \
+	VESRLG $30, d2, d3       \
+	VESRLG $4, d2, d2        \
+	VN     MOD26, d0, d0     \ // [in0₂₆[0], in1₂₆[0]]
+	VN     MOD26, d3, d3     \ // [in0₂₆[3], in1₂₆[3]]
+	VN     MOD26, d1, d1     \ // [in0₂₆[1], in1₂₆[1]]
+	VN     MOD24, d4, d4     \ // [in0₂₆[4], in1₂₆[4]]
+	VN     MOD26, d2, d2     // [in0₂₆[2], in1₂₆[2]]
+
+// func updateVX(state *macState, msg []byte)
+TEXT ·updateVX(SB), NOSPLIT, $0
+	MOVD state+0(FP), R1
+	LMG  msg+8(FP), R2, R3 // R2=msg_base, R3=msg_len
+
+	// load EX0, EX1 and EX2
+	MOVD $·constants<>(SB), R5
+	VLM  (R5), EX0, EX2
+
+	// generate masks
+	VGMG $(64-24), $63, MOD24 // [0x00ffffff, 0x00ffffff]
+	VGMG $(64-26), $63, MOD26 // [0x03ffffff, 0x03ffffff]
+
+	// load h (accumulator) and r (key) from state
+	VZERO T_1               // [0, 0]
+	VL    0(R1), T_0        // [h₆₄[0], h₆₄[1]]
+	VLEG  $0, 16(R1), T_1   // [h₆₄[2], 0]
+	VL    24(R1), T_2       // [r₆₄[0], r₆₄[1]]
+	VPDI  $0, T_0, T_2, T_3 // [h₆₄[0], r₆₄[0]]
+	VPDI  $5, T_0, T_2, T_4 // [h₆₄[1], r₆₄[1]]
+
+	// unpack h and r into 26-bit limbs
+	// note: h₆₄[2] may have the low 3 bits set, so h₂₆[4] is a 27-bit value
+	VN     MOD26, T_3, H_0            // [h₂₆[0], r₂₆[0]]
+	VZERO  H_1                        // [0, 0]
+	VZERO  H_3                        // [0, 0]
+	VGMG   $(64-12-14), $(63-12), T_0 // [0x03fff000, 0x03fff000] - 26-bit mask with low 12 bits masked out
+	VESLG  $24, T_1, T_1              // [h₆₄[2]<<24, 0]
+	VERIMG $-26&63, T_3, MOD26, H_1   // [h₂₆[1], r₂₆[1]]
+	VESRLG $+52&63, T_3, H_2          // [h₂₆[2], r₂₆[2]] - low 12 bits only
+	VERIMG $-14&63, T_4, MOD26, H_3   // [h₂₆[1], r₂₆[1]]
+	VESRLG $40, T_4, H_4              // [h₂₆[4], r₂₆[4]] - low 24 bits only
+	VERIMG $+12&63, T_4, T_0, H_2     // [h₂₆[2], r₂₆[2]] - complete
+	VO     T_1, H_4, H_4              // [h₂₆[4], r₂₆[4]] - complete
+
+	// replicate r across all 4 vector elements
+	VREPF $3, H_0, R_0 // [r₂₆[0], r₂₆[0], r₂₆[0], r₂₆[0]]
+	VREPF $3, H_1, R_1 // [r₂₆[1], r₂₆[1], r₂₆[1], r₂₆[1]]
+	VREPF $3, H_2, R_2 // [r₂₆[2], r₂₆[2], r₂₆[2], r₂₆[2]]
+	VREPF $3, H_3, R_3 // [r₂₆[3], r₂₆[3], r₂₆[3], r₂₆[3]]
+	VREPF $3, H_4, R_4 // [r₂₆[4], r₂₆[4], r₂₆[4], r₂₆[4]]
+
+	// zero out lane 1 of h
+	VLEIG $1, $0, H_0 // [h₂₆[0], 0]
+	VLEIG $1, $0, H_1 // [h₂₆[1], 0]
+	VLEIG $1, $0, H_2 // [h₂₆[2], 0]
+	VLEIG $1, $0, H_3 // [h₂₆[3], 0]
+	VLEIG $1, $0, H_4 // [h₂₆[4], 0]
+
+	// calculate 5r (ignore least significant limb)
+	VREPIF $5, T_0
+	VMLF   T_0, R_1, R5_1 // [5r₂₆[1], 5r₂₆[1], 5r₂₆[1], 5r₂₆[1]]
+	VMLF   T_0, R_2, R5_2 // [5r₂₆[2], 5r₂₆[2], 5r₂₆[2], 5r₂₆[2]]
+	VMLF   T_0, R_3, R5_3 // [5r₂₆[3], 5r₂₆[3], 5r₂₆[3], 5r₂₆[3]]
+	VMLF   T_0, R_4, R5_4 // [5r₂₆[4], 5r₂₆[4], 5r₂₆[4], 5r₂₆[4]]
+
+	// skip r² calculation if we are only calculating one block
+	CMPBLE R3, $16, skip
+
+	// calculate r²
+	MULTIPLY(R_0, R_1, R_2, R_3, R_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, M_0, M_1, M_2, M_3, M_4)
+	REDUCE(M_0, M_1, M_2, M_3, M_4)
+	VGBM   $0x0f0f, T_0
+	VERIMG $0, M_0, T_0, R_0 // [r₂₆[0], r²₂₆[0], r₂₆[0], r²₂₆[0]]
+	VERIMG $0, M_1, T_0, R_1 // [r₂₆[1], r²₂₆[1], r₂₆[1], r²₂₆[1]]
+	VERIMG $0, M_2, T_0, R_2 // [r₂₆[2], r²₂₆[2], r₂₆[2], r²₂₆[2]]
+	VERIMG $0, M_3, T_0, R_3 // [r₂₆[3], r²₂₆[3], r₂₆[3], r²₂₆[3]]
+	VERIMG $0, M_4, T_0, R_4 // [r₂₆[4], r²₂₆[4], r₂₆[4], r²₂₆[4]]
+
+	// calculate 5r² (ignore least significant limb)
+	VREPIF $5, T_0
+	VMLF   T_0, R_1, R5_1 // [5r₂₆[1], 5r²₂₆[1], 5r₂₆[1], 5r²₂₆[1]]
+	VMLF   T_0, R_2, R5_2 // [5r₂₆[2], 5r²₂₆[2], 5r₂₆[2], 5r²₂₆[2]]
+	VMLF   T_0, R_3, R5_3 // [5r₂₆[3], 5r²₂₆[3], 5r₂₆[3], 5r²₂₆[3]]
+	VMLF   T_0, R_4, R5_4 // [5r₂₆[4], 5r²₂₆[4], 5r₂₆[4], 5r²₂₆[4]]
+
+loop:
+	CMPBLE R3, $32, b2 // 2 or fewer blocks remaining, need to change key coefficients
+
+	// load next 2 blocks from message
+	VLM (R2), T_0, T_1
+
+	// update message slice
+	SUB  $32, R3
+	MOVD $32(R2), R2
+
+	// unpack message blocks into 26-bit big-endian limbs
+	EXPAND(T_0, T_1, M_0, M_1, M_2, M_3, M_4)
+
+	// add 2¹²⁸ to each message block value
+	VLEIB $4, $1, M_4
+	VLEIB $12, $1, M_4
+
+multiply:
+	// accumulate the incoming message
+	VAG H_0, M_0, M_0
+	VAG H_3, M_3, M_3
+	VAG H_1, M_1, M_1
+	VAG H_4, M_4, M_4
+	VAG H_2, M_2, M_2
+
+	// multiply the accumulator by the key coefficient
+	MULTIPLY(M_0, M_1, M_2, M_3, M_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, H_0, H_1, H_2, H_3, H_4)
+
+	// carry and partially reduce the partial products
+	REDUCE(H_0, H_1, H_2, H_3, H_4)
+
+	CMPBNE R3, $0, loop
+
+finish:
+	// sum lane 0 and lane 1 and put the result in lane 1
+	VZERO  T_0
+	VSUMQG H_0, T_0, H_0
+	VSUMQG H_3, T_0, H_3
+	VSUMQG H_1, T_0, H_1
+	VSUMQG H_4, T_0, H_4
+	VSUMQG H_2, T_0, H_2
+
+	// reduce again after summation
+	// TODO(mundaym): there might be a more efficient way to do this
+	// now that we only have 1 active lane. For example, we could
+	// simultaneously pack the values as we reduce them.
+	REDUCE(H_0, H_1, H_2, H_3, H_4)
+
+	// carry h[1] through to h[4] so that only h[4] can exceed 2²⁶ - 1
+	// TODO(mundaym): in testing this final carry was unnecessary.
+	// Needs a proof before it can be removed though.
+	VESRLG $26, H_1, T_1
+	VN     MOD26, H_1, H_1
+	VAQ    T_1, H_2, H_2
+	VESRLG $26, H_2, T_2
+	VN     MOD26, H_2, H_2
+	VAQ    T_2, H_3, H_3
+	VESRLG $26, H_3, T_3
+	VN     MOD26, H_3, H_3
+	VAQ    T_3, H_4, H_4
+
+	// h is now < 2(2¹³⁰ - 5)
+	// Pack each lane in h₂₆[0:4] into h₁₂₈[0:1].
+	VESLG $26, H_1, H_1
+	VESLG $26, H_3, H_3
+	VO    H_0, H_1, H_0
+	VO    H_2, H_3, H_2
+	VESLG $4, H_2, H_2
+	VLEIB $7, $48, H_1
+	VSLB  H_1, H_2, H_2
+	VO    H_0, H_2, H_0
+	VLEIB $7, $104, H_1
+	VSLB  H_1, H_4, H_3
+	VO    H_3, H_0, H_0
+	VLEIB $7, $24, H_1
+	VSRLB H_1, H_4, H_1
+
+	// update state
+	VSTEG $1, H_0, 0(R1)
+	VSTEG $0, H_0, 8(R1)
+	VSTEG $1, H_1, 16(R1)
+	RET
+
+b2:  // 2 or fewer blocks remaining
+	CMPBLE R3, $16, b1
+
+	// Load the 2 remaining blocks (17-32 bytes remaining).
+	MOVD $-17(R3), R0    // index of final byte to load modulo 16
+	VL   (R2), T_0       // load full 16 byte block
+	VLL  R0, 16(R2), T_1 // load final (possibly partial) block and pad with zeros to 16 bytes
+
+	// The Poly1305 algorithm requires that a 1 bit be appended to
+	// each message block. If the final block is less than 16 bytes
+	// long then it is easiest to insert the 1 before the message
+	// block is split into 26-bit limbs. If, on the other hand, the
+	// final message block is 16 bytes long then we append the 1 bit
+	// after expansion as normal.
+	MOVBZ  $1, R0
+	MOVD   $-16(R3), R3   // index of byte in last block to insert 1 at (could be 16)
+	CMPBEQ R3, $16, 2(PC) // skip the insertion if the final block is 16 bytes long
+	VLVGB  R3, R0, T_1    // insert 1 into the byte at index R3
+
+	// Split both blocks into 26-bit limbs in the appropriate lanes.
+	EXPAND(T_0, T_1, M_0, M_1, M_2, M_3, M_4)
+
+	// Append a 1 byte to the end of the second to last block.
+	VLEIB $4, $1, M_4
+
+	// Append a 1 byte to the end of the last block only if it is a
+	// full 16 byte block.
+	CMPBNE R3, $16, 2(PC)
+	VLEIB  $12, $1, M_4
+
+	// Finally, set up the coefficients for the final multiplication.
+	// We have previously saved r and 5r in the 32-bit even indexes
+	// of the R_[0-4] and R5_[1-4] coefficient registers.
+	//
+	// We want lane 0 to be multiplied by r² so that can be kept the
+	// same. We want lane 1 to be multiplied by r so we need to move
+	// the saved r value into the 32-bit odd index in lane 1 by
+	// rotating the 64-bit lane by 32.
+	VGBM   $0x00ff, T_0         // [0, 0xffffffffffffffff] - mask lane 1 only
+	VERIMG $32, R_0, T_0, R_0   // [_,  r²₂₆[0], _,  r₂₆[0]]
+	VERIMG $32, R_1, T_0, R_1   // [_,  r²₂₆[1], _,  r₂₆[1]]
+	VERIMG $32, R_2, T_0, R_2   // [_,  r²₂₆[2], _,  r₂₆[2]]
+	VERIMG $32, R_3, T_0, R_3   // [_,  r²₂₆[3], _,  r₂₆[3]]
+	VERIMG $32, R_4, T_0, R_4   // [_,  r²₂₆[4], _,  r₂₆[4]]
+	VERIMG $32, R5_1, T_0, R5_1 // [_, 5r²₂₆[1], _, 5r₂₆[1]]
+	VERIMG $32, R5_2, T_0, R5_2 // [_, 5r²₂₆[2], _, 5r₂₆[2]]
+	VERIMG $32, R5_3, T_0, R5_3 // [_, 5r²₂₆[3], _, 5r₂₆[3]]
+	VERIMG $32, R5_4, T_0, R5_4 // [_, 5r²₂₆[4], _, 5r₂₆[4]]
+
+	MOVD $0, R3
+	BR   multiply
+
+skip:
+	CMPBEQ R3, $0, finish
+
+b1:  // 1 block remaining
+
+	// Load the final block (1-16 bytes). This will be placed into
+	// lane 0.
+	MOVD $-1(R3), R0
+	VLL  R0, (R2), T_0 // pad to 16 bytes with zeros
+
+	// The Poly1305 algorithm requires that a 1 bit be appended to
+	// each message block. If the final block is less than 16 bytes
+	// long then it is easiest to insert the 1 before the message
+	// block is split into 26-bit limbs. If, on the other hand, the
+	// final message block is 16 bytes long then we append the 1 bit
+	// after expansion as normal.
+	MOVBZ  $1, R0
+	CMPBEQ R3, $16, 2(PC)
+	VLVGB  R3, R0, T_0
+
+	// Set the message block in lane 1 to the value 0 so that it
+	// can be accumulated without affecting the final result.
+	VZERO T_1
+
+	// Split the final message block into 26-bit limbs in lane 0.
+	// Lane 1 will be contain 0.
+	EXPAND(T_0, T_1, M_0, M_1, M_2, M_3, M_4)
+
+	// Append a 1 byte to the end of the last block only if it is a
+	// full 16 byte block.
+	CMPBNE R3, $16, 2(PC)
+	VLEIB  $4, $1, M_4
+
+	// We have previously saved r and 5r in the 32-bit even indexes
+	// of the R_[0-4] and R5_[1-4] coefficient registers.
+	//
+	// We want lane 0 to be multiplied by r so we need to move the
+	// saved r value into the 32-bit odd index in lane 0. We want
+	// lane 1 to be set to the value 1. This makes multiplication
+	// a no-op. We do this by setting lane 1 in every register to 0
+	// and then just setting the 32-bit index 3 in R_0 to 1.
+	VZERO T_0
+	MOVD  $0, R0
+	MOVD  $0x10111213, R12
+	VLVGP R12, R0, T_1         // [_, 0x10111213, _, 0x00000000]
+	VPERM T_0, R_0, T_1, R_0   // [_,  r₂₆[0], _, 0]
+	VPERM T_0, R_1, T_1, R_1   // [_,  r₂₆[1], _, 0]
+	VPERM T_0, R_2, T_1, R_2   // [_,  r₂₆[2], _, 0]
+	VPERM T_0, R_3, T_1, R_3   // [_,  r₂₆[3], _, 0]
+	VPERM T_0, R_4, T_1, R_4   // [_,  r₂₆[4], _, 0]
+	VPERM T_0, R5_1, T_1, R5_1 // [_, 5r₂₆[1], _, 0]
+	VPERM T_0, R5_2, T_1, R5_2 // [_, 5r₂₆[2], _, 0]
+	VPERM T_0, R5_3, T_1, R5_3 // [_, 5r₂₆[3], _, 0]
+	VPERM T_0, R5_4, T_1, R5_4 // [_, 5r₂₆[4], _, 0]
+
+	// Set the value of lane 1 to be 1.
+	VLEIF $3, $1, R_0 // [_,  r₂₆[0], _, 1]
+
+	MOVD $0, R3
+	BR   multiply
diff --git a/vendor/golang.org/x/exp/slices/slices.go b/vendor/golang.org/x/exp/slices/slices.go
index cff0cd49e..2540bd682 100644
--- a/vendor/golang.org/x/exp/slices/slices.go
+++ b/vendor/golang.org/x/exp/slices/slices.go
@@ -104,8 +104,8 @@ func CompareFunc[E1, E2 any](s1 []E1, s2 []E2, cmp func(E1, E2) int) int {
 // Index returns the index of the first occurrence of v in s,
 // or -1 if not present.
 func Index[E comparable](s []E, v E) int {
-	for i, vs := range s {
-		if v == vs {
+	for i := range s {
+		if v == s[i] {
 			return i
 		}
 	}
@@ -115,8 +115,8 @@ func Index[E comparable](s []E, v E) int {
 // IndexFunc returns the first index i satisfying f(s[i]),
 // or -1 if none do.
 func IndexFunc[E any](s []E, f func(E) bool) int {
-	for i, v := range s {
-		if f(v) {
+	for i := range s {
+		if f(s[i]) {
 			return i
 		}
 	}
@@ -207,12 +207,12 @@ func Compact[S ~[]E, E comparable](s S) S {
 		return s
 	}
 	i := 1
-	last := s[0]
-	for _, v := range s[1:] {
-		if v != last {
-			s[i] = v
+	for k := 1; k < len(s); k++ {
+		if s[k] != s[k-1] {
+			if i != k {
+				s[i] = s[k]
+			}
 			i++
-			last = v
 		}
 	}
 	return s[:i]
@@ -224,12 +224,12 @@ func CompactFunc[S ~[]E, E any](s S, eq func(E, E) bool) S {
 		return s
 	}
 	i := 1
-	last := s[0]
-	for _, v := range s[1:] {
-		if !eq(v, last) {
-			s[i] = v
+	for k := 1; k < len(s); k++ {
+		if !eq(s[k], s[k-1]) {
+			if i != k {
+				s[i] = s[k]
+			}
 			i++
-			last = v
 		}
 	}
 	return s[:i]
diff --git a/vendor/golang.org/x/exp/slices/sort.go b/vendor/golang.org/x/exp/slices/sort.go
index f14f40da7..231b6448a 100644
--- a/vendor/golang.org/x/exp/slices/sort.go
+++ b/vendor/golang.org/x/exp/slices/sort.go
@@ -81,10 +81,12 @@ func BinarySearch[E constraints.Ordered](x []E, target E) (int, bool) {
 }
 
 // BinarySearchFunc works like BinarySearch, but uses a custom comparison
-// function. The slice must be sorted in increasing order, where "increasing" is
-// defined by cmp. cmp(a, b) is expected to return an integer comparing the two
-// parameters: 0 if a == b, a negative number if a < b and a positive number if
-// a > b.
+// function. The slice must be sorted in increasing order, where "increasing"
+// is defined by cmp. cmp should return 0 if the slice element matches
+// the target, a negative number if the slice element precedes the target,
+// or a positive number if the slice element follows the target.
+// cmp must implement the same ordering as the slice, such that if
+// cmp(a, t) < 0 and cmp(b, t) >= 0, then a must precede b in the slice.
 func BinarySearchFunc[E, T any](x []E, target T, cmp func(E, T) int) (int, bool) {
 	n := len(x)
 	// Define cmp(x[-1], target) < 0 and cmp(x[n], target) >= 0 .
diff --git a/vendor/golang.org/x/net/http2/pipe.go b/vendor/golang.org/x/net/http2/pipe.go
index c15b8a771..684d984fd 100644
--- a/vendor/golang.org/x/net/http2/pipe.go
+++ b/vendor/golang.org/x/net/http2/pipe.go
@@ -88,13 +88,9 @@ func (p *pipe) Write(d []byte) (n int, err error) {
 		p.c.L = &p.mu
 	}
 	defer p.c.Signal()
-	if p.err != nil {
+	if p.err != nil || p.breakErr != nil {
 		return 0, errClosedPipeWrite
 	}
-	if p.breakErr != nil {
-		p.unread += len(d)
-		return len(d), nil // discard when there is no reader
-	}
 	return p.b.Write(d)
 }
 
diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go
index 8cb14f3c9..cd057f398 100644
--- a/vendor/golang.org/x/net/http2/server.go
+++ b/vendor/golang.org/x/net/http2/server.go
@@ -1822,15 +1822,18 @@ func (sc *serverConn) processData(f *DataFrame) error {
 		}
 
 		if len(data) > 0 {
+			st.bodyBytes += int64(len(data))
 			wrote, err := st.body.Write(data)
 			if err != nil {
+				// The handler has closed the request body.
+				// Return the connection-level flow control for the discarded data,
+				// but not the stream-level flow control.
 				sc.sendWindowUpdate(nil, int(f.Length)-wrote)
-				return sc.countError("body_write_err", streamError(id, ErrCodeStreamClosed))
+				return nil
 			}
 			if wrote != len(data) {
 				panic("internal error: bad Writer")
 			}
-			st.bodyBytes += int64(len(data))
 		}
 
 		// Return any padded flow control now, since we won't
diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go
index 05ba23d3d..ac90a2631 100644
--- a/vendor/golang.org/x/net/http2/transport.go
+++ b/vendor/golang.org/x/net/http2/transport.go
@@ -560,10 +560,11 @@ func (t *Transport) RoundTripOpt(req *http.Request, opt RoundTripOpt) (*http.Res
 		traceGotConn(req, cc, reused)
 		res, err := cc.RoundTrip(req)
 		if err != nil && retry <= 6 {
+			roundTripErr := err
 			if req, err = shouldRetryRequest(req, err); err == nil {
 				// After the first retry, do exponential backoff with 10% jitter.
 				if retry == 0 {
-					t.vlogf("RoundTrip retrying after failure: %v", err)
+					t.vlogf("RoundTrip retrying after failure: %v", roundTripErr)
 					continue
 				}
 				backoff := float64(uint(1) << (uint(retry) - 1))
@@ -572,7 +573,7 @@ func (t *Transport) RoundTripOpt(req *http.Request, opt RoundTripOpt) (*http.Res
 				timer := backoffNewTimer(d)
 				select {
 				case <-timer.C:
-					t.vlogf("RoundTrip retrying after failure: %v", err)
+					t.vlogf("RoundTrip retrying after failure: %v", roundTripErr)
 					continue
 				case <-req.Context().Done():
 					timer.Stop()
@@ -1265,6 +1266,27 @@ func (cc *ClientConn) RoundTrip(req *http.Request) (*http.Response, error) {
 		return res, nil
 	}
 
+	cancelRequest := func(cs *clientStream, err error) error {
+		cs.cc.mu.Lock()
+		defer cs.cc.mu.Unlock()
+		cs.abortStreamLocked(err)
+		if cs.ID != 0 {
+			// This request may have failed because of a problem with the connection,
+			// or for some unrelated reason. (For example, the user might have canceled
+			// the request without waiting for a response.) Mark the connection as
+			// not reusable, since trying to reuse a dead connection is worse than
+			// unnecessarily creating a new one.
+			//
+			// If cs.ID is 0, then the request was never allocated a stream ID and
+			// whatever went wrong was unrelated to the connection. We might have
+			// timed out waiting for a stream slot when StrictMaxConcurrentStreams
+			// is set, for example, in which case retrying on a different connection
+			// will not help.
+			cs.cc.doNotReuse = true
+		}
+		return err
+	}
+
 	for {
 		select {
 		case <-cs.respHeaderRecv:
@@ -1279,15 +1301,12 @@ func (cc *ClientConn) RoundTrip(req *http.Request) (*http.Response, error) {
 				return handleResponseHeaders()
 			default:
 				waitDone()
-				return nil, cs.abortErr
+				return nil, cancelRequest(cs, cs.abortErr)
 			}
 		case <-ctx.Done():
-			err := ctx.Err()
-			cs.abortStream(err)
-			return nil, err
+			return nil, cancelRequest(cs, ctx.Err())
 		case <-cs.reqCancel:
-			cs.abortStream(errRequestCanceled)
-			return nil, errRequestCanceled
+			return nil, cancelRequest(cs, errRequestCanceled)
 		}
 	}
 }
@@ -2555,6 +2574,9 @@ func (b transportResponseBody) Close() error {
 	cs := b.cs
 	cc := cs.cc
 
+	cs.bufPipe.BreakWithError(errClosedResponseBody)
+	cs.abortStream(errClosedResponseBody)
+
 	unread := cs.bufPipe.Len()
 	if unread > 0 {
 		cc.mu.Lock()
@@ -2573,9 +2595,6 @@ func (b transportResponseBody) Close() error {
 		cc.wmu.Unlock()
 	}
 
-	cs.bufPipe.BreakWithError(errClosedResponseBody)
-	cs.abortStream(errClosedResponseBody)
-
 	select {
 	case <-cs.donec:
 	case <-cs.ctx.Done():
diff --git a/vendor/golang.org/x/net/internal/socks/socks.go b/vendor/golang.org/x/net/internal/socks/socks.go
index 97db2340e..84fcc32b6 100644
--- a/vendor/golang.org/x/net/internal/socks/socks.go
+++ b/vendor/golang.org/x/net/internal/socks/socks.go
@@ -289,7 +289,7 @@ func (up *UsernamePassword) Authenticate(ctx context.Context, rw io.ReadWriter,
 	case AuthMethodNotRequired:
 		return nil
 	case AuthMethodUsernamePassword:
-		if len(up.Username) == 0 || len(up.Username) > 255 || len(up.Password) == 0 || len(up.Password) > 255 {
+		if len(up.Username) == 0 || len(up.Username) > 255 || len(up.Password) > 255 {
 			return errors.New("invalid username/password")
 		}
 		b := []byte{authUsernamePasswordVersion}
diff --git a/vendor/golang.org/x/oauth2/README.md b/vendor/golang.org/x/oauth2/README.md
index 1473e1296..781770c20 100644
--- a/vendor/golang.org/x/oauth2/README.md
+++ b/vendor/golang.org/x/oauth2/README.md
@@ -19,7 +19,7 @@ See pkg.go.dev for further documentation and examples.
 * [pkg.go.dev/golang.org/x/oauth2](https://pkg.go.dev/golang.org/x/oauth2)
 * [pkg.go.dev/golang.org/x/oauth2/google](https://pkg.go.dev/golang.org/x/oauth2/google)
 
-## Policy for new packages
+## Policy for new endpoints
 
 We no longer accept new provider-specific packages in this repo if all
 they do is add a single endpoint variable. If you just want to add a
@@ -29,8 +29,12 @@ package.
 
 ## Report Issues / Send Patches
 
-This repository uses Gerrit for code changes. To learn how to submit changes to
-this repository, see https://golang.org/doc/contribute.html.
-
 The main issue tracker for the oauth2 repository is located at
 https://github.com/golang/oauth2/issues.
+
+This repository uses Gerrit for code changes. To learn how to submit changes to
+this repository, see https://golang.org/doc/contribute.html. In particular:
+
+* Excluding trivial changes, all contributions should be connected to an existing issue.
+* API changes must go through the [change proposal process](https://go.dev/s/proposal-process) before they can be accepted.
+* The code owners are listed at [dev.golang.org/owners](https://dev.golang.org/owners#:~:text=x/oauth2).
diff --git a/vendor/golang.org/x/oauth2/google/default.go b/vendor/golang.org/x/oauth2/google/default.go
index db6b19e93..2cf71f0f9 100644
--- a/vendor/golang.org/x/oauth2/google/default.go
+++ b/vendor/golang.org/x/oauth2/google/default.go
@@ -8,17 +8,19 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"os"
 	"path/filepath"
 	"runtime"
+	"time"
 
 	"cloud.google.com/go/compute/metadata"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/authhandler"
 )
 
+const adcSetupURL = "https://cloud.google.com/docs/authentication/external/set-up-adc"
+
 // Credentials holds Google credentials, including "Application Default Credentials".
 // For more details, see:
 // https://developers.google.com/accounts/docs/application-default-credentials
@@ -66,6 +68,14 @@ type CredentialsParams struct {
 	// The OAuth2 TokenURL default override. This value overrides the default TokenURL,
 	// unless explicitly specified by the credentials config file. Optional.
 	TokenURL string
+
+	// EarlyTokenRefresh is the amount of time before a token expires that a new
+	// token will be preemptively fetched. If unset the default value is 10
+	// seconds.
+	//
+	// Note: This option is currently only respected when using credentials
+	// fetched from the GCE metadata server.
+	EarlyTokenRefresh time.Duration
 }
 
 func (params CredentialsParams) deepCopy() CredentialsParams {
@@ -131,10 +141,8 @@ func FindDefaultCredentialsWithParams(ctx context.Context, params CredentialsPar
 
 	// Second, try a well-known file.
 	filename := wellKnownFile()
-	if creds, err := readCredentialsFile(ctx, filename, params); err == nil {
-		return creds, nil
-	} else if !os.IsNotExist(err) {
-		return nil, fmt.Errorf("google: error getting credentials using well-known file (%v): %v", filename, err)
+	if b, err := os.ReadFile(filename); err == nil {
+		return CredentialsFromJSONWithParams(ctx, b, params)
 	}
 
 	// Third, if we're on a Google App Engine standard first generation runtime (<= Go 1.9)
@@ -153,13 +161,12 @@ func FindDefaultCredentialsWithParams(ctx context.Context, params CredentialsPar
 		id, _ := metadata.ProjectID()
 		return &Credentials{
 			ProjectID:   id,
-			TokenSource: ComputeTokenSource("", params.Scopes...),
+			TokenSource: computeTokenSource("", params.EarlyTokenRefresh, params.Scopes...),
 		}, nil
 	}
 
 	// None are found; return helpful error.
-	const url = "https://developers.google.com/accounts/docs/application-default-credentials"
-	return nil, fmt.Errorf("google: could not find default credentials. See %v for more information.", url)
+	return nil, fmt.Errorf("google: could not find default credentials. See %v for more information", adcSetupURL)
 }
 
 // FindDefaultCredentials invokes FindDefaultCredentialsWithParams with the specified scopes.
@@ -221,7 +228,7 @@ func wellKnownFile() string {
 }
 
 func readCredentialsFile(ctx context.Context, filename string, params CredentialsParams) (*Credentials, error) {
-	b, err := ioutil.ReadFile(filename)
+	b, err := os.ReadFile(filename)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/golang.org/x/oauth2/google/doc.go b/vendor/golang.org/x/oauth2/google/doc.go
index 8a3349fc2..ca717634a 100644
--- a/vendor/golang.org/x/oauth2/google/doc.go
+++ b/vendor/golang.org/x/oauth2/google/doc.go
@@ -26,7 +26,7 @@
 //
 // Using workload identity federation, your application can access Google Cloud
 // resources from Amazon Web Services (AWS), Microsoft Azure or any identity
-// provider that supports OpenID Connect (OIDC).
+// provider that supports OpenID Connect (OIDC) or SAML 2.0.
 // Traditionally, applications running outside Google Cloud have used service
 // account keys to access Google Cloud resources. Using identity federation,
 // you can allow your workload to impersonate a service account.
@@ -36,26 +36,70 @@
 // Follow the detailed instructions on how to configure Workload Identity Federation
 // in various platforms:
 //
-//	Amazon Web Services (AWS): https://cloud.google.com/iam/docs/access-resources-aws
-//	Microsoft Azure: https://cloud.google.com/iam/docs/access-resources-azure
-//	OIDC identity provider: https://cloud.google.com/iam/docs/access-resources-oidc
+//	Amazon Web Services (AWS): https://cloud.google.com/iam/docs/workload-identity-federation-with-other-clouds#aws
+//	Microsoft Azure: https://cloud.google.com/iam/docs/workload-identity-federation-with-other-clouds#azure
+//	OIDC identity provider: https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#oidc
+//	SAML 2.0 identity provider: https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#saml
 //
 // For OIDC and SAML providers, the library can retrieve tokens in three ways:
 // from a local file location (file-sourced credentials), from a server
 // (URL-sourced credentials), or from a local executable (executable-sourced
 // credentials).
 // For file-sourced credentials, a background process needs to be continuously
-// refreshing the file location with a new OIDC token prior to expiration.
+// refreshing the file location with a new OIDC/SAML token prior to expiration.
 // For tokens with one hour lifetimes, the token needs to be updated in the file
 // every hour. The token can be stored directly as plain text or in JSON format.
 // For URL-sourced credentials, a local server needs to host a GET endpoint to
-// return the OIDC token. The response can be in plain text or JSON.
+// return the OIDC/SAML token. The response can be in plain text or JSON.
 // Additional required request headers can also be specified.
 // For executable-sourced credentials, an application needs to be available to
-// output the OIDC token and other information in a JSON format.
+// output the OIDC/SAML token and other information in a JSON format.
 // For more information on how these work (and how to implement
 // executable-sourced credentials), please check out:
-// https://cloud.google.com/iam/docs/using-workload-identity-federation#oidc
+// https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#create_a_credential_configuration
+//
+// Note that this library does not perform any validation on the token_url, token_info_url,
+// or service_account_impersonation_url fields of the credential configuration.
+// It is not recommended to use a credential configuration that you did not generate with
+// the gcloud CLI unless you verify that the URL fields point to a googleapis.com domain.
+//
+// # Workforce Identity Federation
+//
+// Workforce identity federation lets you use an external identity provider (IdP) to
+// authenticate and authorize a workforce—a group of users, such as employees, partners,
+// and contractors—using IAM, so that the users can access Google Cloud services.
+// Workforce identity federation extends Google Cloud's identity capabilities to support
+// syncless, attribute-based single sign on.
+//
+// With workforce identity federation, your workforce can access Google Cloud resources
+// using an external identity provider (IdP) that supports OpenID Connect (OIDC) or
+// SAML 2.0 such as Azure Active Directory (Azure AD), Active Directory Federation
+// Services (AD FS), Okta, and others.
+//
+// Follow the detailed instructions on how to configure Workload Identity Federation
+// in various platforms:
+//
+//	Azure AD: https://cloud.google.com/iam/docs/workforce-sign-in-azure-ad
+//	Okta: https://cloud.google.com/iam/docs/workforce-sign-in-okta
+//	OIDC identity provider: https://cloud.google.com/iam/docs/configuring-workforce-identity-federation#oidc
+//	SAML 2.0 identity provider: https://cloud.google.com/iam/docs/configuring-workforce-identity-federation#saml
+//
+// For workforce identity federation, the library can retrieve tokens in three ways:
+// from a local file location (file-sourced credentials), from a server
+// (URL-sourced credentials), or from a local executable (executable-sourced
+// credentials).
+// For file-sourced credentials, a background process needs to be continuously
+// refreshing the file location with a new OIDC/SAML token prior to expiration.
+// For tokens with one hour lifetimes, the token needs to be updated in the file
+// every hour. The token can be stored directly as plain text or in JSON format.
+// For URL-sourced credentials, a local server needs to host a GET endpoint to
+// return the OIDC/SAML token. The response can be in plain text or JSON.
+// Additional required request headers can also be specified.
+// For executable-sourced credentials, an application needs to be available to
+// output the OIDC/SAML token and other information in a JSON format.
+// For more information on how these work (and how to implement
+// executable-sourced credentials), please check out:
+// https://cloud.google.com/iam/docs/workforce-obtaining-short-lived-credentials#generate_a_configuration_file_for_non-interactive_sign-in
 //
 // Note that this library does not perform any validation on the token_url, token_info_url,
 // or service_account_impersonation_url fields of the credential configuration.
@@ -86,5 +130,4 @@
 // same as the one obtained from the oauth2.Config returned from ConfigFromJSON or
 // JWTConfigFromJSON, but the Credentials may contain additional information
 // that is useful is some circumstances.
-//
 package google // import "golang.org/x/oauth2/google"
diff --git a/vendor/golang.org/x/oauth2/google/google.go b/vendor/golang.org/x/oauth2/google/google.go
index a1b629a2e..cc1223889 100644
--- a/vendor/golang.org/x/oauth2/google/google.go
+++ b/vendor/golang.org/x/oauth2/google/google.go
@@ -231,7 +231,11 @@ func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsPar
 // Further information about retrieving access tokens from the GCE metadata
 // server can be found at https://cloud.google.com/compute/docs/authentication.
 func ComputeTokenSource(account string, scope ...string) oauth2.TokenSource {
-	return oauth2.ReuseTokenSource(nil, computeSource{account: account, scopes: scope})
+	return computeTokenSource(account, 0, scope...)
+}
+
+func computeTokenSource(account string, earlyExpiry time.Duration, scope ...string) oauth2.TokenSource {
+	return oauth2.ReuseTokenSourceWithExpiry(nil, computeSource{account: account, scopes: scope}, earlyExpiry)
 }
 
 type computeSource struct {
diff --git a/vendor/golang.org/x/oauth2/internal/oauth2.go b/vendor/golang.org/x/oauth2/internal/oauth2.go
index c0ab196cf..14989beaf 100644
--- a/vendor/golang.org/x/oauth2/internal/oauth2.go
+++ b/vendor/golang.org/x/oauth2/internal/oauth2.go
@@ -14,7 +14,7 @@ import (
 
 // ParseKey converts the binary contents of a private key file
 // to an *rsa.PrivateKey. It detects whether the private key is in a
-// PEM container or not. If so, it extracts the the private key
+// PEM container or not. If so, it extracts the private key
 // from PEM container before conversion. It only supports PEM
 // containers with no passphrase.
 func ParseKey(key []byte) (*rsa.PrivateKey, error) {
diff --git a/vendor/golang.org/x/oauth2/internal/token.go b/vendor/golang.org/x/oauth2/internal/token.go
index b4723fcac..58901bda5 100644
--- a/vendor/golang.org/x/oauth2/internal/token.go
+++ b/vendor/golang.org/x/oauth2/internal/token.go
@@ -55,12 +55,18 @@ type Token struct {
 }
 
 // tokenJSON is the struct representing the HTTP response from OAuth2
-// providers returning a token in JSON form.
+// providers returning a token or error in JSON form.
+// https://datatracker.ietf.org/doc/html/rfc6749#section-5.1
 type tokenJSON struct {
 	AccessToken  string         `json:"access_token"`
 	TokenType    string         `json:"token_type"`
 	RefreshToken string         `json:"refresh_token"`
 	ExpiresIn    expirationTime `json:"expires_in"` // at least PayPal returns string, while most return number
+	// error fields
+	// https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
+	ErrorCode        string `json:"error"`
+	ErrorDescription string `json:"error_description"`
+	ErrorURI         string `json:"error_uri"`
 }
 
 func (e *tokenJSON) expiry() (t time.Time) {
@@ -236,21 +242,29 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
 	if err != nil {
 		return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
 	}
-	if code := r.StatusCode; code < 200 || code > 299 {
-		return nil, &RetrieveError{
-			Response: r,
-			Body:     body,
-		}
+
+	failureStatus := r.StatusCode < 200 || r.StatusCode > 299
+	retrieveError := &RetrieveError{
+		Response: r,
+		Body:     body,
+		// attempt to populate error detail below
 	}
 
 	var token *Token
 	content, _, _ := mime.ParseMediaType(r.Header.Get("Content-Type"))
 	switch content {
 	case "application/x-www-form-urlencoded", "text/plain":
+		// some endpoints return a query string
 		vals, err := url.ParseQuery(string(body))
 		if err != nil {
-			return nil, err
+			if failureStatus {
+				return nil, retrieveError
+			}
+			return nil, fmt.Errorf("oauth2: cannot parse response: %v", err)
 		}
+		retrieveError.ErrorCode = vals.Get("error")
+		retrieveError.ErrorDescription = vals.Get("error_description")
+		retrieveError.ErrorURI = vals.Get("error_uri")
 		token = &Token{
 			AccessToken:  vals.Get("access_token"),
 			TokenType:    vals.Get("token_type"),
@@ -265,8 +279,14 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
 	default:
 		var tj tokenJSON
 		if err = json.Unmarshal(body, &tj); err != nil {
-			return nil, err
+			if failureStatus {
+				return nil, retrieveError
+			}
+			return nil, fmt.Errorf("oauth2: cannot parse json: %v", err)
 		}
+		retrieveError.ErrorCode = tj.ErrorCode
+		retrieveError.ErrorDescription = tj.ErrorDescription
+		retrieveError.ErrorURI = tj.ErrorURI
 		token = &Token{
 			AccessToken:  tj.AccessToken,
 			TokenType:    tj.TokenType,
@@ -276,17 +296,37 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
 		}
 		json.Unmarshal(body, &token.Raw) // no error checks for optional fields
 	}
+	// according to spec, servers should respond status 400 in error case
+	// https://www.rfc-editor.org/rfc/rfc6749#section-5.2
+	// but some unorthodox servers respond 200 in error case
+	if failureStatus || retrieveError.ErrorCode != "" {
+		return nil, retrieveError
+	}
 	if token.AccessToken == "" {
 		return nil, errors.New("oauth2: server response missing access_token")
 	}
 	return token, nil
 }
 
+// mirrors oauth2.RetrieveError
 type RetrieveError struct {
-	Response *http.Response
-	Body     []byte
+	Response         *http.Response
+	Body             []byte
+	ErrorCode        string
+	ErrorDescription string
+	ErrorURI         string
 }
 
 func (r *RetrieveError) Error() string {
+	if r.ErrorCode != "" {
+		s := fmt.Sprintf("oauth2: %q", r.ErrorCode)
+		if r.ErrorDescription != "" {
+			s += fmt.Sprintf(" %q", r.ErrorDescription)
+		}
+		if r.ErrorURI != "" {
+			s += fmt.Sprintf(" %q", r.ErrorURI)
+		}
+		return s
+	}
 	return fmt.Sprintf("oauth2: cannot fetch token: %v\nResponse: %s", r.Response.Status, r.Body)
 }
diff --git a/vendor/golang.org/x/oauth2/oauth2.go b/vendor/golang.org/x/oauth2/oauth2.go
index 291df5c83..9085fabe3 100644
--- a/vendor/golang.org/x/oauth2/oauth2.go
+++ b/vendor/golang.org/x/oauth2/oauth2.go
@@ -16,6 +16,7 @@ import (
 	"net/url"
 	"strings"
 	"sync"
+	"time"
 
 	"golang.org/x/oauth2/internal"
 )
@@ -140,7 +141,7 @@ func SetAuthURLParam(key, value string) AuthCodeOption {
 //
 // State is a token to protect the user from CSRF attacks. You must
 // always provide a non-empty string and validate that it matches the
-// the state query parameter on your redirect callback.
+// state query parameter on your redirect callback.
 // See http://tools.ietf.org/html/rfc6749#section-10.12 for more info.
 //
 // Opts may include AccessTypeOnline or AccessTypeOffline, as well
@@ -290,6 +291,8 @@ type reuseTokenSource struct {
 
 	mu sync.Mutex // guards t
 	t  *Token
+
+	expiryDelta time.Duration
 }
 
 // Token returns the current token if it's still valid, else will
@@ -305,6 +308,7 @@ func (s *reuseTokenSource) Token() (*Token, error) {
 	if err != nil {
 		return nil, err
 	}
+	t.expiryDelta = s.expiryDelta
 	s.t = t
 	return t, nil
 }
@@ -379,3 +383,30 @@ func ReuseTokenSource(t *Token, src TokenSource) TokenSource {
 		new: src,
 	}
 }
+
+// ReuseTokenSource returns a TokenSource that acts in the same manner as the
+// TokenSource returned by ReuseTokenSource, except the expiry buffer is
+// configurable. The expiration time of a token is calculated as
+// t.Expiry.Add(-earlyExpiry).
+func ReuseTokenSourceWithExpiry(t *Token, src TokenSource, earlyExpiry time.Duration) TokenSource {
+	// Don't wrap a reuseTokenSource in itself. That would work,
+	// but cause an unnecessary number of mutex operations.
+	// Just build the equivalent one.
+	if rt, ok := src.(*reuseTokenSource); ok {
+		if t == nil {
+			// Just use it directly, but set the expiryDelta to earlyExpiry,
+			// so the behavior matches what the user expects.
+			rt.expiryDelta = earlyExpiry
+			return rt
+		}
+		src = rt.new
+	}
+	if t != nil {
+		t.expiryDelta = earlyExpiry
+	}
+	return &reuseTokenSource{
+		t:           t,
+		new:         src,
+		expiryDelta: earlyExpiry,
+	}
+}
diff --git a/vendor/golang.org/x/oauth2/token.go b/vendor/golang.org/x/oauth2/token.go
index 822720341..5ffce9764 100644
--- a/vendor/golang.org/x/oauth2/token.go
+++ b/vendor/golang.org/x/oauth2/token.go
@@ -16,10 +16,10 @@ import (
 	"golang.org/x/oauth2/internal"
 )
 
-// expiryDelta determines how earlier a token should be considered
+// defaultExpiryDelta determines how earlier a token should be considered
 // expired than its actual expiration time. It is used to avoid late
 // expirations due to client-server time mismatches.
-const expiryDelta = 10 * time.Second
+const defaultExpiryDelta = 10 * time.Second
 
 // Token represents the credentials used to authorize
 // the requests to access protected resources on the OAuth 2.0
@@ -52,6 +52,11 @@ type Token struct {
 	// raw optionally contains extra metadata from the server
 	// when updating a token.
 	raw interface{}
+
+	// expiryDelta is used to calculate when a token is considered
+	// expired, by subtracting from Expiry. If zero, defaultExpiryDelta
+	// is used.
+	expiryDelta time.Duration
 }
 
 // Type returns t.TokenType if non-empty, else "Bearer".
@@ -127,6 +132,11 @@ func (t *Token) expired() bool {
 	if t.Expiry.IsZero() {
 		return false
 	}
+
+	expiryDelta := defaultExpiryDelta
+	if t.expiryDelta != 0 {
+		expiryDelta = t.expiryDelta
+	}
 	return t.Expiry.Round(0).Add(-expiryDelta).Before(timeNow())
 }
 
@@ -165,14 +175,31 @@ func retrieveToken(ctx context.Context, c *Config, v url.Values) (*Token, error)
 }
 
 // RetrieveError is the error returned when the token endpoint returns a
-// non-2XX HTTP status code.
+// non-2XX HTTP status code or populates RFC 6749's 'error' parameter.
+// https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
 type RetrieveError struct {
 	Response *http.Response
 	// Body is the body that was consumed by reading Response.Body.
 	// It may be truncated.
 	Body []byte
+	// ErrorCode is RFC 6749's 'error' parameter.
+	ErrorCode string
+	// ErrorDescription is RFC 6749's 'error_description' parameter.
+	ErrorDescription string
+	// ErrorURI is RFC 6749's 'error_uri' parameter.
+	ErrorURI string
 }
 
 func (r *RetrieveError) Error() string {
+	if r.ErrorCode != "" {
+		s := fmt.Sprintf("oauth2: %q", r.ErrorCode)
+		if r.ErrorDescription != "" {
+			s += fmt.Sprintf(" %q", r.ErrorDescription)
+		}
+		if r.ErrorURI != "" {
+			s += fmt.Sprintf(" %q", r.ErrorURI)
+		}
+		return s
+	}
 	return fmt.Sprintf("oauth2: cannot fetch token: %v\nResponse: %s", r.Response.Status, r.Body)
 }
diff --git a/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
new file mode 100644
index 000000000..db9171c2e
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
@@ -0,0 +1,18 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+// +build gc
+
+#include "textflag.h"
+
+//
+// System calls for ppc64, AIX are implemented in runtime/syscall_aix.go
+//
+
+TEXT ·syscall6(SB),NOSPLIT,$0-88
+	JMP	syscall·syscall6(SB)
+
+TEXT ·rawSyscall6(SB),NOSPLIT,$0-88
+	JMP	syscall·rawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/cpu/byteorder.go b/vendor/golang.org/x/sys/cpu/byteorder.go
new file mode 100644
index 000000000..271055be0
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/byteorder.go
@@ -0,0 +1,66 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+	"runtime"
+)
+
+// byteOrder is a subset of encoding/binary.ByteOrder.
+type byteOrder interface {
+	Uint32([]byte) uint32
+	Uint64([]byte) uint64
+}
+
+type littleEndian struct{}
+type bigEndian struct{}
+
+func (littleEndian) Uint32(b []byte) uint32 {
+	_ = b[3] // bounds check hint to compiler; see golang.org/issue/14808
+	return uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24
+}
+
+func (littleEndian) Uint64(b []byte) uint64 {
+	_ = b[7] // bounds check hint to compiler; see golang.org/issue/14808
+	return uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 |
+		uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
+}
+
+func (bigEndian) Uint32(b []byte) uint32 {
+	_ = b[3] // bounds check hint to compiler; see golang.org/issue/14808
+	return uint32(b[3]) | uint32(b[2])<<8 | uint32(b[1])<<16 | uint32(b[0])<<24
+}
+
+func (bigEndian) Uint64(b []byte) uint64 {
+	_ = b[7] // bounds check hint to compiler; see golang.org/issue/14808
+	return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 |
+		uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56
+}
+
+// hostByteOrder returns littleEndian on little-endian machines and
+// bigEndian on big-endian machines.
+func hostByteOrder() byteOrder {
+	switch runtime.GOARCH {
+	case "386", "amd64", "amd64p32",
+		"alpha",
+		"arm", "arm64",
+		"loong64",
+		"mipsle", "mips64le", "mips64p32le",
+		"nios2",
+		"ppc64le",
+		"riscv", "riscv64",
+		"sh":
+		return littleEndian{}
+	case "armbe", "arm64be",
+		"m68k",
+		"mips", "mips64", "mips64p32",
+		"ppc", "ppc64",
+		"s390", "s390x",
+		"shbe",
+		"sparc", "sparc64":
+		return bigEndian{}
+	}
+	panic("unknown architecture")
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu.go b/vendor/golang.org/x/sys/cpu/cpu.go
new file mode 100644
index 000000000..83f112c4c
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu.go
@@ -0,0 +1,287 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cpu implements processor feature detection for
+// various CPU architectures.
+package cpu
+
+import (
+	"os"
+	"strings"
+)
+
+// Initialized reports whether the CPU features were initialized.
+//
+// For some GOOS/GOARCH combinations initialization of the CPU features depends
+// on reading an operating specific file, e.g. /proc/self/auxv on linux/arm
+// Initialized will report false if reading the file fails.
+var Initialized bool
+
+// CacheLinePad is used to pad structs to avoid false sharing.
+type CacheLinePad struct{ _ [cacheLineSize]byte }
+
+// X86 contains the supported CPU features of the
+// current X86/AMD64 platform. If the current platform
+// is not X86/AMD64 then all feature flags are false.
+//
+// X86 is padded to avoid false sharing. Further the HasAVX
+// and HasAVX2 are only set if the OS supports XMM and YMM
+// registers in addition to the CPUID feature bit being set.
+var X86 struct {
+	_                   CacheLinePad
+	HasAES              bool // AES hardware implementation (AES NI)
+	HasADX              bool // Multi-precision add-carry instruction extensions
+	HasAVX              bool // Advanced vector extension
+	HasAVX2             bool // Advanced vector extension 2
+	HasAVX512           bool // Advanced vector extension 512
+	HasAVX512F          bool // Advanced vector extension 512 Foundation Instructions
+	HasAVX512CD         bool // Advanced vector extension 512 Conflict Detection Instructions
+	HasAVX512ER         bool // Advanced vector extension 512 Exponential and Reciprocal Instructions
+	HasAVX512PF         bool // Advanced vector extension 512 Prefetch Instructions Instructions
+	HasAVX512VL         bool // Advanced vector extension 512 Vector Length Extensions
+	HasAVX512BW         bool // Advanced vector extension 512 Byte and Word Instructions
+	HasAVX512DQ         bool // Advanced vector extension 512 Doubleword and Quadword Instructions
+	HasAVX512IFMA       bool // Advanced vector extension 512 Integer Fused Multiply Add
+	HasAVX512VBMI       bool // Advanced vector extension 512 Vector Byte Manipulation Instructions
+	HasAVX5124VNNIW     bool // Advanced vector extension 512 Vector Neural Network Instructions Word variable precision
+	HasAVX5124FMAPS     bool // Advanced vector extension 512 Fused Multiply Accumulation Packed Single precision
+	HasAVX512VPOPCNTDQ  bool // Advanced vector extension 512 Double and quad word population count instructions
+	HasAVX512VPCLMULQDQ bool // Advanced vector extension 512 Vector carry-less multiply operations
+	HasAVX512VNNI       bool // Advanced vector extension 512 Vector Neural Network Instructions
+	HasAVX512GFNI       bool // Advanced vector extension 512 Galois field New Instructions
+	HasAVX512VAES       bool // Advanced vector extension 512 Vector AES instructions
+	HasAVX512VBMI2      bool // Advanced vector extension 512 Vector Byte Manipulation Instructions 2
+	HasAVX512BITALG     bool // Advanced vector extension 512 Bit Algorithms
+	HasAVX512BF16       bool // Advanced vector extension 512 BFloat16 Instructions
+	HasBMI1             bool // Bit manipulation instruction set 1
+	HasBMI2             bool // Bit manipulation instruction set 2
+	HasCX16             bool // Compare and exchange 16 Bytes
+	HasERMS             bool // Enhanced REP for MOVSB and STOSB
+	HasFMA              bool // Fused-multiply-add instructions
+	HasOSXSAVE          bool // OS supports XSAVE/XRESTOR for saving/restoring XMM registers.
+	HasPCLMULQDQ        bool // PCLMULQDQ instruction - most often used for AES-GCM
+	HasPOPCNT           bool // Hamming weight instruction POPCNT.
+	HasRDRAND           bool // RDRAND instruction (on-chip random number generator)
+	HasRDSEED           bool // RDSEED instruction (on-chip random number generator)
+	HasSSE2             bool // Streaming SIMD extension 2 (always available on amd64)
+	HasSSE3             bool // Streaming SIMD extension 3
+	HasSSSE3            bool // Supplemental streaming SIMD extension 3
+	HasSSE41            bool // Streaming SIMD extension 4 and 4.1
+	HasSSE42            bool // Streaming SIMD extension 4 and 4.2
+	_                   CacheLinePad
+}
+
+// ARM64 contains the supported CPU features of the
+// current ARMv8(aarch64) platform. If the current platform
+// is not arm64 then all feature flags are false.
+var ARM64 struct {
+	_           CacheLinePad
+	HasFP       bool // Floating-point instruction set (always available)
+	HasASIMD    bool // Advanced SIMD (always available)
+	HasEVTSTRM  bool // Event stream support
+	HasAES      bool // AES hardware implementation
+	HasPMULL    bool // Polynomial multiplication instruction set
+	HasSHA1     bool // SHA1 hardware implementation
+	HasSHA2     bool // SHA2 hardware implementation
+	HasCRC32    bool // CRC32 hardware implementation
+	HasATOMICS  bool // Atomic memory operation instruction set
+	HasFPHP     bool // Half precision floating-point instruction set
+	HasASIMDHP  bool // Advanced SIMD half precision instruction set
+	HasCPUID    bool // CPUID identification scheme registers
+	HasASIMDRDM bool // Rounding double multiply add/subtract instruction set
+	HasJSCVT    bool // Javascript conversion from floating-point to integer
+	HasFCMA     bool // Floating-point multiplication and addition of complex numbers
+	HasLRCPC    bool // Release Consistent processor consistent support
+	HasDCPOP    bool // Persistent memory support
+	HasSHA3     bool // SHA3 hardware implementation
+	HasSM3      bool // SM3 hardware implementation
+	HasSM4      bool // SM4 hardware implementation
+	HasASIMDDP  bool // Advanced SIMD double precision instruction set
+	HasSHA512   bool // SHA512 hardware implementation
+	HasSVE      bool // Scalable Vector Extensions
+	HasASIMDFHM bool // Advanced SIMD multiplication FP16 to FP32
+	_           CacheLinePad
+}
+
+// ARM contains the supported CPU features of the current ARM (32-bit) platform.
+// All feature flags are false if:
+//  1. the current platform is not arm, or
+//  2. the current operating system is not Linux.
+var ARM struct {
+	_           CacheLinePad
+	HasSWP      bool // SWP instruction support
+	HasHALF     bool // Half-word load and store support
+	HasTHUMB    bool // ARM Thumb instruction set
+	Has26BIT    bool // Address space limited to 26-bits
+	HasFASTMUL  bool // 32-bit operand, 64-bit result multiplication support
+	HasFPA      bool // Floating point arithmetic support
+	HasVFP      bool // Vector floating point support
+	HasEDSP     bool // DSP Extensions support
+	HasJAVA     bool // Java instruction set
+	HasIWMMXT   bool // Intel Wireless MMX technology support
+	HasCRUNCH   bool // MaverickCrunch context switching and handling
+	HasTHUMBEE  bool // Thumb EE instruction set
+	HasNEON     bool // NEON instruction set
+	HasVFPv3    bool // Vector floating point version 3 support
+	HasVFPv3D16 bool // Vector floating point version 3 D8-D15
+	HasTLS      bool // Thread local storage support
+	HasVFPv4    bool // Vector floating point version 4 support
+	HasIDIVA    bool // Integer divide instruction support in ARM mode
+	HasIDIVT    bool // Integer divide instruction support in Thumb mode
+	HasVFPD32   bool // Vector floating point version 3 D15-D31
+	HasLPAE     bool // Large Physical Address Extensions
+	HasEVTSTRM  bool // Event stream support
+	HasAES      bool // AES hardware implementation
+	HasPMULL    bool // Polynomial multiplication instruction set
+	HasSHA1     bool // SHA1 hardware implementation
+	HasSHA2     bool // SHA2 hardware implementation
+	HasCRC32    bool // CRC32 hardware implementation
+	_           CacheLinePad
+}
+
+// MIPS64X contains the supported CPU features of the current mips64/mips64le
+// platforms. If the current platform is not mips64/mips64le or the current
+// operating system is not Linux then all feature flags are false.
+var MIPS64X struct {
+	_      CacheLinePad
+	HasMSA bool // MIPS SIMD architecture
+	_      CacheLinePad
+}
+
+// PPC64 contains the supported CPU features of the current ppc64/ppc64le platforms.
+// If the current platform is not ppc64/ppc64le then all feature flags are false.
+//
+// For ppc64/ppc64le, it is safe to check only for ISA level starting on ISA v3.00,
+// since there are no optional categories. There are some exceptions that also
+// require kernel support to work (DARN, SCV), so there are feature bits for
+// those as well. The struct is padded to avoid false sharing.
+var PPC64 struct {
+	_        CacheLinePad
+	HasDARN  bool // Hardware random number generator (requires kernel enablement)
+	HasSCV   bool // Syscall vectored (requires kernel enablement)
+	IsPOWER8 bool // ISA v2.07 (POWER8)
+	IsPOWER9 bool // ISA v3.00 (POWER9), implies IsPOWER8
+	_        CacheLinePad
+}
+
+// S390X contains the supported CPU features of the current IBM Z
+// (s390x) platform. If the current platform is not IBM Z then all
+// feature flags are false.
+//
+// S390X is padded to avoid false sharing. Further HasVX is only set
+// if the OS supports vector registers in addition to the STFLE
+// feature bit being set.
+var S390X struct {
+	_         CacheLinePad
+	HasZARCH  bool // z/Architecture mode is active [mandatory]
+	HasSTFLE  bool // store facility list extended
+	HasLDISP  bool // long (20-bit) displacements
+	HasEIMM   bool // 32-bit immediates
+	HasDFP    bool // decimal floating point
+	HasETF3EH bool // ETF-3 enhanced
+	HasMSA    bool // message security assist (CPACF)
+	HasAES    bool // KM-AES{128,192,256} functions
+	HasAESCBC bool // KMC-AES{128,192,256} functions
+	HasAESCTR bool // KMCTR-AES{128,192,256} functions
+	HasAESGCM bool // KMA-GCM-AES{128,192,256} functions
+	HasGHASH  bool // KIMD-GHASH function
+	HasSHA1   bool // K{I,L}MD-SHA-1 functions
+	HasSHA256 bool // K{I,L}MD-SHA-256 functions
+	HasSHA512 bool // K{I,L}MD-SHA-512 functions
+	HasSHA3   bool // K{I,L}MD-SHA3-{224,256,384,512} and K{I,L}MD-SHAKE-{128,256} functions
+	HasVX     bool // vector facility
+	HasVXE    bool // vector-enhancements facility 1
+	_         CacheLinePad
+}
+
+func init() {
+	archInit()
+	initOptions()
+	processOptions()
+}
+
+// options contains the cpu debug options that can be used in GODEBUG.
+// Options are arch dependent and are added by the arch specific initOptions functions.
+// Features that are mandatory for the specific GOARCH should have the Required field set
+// (e.g. SSE2 on amd64).
+var options []option
+
+// Option names should be lower case. e.g. avx instead of AVX.
+type option struct {
+	Name      string
+	Feature   *bool
+	Specified bool // whether feature value was specified in GODEBUG
+	Enable    bool // whether feature should be enabled
+	Required  bool // whether feature is mandatory and can not be disabled
+}
+
+func processOptions() {
+	env := os.Getenv("GODEBUG")
+field:
+	for env != "" {
+		field := ""
+		i := strings.IndexByte(env, ',')
+		if i < 0 {
+			field, env = env, ""
+		} else {
+			field, env = env[:i], env[i+1:]
+		}
+		if len(field) < 4 || field[:4] != "cpu." {
+			continue
+		}
+		i = strings.IndexByte(field, '=')
+		if i < 0 {
+			print("GODEBUG sys/cpu: no value specified for \"", field, "\"\n")
+			continue
+		}
+		key, value := field[4:i], field[i+1:] // e.g. "SSE2", "on"
+
+		var enable bool
+		switch value {
+		case "on":
+			enable = true
+		case "off":
+			enable = false
+		default:
+			print("GODEBUG sys/cpu: value \"", value, "\" not supported for cpu option \"", key, "\"\n")
+			continue field
+		}
+
+		if key == "all" {
+			for i := range options {
+				options[i].Specified = true
+				options[i].Enable = enable || options[i].Required
+			}
+			continue field
+		}
+
+		for i := range options {
+			if options[i].Name == key {
+				options[i].Specified = true
+				options[i].Enable = enable
+				continue field
+			}
+		}
+
+		print("GODEBUG sys/cpu: unknown cpu feature \"", key, "\"\n")
+	}
+
+	for _, o := range options {
+		if !o.Specified {
+			continue
+		}
+
+		if o.Enable && !*o.Feature {
+			print("GODEBUG sys/cpu: can not enable \"", o.Name, "\", missing CPU support\n")
+			continue
+		}
+
+		if !o.Enable && o.Required {
+			print("GODEBUG sys/cpu: can not disable \"", o.Name, "\", required CPU feature\n")
+			continue
+		}
+
+		*o.Feature = o.Enable
+	}
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_aix.go b/vendor/golang.org/x/sys/cpu/cpu_aix.go
new file mode 100644
index 000000000..8aaeef545
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_aix.go
@@ -0,0 +1,34 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix
+// +build aix
+
+package cpu
+
+const (
+	// getsystemcfg constants
+	_SC_IMPL     = 2
+	_IMPL_POWER8 = 0x10000
+	_IMPL_POWER9 = 0x20000
+)
+
+func archInit() {
+	impl := getsystemcfg(_SC_IMPL)
+	if impl&_IMPL_POWER8 != 0 {
+		PPC64.IsPOWER8 = true
+	}
+	if impl&_IMPL_POWER9 != 0 {
+		PPC64.IsPOWER8 = true
+		PPC64.IsPOWER9 = true
+	}
+
+	Initialized = true
+}
+
+func getsystemcfg(label int) (n uint64) {
+	r0, _ := callgetsystemcfg(label)
+	n = uint64(r0)
+	return
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm.go b/vendor/golang.org/x/sys/cpu/cpu_arm.go
new file mode 100644
index 000000000..301b752e9
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm.go
@@ -0,0 +1,73 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const cacheLineSize = 32
+
+// HWCAP/HWCAP2 bits.
+// These are specific to Linux.
+const (
+	hwcap_SWP       = 1 << 0
+	hwcap_HALF      = 1 << 1
+	hwcap_THUMB     = 1 << 2
+	hwcap_26BIT     = 1 << 3
+	hwcap_FAST_MULT = 1 << 4
+	hwcap_FPA       = 1 << 5
+	hwcap_VFP       = 1 << 6
+	hwcap_EDSP      = 1 << 7
+	hwcap_JAVA      = 1 << 8
+	hwcap_IWMMXT    = 1 << 9
+	hwcap_CRUNCH    = 1 << 10
+	hwcap_THUMBEE   = 1 << 11
+	hwcap_NEON      = 1 << 12
+	hwcap_VFPv3     = 1 << 13
+	hwcap_VFPv3D16  = 1 << 14
+	hwcap_TLS       = 1 << 15
+	hwcap_VFPv4     = 1 << 16
+	hwcap_IDIVA     = 1 << 17
+	hwcap_IDIVT     = 1 << 18
+	hwcap_VFPD32    = 1 << 19
+	hwcap_LPAE      = 1 << 20
+	hwcap_EVTSTRM   = 1 << 21
+
+	hwcap2_AES   = 1 << 0
+	hwcap2_PMULL = 1 << 1
+	hwcap2_SHA1  = 1 << 2
+	hwcap2_SHA2  = 1 << 3
+	hwcap2_CRC32 = 1 << 4
+)
+
+func initOptions() {
+	options = []option{
+		{Name: "pmull", Feature: &ARM.HasPMULL},
+		{Name: "sha1", Feature: &ARM.HasSHA1},
+		{Name: "sha2", Feature: &ARM.HasSHA2},
+		{Name: "swp", Feature: &ARM.HasSWP},
+		{Name: "thumb", Feature: &ARM.HasTHUMB},
+		{Name: "thumbee", Feature: &ARM.HasTHUMBEE},
+		{Name: "tls", Feature: &ARM.HasTLS},
+		{Name: "vfp", Feature: &ARM.HasVFP},
+		{Name: "vfpd32", Feature: &ARM.HasVFPD32},
+		{Name: "vfpv3", Feature: &ARM.HasVFPv3},
+		{Name: "vfpv3d16", Feature: &ARM.HasVFPv3D16},
+		{Name: "vfpv4", Feature: &ARM.HasVFPv4},
+		{Name: "half", Feature: &ARM.HasHALF},
+		{Name: "26bit", Feature: &ARM.Has26BIT},
+		{Name: "fastmul", Feature: &ARM.HasFASTMUL},
+		{Name: "fpa", Feature: &ARM.HasFPA},
+		{Name: "edsp", Feature: &ARM.HasEDSP},
+		{Name: "java", Feature: &ARM.HasJAVA},
+		{Name: "iwmmxt", Feature: &ARM.HasIWMMXT},
+		{Name: "crunch", Feature: &ARM.HasCRUNCH},
+		{Name: "neon", Feature: &ARM.HasNEON},
+		{Name: "idivt", Feature: &ARM.HasIDIVT},
+		{Name: "idiva", Feature: &ARM.HasIDIVA},
+		{Name: "lpae", Feature: &ARM.HasLPAE},
+		{Name: "evtstrm", Feature: &ARM.HasEVTSTRM},
+		{Name: "aes", Feature: &ARM.HasAES},
+		{Name: "crc32", Feature: &ARM.HasCRC32},
+	}
+
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
new file mode 100644
index 000000000..f3eb993bf
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
@@ -0,0 +1,172 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import "runtime"
+
+// cacheLineSize is used to prevent false sharing of cache lines.
+// We choose 128 because Apple Silicon, a.k.a. M1, has 128-byte cache line size.
+// It doesn't cost much and is much more future-proof.
+const cacheLineSize = 128
+
+func initOptions() {
+	options = []option{
+		{Name: "fp", Feature: &ARM64.HasFP},
+		{Name: "asimd", Feature: &ARM64.HasASIMD},
+		{Name: "evstrm", Feature: &ARM64.HasEVTSTRM},
+		{Name: "aes", Feature: &ARM64.HasAES},
+		{Name: "fphp", Feature: &ARM64.HasFPHP},
+		{Name: "jscvt", Feature: &ARM64.HasJSCVT},
+		{Name: "lrcpc", Feature: &ARM64.HasLRCPC},
+		{Name: "pmull", Feature: &ARM64.HasPMULL},
+		{Name: "sha1", Feature: &ARM64.HasSHA1},
+		{Name: "sha2", Feature: &ARM64.HasSHA2},
+		{Name: "sha3", Feature: &ARM64.HasSHA3},
+		{Name: "sha512", Feature: &ARM64.HasSHA512},
+		{Name: "sm3", Feature: &ARM64.HasSM3},
+		{Name: "sm4", Feature: &ARM64.HasSM4},
+		{Name: "sve", Feature: &ARM64.HasSVE},
+		{Name: "crc32", Feature: &ARM64.HasCRC32},
+		{Name: "atomics", Feature: &ARM64.HasATOMICS},
+		{Name: "asimdhp", Feature: &ARM64.HasASIMDHP},
+		{Name: "cpuid", Feature: &ARM64.HasCPUID},
+		{Name: "asimrdm", Feature: &ARM64.HasASIMDRDM},
+		{Name: "fcma", Feature: &ARM64.HasFCMA},
+		{Name: "dcpop", Feature: &ARM64.HasDCPOP},
+		{Name: "asimddp", Feature: &ARM64.HasASIMDDP},
+		{Name: "asimdfhm", Feature: &ARM64.HasASIMDFHM},
+	}
+}
+
+func archInit() {
+	switch runtime.GOOS {
+	case "freebsd":
+		readARM64Registers()
+	case "linux", "netbsd", "openbsd":
+		doinit()
+	default:
+		// Many platforms don't seem to allow reading these registers.
+		setMinimalFeatures()
+	}
+}
+
+// setMinimalFeatures fakes the minimal ARM64 features expected by
+// TestARM64minimalFeatures.
+func setMinimalFeatures() {
+	ARM64.HasASIMD = true
+	ARM64.HasFP = true
+}
+
+func readARM64Registers() {
+	Initialized = true
+
+	parseARM64SystemRegisters(getisar0(), getisar1(), getpfr0())
+}
+
+func parseARM64SystemRegisters(isar0, isar1, pfr0 uint64) {
+	// ID_AA64ISAR0_EL1
+	switch extractBits(isar0, 4, 7) {
+	case 1:
+		ARM64.HasAES = true
+	case 2:
+		ARM64.HasAES = true
+		ARM64.HasPMULL = true
+	}
+
+	switch extractBits(isar0, 8, 11) {
+	case 1:
+		ARM64.HasSHA1 = true
+	}
+
+	switch extractBits(isar0, 12, 15) {
+	case 1:
+		ARM64.HasSHA2 = true
+	case 2:
+		ARM64.HasSHA2 = true
+		ARM64.HasSHA512 = true
+	}
+
+	switch extractBits(isar0, 16, 19) {
+	case 1:
+		ARM64.HasCRC32 = true
+	}
+
+	switch extractBits(isar0, 20, 23) {
+	case 2:
+		ARM64.HasATOMICS = true
+	}
+
+	switch extractBits(isar0, 28, 31) {
+	case 1:
+		ARM64.HasASIMDRDM = true
+	}
+
+	switch extractBits(isar0, 32, 35) {
+	case 1:
+		ARM64.HasSHA3 = true
+	}
+
+	switch extractBits(isar0, 36, 39) {
+	case 1:
+		ARM64.HasSM3 = true
+	}
+
+	switch extractBits(isar0, 40, 43) {
+	case 1:
+		ARM64.HasSM4 = true
+	}
+
+	switch extractBits(isar0, 44, 47) {
+	case 1:
+		ARM64.HasASIMDDP = true
+	}
+
+	// ID_AA64ISAR1_EL1
+	switch extractBits(isar1, 0, 3) {
+	case 1:
+		ARM64.HasDCPOP = true
+	}
+
+	switch extractBits(isar1, 12, 15) {
+	case 1:
+		ARM64.HasJSCVT = true
+	}
+
+	switch extractBits(isar1, 16, 19) {
+	case 1:
+		ARM64.HasFCMA = true
+	}
+
+	switch extractBits(isar1, 20, 23) {
+	case 1:
+		ARM64.HasLRCPC = true
+	}
+
+	// ID_AA64PFR0_EL1
+	switch extractBits(pfr0, 16, 19) {
+	case 0:
+		ARM64.HasFP = true
+	case 1:
+		ARM64.HasFP = true
+		ARM64.HasFPHP = true
+	}
+
+	switch extractBits(pfr0, 20, 23) {
+	case 0:
+		ARM64.HasASIMD = true
+	case 1:
+		ARM64.HasASIMD = true
+		ARM64.HasASIMDHP = true
+	}
+
+	switch extractBits(pfr0, 32, 35) {
+	case 1:
+		ARM64.HasSVE = true
+	}
+}
+
+func extractBits(data uint64, start, end uint) uint {
+	return (uint)(data>>start) & ((1 << (end - start + 1)) - 1)
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
new file mode 100644
index 000000000..c61f95a05
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
@@ -0,0 +1,32 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+// +build gc
+
+#include "textflag.h"
+
+// func getisar0() uint64
+TEXT ·getisar0(SB),NOSPLIT,$0-8
+	// get Instruction Set Attributes 0 into x0
+	// mrs x0, ID_AA64ISAR0_EL1 = d5380600
+	WORD	$0xd5380600
+	MOVD	R0, ret+0(FP)
+	RET
+
+// func getisar1() uint64
+TEXT ·getisar1(SB),NOSPLIT,$0-8
+	// get Instruction Set Attributes 1 into x0
+	// mrs x0, ID_AA64ISAR1_EL1 = d5380620
+	WORD	$0xd5380620
+	MOVD	R0, ret+0(FP)
+	RET
+
+// func getpfr0() uint64
+TEXT ·getpfr0(SB),NOSPLIT,$0-8
+	// get Processor Feature Register 0 into x0
+	// mrs x0, ID_AA64PFR0_EL1 = d5380400
+	WORD	$0xd5380400
+	MOVD	R0, ret+0(FP)
+	RET
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
new file mode 100644
index 000000000..ccf542a73
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
@@ -0,0 +1,12 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+// +build gc
+
+package cpu
+
+func getisar0() uint64
+func getisar1() uint64
+func getpfr0() uint64
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
new file mode 100644
index 000000000..0af2f2484
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
@@ -0,0 +1,22 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+// +build gc
+
+package cpu
+
+// haveAsmFunctions reports whether the other functions in this file can
+// be safely called.
+func haveAsmFunctions() bool { return true }
+
+// The following feature detection functions are defined in cpu_s390x.s.
+// They are likely to be expensive to call so the results should be cached.
+func stfle() facilityList
+func kmQuery() queryResult
+func kmcQuery() queryResult
+func kmctrQuery() queryResult
+func kmaQuery() queryResult
+func kimdQuery() queryResult
+func klmdQuery() queryResult
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
new file mode 100644
index 000000000..fa7cdb9bc
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
@@ -0,0 +1,17 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (386 || amd64 || amd64p32) && gc
+// +build 386 amd64 amd64p32
+// +build gc
+
+package cpu
+
+// cpuid is implemented in cpu_x86.s for gc compiler
+// and in cpu_gccgo.c for gccgo.
+func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
+
+// xgetbv with ecx = 0 is implemented in cpu_x86.s for gc compiler
+// and in cpu_gccgo.c for gccgo.
+func xgetbv() (eax, edx uint32)
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
new file mode 100644
index 000000000..2aff31891
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
@@ -0,0 +1,12 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gccgo
+// +build gccgo
+
+package cpu
+
+func getisar0() uint64 { return 0 }
+func getisar1() uint64 { return 0 }
+func getpfr0() uint64  { return 0 }
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
new file mode 100644
index 000000000..4bfbda619
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
@@ -0,0 +1,23 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gccgo
+// +build gccgo
+
+package cpu
+
+// haveAsmFunctions reports whether the other functions in this file can
+// be safely called.
+func haveAsmFunctions() bool { return false }
+
+// TODO(mundaym): the following feature detection functions are currently
+// stubs. See https://golang.org/cl/162887 for how to fix this.
+// They are likely to be expensive to call so the results should be cached.
+func stfle() facilityList     { panic("not implemented for gccgo") }
+func kmQuery() queryResult    { panic("not implemented for gccgo") }
+func kmcQuery() queryResult   { panic("not implemented for gccgo") }
+func kmctrQuery() queryResult { panic("not implemented for gccgo") }
+func kmaQuery() queryResult   { panic("not implemented for gccgo") }
+func kimdQuery() queryResult  { panic("not implemented for gccgo") }
+func klmdQuery() queryResult  { panic("not implemented for gccgo") }
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
new file mode 100644
index 000000000..6cc73109f
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
@@ -0,0 +1,39 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (386 || amd64 || amd64p32) && gccgo
+// +build 386 amd64 amd64p32
+// +build gccgo
+
+#include <cpuid.h>
+#include <stdint.h>
+#include <x86intrin.h>
+
+// Need to wrap __get_cpuid_count because it's declared as static.
+int
+gccgoGetCpuidCount(uint32_t leaf, uint32_t subleaf,
+                   uint32_t *eax, uint32_t *ebx,
+                   uint32_t *ecx, uint32_t *edx)
+{
+	return __get_cpuid_count(leaf, subleaf, eax, ebx, ecx, edx);
+}
+
+#pragma GCC diagnostic ignored "-Wunknown-pragmas"
+#pragma GCC push_options
+#pragma GCC target("xsave")
+#pragma clang attribute push (__attribute__((target("xsave"))), apply_to=function)
+
+// xgetbv reads the contents of an XCR (Extended Control Register)
+// specified in the ECX register into registers EDX:EAX.
+// Currently, the only supported value for XCR is 0.
+void
+gccgoXgetbv(uint32_t *eax, uint32_t *edx)
+{
+	uint64_t v = _xgetbv(0);
+	*eax = v & 0xffffffff;
+	*edx = v >> 32;
+}
+
+#pragma clang attribute pop
+#pragma GCC pop_options
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
new file mode 100644
index 000000000..863d415ab
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
@@ -0,0 +1,33 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (386 || amd64 || amd64p32) && gccgo
+// +build 386 amd64 amd64p32
+// +build gccgo
+
+package cpu
+
+//extern gccgoGetCpuidCount
+func gccgoGetCpuidCount(eaxArg, ecxArg uint32, eax, ebx, ecx, edx *uint32)
+
+func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) {
+	var a, b, c, d uint32
+	gccgoGetCpuidCount(eaxArg, ecxArg, &a, &b, &c, &d)
+	return a, b, c, d
+}
+
+//extern gccgoXgetbv
+func gccgoXgetbv(eax, edx *uint32)
+
+func xgetbv() (eax, edx uint32) {
+	var a, d uint32
+	gccgoXgetbv(&a, &d)
+	return a, d
+}
+
+// gccgo doesn't build on Darwin, per:
+// https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/gcc.rb#L76
+func darwinSupportsAVX512() bool {
+	return false
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux.go b/vendor/golang.org/x/sys/cpu/cpu_linux.go
new file mode 100644
index 000000000..159a686f6
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux.go
@@ -0,0 +1,16 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !386 && !amd64 && !amd64p32 && !arm64
+// +build !386,!amd64,!amd64p32,!arm64
+
+package cpu
+
+func archInit() {
+	if err := readHWCAP(); err != nil {
+		return
+	}
+	doinit()
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_arm.go b/vendor/golang.org/x/sys/cpu/cpu_linux_arm.go
new file mode 100644
index 000000000..2057006dc
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_arm.go
@@ -0,0 +1,39 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+func doinit() {
+	ARM.HasSWP = isSet(hwCap, hwcap_SWP)
+	ARM.HasHALF = isSet(hwCap, hwcap_HALF)
+	ARM.HasTHUMB = isSet(hwCap, hwcap_THUMB)
+	ARM.Has26BIT = isSet(hwCap, hwcap_26BIT)
+	ARM.HasFASTMUL = isSet(hwCap, hwcap_FAST_MULT)
+	ARM.HasFPA = isSet(hwCap, hwcap_FPA)
+	ARM.HasVFP = isSet(hwCap, hwcap_VFP)
+	ARM.HasEDSP = isSet(hwCap, hwcap_EDSP)
+	ARM.HasJAVA = isSet(hwCap, hwcap_JAVA)
+	ARM.HasIWMMXT = isSet(hwCap, hwcap_IWMMXT)
+	ARM.HasCRUNCH = isSet(hwCap, hwcap_CRUNCH)
+	ARM.HasTHUMBEE = isSet(hwCap, hwcap_THUMBEE)
+	ARM.HasNEON = isSet(hwCap, hwcap_NEON)
+	ARM.HasVFPv3 = isSet(hwCap, hwcap_VFPv3)
+	ARM.HasVFPv3D16 = isSet(hwCap, hwcap_VFPv3D16)
+	ARM.HasTLS = isSet(hwCap, hwcap_TLS)
+	ARM.HasVFPv4 = isSet(hwCap, hwcap_VFPv4)
+	ARM.HasIDIVA = isSet(hwCap, hwcap_IDIVA)
+	ARM.HasIDIVT = isSet(hwCap, hwcap_IDIVT)
+	ARM.HasVFPD32 = isSet(hwCap, hwcap_VFPD32)
+	ARM.HasLPAE = isSet(hwCap, hwcap_LPAE)
+	ARM.HasEVTSTRM = isSet(hwCap, hwcap_EVTSTRM)
+	ARM.HasAES = isSet(hwCap2, hwcap2_AES)
+	ARM.HasPMULL = isSet(hwCap2, hwcap2_PMULL)
+	ARM.HasSHA1 = isSet(hwCap2, hwcap2_SHA1)
+	ARM.HasSHA2 = isSet(hwCap2, hwcap2_SHA2)
+	ARM.HasCRC32 = isSet(hwCap2, hwcap2_CRC32)
+}
+
+func isSet(hwc uint, value uint) bool {
+	return hwc&value != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go
new file mode 100644
index 000000000..a968b80fa
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go
@@ -0,0 +1,111 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+	"strings"
+	"syscall"
+)
+
+// HWCAP/HWCAP2 bits. These are exposed by Linux.
+const (
+	hwcap_FP       = 1 << 0
+	hwcap_ASIMD    = 1 << 1
+	hwcap_EVTSTRM  = 1 << 2
+	hwcap_AES      = 1 << 3
+	hwcap_PMULL    = 1 << 4
+	hwcap_SHA1     = 1 << 5
+	hwcap_SHA2     = 1 << 6
+	hwcap_CRC32    = 1 << 7
+	hwcap_ATOMICS  = 1 << 8
+	hwcap_FPHP     = 1 << 9
+	hwcap_ASIMDHP  = 1 << 10
+	hwcap_CPUID    = 1 << 11
+	hwcap_ASIMDRDM = 1 << 12
+	hwcap_JSCVT    = 1 << 13
+	hwcap_FCMA     = 1 << 14
+	hwcap_LRCPC    = 1 << 15
+	hwcap_DCPOP    = 1 << 16
+	hwcap_SHA3     = 1 << 17
+	hwcap_SM3      = 1 << 18
+	hwcap_SM4      = 1 << 19
+	hwcap_ASIMDDP  = 1 << 20
+	hwcap_SHA512   = 1 << 21
+	hwcap_SVE      = 1 << 22
+	hwcap_ASIMDFHM = 1 << 23
+)
+
+// linuxKernelCanEmulateCPUID reports whether we're running
+// on Linux 4.11+. Ideally we'd like to ask the question about
+// whether the current kernel contains
+// https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77c97b4ee21290f5f083173d957843b615abbff2
+// but the version number will have to do.
+func linuxKernelCanEmulateCPUID() bool {
+	var un syscall.Utsname
+	syscall.Uname(&un)
+	var sb strings.Builder
+	for _, b := range un.Release[:] {
+		if b == 0 {
+			break
+		}
+		sb.WriteByte(byte(b))
+	}
+	major, minor, _, ok := parseRelease(sb.String())
+	return ok && (major > 4 || major == 4 && minor >= 11)
+}
+
+func doinit() {
+	if err := readHWCAP(); err != nil {
+		// We failed to read /proc/self/auxv. This can happen if the binary has
+		// been given extra capabilities(7) with /bin/setcap.
+		//
+		// When this happens, we have two options. If the Linux kernel is new
+		// enough (4.11+), we can read the arm64 registers directly which'll
+		// trap into the kernel and then return back to userspace.
+		//
+		// But on older kernels, such as Linux 4.4.180 as used on many Synology
+		// devices, calling readARM64Registers (specifically getisar0) will
+		// cause a SIGILL and we'll die. So for older kernels, parse /proc/cpuinfo
+		// instead.
+		//
+		// See golang/go#57336.
+		if linuxKernelCanEmulateCPUID() {
+			readARM64Registers()
+		} else {
+			readLinuxProcCPUInfo()
+		}
+		return
+	}
+
+	// HWCAP feature bits
+	ARM64.HasFP = isSet(hwCap, hwcap_FP)
+	ARM64.HasASIMD = isSet(hwCap, hwcap_ASIMD)
+	ARM64.HasEVTSTRM = isSet(hwCap, hwcap_EVTSTRM)
+	ARM64.HasAES = isSet(hwCap, hwcap_AES)
+	ARM64.HasPMULL = isSet(hwCap, hwcap_PMULL)
+	ARM64.HasSHA1 = isSet(hwCap, hwcap_SHA1)
+	ARM64.HasSHA2 = isSet(hwCap, hwcap_SHA2)
+	ARM64.HasCRC32 = isSet(hwCap, hwcap_CRC32)
+	ARM64.HasATOMICS = isSet(hwCap, hwcap_ATOMICS)
+	ARM64.HasFPHP = isSet(hwCap, hwcap_FPHP)
+	ARM64.HasASIMDHP = isSet(hwCap, hwcap_ASIMDHP)
+	ARM64.HasCPUID = isSet(hwCap, hwcap_CPUID)
+	ARM64.HasASIMDRDM = isSet(hwCap, hwcap_ASIMDRDM)
+	ARM64.HasJSCVT = isSet(hwCap, hwcap_JSCVT)
+	ARM64.HasFCMA = isSet(hwCap, hwcap_FCMA)
+	ARM64.HasLRCPC = isSet(hwCap, hwcap_LRCPC)
+	ARM64.HasDCPOP = isSet(hwCap, hwcap_DCPOP)
+	ARM64.HasSHA3 = isSet(hwCap, hwcap_SHA3)
+	ARM64.HasSM3 = isSet(hwCap, hwcap_SM3)
+	ARM64.HasSM4 = isSet(hwCap, hwcap_SM4)
+	ARM64.HasASIMDDP = isSet(hwCap, hwcap_ASIMDDP)
+	ARM64.HasSHA512 = isSet(hwCap, hwcap_SHA512)
+	ARM64.HasSVE = isSet(hwCap, hwcap_SVE)
+	ARM64.HasASIMDFHM = isSet(hwCap, hwcap_ASIMDFHM)
+}
+
+func isSet(hwc uint, value uint) bool {
+	return hwc&value != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
new file mode 100644
index 000000000..6000db4cd
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
@@ -0,0 +1,24 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && (mips64 || mips64le)
+// +build linux
+// +build mips64 mips64le
+
+package cpu
+
+// HWCAP bits. These are exposed by the Linux kernel 5.4.
+const (
+	// CPU features
+	hwcap_MIPS_MSA = 1 << 1
+)
+
+func doinit() {
+	// HWCAP feature bits
+	MIPS64X.HasMSA = isSet(hwCap, hwcap_MIPS_MSA)
+}
+
+func isSet(hwc uint, value uint) bool {
+	return hwc&value != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go b/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
new file mode 100644
index 000000000..f4992b1a5
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
@@ -0,0 +1,10 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && !arm && !arm64 && !mips64 && !mips64le && !ppc64 && !ppc64le && !s390x
+// +build linux,!arm,!arm64,!mips64,!mips64le,!ppc64,!ppc64le,!s390x
+
+package cpu
+
+func doinit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
new file mode 100644
index 000000000..021356d6d
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
@@ -0,0 +1,32 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && (ppc64 || ppc64le)
+// +build linux
+// +build ppc64 ppc64le
+
+package cpu
+
+// HWCAP/HWCAP2 bits. These are exposed by the kernel.
+const (
+	// ISA Level
+	_PPC_FEATURE2_ARCH_2_07 = 0x80000000
+	_PPC_FEATURE2_ARCH_3_00 = 0x00800000
+
+	// CPU features
+	_PPC_FEATURE2_DARN = 0x00200000
+	_PPC_FEATURE2_SCV  = 0x00100000
+)
+
+func doinit() {
+	// HWCAP2 feature bits
+	PPC64.IsPOWER8 = isSet(hwCap2, _PPC_FEATURE2_ARCH_2_07)
+	PPC64.IsPOWER9 = isSet(hwCap2, _PPC_FEATURE2_ARCH_3_00)
+	PPC64.HasDARN = isSet(hwCap2, _PPC_FEATURE2_DARN)
+	PPC64.HasSCV = isSet(hwCap2, _PPC_FEATURE2_SCV)
+}
+
+func isSet(hwc uint, value uint) bool {
+	return hwc&value != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go
new file mode 100644
index 000000000..1517ac61d
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go
@@ -0,0 +1,40 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const (
+	// bit mask values from /usr/include/bits/hwcap.h
+	hwcap_ZARCH  = 2
+	hwcap_STFLE  = 4
+	hwcap_MSA    = 8
+	hwcap_LDISP  = 16
+	hwcap_EIMM   = 32
+	hwcap_DFP    = 64
+	hwcap_ETF3EH = 256
+	hwcap_VX     = 2048
+	hwcap_VXE    = 8192
+)
+
+func initS390Xbase() {
+	// test HWCAP bit vector
+	has := func(featureMask uint) bool {
+		return hwCap&featureMask == featureMask
+	}
+
+	// mandatory
+	S390X.HasZARCH = has(hwcap_ZARCH)
+
+	// optional
+	S390X.HasSTFLE = has(hwcap_STFLE)
+	S390X.HasLDISP = has(hwcap_LDISP)
+	S390X.HasEIMM = has(hwcap_EIMM)
+	S390X.HasETF3EH = has(hwcap_ETF3EH)
+	S390X.HasDFP = has(hwcap_DFP)
+	S390X.HasMSA = has(hwcap_MSA)
+	S390X.HasVX = has(hwcap_VX)
+	if S390X.HasVX {
+		S390X.HasVXE = has(hwcap_VXE)
+	}
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_loong64.go b/vendor/golang.org/x/sys/cpu/cpu_loong64.go
new file mode 100644
index 000000000..0f57b05bd
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_loong64.go
@@ -0,0 +1,13 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build loong64
+// +build loong64
+
+package cpu
+
+const cacheLineSize = 64
+
+func initOptions() {
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
new file mode 100644
index 000000000..f4063c664
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
@@ -0,0 +1,16 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build mips64 || mips64le
+// +build mips64 mips64le
+
+package cpu
+
+const cacheLineSize = 32
+
+func initOptions() {
+	options = []option{
+		{Name: "msa", Feature: &MIPS64X.HasMSA},
+	}
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mipsx.go b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
new file mode 100644
index 000000000..07c4e36d8
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
@@ -0,0 +1,12 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build mips || mipsle
+// +build mips mipsle
+
+package cpu
+
+const cacheLineSize = 32
+
+func initOptions() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go
new file mode 100644
index 000000000..ebfb3fc8e
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go
@@ -0,0 +1,173 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// Minimal copy of functionality from x/sys/unix so the cpu package can call
+// sysctl without depending on x/sys/unix.
+
+const (
+	_CTL_QUERY = -2
+
+	_SYSCTL_VERS_1 = 0x1000000
+)
+
+var _zero uintptr
+
+func sysctl(mib []int32, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	var _p0 unsafe.Pointer
+	if len(mib) > 0 {
+		_p0 = unsafe.Pointer(&mib[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, errno := syscall.Syscall6(
+		syscall.SYS___SYSCTL,
+		uintptr(_p0),
+		uintptr(len(mib)),
+		uintptr(unsafe.Pointer(old)),
+		uintptr(unsafe.Pointer(oldlen)),
+		uintptr(unsafe.Pointer(new)),
+		uintptr(newlen))
+	if errno != 0 {
+		return errno
+	}
+	return nil
+}
+
+type sysctlNode struct {
+	Flags          uint32
+	Num            int32
+	Name           [32]int8
+	Ver            uint32
+	__rsvd         uint32
+	Un             [16]byte
+	_sysctl_size   [8]byte
+	_sysctl_func   [8]byte
+	_sysctl_parent [8]byte
+	_sysctl_desc   [8]byte
+}
+
+func sysctlNodes(mib []int32) ([]sysctlNode, error) {
+	var olen uintptr
+
+	// Get a list of all sysctl nodes below the given MIB by performing
+	// a sysctl for the given MIB with CTL_QUERY appended.
+	mib = append(mib, _CTL_QUERY)
+	qnode := sysctlNode{Flags: _SYSCTL_VERS_1}
+	qp := (*byte)(unsafe.Pointer(&qnode))
+	sz := unsafe.Sizeof(qnode)
+	if err := sysctl(mib, nil, &olen, qp, sz); err != nil {
+		return nil, err
+	}
+
+	// Now that we know the size, get the actual nodes.
+	nodes := make([]sysctlNode, olen/sz)
+	np := (*byte)(unsafe.Pointer(&nodes[0]))
+	if err := sysctl(mib, np, &olen, qp, sz); err != nil {
+		return nil, err
+	}
+
+	return nodes, nil
+}
+
+func nametomib(name string) ([]int32, error) {
+	// Split name into components.
+	var parts []string
+	last := 0
+	for i := 0; i < len(name); i++ {
+		if name[i] == '.' {
+			parts = append(parts, name[last:i])
+			last = i + 1
+		}
+	}
+	parts = append(parts, name[last:])
+
+	mib := []int32{}
+	// Discover the nodes and construct the MIB OID.
+	for partno, part := range parts {
+		nodes, err := sysctlNodes(mib)
+		if err != nil {
+			return nil, err
+		}
+		for _, node := range nodes {
+			n := make([]byte, 0)
+			for i := range node.Name {
+				if node.Name[i] != 0 {
+					n = append(n, byte(node.Name[i]))
+				}
+			}
+			if string(n) == part {
+				mib = append(mib, int32(node.Num))
+				break
+			}
+		}
+		if len(mib) != partno+1 {
+			return nil, err
+		}
+	}
+
+	return mib, nil
+}
+
+// aarch64SysctlCPUID is struct aarch64_sysctl_cpu_id from NetBSD's <aarch64/armreg.h>
+type aarch64SysctlCPUID struct {
+	midr      uint64 /* Main ID Register */
+	revidr    uint64 /* Revision ID Register */
+	mpidr     uint64 /* Multiprocessor Affinity Register */
+	aa64dfr0  uint64 /* A64 Debug Feature Register 0 */
+	aa64dfr1  uint64 /* A64 Debug Feature Register 1 */
+	aa64isar0 uint64 /* A64 Instruction Set Attribute Register 0 */
+	aa64isar1 uint64 /* A64 Instruction Set Attribute Register 1 */
+	aa64mmfr0 uint64 /* A64 Memory Model Feature Register 0 */
+	aa64mmfr1 uint64 /* A64 Memory Model Feature Register 1 */
+	aa64mmfr2 uint64 /* A64 Memory Model Feature Register 2 */
+	aa64pfr0  uint64 /* A64 Processor Feature Register 0 */
+	aa64pfr1  uint64 /* A64 Processor Feature Register 1 */
+	aa64zfr0  uint64 /* A64 SVE Feature ID Register 0 */
+	mvfr0     uint32 /* Media and VFP Feature Register 0 */
+	mvfr1     uint32 /* Media and VFP Feature Register 1 */
+	mvfr2     uint32 /* Media and VFP Feature Register 2 */
+	pad       uint32
+	clidr     uint64 /* Cache Level ID Register */
+	ctr       uint64 /* Cache Type Register */
+}
+
+func sysctlCPUID(name string) (*aarch64SysctlCPUID, error) {
+	mib, err := nametomib(name)
+	if err != nil {
+		return nil, err
+	}
+
+	out := aarch64SysctlCPUID{}
+	n := unsafe.Sizeof(out)
+	_, _, errno := syscall.Syscall6(
+		syscall.SYS___SYSCTL,
+		uintptr(unsafe.Pointer(&mib[0])),
+		uintptr(len(mib)),
+		uintptr(unsafe.Pointer(&out)),
+		uintptr(unsafe.Pointer(&n)),
+		uintptr(0),
+		uintptr(0))
+	if errno != 0 {
+		return nil, errno
+	}
+	return &out, nil
+}
+
+func doinit() {
+	cpuid, err := sysctlCPUID("machdep.cpu0.cpu_id")
+	if err != nil {
+		setMinimalFeatures()
+		return
+	}
+	parseARM64SystemRegisters(cpuid.aa64isar0, cpuid.aa64isar1, cpuid.aa64pfr0)
+
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go
new file mode 100644
index 000000000..85b64d5cc
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go
@@ -0,0 +1,65 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+// Minimal copy of functionality from x/sys/unix so the cpu package can call
+// sysctl without depending on x/sys/unix.
+
+const (
+	// From OpenBSD's sys/sysctl.h.
+	_CTL_MACHDEP = 7
+
+	// From OpenBSD's machine/cpu.h.
+	_CPU_ID_AA64ISAR0 = 2
+	_CPU_ID_AA64ISAR1 = 3
+)
+
+// Implemented in the runtime package (runtime/sys_openbsd3.go)
+func syscall_syscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+//go:linkname syscall_syscall6 syscall.syscall6
+
+func sysctl(mib []uint32, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+	_, _, errno := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(unsafe.Pointer(&mib[0])), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+	if errno != 0 {
+		return errno
+	}
+	return nil
+}
+
+var libc_sysctl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sysctl sysctl "libc.so"
+
+func sysctlUint64(mib []uint32) (uint64, bool) {
+	var out uint64
+	nout := unsafe.Sizeof(out)
+	if err := sysctl(mib, (*byte)(unsafe.Pointer(&out)), &nout, nil, 0); err != nil {
+		return 0, false
+	}
+	return out, true
+}
+
+func doinit() {
+	setMinimalFeatures()
+
+	// Get ID_AA64ISAR0 and ID_AA64ISAR1 from sysctl.
+	isar0, ok := sysctlUint64([]uint32{_CTL_MACHDEP, _CPU_ID_AA64ISAR0})
+	if !ok {
+		return
+	}
+	isar1, ok := sysctlUint64([]uint32{_CTL_MACHDEP, _CPU_ID_AA64ISAR1})
+	if !ok {
+		return
+	}
+	parseARM64SystemRegisters(isar0, isar1, 0)
+
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s
new file mode 100644
index 000000000..054ba05d6
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s
@@ -0,0 +1,11 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+#include "textflag.h"
+
+TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_sysctl(SB)
+
+GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
new file mode 100644
index 000000000..d7b4fb4cc
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
@@ -0,0 +1,10 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !linux && arm
+// +build !linux,arm
+
+package cpu
+
+func archInit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
new file mode 100644
index 000000000..f3cde129b
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
@@ -0,0 +1,10 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !linux && !netbsd && !openbsd && arm64
+// +build !linux,!netbsd,!openbsd,arm64
+
+package cpu
+
+func doinit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
new file mode 100644
index 000000000..0dafe9644
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
@@ -0,0 +1,13 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !linux && (mips64 || mips64le)
+// +build !linux
+// +build mips64 mips64le
+
+package cpu
+
+func archInit() {
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
new file mode 100644
index 000000000..060d46b6e
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
@@ -0,0 +1,15 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !aix && !linux && (ppc64 || ppc64le)
+// +build !aix
+// +build !linux
+// +build ppc64 ppc64le
+
+package cpu
+
+func archInit() {
+	PPC64.IsPOWER8 = true
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go b/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
new file mode 100644
index 000000000..dd10eb79f
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
@@ -0,0 +1,12 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !linux && riscv64
+// +build !linux,riscv64
+
+package cpu
+
+func archInit() {
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
new file mode 100644
index 000000000..4e8acd165
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
@@ -0,0 +1,17 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ppc64 || ppc64le
+// +build ppc64 ppc64le
+
+package cpu
+
+const cacheLineSize = 128
+
+func initOptions() {
+	options = []option{
+		{Name: "darn", Feature: &PPC64.HasDARN},
+		{Name: "scv", Feature: &PPC64.HasSCV},
+	}
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_riscv64.go b/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
new file mode 100644
index 000000000..bd6c128af
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
@@ -0,0 +1,12 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build riscv64
+// +build riscv64
+
+package cpu
+
+const cacheLineSize = 32
+
+func initOptions() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_s390x.go
new file mode 100644
index 000000000..5881b8833
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_s390x.go
@@ -0,0 +1,172 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const cacheLineSize = 256
+
+func initOptions() {
+	options = []option{
+		{Name: "zarch", Feature: &S390X.HasZARCH, Required: true},
+		{Name: "stfle", Feature: &S390X.HasSTFLE, Required: true},
+		{Name: "ldisp", Feature: &S390X.HasLDISP, Required: true},
+		{Name: "eimm", Feature: &S390X.HasEIMM, Required: true},
+		{Name: "dfp", Feature: &S390X.HasDFP},
+		{Name: "etf3eh", Feature: &S390X.HasETF3EH},
+		{Name: "msa", Feature: &S390X.HasMSA},
+		{Name: "aes", Feature: &S390X.HasAES},
+		{Name: "aescbc", Feature: &S390X.HasAESCBC},
+		{Name: "aesctr", Feature: &S390X.HasAESCTR},
+		{Name: "aesgcm", Feature: &S390X.HasAESGCM},
+		{Name: "ghash", Feature: &S390X.HasGHASH},
+		{Name: "sha1", Feature: &S390X.HasSHA1},
+		{Name: "sha256", Feature: &S390X.HasSHA256},
+		{Name: "sha3", Feature: &S390X.HasSHA3},
+		{Name: "sha512", Feature: &S390X.HasSHA512},
+		{Name: "vx", Feature: &S390X.HasVX},
+		{Name: "vxe", Feature: &S390X.HasVXE},
+	}
+}
+
+// bitIsSet reports whether the bit at index is set. The bit index
+// is in big endian order, so bit index 0 is the leftmost bit.
+func bitIsSet(bits []uint64, index uint) bool {
+	return bits[index/64]&((1<<63)>>(index%64)) != 0
+}
+
+// facility is a bit index for the named facility.
+type facility uint8
+
+const (
+	// mandatory facilities
+	zarch  facility = 1  // z architecture mode is active
+	stflef facility = 7  // store-facility-list-extended
+	ldisp  facility = 18 // long-displacement
+	eimm   facility = 21 // extended-immediate
+
+	// miscellaneous facilities
+	dfp    facility = 42 // decimal-floating-point
+	etf3eh facility = 30 // extended-translation 3 enhancement
+
+	// cryptography facilities
+	msa  facility = 17  // message-security-assist
+	msa3 facility = 76  // message-security-assist extension 3
+	msa4 facility = 77  // message-security-assist extension 4
+	msa5 facility = 57  // message-security-assist extension 5
+	msa8 facility = 146 // message-security-assist extension 8
+	msa9 facility = 155 // message-security-assist extension 9
+
+	// vector facilities
+	vx   facility = 129 // vector facility
+	vxe  facility = 135 // vector-enhancements 1
+	vxe2 facility = 148 // vector-enhancements 2
+)
+
+// facilityList contains the result of an STFLE call.
+// Bits are numbered in big endian order so the
+// leftmost bit (the MSB) is at index 0.
+type facilityList struct {
+	bits [4]uint64
+}
+
+// Has reports whether the given facilities are present.
+func (s *facilityList) Has(fs ...facility) bool {
+	if len(fs) == 0 {
+		panic("no facility bits provided")
+	}
+	for _, f := range fs {
+		if !bitIsSet(s.bits[:], uint(f)) {
+			return false
+		}
+	}
+	return true
+}
+
+// function is the code for the named cryptographic function.
+type function uint8
+
+const (
+	// KM{,A,C,CTR} function codes
+	aes128 function = 18 // AES-128
+	aes192 function = 19 // AES-192
+	aes256 function = 20 // AES-256
+
+	// K{I,L}MD function codes
+	sha1     function = 1  // SHA-1
+	sha256   function = 2  // SHA-256
+	sha512   function = 3  // SHA-512
+	sha3_224 function = 32 // SHA3-224
+	sha3_256 function = 33 // SHA3-256
+	sha3_384 function = 34 // SHA3-384
+	sha3_512 function = 35 // SHA3-512
+	shake128 function = 36 // SHAKE-128
+	shake256 function = 37 // SHAKE-256
+
+	// KLMD function codes
+	ghash function = 65 // GHASH
+)
+
+// queryResult contains the result of a Query function
+// call. Bits are numbered in big endian order so the
+// leftmost bit (the MSB) is at index 0.
+type queryResult struct {
+	bits [2]uint64
+}
+
+// Has reports whether the given functions are present.
+func (q *queryResult) Has(fns ...function) bool {
+	if len(fns) == 0 {
+		panic("no function codes provided")
+	}
+	for _, f := range fns {
+		if !bitIsSet(q.bits[:], uint(f)) {
+			return false
+		}
+	}
+	return true
+}
+
+func doinit() {
+	initS390Xbase()
+
+	// We need implementations of stfle, km and so on
+	// to detect cryptographic features.
+	if !haveAsmFunctions() {
+		return
+	}
+
+	// optional cryptographic functions
+	if S390X.HasMSA {
+		aes := []function{aes128, aes192, aes256}
+
+		// cipher message
+		km, kmc := kmQuery(), kmcQuery()
+		S390X.HasAES = km.Has(aes...)
+		S390X.HasAESCBC = kmc.Has(aes...)
+		if S390X.HasSTFLE {
+			facilities := stfle()
+			if facilities.Has(msa4) {
+				kmctr := kmctrQuery()
+				S390X.HasAESCTR = kmctr.Has(aes...)
+			}
+			if facilities.Has(msa8) {
+				kma := kmaQuery()
+				S390X.HasAESGCM = kma.Has(aes...)
+			}
+		}
+
+		// compute message digest
+		kimd := kimdQuery() // intermediate (no padding)
+		klmd := klmdQuery() // last (padding)
+		S390X.HasSHA1 = kimd.Has(sha1) && klmd.Has(sha1)
+		S390X.HasSHA256 = kimd.Has(sha256) && klmd.Has(sha256)
+		S390X.HasSHA512 = kimd.Has(sha512) && klmd.Has(sha512)
+		S390X.HasGHASH = kimd.Has(ghash) // KLMD-GHASH does not exist
+		sha3 := []function{
+			sha3_224, sha3_256, sha3_384, sha3_512,
+			shake128, shake256,
+		}
+		S390X.HasSHA3 = kimd.Has(sha3...) && klmd.Has(sha3...)
+	}
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.s b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
new file mode 100644
index 000000000..96f81e209
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
@@ -0,0 +1,58 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+// +build gc
+
+#include "textflag.h"
+
+// func stfle() facilityList
+TEXT ·stfle(SB), NOSPLIT|NOFRAME, $0-32
+	MOVD $ret+0(FP), R1
+	MOVD $3, R0          // last doubleword index to store
+	XC   $32, (R1), (R1) // clear 4 doublewords (32 bytes)
+	WORD $0xb2b01000     // store facility list extended (STFLE)
+	RET
+
+// func kmQuery() queryResult
+TEXT ·kmQuery(SB), NOSPLIT|NOFRAME, $0-16
+	MOVD $0, R0         // set function code to 0 (KM-Query)
+	MOVD $ret+0(FP), R1 // address of 16-byte return value
+	WORD $0xB92E0024    // cipher message (KM)
+	RET
+
+// func kmcQuery() queryResult
+TEXT ·kmcQuery(SB), NOSPLIT|NOFRAME, $0-16
+	MOVD $0, R0         // set function code to 0 (KMC-Query)
+	MOVD $ret+0(FP), R1 // address of 16-byte return value
+	WORD $0xB92F0024    // cipher message with chaining (KMC)
+	RET
+
+// func kmctrQuery() queryResult
+TEXT ·kmctrQuery(SB), NOSPLIT|NOFRAME, $0-16
+	MOVD $0, R0         // set function code to 0 (KMCTR-Query)
+	MOVD $ret+0(FP), R1 // address of 16-byte return value
+	WORD $0xB92D4024    // cipher message with counter (KMCTR)
+	RET
+
+// func kmaQuery() queryResult
+TEXT ·kmaQuery(SB), NOSPLIT|NOFRAME, $0-16
+	MOVD $0, R0         // set function code to 0 (KMA-Query)
+	MOVD $ret+0(FP), R1 // address of 16-byte return value
+	WORD $0xb9296024    // cipher message with authentication (KMA)
+	RET
+
+// func kimdQuery() queryResult
+TEXT ·kimdQuery(SB), NOSPLIT|NOFRAME, $0-16
+	MOVD $0, R0         // set function code to 0 (KIMD-Query)
+	MOVD $ret+0(FP), R1 // address of 16-byte return value
+	WORD $0xB93E0024    // compute intermediate message digest (KIMD)
+	RET
+
+// func klmdQuery() queryResult
+TEXT ·klmdQuery(SB), NOSPLIT|NOFRAME, $0-16
+	MOVD $0, R0         // set function code to 0 (KLMD-Query)
+	MOVD $ret+0(FP), R1 // address of 16-byte return value
+	WORD $0xB93F0024    // compute last message digest (KLMD)
+	RET
diff --git a/vendor/golang.org/x/sys/cpu/cpu_wasm.go b/vendor/golang.org/x/sys/cpu/cpu_wasm.go
new file mode 100644
index 000000000..7747d888a
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_wasm.go
@@ -0,0 +1,18 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build wasm
+// +build wasm
+
+package cpu
+
+// We're compiling the cpu package for an unknown (software-abstracted) CPU.
+// Make CacheLinePad an empty struct and hope that the usual struct alignment
+// rules are good enough.
+
+const cacheLineSize = 0
+
+func initOptions() {}
+
+func archInit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.go b/vendor/golang.org/x/sys/cpu/cpu_x86.go
new file mode 100644
index 000000000..f5aacfc82
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.go
@@ -0,0 +1,145 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build 386 || amd64 || amd64p32
+// +build 386 amd64 amd64p32
+
+package cpu
+
+import "runtime"
+
+const cacheLineSize = 64
+
+func initOptions() {
+	options = []option{
+		{Name: "adx", Feature: &X86.HasADX},
+		{Name: "aes", Feature: &X86.HasAES},
+		{Name: "avx", Feature: &X86.HasAVX},
+		{Name: "avx2", Feature: &X86.HasAVX2},
+		{Name: "avx512", Feature: &X86.HasAVX512},
+		{Name: "avx512f", Feature: &X86.HasAVX512F},
+		{Name: "avx512cd", Feature: &X86.HasAVX512CD},
+		{Name: "avx512er", Feature: &X86.HasAVX512ER},
+		{Name: "avx512pf", Feature: &X86.HasAVX512PF},
+		{Name: "avx512vl", Feature: &X86.HasAVX512VL},
+		{Name: "avx512bw", Feature: &X86.HasAVX512BW},
+		{Name: "avx512dq", Feature: &X86.HasAVX512DQ},
+		{Name: "avx512ifma", Feature: &X86.HasAVX512IFMA},
+		{Name: "avx512vbmi", Feature: &X86.HasAVX512VBMI},
+		{Name: "avx512vnniw", Feature: &X86.HasAVX5124VNNIW},
+		{Name: "avx5124fmaps", Feature: &X86.HasAVX5124FMAPS},
+		{Name: "avx512vpopcntdq", Feature: &X86.HasAVX512VPOPCNTDQ},
+		{Name: "avx512vpclmulqdq", Feature: &X86.HasAVX512VPCLMULQDQ},
+		{Name: "avx512vnni", Feature: &X86.HasAVX512VNNI},
+		{Name: "avx512gfni", Feature: &X86.HasAVX512GFNI},
+		{Name: "avx512vaes", Feature: &X86.HasAVX512VAES},
+		{Name: "avx512vbmi2", Feature: &X86.HasAVX512VBMI2},
+		{Name: "avx512bitalg", Feature: &X86.HasAVX512BITALG},
+		{Name: "avx512bf16", Feature: &X86.HasAVX512BF16},
+		{Name: "bmi1", Feature: &X86.HasBMI1},
+		{Name: "bmi2", Feature: &X86.HasBMI2},
+		{Name: "cx16", Feature: &X86.HasCX16},
+		{Name: "erms", Feature: &X86.HasERMS},
+		{Name: "fma", Feature: &X86.HasFMA},
+		{Name: "osxsave", Feature: &X86.HasOSXSAVE},
+		{Name: "pclmulqdq", Feature: &X86.HasPCLMULQDQ},
+		{Name: "popcnt", Feature: &X86.HasPOPCNT},
+		{Name: "rdrand", Feature: &X86.HasRDRAND},
+		{Name: "rdseed", Feature: &X86.HasRDSEED},
+		{Name: "sse3", Feature: &X86.HasSSE3},
+		{Name: "sse41", Feature: &X86.HasSSE41},
+		{Name: "sse42", Feature: &X86.HasSSE42},
+		{Name: "ssse3", Feature: &X86.HasSSSE3},
+
+		// These capabilities should always be enabled on amd64:
+		{Name: "sse2", Feature: &X86.HasSSE2, Required: runtime.GOARCH == "amd64"},
+	}
+}
+
+func archInit() {
+
+	Initialized = true
+
+	maxID, _, _, _ := cpuid(0, 0)
+
+	if maxID < 1 {
+		return
+	}
+
+	_, _, ecx1, edx1 := cpuid(1, 0)
+	X86.HasSSE2 = isSet(26, edx1)
+
+	X86.HasSSE3 = isSet(0, ecx1)
+	X86.HasPCLMULQDQ = isSet(1, ecx1)
+	X86.HasSSSE3 = isSet(9, ecx1)
+	X86.HasFMA = isSet(12, ecx1)
+	X86.HasCX16 = isSet(13, ecx1)
+	X86.HasSSE41 = isSet(19, ecx1)
+	X86.HasSSE42 = isSet(20, ecx1)
+	X86.HasPOPCNT = isSet(23, ecx1)
+	X86.HasAES = isSet(25, ecx1)
+	X86.HasOSXSAVE = isSet(27, ecx1)
+	X86.HasRDRAND = isSet(30, ecx1)
+
+	var osSupportsAVX, osSupportsAVX512 bool
+	// For XGETBV, OSXSAVE bit is required and sufficient.
+	if X86.HasOSXSAVE {
+		eax, _ := xgetbv()
+		// Check if XMM and YMM registers have OS support.
+		osSupportsAVX = isSet(1, eax) && isSet(2, eax)
+
+		if runtime.GOOS == "darwin" {
+			// Darwin doesn't save/restore AVX-512 mask registers correctly across signal handlers.
+			// Since users can't rely on mask register contents, let's not advertise AVX-512 support.
+			// See issue 49233.
+			osSupportsAVX512 = false
+		} else {
+			// Check if OPMASK and ZMM registers have OS support.
+			osSupportsAVX512 = osSupportsAVX && isSet(5, eax) && isSet(6, eax) && isSet(7, eax)
+		}
+	}
+
+	X86.HasAVX = isSet(28, ecx1) && osSupportsAVX
+
+	if maxID < 7 {
+		return
+	}
+
+	_, ebx7, ecx7, edx7 := cpuid(7, 0)
+	X86.HasBMI1 = isSet(3, ebx7)
+	X86.HasAVX2 = isSet(5, ebx7) && osSupportsAVX
+	X86.HasBMI2 = isSet(8, ebx7)
+	X86.HasERMS = isSet(9, ebx7)
+	X86.HasRDSEED = isSet(18, ebx7)
+	X86.HasADX = isSet(19, ebx7)
+
+	X86.HasAVX512 = isSet(16, ebx7) && osSupportsAVX512 // Because avx-512 foundation is the core required extension
+	if X86.HasAVX512 {
+		X86.HasAVX512F = true
+		X86.HasAVX512CD = isSet(28, ebx7)
+		X86.HasAVX512ER = isSet(27, ebx7)
+		X86.HasAVX512PF = isSet(26, ebx7)
+		X86.HasAVX512VL = isSet(31, ebx7)
+		X86.HasAVX512BW = isSet(30, ebx7)
+		X86.HasAVX512DQ = isSet(17, ebx7)
+		X86.HasAVX512IFMA = isSet(21, ebx7)
+		X86.HasAVX512VBMI = isSet(1, ecx7)
+		X86.HasAVX5124VNNIW = isSet(2, edx7)
+		X86.HasAVX5124FMAPS = isSet(3, edx7)
+		X86.HasAVX512VPOPCNTDQ = isSet(14, ecx7)
+		X86.HasAVX512VPCLMULQDQ = isSet(10, ecx7)
+		X86.HasAVX512VNNI = isSet(11, ecx7)
+		X86.HasAVX512GFNI = isSet(8, ecx7)
+		X86.HasAVX512VAES = isSet(9, ecx7)
+		X86.HasAVX512VBMI2 = isSet(6, ecx7)
+		X86.HasAVX512BITALG = isSet(12, ecx7)
+
+		eax71, _, _, _ := cpuid(7, 1)
+		X86.HasAVX512BF16 = isSet(5, eax71)
+	}
+}
+
+func isSet(bitpos uint, value uint32) bool {
+	return value&(1<<bitpos) != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.s b/vendor/golang.org/x/sys/cpu/cpu_x86.s
new file mode 100644
index 000000000..39acab2ff
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.s
@@ -0,0 +1,28 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (386 || amd64 || amd64p32) && gc
+// +build 386 amd64 amd64p32
+// +build gc
+
+#include "textflag.h"
+
+// func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
+TEXT ·cpuid(SB), NOSPLIT, $0-24
+	MOVL eaxArg+0(FP), AX
+	MOVL ecxArg+4(FP), CX
+	CPUID
+	MOVL AX, eax+8(FP)
+	MOVL BX, ebx+12(FP)
+	MOVL CX, ecx+16(FP)
+	MOVL DX, edx+20(FP)
+	RET
+
+// func xgetbv() (eax, edx uint32)
+TEXT ·xgetbv(SB),NOSPLIT,$0-8
+	MOVL $0, CX
+	XGETBV
+	MOVL AX, eax+0(FP)
+	MOVL DX, edx+4(FP)
+	RET
diff --git a/vendor/golang.org/x/sys/cpu/cpu_zos.go b/vendor/golang.org/x/sys/cpu/cpu_zos.go
new file mode 100644
index 000000000..5f54683a2
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_zos.go
@@ -0,0 +1,10 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+func archInit() {
+	doinit()
+	Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go
new file mode 100644
index 000000000..ccb1b708a
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go
@@ -0,0 +1,25 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+func initS390Xbase() {
+	// get the facilities list
+	facilities := stfle()
+
+	// mandatory
+	S390X.HasZARCH = facilities.Has(zarch)
+	S390X.HasSTFLE = facilities.Has(stflef)
+	S390X.HasLDISP = facilities.Has(ldisp)
+	S390X.HasEIMM = facilities.Has(eimm)
+
+	// optional
+	S390X.HasETF3EH = facilities.Has(etf3eh)
+	S390X.HasDFP = facilities.Has(dfp)
+	S390X.HasMSA = facilities.Has(msa)
+	S390X.HasVX = facilities.Has(vx)
+	if S390X.HasVX {
+		S390X.HasVXE = facilities.Has(vxe)
+	}
+}
diff --git a/vendor/golang.org/x/sys/cpu/endian_big.go b/vendor/golang.org/x/sys/cpu/endian_big.go
new file mode 100644
index 000000000..93ce03a34
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/endian_big.go
@@ -0,0 +1,11 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64
+// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64
+
+package cpu
+
+// IsBigEndian records whether the GOARCH's byte order is big endian.
+const IsBigEndian = true
diff --git a/vendor/golang.org/x/sys/cpu/endian_little.go b/vendor/golang.org/x/sys/cpu/endian_little.go
new file mode 100644
index 000000000..fe545966b
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/endian_little.go
@@ -0,0 +1,11 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh
+// +build 386 amd64 amd64p32 alpha arm arm64 loong64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh
+
+package cpu
+
+// IsBigEndian records whether the GOARCH's byte order is big endian.
+const IsBigEndian = false
diff --git a/vendor/golang.org/x/sys/cpu/hwcap_linux.go b/vendor/golang.org/x/sys/cpu/hwcap_linux.go
new file mode 100644
index 000000000..1d9d91f3e
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/hwcap_linux.go
@@ -0,0 +1,71 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+	"io/ioutil"
+)
+
+const (
+	_AT_HWCAP  = 16
+	_AT_HWCAP2 = 26
+
+	procAuxv = "/proc/self/auxv"
+
+	uintSize = int(32 << (^uint(0) >> 63))
+)
+
+// For those platforms don't have a 'cpuid' equivalent we use HWCAP/HWCAP2
+// These are initialized in cpu_$GOARCH.go
+// and should not be changed after they are initialized.
+var hwCap uint
+var hwCap2 uint
+
+func readHWCAP() error {
+	// For Go 1.21+, get auxv from the Go runtime.
+	if a := getAuxv(); len(a) > 0 {
+		for len(a) >= 2 {
+			tag, val := a[0], uint(a[1])
+			a = a[2:]
+			switch tag {
+			case _AT_HWCAP:
+				hwCap = val
+			case _AT_HWCAP2:
+				hwCap2 = val
+			}
+		}
+		return nil
+	}
+
+	buf, err := ioutil.ReadFile(procAuxv)
+	if err != nil {
+		// e.g. on android /proc/self/auxv is not accessible, so silently
+		// ignore the error and leave Initialized = false. On some
+		// architectures (e.g. arm64) doinit() implements a fallback
+		// readout and will set Initialized = true again.
+		return err
+	}
+	bo := hostByteOrder()
+	for len(buf) >= 2*(uintSize/8) {
+		var tag, val uint
+		switch uintSize {
+		case 32:
+			tag = uint(bo.Uint32(buf[0:]))
+			val = uint(bo.Uint32(buf[4:]))
+			buf = buf[8:]
+		case 64:
+			tag = uint(bo.Uint64(buf[0:]))
+			val = uint(bo.Uint64(buf[8:]))
+			buf = buf[16:]
+		}
+		switch tag {
+		case _AT_HWCAP:
+			hwCap = val
+		case _AT_HWCAP2:
+			hwCap2 = val
+		}
+	}
+	return nil
+}
diff --git a/vendor/golang.org/x/sys/cpu/parse.go b/vendor/golang.org/x/sys/cpu/parse.go
new file mode 100644
index 000000000..762b63d68
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/parse.go
@@ -0,0 +1,43 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import "strconv"
+
+// parseRelease parses a dot-separated version number. It follows the semver
+// syntax, but allows the minor and patch versions to be elided.
+//
+// This is a copy of the Go runtime's parseRelease from
+// https://golang.org/cl/209597.
+func parseRelease(rel string) (major, minor, patch int, ok bool) {
+	// Strip anything after a dash or plus.
+	for i := 0; i < len(rel); i++ {
+		if rel[i] == '-' || rel[i] == '+' {
+			rel = rel[:i]
+			break
+		}
+	}
+
+	next := func() (int, bool) {
+		for i := 0; i < len(rel); i++ {
+			if rel[i] == '.' {
+				ver, err := strconv.Atoi(rel[:i])
+				rel = rel[i+1:]
+				return ver, err == nil
+			}
+		}
+		ver, err := strconv.Atoi(rel)
+		rel = ""
+		return ver, err == nil
+	}
+	if major, ok = next(); !ok || rel == "" {
+		return
+	}
+	if minor, ok = next(); !ok || rel == "" {
+		return
+	}
+	patch, ok = next()
+	return
+}
diff --git a/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go b/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
new file mode 100644
index 000000000..d87bd6b3e
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
@@ -0,0 +1,54 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && arm64
+// +build linux,arm64
+
+package cpu
+
+import (
+	"errors"
+	"io"
+	"os"
+	"strings"
+)
+
+func readLinuxProcCPUInfo() error {
+	f, err := os.Open("/proc/cpuinfo")
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	var buf [1 << 10]byte // enough for first CPU
+	n, err := io.ReadFull(f, buf[:])
+	if err != nil && err != io.ErrUnexpectedEOF {
+		return err
+	}
+	in := string(buf[:n])
+	const features = "\nFeatures	: "
+	i := strings.Index(in, features)
+	if i == -1 {
+		return errors.New("no CPU features found")
+	}
+	in = in[i+len(features):]
+	if i := strings.Index(in, "\n"); i != -1 {
+		in = in[:i]
+	}
+	m := map[string]*bool{}
+
+	initOptions() // need it early here; it's harmless to call twice
+	for _, o := range options {
+		m[o.Name] = o.Feature
+	}
+	// The EVTSTRM field has alias "evstrm" in Go, but Linux calls it "evtstrm".
+	m["evtstrm"] = &ARM64.HasEVTSTRM
+
+	for _, f := range strings.Fields(in) {
+		if p, ok := m[f]; ok {
+			*p = true
+		}
+	}
+	return nil
+}
diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv.go b/vendor/golang.org/x/sys/cpu/runtime_auxv.go
new file mode 100644
index 000000000..5f92ac9a2
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/runtime_auxv.go
@@ -0,0 +1,16 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+// getAuxvFn is non-nil on Go 1.21+ (via runtime_auxv_go121.go init)
+// on platforms that use auxv.
+var getAuxvFn func() []uintptr
+
+func getAuxv() []uintptr {
+	if getAuxvFn == nil {
+		return nil
+	}
+	return getAuxvFn()
+}
diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
new file mode 100644
index 000000000..b975ea2a0
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
@@ -0,0 +1,19 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+// +build go1.21
+
+package cpu
+
+import (
+	_ "unsafe" // for linkname
+)
+
+//go:linkname runtime_getAuxv runtime.getAuxv
+func runtime_getAuxv() []uintptr
+
+func init() {
+	getAuxvFn = runtime_getAuxv
+}
diff --git a/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go b/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
new file mode 100644
index 000000000..96134157a
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
@@ -0,0 +1,27 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Recreate a getsystemcfg syscall handler instead of
+// using the one provided by x/sys/unix to avoid having
+// the dependency between them. (See golang.org/issue/32102)
+// Moreover, this file will be used during the building of
+// gccgo's libgo and thus must not used a CGo method.
+
+//go:build aix && gccgo
+// +build aix,gccgo
+
+package cpu
+
+import (
+	"syscall"
+)
+
+//extern getsystemcfg
+func gccgoGetsystemcfg(label uint32) (r uint64)
+
+func callgetsystemcfg(label int) (r1 uintptr, e1 syscall.Errno) {
+	r1 = uintptr(gccgoGetsystemcfg(uint32(label)))
+	e1 = syscall.GetErrno()
+	return
+}
diff --git a/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
new file mode 100644
index 000000000..904be42ff
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
@@ -0,0 +1,36 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Minimal copy of x/sys/unix so the cpu package can make a
+// system call on AIX without depending on x/sys/unix.
+// (See golang.org/issue/32102)
+
+//go:build aix && ppc64 && gc
+// +build aix,ppc64,gc
+
+package cpu
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+//go:cgo_import_dynamic libc_getsystemcfg getsystemcfg "libc.a/shr_64.o"
+
+//go:linkname libc_getsystemcfg libc_getsystemcfg
+
+type syscallFunc uintptr
+
+var libc_getsystemcfg syscallFunc
+
+type errno = syscall.Errno
+
+// Implemented in runtime/syscall_aix.go.
+func rawSyscall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err errno)
+func syscall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err errno)
+
+func callgetsystemcfg(label int) (r1 uintptr, e1 errno) {
+	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_getsystemcfg)), 1, uintptr(label), 0, 0, 0, 0, 0)
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh
index 2045d3dad..be0423e68 100644
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -204,6 +204,7 @@ struct ltchars {
 #include <sys/timerfd.h>
 #include <sys/uio.h>
 #include <sys/xattr.h>
+#include <netinet/udp.h>
 #include <linux/audit.h>
 #include <linux/bpf.h>
 #include <linux/can.h>
@@ -518,7 +519,7 @@ ccflags="$@"
 		$2 ~ /^LOCK_(SH|EX|NB|UN)$/ ||
 		$2 ~ /^LO_(KEY|NAME)_SIZE$/ ||
 		$2 ~ /^LOOP_(CLR|CTL|GET|SET)_/ ||
-		$2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT)_/ ||
+		$2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT|UDP)_/ ||
 		$2 ~ /^NFC_(GENL|PROTO|COMM|RF|SE|DIRECTION|LLCP|SOCKPROTO)_/ ||
 		$2 ~ /^NFC_.*_(MAX)?SIZE$/ ||
 		$2 ~ /^RAW_PAYLOAD_/ ||
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index 398c37e52..de936b677 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -2967,6 +2967,7 @@ const (
 	SOL_TCP                                     = 0x6
 	SOL_TIPC                                    = 0x10f
 	SOL_TLS                                     = 0x11a
+	SOL_UDP                                     = 0x11
 	SOL_X25                                     = 0x106
 	SOL_XDP                                     = 0x11b
 	SOMAXCONN                                   = 0x1000
@@ -3251,6 +3252,19 @@ const (
 	TRACEFS_MAGIC                               = 0x74726163
 	TS_COMM_LEN                                 = 0x20
 	UDF_SUPER_MAGIC                             = 0x15013346
+	UDP_CORK                                    = 0x1
+	UDP_ENCAP                                   = 0x64
+	UDP_ENCAP_ESPINUDP                          = 0x2
+	UDP_ENCAP_ESPINUDP_NON_IKE                  = 0x1
+	UDP_ENCAP_GTP0                              = 0x4
+	UDP_ENCAP_GTP1U                             = 0x5
+	UDP_ENCAP_L2TPINUDP                         = 0x3
+	UDP_GRO                                     = 0x68
+	UDP_NO_CHECK6_RX                            = 0x66
+	UDP_NO_CHECK6_TX                            = 0x65
+	UDP_SEGMENT                                 = 0x67
+	UDP_V4_FLOW                                 = 0x2
+	UDP_V6_FLOW                                 = 0x6
 	UMOUNT_NOFOLLOW                             = 0x8
 	USBDEVICE_SUPER_MAGIC                       = 0x9fa2
 	UTIME_NOW                                   = 0x3fffffff
diff --git a/vendor/golang.org/x/sys/windows/env_windows.go b/vendor/golang.org/x/sys/windows/env_windows.go
index 92ac05ff4..b8ad19250 100644
--- a/vendor/golang.org/x/sys/windows/env_windows.go
+++ b/vendor/golang.org/x/sys/windows/env_windows.go
@@ -37,14 +37,14 @@ func (token Token) Environ(inheritExisting bool) (env []string, err error) {
 		return nil, err
 	}
 	defer DestroyEnvironmentBlock(block)
-	blockp := uintptr(unsafe.Pointer(block))
+	blockp := unsafe.Pointer(block)
 	for {
-		entry := UTF16PtrToString((*uint16)(unsafe.Pointer(blockp)))
+		entry := UTF16PtrToString((*uint16)(blockp))
 		if len(entry) == 0 {
 			break
 		}
 		env = append(env, entry)
-		blockp += 2 * (uintptr(len(entry)) + 1)
+		blockp = unsafe.Add(blockp, 2*(len(entry)+1))
 	}
 	return env, nil
 }
diff --git a/vendor/golang.org/x/sys/windows/exec_windows.go b/vendor/golang.org/x/sys/windows/exec_windows.go
index 75980fd44..a52e0331d 100644
--- a/vendor/golang.org/x/sys/windows/exec_windows.go
+++ b/vendor/golang.org/x/sys/windows/exec_windows.go
@@ -95,12 +95,17 @@ func ComposeCommandLine(args []string) string {
 // DecomposeCommandLine breaks apart its argument command line into unescaped parts using CommandLineToArgv,
 // as gathered from GetCommandLine, QUERY_SERVICE_CONFIG's BinaryPathName argument, or elsewhere that
 // command lines are passed around.
+// DecomposeCommandLine returns error if commandLine contains NUL.
 func DecomposeCommandLine(commandLine string) ([]string, error) {
 	if len(commandLine) == 0 {
 		return []string{}, nil
 	}
+	utf16CommandLine, err := UTF16FromString(commandLine)
+	if err != nil {
+		return nil, errorspkg.New("string with NUL passed to DecomposeCommandLine")
+	}
 	var argc int32
-	argv, err := CommandLineToArgv(StringToUTF16Ptr(commandLine), &argc)
+	argv, err := CommandLineToArgv(&utf16CommandLine[0], &argc)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/golang.org/x/sys/windows/service.go b/vendor/golang.org/x/sys/windows/service.go
index f8deca839..c964b6848 100644
--- a/vendor/golang.org/x/sys/windows/service.go
+++ b/vendor/golang.org/x/sys/windows/service.go
@@ -141,6 +141,12 @@ const (
 	SERVICE_DYNAMIC_INFORMATION_LEVEL_START_REASON = 1
 )
 
+type ENUM_SERVICE_STATUS struct {
+	ServiceName   *uint16
+	DisplayName   *uint16
+	ServiceStatus SERVICE_STATUS
+}
+
 type SERVICE_STATUS struct {
 	ServiceType             uint32
 	CurrentState            uint32
@@ -245,3 +251,4 @@ type QUERY_SERVICE_LOCK_STATUS struct {
 //sys	UnsubscribeServiceChangeNotifications(subscription uintptr) = sechost.UnsubscribeServiceChangeNotifications?
 //sys	RegisterServiceCtrlHandlerEx(serviceName *uint16, handlerProc uintptr, context uintptr) (handle Handle, err error) = advapi32.RegisterServiceCtrlHandlerExW
 //sys	QueryServiceDynamicInformation(service Handle, infoLevel uint32, dynamicInfo unsafe.Pointer) (err error) = advapi32.QueryServiceDynamicInformation?
+//sys	EnumDependentServices(service Handle, activityState uint32, services *ENUM_SERVICE_STATUS, buffSize uint32, bytesNeeded *uint32, servicesReturned *uint32) (err error) = advapi32.EnumDependentServicesW
diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go
index 0dbb20841..88e62a638 100644
--- a/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/vendor/golang.org/x/sys/windows/types_windows.go
@@ -2220,15 +2220,19 @@ type JOBOBJECT_BASIC_UI_RESTRICTIONS struct {
 }
 
 const (
-	// JobObjectInformationClass
+	// JobObjectInformationClass for QueryInformationJobObject and SetInformationJobObject
 	JobObjectAssociateCompletionPortInformation = 7
+	JobObjectBasicAccountingInformation         = 1
+	JobObjectBasicAndIoAccountingInformation    = 8
 	JobObjectBasicLimitInformation              = 2
+	JobObjectBasicProcessIdList                 = 3
 	JobObjectBasicUIRestrictions                = 4
 	JobObjectCpuRateControlInformation          = 15
 	JobObjectEndOfJobTimeInformation            = 6
 	JobObjectExtendedLimitInformation           = 9
 	JobObjectGroupInformation                   = 11
 	JobObjectGroupInformationEx                 = 14
+	JobObjectLimitViolationInformation          = 13
 	JobObjectLimitViolationInformation2         = 34
 	JobObjectNetRateControlInformation          = 32
 	JobObjectNotificationLimitInformation       = 12
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index 6d2a26853..a81ea2c70 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -86,6 +86,7 @@ var (
 	procDeleteService                                        = modadvapi32.NewProc("DeleteService")
 	procDeregisterEventSource                                = modadvapi32.NewProc("DeregisterEventSource")
 	procDuplicateTokenEx                                     = modadvapi32.NewProc("DuplicateTokenEx")
+	procEnumDependentServicesW                               = modadvapi32.NewProc("EnumDependentServicesW")
 	procEnumServicesStatusExW                                = modadvapi32.NewProc("EnumServicesStatusExW")
 	procEqualSid                                             = modadvapi32.NewProc("EqualSid")
 	procFreeSid                                              = modadvapi32.NewProc("FreeSid")
@@ -734,6 +735,14 @@ func DuplicateTokenEx(existingToken Token, desiredAccess uint32, tokenAttributes
 	return
 }
 
+func EnumDependentServices(service Handle, activityState uint32, services *ENUM_SERVICE_STATUS, buffSize uint32, bytesNeeded *uint32, servicesReturned *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(procEnumDependentServicesW.Addr(), 6, uintptr(service), uintptr(activityState), uintptr(unsafe.Pointer(services)), uintptr(buffSize), uintptr(unsafe.Pointer(bytesNeeded)), uintptr(unsafe.Pointer(servicesReturned)))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func EnumServicesStatusEx(mgr Handle, infoLevel uint32, serviceType uint32, serviceState uint32, services *byte, bufSize uint32, bytesNeeded *uint32, servicesReturned *uint32, resumeHandle *uint32, groupName *uint16) (err error) {
 	r1, _, e1 := syscall.Syscall12(procEnumServicesStatusExW.Addr(), 10, uintptr(mgr), uintptr(infoLevel), uintptr(serviceType), uintptr(serviceState), uintptr(unsafe.Pointer(services)), uintptr(bufSize), uintptr(unsafe.Pointer(bytesNeeded)), uintptr(unsafe.Pointer(servicesReturned)), uintptr(unsafe.Pointer(resumeHandle)), uintptr(unsafe.Pointer(groupName)), 0, 0)
 	if r1 == 0 {
diff --git a/vendor/google.golang.org/api/internal/cba.go b/vendor/google.golang.org/api/internal/cba.go
new file mode 100644
index 000000000..cecbb9ba1
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/cba.go
@@ -0,0 +1,282 @@
+// Copyright 2020 Google LLC.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// cba.go (certificate-based access) contains utils for implementing Device Certificate
+// Authentication according to https://google.aip.dev/auth/4114 and Default Credentials
+// for Google Cloud Virtual Environments according to https://google.aip.dev/auth/4115.
+//
+// The overall logic for DCA is as follows:
+//  1. If both endpoint override and client certificate are specified, use them as is.
+//  2. If user does not specify client certificate, we will attempt to use default
+//     client certificate.
+//  3. If user does not specify endpoint override, we will use defaultMtlsEndpoint if
+//     client certificate is available and defaultEndpoint otherwise.
+//
+// Implications of the above logic:
+//  1. If the user specifies a non-mTLS endpoint override but client certificate is
+//     available, we will pass along the cert anyway and let the server decide what to do.
+//  2. If the user specifies an mTLS endpoint override but client certificate is not
+//     available, we will not fail-fast, but let backend throw error when connecting.
+//
+// If running within Google's cloud environment, and client certificate is not specified
+// and not available through DCA, we will try mTLS with credentials held by
+// the Secure Session Agent, which is part of Google's cloud infrastructure.
+//
+// We would like to avoid introducing client-side logic that parses whether the
+// endpoint override is an mTLS url, since the url pattern may change at anytime.
+//
+// This package is not intended for use by end developers. Use the
+// google.golang.org/api/option package to configure API clients.
+
+// Package internal supports the options and transport packages.
+package internal
+
+import (
+	"context"
+	"crypto/tls"
+	"net"
+	"net/url"
+	"os"
+	"strings"
+
+	"github.com/google/s2a-go"
+	"github.com/google/s2a-go/fallback"
+	"google.golang.org/api/internal/cert"
+	"google.golang.org/grpc/credentials"
+)
+
+const (
+	mTLSModeAlways = "always"
+	mTLSModeNever  = "never"
+	mTLSModeAuto   = "auto"
+
+	// Experimental: if true, the code will try MTLS with S2A as the default for transport security. Default value is false.
+	googleAPIUseS2AEnv = "EXPERIMENTAL_GOOGLE_API_USE_S2A"
+)
+
+// getClientCertificateSourceAndEndpoint is a convenience function that invokes
+// getClientCertificateSource and getEndpoint sequentially and returns the client
+// cert source and endpoint as a tuple.
+func getClientCertificateSourceAndEndpoint(settings *DialSettings) (cert.Source, string, error) {
+	clientCertSource, err := getClientCertificateSource(settings)
+	if err != nil {
+		return nil, "", err
+	}
+	endpoint, err := getEndpoint(settings, clientCertSource)
+	if err != nil {
+		return nil, "", err
+	}
+	return clientCertSource, endpoint, nil
+}
+
+type transportConfig struct {
+	clientCertSource cert.Source // The client certificate source.
+	endpoint         string      // The corresponding endpoint to use based on client certificate source.
+	s2aAddress       string      // The S2A address if it can be used, otherwise an empty string.
+	s2aMTLSEndpoint  string      // The MTLS endpoint to use with S2A.
+}
+
+func getTransportConfig(settings *DialSettings) (*transportConfig, error) {
+	clientCertSource, endpoint, err := getClientCertificateSourceAndEndpoint(settings)
+	if err != nil {
+		return &transportConfig{
+			clientCertSource: nil, endpoint: "", s2aAddress: "", s2aMTLSEndpoint: "",
+		}, err
+	}
+	defaultTransportConfig := transportConfig{
+		clientCertSource: clientCertSource,
+		endpoint:         endpoint,
+		s2aAddress:       "",
+		s2aMTLSEndpoint:  "",
+	}
+
+	// Check the env to determine whether to use S2A.
+	if !isGoogleS2AEnabled() {
+		return &defaultTransportConfig, nil
+	}
+
+	// If client cert is found, use that over S2A.
+	// If MTLS is not enabled for the endpoint, skip S2A.
+	if clientCertSource != nil || !mtlsEndpointEnabledForS2A() {
+		return &defaultTransportConfig, nil
+	}
+	s2aMTLSEndpoint := settings.DefaultMTLSEndpoint
+	// If there is endpoint override, honor it.
+	if settings.Endpoint != "" {
+		s2aMTLSEndpoint = endpoint
+	}
+	s2aAddress := GetS2AAddress()
+	if s2aAddress == "" {
+		return &defaultTransportConfig, nil
+	}
+	return &transportConfig{
+		clientCertSource: clientCertSource,
+		endpoint:         endpoint,
+		s2aAddress:       s2aAddress,
+		s2aMTLSEndpoint:  s2aMTLSEndpoint,
+	}, nil
+}
+
+func isGoogleS2AEnabled() bool {
+	return strings.ToLower(os.Getenv(googleAPIUseS2AEnv)) == "true"
+}
+
+// getClientCertificateSource returns a default client certificate source, if
+// not provided by the user.
+//
+// A nil default source can be returned if the source does not exist. Any exceptions
+// encountered while initializing the default source will be reported as client
+// error (ex. corrupt metadata file).
+//
+// Important Note: For now, the environment variable GOOGLE_API_USE_CLIENT_CERTIFICATE
+// must be set to "true" to allow certificate to be used (including user provided
+// certificates). For details, see AIP-4114.
+func getClientCertificateSource(settings *DialSettings) (cert.Source, error) {
+	if !isClientCertificateEnabled() {
+		return nil, nil
+	} else if settings.ClientCertSource != nil {
+		return settings.ClientCertSource, nil
+	} else {
+		return cert.DefaultSource()
+	}
+}
+
+func isClientCertificateEnabled() bool {
+	useClientCert := os.Getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE")
+	// TODO(andyrzhao): Update default to return "true" after DCA feature is fully released.
+	return strings.ToLower(useClientCert) == "true"
+}
+
+// getEndpoint returns the endpoint for the service, taking into account the
+// user-provided endpoint override "settings.Endpoint".
+//
+// If no endpoint override is specified, we will either return the default endpoint or
+// the default mTLS endpoint if a client certificate is available.
+//
+// You can override the default endpoint choice (mtls vs. regular) by setting the
+// GOOGLE_API_USE_MTLS_ENDPOINT environment variable.
+//
+// If the endpoint override is an address (host:port) rather than full base
+// URL (ex. https://...), then the user-provided address will be merged into
+// the default endpoint. For example, WithEndpoint("myhost:8000") and
+// WithDefaultEndpoint("https://foo.com/bar/baz") will return "https://myhost:8080/bar/baz"
+func getEndpoint(settings *DialSettings, clientCertSource cert.Source) (string, error) {
+	if settings.Endpoint == "" {
+		mtlsMode := getMTLSMode()
+		if mtlsMode == mTLSModeAlways || (clientCertSource != nil && mtlsMode == mTLSModeAuto) {
+			return settings.DefaultMTLSEndpoint, nil
+		}
+		return settings.DefaultEndpoint, nil
+	}
+	if strings.Contains(settings.Endpoint, "://") {
+		// User passed in a full URL path, use it verbatim.
+		return settings.Endpoint, nil
+	}
+	if settings.DefaultEndpoint == "" {
+		// If DefaultEndpoint is not configured, use the user provided endpoint verbatim.
+		// This allows a naked "host[:port]" URL to be used with GRPC Direct Path.
+		return settings.Endpoint, nil
+	}
+
+	// Assume user-provided endpoint is host[:port], merge it with the default endpoint.
+	return mergeEndpoints(settings.DefaultEndpoint, settings.Endpoint)
+}
+
+func getMTLSMode() string {
+	mode := os.Getenv("GOOGLE_API_USE_MTLS_ENDPOINT")
+	if mode == "" {
+		mode = os.Getenv("GOOGLE_API_USE_MTLS") // Deprecated.
+	}
+	if mode == "" {
+		return mTLSModeAuto
+	}
+	return strings.ToLower(mode)
+}
+
+func mergeEndpoints(baseURL, newHost string) (string, error) {
+	u, err := url.Parse(fixScheme(baseURL))
+	if err != nil {
+		return "", err
+	}
+	return strings.Replace(baseURL, u.Host, newHost, 1), nil
+}
+
+func fixScheme(baseURL string) string {
+	if !strings.Contains(baseURL, "://") {
+		return "https://" + baseURL
+	}
+	return baseURL
+}
+
+// GetGRPCTransportConfigAndEndpoint returns an instance of credentials.TransportCredentials, and the
+// corresponding endpoint to use for GRPC client.
+func GetGRPCTransportConfigAndEndpoint(settings *DialSettings) (credentials.TransportCredentials, string, error) {
+	config, err := getTransportConfig(settings)
+	if err != nil {
+		return nil, "", err
+	}
+
+	defaultTransportCreds := credentials.NewTLS(&tls.Config{
+		GetClientCertificate: config.clientCertSource,
+	})
+	if config.s2aAddress == "" {
+		return defaultTransportCreds, config.endpoint, nil
+	}
+
+	var fallbackOpts *s2a.FallbackOptions
+	// In case of S2A failure, fall back to the endpoint that would've been used without S2A.
+	if fallbackHandshake, err := fallback.DefaultFallbackClientHandshakeFunc(config.endpoint); err == nil {
+		fallbackOpts = &s2a.FallbackOptions{
+			FallbackClientHandshakeFunc: fallbackHandshake,
+		}
+	}
+
+	s2aTransportCreds, err := s2a.NewClientCreds(&s2a.ClientOptions{
+		S2AAddress:   config.s2aAddress,
+		FallbackOpts: fallbackOpts,
+	})
+	if err != nil {
+		// Use default if we cannot initialize S2A client transport credentials.
+		return defaultTransportCreds, config.endpoint, nil
+	}
+	return s2aTransportCreds, config.s2aMTLSEndpoint, nil
+}
+
+// GetHTTPTransportConfigAndEndpoint returns a client certificate source, a function for dialing MTLS with S2A,
+// and the endpoint to use for HTTP client.
+func GetHTTPTransportConfigAndEndpoint(settings *DialSettings) (cert.Source, func(context.Context, string, string) (net.Conn, error), string, error) {
+	config, err := getTransportConfig(settings)
+	if err != nil {
+		return nil, nil, "", err
+	}
+
+	if config.s2aAddress == "" {
+		return config.clientCertSource, nil, config.endpoint, nil
+	}
+
+	var fallbackOpts *s2a.FallbackOptions
+	// In case of S2A failure, fall back to the endpoint that would've been used without S2A.
+	if fallbackURL, err := url.Parse(config.endpoint); err == nil {
+		if fallbackDialer, fallbackServerAddr, err := fallback.DefaultFallbackDialerAndAddress(fallbackURL.Hostname()); err == nil {
+			fallbackOpts = &s2a.FallbackOptions{
+				FallbackDialer: &s2a.FallbackDialer{
+					Dialer:     fallbackDialer,
+					ServerAddr: fallbackServerAddr,
+				},
+			}
+		}
+	}
+
+	dialTLSContextFunc := s2a.NewS2ADialTLSContextFunc(&s2a.ClientOptions{
+		S2AAddress:   config.s2aAddress,
+		FallbackOpts: fallbackOpts,
+	})
+	return nil, dialTLSContextFunc, config.s2aMTLSEndpoint, nil
+}
+
+// mtlsEndpointEnabledForS2A checks if the endpoint is indeed MTLS-enabled, so that we can use S2A for MTLS connection.
+var mtlsEndpointEnabledForS2A = func() bool {
+	// TODO(xmenxk): determine this via discovery config.
+	return true
+}
diff --git a/vendor/google.golang.org/api/internal/creds.go b/vendor/google.golang.org/api/internal/creds.go
index 63c660922..fd89a2785 100644
--- a/vendor/google.golang.org/api/internal/creds.go
+++ b/vendor/google.golang.org/api/internal/creds.go
@@ -92,7 +92,7 @@ func credentialsFromJSON(ctx context.Context, data []byte, ds *DialSettings) (*g
 
 	// Determine configurations for the OAuth2 transport, which is separate from the API transport.
 	// The OAuth2 transport and endpoint will be configured for mTLS if applicable.
-	clientCertSource, oauth2Endpoint, err := GetClientCertificateSourceAndEndpoint(oauth2DialSettings(ds))
+	clientCertSource, oauth2Endpoint, err := getClientCertificateSourceAndEndpoint(oauth2DialSettings(ds))
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/google.golang.org/api/internal/dca.go b/vendor/google.golang.org/api/internal/dca.go
deleted file mode 100644
index 204a3fd2f..000000000
--- a/vendor/google.golang.org/api/internal/dca.go
+++ /dev/null
@@ -1,144 +0,0 @@
-// Copyright 2020 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package dca contains utils for implementing Device Certificate
-// Authentication according to https://google.aip.dev/auth/4114
-//
-// The overall logic for DCA is as follows:
-//  1. If both endpoint override and client certificate are specified, use them as is.
-//  2. If user does not specify client certificate, we will attempt to use default
-//     client certificate.
-//  3. If user does not specify endpoint override, we will use defaultMtlsEndpoint if
-//     client certificate is available and defaultEndpoint otherwise.
-//
-// Implications of the above logic:
-//  1. If the user specifies a non-mTLS endpoint override but client certificate is
-//     available, we will pass along the cert anyway and let the server decide what to do.
-//  2. If the user specifies an mTLS endpoint override but client certificate is not
-//     available, we will not fail-fast, but let backend throw error when connecting.
-//
-// We would like to avoid introducing client-side logic that parses whether the
-// endpoint override is an mTLS url, since the url pattern may change at anytime.
-//
-// This package is not intended for use by end developers. Use the
-// google.golang.org/api/option package to configure API clients.
-
-// Package internal supports the options and transport packages.
-package internal
-
-import (
-	"net/url"
-	"os"
-	"strings"
-
-	"google.golang.org/api/internal/cert"
-)
-
-const (
-	mTLSModeAlways = "always"
-	mTLSModeNever  = "never"
-	mTLSModeAuto   = "auto"
-)
-
-// GetClientCertificateSourceAndEndpoint is a convenience function that invokes
-// getClientCertificateSource and getEndpoint sequentially and returns the client
-// cert source and endpoint as a tuple.
-func GetClientCertificateSourceAndEndpoint(settings *DialSettings) (cert.Source, string, error) {
-	clientCertSource, err := getClientCertificateSource(settings)
-	if err != nil {
-		return nil, "", err
-	}
-	endpoint, err := getEndpoint(settings, clientCertSource)
-	if err != nil {
-		return nil, "", err
-	}
-	return clientCertSource, endpoint, nil
-}
-
-// getClientCertificateSource returns a default client certificate source, if
-// not provided by the user.
-//
-// A nil default source can be returned if the source does not exist. Any exceptions
-// encountered while initializing the default source will be reported as client
-// error (ex. corrupt metadata file).
-//
-// Important Note: For now, the environment variable GOOGLE_API_USE_CLIENT_CERTIFICATE
-// must be set to "true" to allow certificate to be used (including user provided
-// certificates). For details, see AIP-4114.
-func getClientCertificateSource(settings *DialSettings) (cert.Source, error) {
-	if !isClientCertificateEnabled() {
-		return nil, nil
-	} else if settings.ClientCertSource != nil {
-		return settings.ClientCertSource, nil
-	} else {
-		return cert.DefaultSource()
-	}
-}
-
-func isClientCertificateEnabled() bool {
-	useClientCert := os.Getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE")
-	// TODO(andyrzhao): Update default to return "true" after DCA feature is fully released.
-	return strings.ToLower(useClientCert) == "true"
-}
-
-// getEndpoint returns the endpoint for the service, taking into account the
-// user-provided endpoint override "settings.Endpoint".
-//
-// If no endpoint override is specified, we will either return the default endpoint or
-// the default mTLS endpoint if a client certificate is available.
-//
-// You can override the default endpoint choice (mtls vs. regular) by setting the
-// GOOGLE_API_USE_MTLS_ENDPOINT environment variable.
-//
-// If the endpoint override is an address (host:port) rather than full base
-// URL (ex. https://...), then the user-provided address will be merged into
-// the default endpoint. For example, WithEndpoint("myhost:8000") and
-// WithDefaultEndpoint("https://foo.com/bar/baz") will return "https://myhost:8080/bar/baz"
-func getEndpoint(settings *DialSettings, clientCertSource cert.Source) (string, error) {
-	if settings.Endpoint == "" {
-		mtlsMode := getMTLSMode()
-		if mtlsMode == mTLSModeAlways || (clientCertSource != nil && mtlsMode == mTLSModeAuto) {
-			return settings.DefaultMTLSEndpoint, nil
-		}
-		return settings.DefaultEndpoint, nil
-	}
-	if strings.Contains(settings.Endpoint, "://") {
-		// User passed in a full URL path, use it verbatim.
-		return settings.Endpoint, nil
-	}
-	if settings.DefaultEndpoint == "" {
-		// If DefaultEndpoint is not configured, use the user provided endpoint verbatim.
-		// This allows a naked "host[:port]" URL to be used with GRPC Direct Path.
-		return settings.Endpoint, nil
-	}
-
-	// Assume user-provided endpoint is host[:port], merge it with the default endpoint.
-	return mergeEndpoints(settings.DefaultEndpoint, settings.Endpoint)
-}
-
-func getMTLSMode() string {
-	mode := os.Getenv("GOOGLE_API_USE_MTLS_ENDPOINT")
-	if mode == "" {
-		mode = os.Getenv("GOOGLE_API_USE_MTLS") // Deprecated.
-	}
-	if mode == "" {
-		return mTLSModeAuto
-	}
-	return strings.ToLower(mode)
-}
-
-func mergeEndpoints(baseURL, newHost string) (string, error) {
-	u, err := url.Parse(fixScheme(baseURL))
-	if err != nil {
-		return "", err
-	}
-	return strings.Replace(baseURL, u.Host, newHost, 1), nil
-}
-
-func fixScheme(baseURL string) string {
-	if !strings.Contains(baseURL, "://") {
-		return "https://" + baseURL
-	}
-	return baseURL
-}
diff --git a/vendor/google.golang.org/api/internal/s2a.go b/vendor/google.golang.org/api/internal/s2a.go
new file mode 100644
index 000000000..c5b421f55
--- /dev/null
+++ b/vendor/google.golang.org/api/internal/s2a.go
@@ -0,0 +1,136 @@
+// Copyright 2023 Google LLC.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package internal
+
+import (
+	"encoding/json"
+	"log"
+	"sync"
+	"time"
+
+	"cloud.google.com/go/compute/metadata"
+)
+
+const configEndpointSuffix = "googleAutoMtlsConfiguration"
+
+// The period an MTLS config can be reused before needing refresh.
+var configExpiry = time.Hour
+
+// GetS2AAddress returns the S2A address to be reached via plaintext connection.
+func GetS2AAddress() string {
+	c, err := getMetadataMTLSAutoConfig().Config()
+	if err != nil {
+		return ""
+	}
+	if !c.Valid() {
+		return ""
+	}
+	return c.S2A.PlaintextAddress
+}
+
+type mtlsConfigSource interface {
+	Config() (*mtlsConfig, error)
+}
+
+// mdsMTLSAutoConfigSource is an instance of reuseMTLSConfigSource, with metadataMTLSAutoConfig as its config source.
+var (
+	mdsMTLSAutoConfigSource mtlsConfigSource
+	once                    sync.Once
+)
+
+// getMetadataMTLSAutoConfig returns mdsMTLSAutoConfigSource, which is backed by config from MDS with auto-refresh.
+func getMetadataMTLSAutoConfig() mtlsConfigSource {
+	once.Do(func() {
+		mdsMTLSAutoConfigSource = &reuseMTLSConfigSource{
+			src: &metadataMTLSAutoConfig{},
+		}
+	})
+	return mdsMTLSAutoConfigSource
+}
+
+// reuseMTLSConfigSource caches a valid version of mtlsConfig, and uses `src` to refresh upon config expiry.
+// It implements the mtlsConfigSource interface, so calling Config() on it returns an mtlsConfig.
+type reuseMTLSConfigSource struct {
+	src    mtlsConfigSource // src.Config() is called when config is expired
+	mu     sync.Mutex       // mutex guards config
+	config *mtlsConfig      // cached config
+}
+
+func (cs *reuseMTLSConfigSource) Config() (*mtlsConfig, error) {
+	cs.mu.Lock()
+	defer cs.mu.Unlock()
+
+	if cs.config.Valid() {
+		return cs.config, nil
+	}
+	c, err := cs.src.Config()
+	if err != nil {
+		return nil, err
+	}
+	cs.config = c
+	return c, nil
+}
+
+// metadataMTLSAutoConfig is an implementation of the interface mtlsConfigSource
+// It has the logic to query MDS and return an mtlsConfig
+type metadataMTLSAutoConfig struct{}
+
+var httpGetMetadataMTLSConfig = func() (string, error) {
+	return metadata.Get(configEndpointSuffix)
+}
+
+func (cs *metadataMTLSAutoConfig) Config() (*mtlsConfig, error) {
+	resp, err := httpGetMetadataMTLSConfig()
+	if err != nil {
+		log.Printf("querying MTLS config from MDS endpoint failed: %v", err)
+		return defaultMTLSConfig(), nil
+	}
+	var config mtlsConfig
+	err = json.Unmarshal([]byte(resp), &config)
+	if err != nil {
+		log.Printf("unmarshalling MTLS config from MDS endpoint failed: %v", err)
+		return defaultMTLSConfig(), nil
+	}
+
+	if config.S2A == nil {
+		log.Printf("returned MTLS config from MDS endpoint is invalid: %v", config)
+		return defaultMTLSConfig(), nil
+	}
+
+	// set new expiry
+	config.Expiry = time.Now().Add(configExpiry)
+	return &config, nil
+}
+
+func defaultMTLSConfig() *mtlsConfig {
+	return &mtlsConfig{
+		S2A: &s2aAddresses{
+			PlaintextAddress: "",
+			MTLSAddress:      "",
+		},
+		Expiry: time.Now().Add(configExpiry),
+	}
+}
+
+// s2aAddresses contains the plaintext and/or MTLS S2A addresses.
+type s2aAddresses struct {
+	// PlaintextAddress is the plaintext address to reach S2A
+	PlaintextAddress string `json:"plaintext_address"`
+	// MTLSAddress is the MTLS address to reach S2A
+	MTLSAddress string `json:"mtls_address"`
+}
+
+// mtlsConfig contains the configuration for establishing MTLS connections with Google APIs.
+type mtlsConfig struct {
+	S2A    *s2aAddresses `json:"s2a"`
+	Expiry time.Time
+}
+
+func (c *mtlsConfig) Valid() bool {
+	return c != nil && c.S2A != nil && !c.expired()
+}
+func (c *mtlsConfig) expired() bool {
+	return c.Expiry.Before(time.Now())
+}
diff --git a/vendor/google.golang.org/api/internal/settings.go b/vendor/google.golang.org/api/internal/settings.go
index 76efdb227..3a3874df1 100644
--- a/vendor/google.golang.org/api/internal/settings.go
+++ b/vendor/google.golang.org/api/internal/settings.go
@@ -46,6 +46,7 @@ type DialSettings struct {
 	SkipValidation                bool
 	ImpersonationConfig           *impersonate.Config
 	EnableDirectPath              bool
+	EnableDirectPathXds           bool
 	AllowNonDefaultServiceAccount bool
 
 	// Google API system parameters. For more information please read:
diff --git a/vendor/google.golang.org/api/internal/version.go b/vendor/google.golang.org/api/internal/version.go
index 19df50de1..b4904183c 100644
--- a/vendor/google.golang.org/api/internal/version.go
+++ b/vendor/google.golang.org/api/internal/version.go
@@ -5,4 +5,4 @@
 package internal
 
 // Version is the current tagged release of the library.
-const Version = "0.116.0"
+const Version = "0.123.0"
diff --git a/vendor/google.golang.org/api/option/internaloption/internaloption.go b/vendor/google.golang.org/api/option/internaloption/internaloption.go
index cc7ebfe27..3b8461d1d 100644
--- a/vendor/google.golang.org/api/option/internaloption/internaloption.go
+++ b/vendor/google.golang.org/api/option/internaloption/internaloption.go
@@ -67,6 +67,21 @@ func (e enableDirectPath) Apply(o *internal.DialSettings) {
 	o.EnableDirectPath = bool(e)
 }
 
+// EnableDirectPathXds returns a ClientOption that overrides the default
+// DirectPath type. It is only valid when DirectPath is enabled.
+//
+// It should only be used internally by generated clients.
+// This is an EXPERIMENTAL API and may be changed or removed in the future.
+func EnableDirectPathXds() option.ClientOption {
+	return enableDirectPathXds(true)
+}
+
+type enableDirectPathXds bool
+
+func (x enableDirectPathXds) Apply(o *internal.DialSettings) {
+	o.EnableDirectPathXds = bool(x)
+}
+
 // AllowNonDefaultServiceAccount returns a ClientOption that overrides the default
 // requirement for using the default service account for DirectPath.
 //
diff --git a/vendor/google.golang.org/api/transport/grpc/dial.go b/vendor/google.golang.org/api/transport/grpc/dial.go
index 20c94fa64..e1403e08e 100644
--- a/vendor/google.golang.org/api/transport/grpc/dial.go
+++ b/vendor/google.golang.org/api/transport/grpc/dial.go
@@ -9,7 +9,6 @@ package grpc
 
 import (
 	"context"
-	"crypto/tls"
 	"errors"
 	"log"
 	"net"
@@ -22,7 +21,6 @@ import (
 	"google.golang.org/api/internal"
 	"google.golang.org/api/option"
 	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials"
 	grpcgoogle "google.golang.org/grpc/credentials/google"
 	grpcinsecure "google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/credentials/oauth"
@@ -122,18 +120,13 @@ func dial(ctx context.Context, insecure bool, o *internal.DialSettings) (*grpc.C
 	if o.GRPCConn != nil {
 		return o.GRPCConn, nil
 	}
-	clientCertSource, endpoint, err := internal.GetClientCertificateSourceAndEndpoint(o)
+	transportCreds, endpoint, err := internal.GetGRPCTransportConfigAndEndpoint(o)
 	if err != nil {
 		return nil, err
 	}
 
-	var transportCreds credentials.TransportCredentials
 	if insecure {
 		transportCreds = grpcinsecure.NewCredentials()
-	} else {
-		transportCreds = credentials.NewTLS(&tls.Config{
-			GetClientCertificate: clientCertSource,
-		})
 	}
 
 	// Initialize gRPC dial options with transport-level security options.
@@ -171,7 +164,7 @@ func dial(ctx context.Context, insecure bool, o *internal.DialSettings) (*grpc.C
 				grpcOpts = append(grpcOpts, timeoutDialerOption)
 			}
 			// Check if google-c2p resolver is enabled for DirectPath
-			if strings.EqualFold(os.Getenv(enableDirectPathXds), "true") {
+			if isDirectPathXdsUsed(o) {
 				// google-c2p resolver target must not have a port number
 				if addr, _, err := net.SplitHostPort(endpoint); err == nil {
 					endpoint = "google-c2p:///" + addr
@@ -258,6 +251,19 @@ func isDirectPathEnabled(endpoint string, o *internal.DialSettings) bool {
 	return true
 }
 
+func isDirectPathXdsUsed(o *internal.DialSettings) bool {
+	// Method 1: Enable DirectPath xDS by env;
+	if strings.EqualFold(os.Getenv(enableDirectPathXds), "true") {
+		return true
+	}
+	// Method 2: Enable DirectPath xDS by option;
+	if o.EnableDirectPathXds {
+		return true
+	}
+	return false
+
+}
+
 func isTokenSourceDirectPathCompatible(ts oauth2.TokenSource, o *internal.DialSettings) bool {
 	if ts == nil {
 		return false
diff --git a/vendor/google.golang.org/api/transport/http/dial.go b/vendor/google.golang.org/api/transport/http/dial.go
index 403509d08..eca0c3ba7 100644
--- a/vendor/google.golang.org/api/transport/http/dial.go
+++ b/vendor/google.golang.org/api/transport/http/dial.go
@@ -33,7 +33,7 @@ func NewClient(ctx context.Context, opts ...option.ClientOption) (*http.Client,
 	if err != nil {
 		return nil, "", err
 	}
-	clientCertSource, endpoint, err := internal.GetClientCertificateSourceAndEndpoint(settings)
+	clientCertSource, dialTLSContext, endpoint, err := internal.GetHTTPTransportConfigAndEndpoint(settings)
 	if err != nil {
 		return nil, "", err
 	}
@@ -41,7 +41,8 @@ func NewClient(ctx context.Context, opts ...option.ClientOption) (*http.Client,
 	if settings.HTTPClient != nil {
 		return settings.HTTPClient, endpoint, nil
 	}
-	trans, err := newTransport(ctx, defaultBaseTransport(ctx, clientCertSource), settings)
+
+	trans, err := newTransport(ctx, defaultBaseTransport(ctx, clientCertSource, dialTLSContext), settings)
 	if err != nil {
 		return nil, "", err
 	}
@@ -152,7 +153,7 @@ var appengineUrlfetchHook func(context.Context) http.RoundTripper
 // Otherwise, use a default transport, taking most defaults from
 // http.DefaultTransport.
 // If TLSCertificate is available, set TLSClientConfig as well.
-func defaultBaseTransport(ctx context.Context, clientCertSource cert.Source) http.RoundTripper {
+func defaultBaseTransport(ctx context.Context, clientCertSource cert.Source, dialTLSContext func(context.Context, string, string) (net.Conn, error)) http.RoundTripper {
 	if appengineUrlfetchHook != nil {
 		return appengineUrlfetchHook(ctx)
 	}
@@ -171,6 +172,10 @@ func defaultBaseTransport(ctx context.Context, clientCertSource cert.Source) htt
 			GetClientCertificate: clientCertSource,
 		}
 	}
+	if dialTLSContext != nil {
+		// If DialTLSContext is set, TLSClientConfig wil be ignored
+		trans.DialTLSContext = dialTLSContext
+	}
 
 	configureHTTP2(trans)
 
diff --git a/vendor/google.golang.org/grpc/CONTRIBUTING.md b/vendor/google.golang.org/grpc/CONTRIBUTING.md
index 8e001134d..608aa6e1a 100644
--- a/vendor/google.golang.org/grpc/CONTRIBUTING.md
+++ b/vendor/google.golang.org/grpc/CONTRIBUTING.md
@@ -20,10 +20,6 @@ How to get your contributions merged smoothly and quickly.
   both author's & review's time is wasted. Create more PRs to address different
   concerns and everyone will be happy.
 
-- For speculative changes, consider opening an issue and discussing it first. If
-  you are suggesting a behavioral or API change, consider starting with a [gRFC 
-  proposal](https://github.com/grpc/proposal).
-
 - If you are searching for features to work on, issues labeled [Status: Help
   Wanted](https://github.com/grpc/grpc-go/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc+label%3A%22Status%3A+Help+Wanted%22)
   is a great place to start. These issues are well-documented and usually can be
diff --git a/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer.pb.go b/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer.pb.go
index 6620ed11c..f070878bd 100644
--- a/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer.pb.go
+++ b/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer.pb.go
@@ -19,7 +19,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
+// 	protoc-gen-go v1.30.0
 // 	protoc        v4.22.0
 // source: grpc/lb/v1/load_balancer.proto
 
diff --git a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
index 8cd89dab9..ec2c2fa14 100644
--- a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
+++ b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
@@ -18,7 +18,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
+// 	protoc-gen-go v1.30.0
 // 	protoc        v4.22.0
 // source: grpc/binlog/v1/binarylog.proto
 
diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go
index b9cc05507..3a7614242 100644
--- a/vendor/google.golang.org/grpc/clientconn.go
+++ b/vendor/google.golang.org/grpc/clientconn.go
@@ -244,19 +244,6 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 		}
 	}()
 
-	scSet := false
-	if cc.dopts.scChan != nil {
-		// Try to get an initial service config.
-		select {
-		case sc, ok := <-cc.dopts.scChan:
-			if ok {
-				cc.sc = &sc
-				cc.safeConfigSelector.UpdateConfigSelector(&defaultConfigSelector{&sc})
-				scSet = true
-			}
-		default:
-		}
-	}
 	if cc.dopts.bs == nil {
 		cc.dopts.bs = backoff.DefaultExponential
 	}
@@ -272,7 +259,7 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 	}
 	channelz.Infof(logger, cc.channelzID, "Channel authority set to %q", cc.authority)
 
-	if cc.dopts.scChan != nil && !scSet {
+	if cc.dopts.scChan != nil {
 		// Blocking wait for the initial service config.
 		select {
 		case sc, ok := <-cc.dopts.scChan:
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/handshaker.go b/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/handshaker.go
index c8a307531..150ae5576 100644
--- a/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/handshaker.go
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/handshaker.go
@@ -387,5 +387,7 @@ func (h *altsHandshaker) processUntilDone(resp *altspb.HandshakerResp, extra []b
 // Close terminates the Handshaker. It should be called when the caller obtains
 // the secure connection.
 func (h *altsHandshaker) Close() {
-	h.stream.CloseSend()
+	if h.stream != nil {
+		h.stream.CloseSend()
+	}
 }
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/service/service.go b/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/service/service.go
index 2de2c4aff..e1cdafb98 100644
--- a/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/service/service.go
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/service/service.go
@@ -58,3 +58,21 @@ func Dial(hsAddress string) (*grpc.ClientConn, error) {
 	}
 	return hsConn, nil
 }
+
+// CloseForTesting closes all open connections to the handshaker service.
+//
+// For testing purposes only.
+func CloseForTesting() error {
+	for _, hsConn := range hsConnMap {
+		if hsConn == nil {
+			continue
+		}
+		if err := hsConn.Close(); err != nil {
+			return err
+		}
+	}
+
+	// Reset the connection map.
+	hsConnMap = make(map[string]*grpc.ClientConn)
+	return nil
+}
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/altscontext.pb.go b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/altscontext.pb.go
index 16e814b9b..83e3bae37 100644
--- a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/altscontext.pb.go
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/altscontext.pb.go
@@ -17,7 +17,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
+// 	protoc-gen-go v1.30.0
 // 	protoc        v4.22.0
 // source: grpc/gcp/altscontext.proto
 
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker.pb.go b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker.pb.go
index 258a130a9..0b0093328 100644
--- a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker.pb.go
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker.pb.go
@@ -17,7 +17,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
+// 	protoc-gen-go v1.30.0
 // 	protoc        v4.22.0
 // source: grpc/gcp/handshaker.proto
 
diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/transport_security_common.pb.go b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/transport_security_common.pb.go
index cc9a27059..c2e564c7d 100644
--- a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/transport_security_common.pb.go
+++ b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/transport_security_common.pb.go
@@ -17,7 +17,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
+// 	protoc-gen-go v1.30.0
 // 	protoc        v4.22.0
 // source: grpc/gcp/transport_security_common.proto
 
diff --git a/vendor/google.golang.org/grpc/dialoptions.go b/vendor/google.golang.org/grpc/dialoptions.go
index e9d6852fd..cdc8263bd 100644
--- a/vendor/google.golang.org/grpc/dialoptions.go
+++ b/vendor/google.golang.org/grpc/dialoptions.go
@@ -295,6 +295,9 @@ func withBackoff(bs internalbackoff.Strategy) DialOption {
 // WithBlock returns a DialOption which makes callers of Dial block until the
 // underlying connection is up. Without this, Dial returns immediately and
 // connecting the server happens in background.
+//
+// Use of this feature is not recommended.  For more information, please see:
+// https://github.com/grpc/grpc-go/blob/master/Documentation/anti-patterns.md
 func WithBlock() DialOption {
 	return newFuncDialOption(func(o *dialOptions) {
 		o.block = true
@@ -306,6 +309,9 @@ func WithBlock() DialOption {
 // the context.DeadlineExceeded error.
 // Implies WithBlock()
 //
+// Use of this feature is not recommended.  For more information, please see:
+// https://github.com/grpc/grpc-go/blob/master/Documentation/anti-patterns.md
+//
 // # Experimental
 //
 // Notice: This API is EXPERIMENTAL and may be changed or removed in a
@@ -448,6 +454,9 @@ func withBinaryLogger(bl binarylog.Logger) DialOption {
 // FailOnNonTempDialError only affects the initial dial, and does not do
 // anything useful unless you are also using WithBlock().
 //
+// Use of this feature is not recommended.  For more information, please see:
+// https://github.com/grpc/grpc-go/blob/master/Documentation/anti-patterns.md
+//
 // # Experimental
 //
 // Notice: This API is EXPERIMENTAL and may be changed or removed in a
diff --git a/vendor/google.golang.org/grpc/internal/envconfig/xds.go b/vendor/google.golang.org/grpc/internal/envconfig/xds.go
index 04136882c..3b17705ba 100644
--- a/vendor/google.golang.org/grpc/internal/envconfig/xds.go
+++ b/vendor/google.golang.org/grpc/internal/envconfig/xds.go
@@ -79,7 +79,7 @@ var (
 	// XDSFederation indicates whether federation support is enabled, which can
 	// be enabled by setting the environment variable
 	// "GRPC_EXPERIMENTAL_XDS_FEDERATION" to "true".
-	XDSFederation = boolFromEnv("GRPC_EXPERIMENTAL_XDS_FEDERATION", false)
+	XDSFederation = boolFromEnv("GRPC_EXPERIMENTAL_XDS_FEDERATION", true)
 
 	// XDSRLS indicates whether processing of Cluster Specifier plugins and
 	// support for the RLS CLuster Specifier is enabled, which can be enabled by
diff --git a/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go b/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go
new file mode 100644
index 000000000..79993d343
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go
@@ -0,0 +1,65 @@
+/*
+ *
+ * Copyright 2022 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package grpcsync
+
+import (
+	"context"
+
+	"google.golang.org/grpc/internal/buffer"
+)
+
+// CallbackSerializer provides a mechanism to schedule callbacks in a
+// synchronized manner. It provides a FIFO guarantee on the order of execution
+// of scheduled callbacks. New callbacks can be scheduled by invoking the
+// Schedule() method.
+//
+// This type is safe for concurrent access.
+type CallbackSerializer struct {
+	callbacks *buffer.Unbounded
+}
+
+// NewCallbackSerializer returns a new CallbackSerializer instance. The provided
+// context will be passed to the scheduled callbacks. Users should cancel the
+// provided context to shutdown the CallbackSerializer. It is guaranteed that no
+// callbacks will be executed once this context is canceled.
+func NewCallbackSerializer(ctx context.Context) *CallbackSerializer {
+	t := &CallbackSerializer{callbacks: buffer.NewUnbounded()}
+	go t.run(ctx)
+	return t
+}
+
+// Schedule adds a callback to be scheduled after existing callbacks are run.
+//
+// Callbacks are expected to honor the context when performing any blocking
+// operations, and should return early when the context is canceled.
+func (t *CallbackSerializer) Schedule(f func(ctx context.Context)) {
+	t.callbacks.Put(f)
+}
+
+func (t *CallbackSerializer) run(ctx context.Context) {
+	for ctx.Err() == nil {
+		select {
+		case <-ctx.Done():
+			return
+		case callback := <-t.callbacks.Get():
+			t.callbacks.Load()
+			callback.(func(ctx context.Context))(ctx)
+		}
+	}
+}
diff --git a/vendor/google.golang.org/grpc/internal/transport/controlbuf.go b/vendor/google.golang.org/grpc/internal/transport/controlbuf.go
index c343c23a5..be5a9c81e 100644
--- a/vendor/google.golang.org/grpc/internal/transport/controlbuf.go
+++ b/vendor/google.golang.org/grpc/internal/transport/controlbuf.go
@@ -30,6 +30,7 @@ import (
 
 	"golang.org/x/net/http2"
 	"golang.org/x/net/http2/hpack"
+	"google.golang.org/grpc/internal/grpclog"
 	"google.golang.org/grpc/internal/grpcutil"
 	"google.golang.org/grpc/status"
 )
@@ -488,12 +489,13 @@ type loopyWriter struct {
 	bdpEst        *bdpEstimator
 	draining      bool
 	conn          net.Conn
+	logger        *grpclog.PrefixLogger
 
 	// Side-specific handlers
 	ssGoAwayHandler func(*goAway) (bool, error)
 }
 
-func newLoopyWriter(s side, fr *framer, cbuf *controlBuffer, bdpEst *bdpEstimator, conn net.Conn) *loopyWriter {
+func newLoopyWriter(s side, fr *framer, cbuf *controlBuffer, bdpEst *bdpEstimator, conn net.Conn, logger *grpclog.PrefixLogger) *loopyWriter {
 	var buf bytes.Buffer
 	l := &loopyWriter{
 		side:          s,
@@ -507,6 +509,7 @@ func newLoopyWriter(s side, fr *framer, cbuf *controlBuffer, bdpEst *bdpEstimato
 		hEnc:          hpack.NewEncoder(&buf),
 		bdpEst:        bdpEst,
 		conn:          conn,
+		logger:        logger,
 	}
 	return l
 }
@@ -536,8 +539,8 @@ const minBatchSize = 1000
 // left open to allow the I/O error to be encountered by the reader instead.
 func (l *loopyWriter) run() (err error) {
 	defer func() {
-		if logger.V(logLevel) {
-			logger.Infof("transport: loopyWriter exiting with error: %v", err)
+		if l.logger.V(logLevel) {
+			l.logger.Infof("loopyWriter exiting with error: %v", err)
 		}
 		if !isIOError(err) {
 			l.framer.writer.Flush()
@@ -636,8 +639,8 @@ func (l *loopyWriter) headerHandler(h *headerFrame) error {
 	if l.side == serverSide {
 		str, ok := l.estdStreams[h.streamID]
 		if !ok {
-			if logger.V(logLevel) {
-				logger.Warningf("transport: loopy doesn't recognize the stream: %d", h.streamID)
+			if l.logger.V(logLevel) {
+				l.logger.Infof("Unrecognized streamID %d in loopyWriter", h.streamID)
 			}
 			return nil
 		}
@@ -692,8 +695,8 @@ func (l *loopyWriter) writeHeader(streamID uint32, endStream bool, hf []hpack.He
 	l.hBuf.Reset()
 	for _, f := range hf {
 		if err := l.hEnc.WriteField(f); err != nil {
-			if logger.V(logLevel) {
-				logger.Warningf("transport: loopyWriter.writeHeader encountered error while encoding headers: %v", err)
+			if l.logger.V(logLevel) {
+				l.logger.Warningf("Encountered error while encoding headers: %v", err)
 			}
 		}
 	}
diff --git a/vendor/google.golang.org/grpc/internal/transport/handler_server.go b/vendor/google.golang.org/grpc/internal/transport/handler_server.go
index e6626bf96..fbee581b8 100644
--- a/vendor/google.golang.org/grpc/internal/transport/handler_server.go
+++ b/vendor/google.golang.org/grpc/internal/transport/handler_server.go
@@ -39,6 +39,7 @@ import (
 	"golang.org/x/net/http2"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/internal/grpclog"
 	"google.golang.org/grpc/internal/grpcutil"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/peer"
@@ -83,6 +84,7 @@ func NewServerHandlerTransport(w http.ResponseWriter, r *http.Request, stats []s
 		contentSubtype: contentSubtype,
 		stats:          stats,
 	}
+	st.logger = prefixLoggerForServerHandlerTransport(st)
 
 	if v := r.Header.Get("grpc-timeout"); v != "" {
 		to, err := decodeTimeout(v)
@@ -150,13 +152,14 @@ type serverHandlerTransport struct {
 	// TODO make sure this is consistent across handler_server and http2_server
 	contentSubtype string
 
-	stats []stats.Handler
+	stats  []stats.Handler
+	logger *grpclog.PrefixLogger
 }
 
 func (ht *serverHandlerTransport) Close(err error) {
 	ht.closeOnce.Do(func() {
-		if logger.V(logLevel) {
-			logger.Infof("Closing serverHandlerTransport: %v", err)
+		if ht.logger.V(logLevel) {
+			ht.logger.Infof("Closing: %v", err)
 		}
 		close(ht.closedCh)
 	})
diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_client.go b/vendor/google.golang.org/grpc/internal/transport/http2_client.go
index 9826feb8c..5216998a8 100644
--- a/vendor/google.golang.org/grpc/internal/transport/http2_client.go
+++ b/vendor/google.golang.org/grpc/internal/transport/http2_client.go
@@ -38,6 +38,7 @@ import (
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/internal/channelz"
 	icredentials "google.golang.org/grpc/internal/credentials"
+	"google.golang.org/grpc/internal/grpclog"
 	"google.golang.org/grpc/internal/grpcsync"
 	"google.golang.org/grpc/internal/grpcutil"
 	imetadata "google.golang.org/grpc/internal/metadata"
@@ -145,6 +146,7 @@ type http2Client struct {
 	bufferPool *bufferPool
 
 	connectionID uint64
+	logger       *grpclog.PrefixLogger
 }
 
 func dial(ctx context.Context, fn func(context.Context, string) (net.Conn, error), addr resolver.Address, useProxy bool, grpcUA string) (net.Conn, error) {
@@ -244,7 +246,7 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts
 		if err := connectCtx.Err(); err != nil {
 			// connectCtx expired before exiting the function.  Hard close the connection.
 			if logger.V(logLevel) {
-				logger.Infof("newClientTransport: aborting due to connectCtx: %v", err)
+				logger.Infof("Aborting due to connect deadline expiring: %v", err)
 			}
 			conn.Close()
 		}
@@ -346,6 +348,7 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts
 		bufferPool:            newBufferPool(),
 		onClose:               onClose,
 	}
+	t.logger = prefixLoggerForClientTransport(t)
 	// Add peer information to the http2client context.
 	t.ctx = peer.NewContext(t.ctx, t.getPeer())
 
@@ -444,7 +447,7 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts
 		return nil, err
 	}
 	go func() {
-		t.loopy = newLoopyWriter(clientSide, t.framer, t.controlBuf, t.bdpEst, t.conn)
+		t.loopy = newLoopyWriter(clientSide, t.framer, t.controlBuf, t.bdpEst, t.conn, t.logger)
 		t.loopy.run()
 		close(t.writerDone)
 	}()
@@ -782,7 +785,7 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream,
 		s.id = h.streamID
 		s.fc = &inFlow{limit: uint32(t.initialWindowSize)}
 		t.mu.Lock()
-		if t.activeStreams == nil { // Can be niled from Close().
+		if t.state == draining || t.activeStreams == nil { // Can be niled from Close().
 			t.mu.Unlock()
 			return false // Don't create a stream if the transport is already closed.
 		}
@@ -859,8 +862,8 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream,
 		}
 	}
 	if transportDrainRequired {
-		if logger.V(logLevel) {
-			logger.Infof("transport: t.nextID > MaxStreamID. Draining")
+		if t.logger.V(logLevel) {
+			t.logger.Infof("Draining transport: t.nextID > MaxStreamID")
 		}
 		t.GracefulClose()
 	}
@@ -952,8 +955,8 @@ func (t *http2Client) Close(err error) {
 		t.mu.Unlock()
 		return
 	}
-	if logger.V(logLevel) {
-		logger.Infof("transport: closing: %v", err)
+	if t.logger.V(logLevel) {
+		t.logger.Infof("Closing: %v", err)
 	}
 	// Call t.onClose ASAP to prevent the client from attempting to create new
 	// streams.
@@ -1009,8 +1012,8 @@ func (t *http2Client) GracefulClose() {
 		t.mu.Unlock()
 		return
 	}
-	if logger.V(logLevel) {
-		logger.Infof("transport: GracefulClose called")
+	if t.logger.V(logLevel) {
+		t.logger.Infof("GracefulClose called")
 	}
 	t.onClose(GoAwayInvalid)
 	t.state = draining
@@ -1174,8 +1177,8 @@ func (t *http2Client) handleRSTStream(f *http2.RSTStreamFrame) {
 	}
 	statusCode, ok := http2ErrConvTab[f.ErrCode]
 	if !ok {
-		if logger.V(logLevel) {
-			logger.Warningf("transport: http2Client.handleRSTStream found no mapped gRPC status for the received http2 error: %v", f.ErrCode)
+		if t.logger.V(logLevel) {
+			t.logger.Infof("Received a RST_STREAM frame with code %q, but found no mapped gRPC status", f.ErrCode)
 		}
 		statusCode = codes.Unknown
 	}
diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_server.go b/vendor/google.golang.org/grpc/internal/transport/http2_server.go
index 99ae1a737..4b406b8cb 100644
--- a/vendor/google.golang.org/grpc/internal/transport/http2_server.go
+++ b/vendor/google.golang.org/grpc/internal/transport/http2_server.go
@@ -35,7 +35,9 @@ import (
 	"github.com/golang/protobuf/proto"
 	"golang.org/x/net/http2"
 	"golang.org/x/net/http2/hpack"
+	"google.golang.org/grpc/internal/grpclog"
 	"google.golang.org/grpc/internal/grpcutil"
+	"google.golang.org/grpc/internal/pretty"
 	"google.golang.org/grpc/internal/syscall"
 
 	"google.golang.org/grpc/codes"
@@ -129,6 +131,8 @@ type http2Server struct {
 	// This lock may not be taken if mu is already held.
 	maxStreamMu sync.Mutex
 	maxStreamID uint32 // max stream ID ever seen
+
+	logger *grpclog.PrefixLogger
 }
 
 // NewServerTransport creates a http2 transport with conn and configuration
@@ -267,6 +271,7 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport,
 		czData:            new(channelzData),
 		bufferPool:        newBufferPool(),
 	}
+	t.logger = prefixLoggerForServerTransport(t)
 	// Add peer information to the http2server context.
 	t.ctx = peer.NewContext(t.ctx, t.getPeer())
 
@@ -331,7 +336,7 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport,
 	t.handleSettings(sf)
 
 	go func() {
-		t.loopy = newLoopyWriter(serverSide, t.framer, t.controlBuf, t.bdpEst, t.conn)
+		t.loopy = newLoopyWriter(serverSide, t.framer, t.controlBuf, t.bdpEst, t.conn, t.logger)
 		t.loopy.ssGoAwayHandler = t.outgoingGoAwayHandler
 		t.loopy.run()
 		close(t.writerDone)
@@ -425,8 +430,8 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 		// "Transports must consider requests containing the Connection header
 		// as malformed." - A41
 		case "connection":
-			if logger.V(logLevel) {
-				logger.Errorf("transport: http2Server.operateHeaders parsed a :connection header which makes a request malformed as per the HTTP/2 spec")
+			if t.logger.V(logLevel) {
+				t.logger.Infof("Received a HEADERS frame with a :connection header which makes the request malformed, as per the HTTP/2 spec")
 			}
 			protocolError = true
 		default:
@@ -436,7 +441,7 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 			v, err := decodeMetadataHeader(hf.Name, hf.Value)
 			if err != nil {
 				headerError = status.Newf(codes.Internal, "malformed binary metadata %q in header %q: %v", hf.Value, hf.Name, err)
-				logger.Warningf("Failed to decode metadata header (%q, %q): %v", hf.Name, hf.Value, err)
+				t.logger.Warningf("Failed to decode metadata header (%q, %q): %v", hf.Name, hf.Value, err)
 				break
 			}
 			mdata[hf.Name] = append(mdata[hf.Name], v)
@@ -450,8 +455,8 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 	// error, this takes precedence over a client not speaking gRPC.
 	if len(mdata[":authority"]) > 1 || len(mdata["host"]) > 1 {
 		errMsg := fmt.Sprintf("num values of :authority: %v, num values of host: %v, both must only have 1 value as per HTTP/2 spec", len(mdata[":authority"]), len(mdata["host"]))
-		if logger.V(logLevel) {
-			logger.Errorf("transport: %v", errMsg)
+		if t.logger.V(logLevel) {
+			t.logger.Infof("Aborting the stream early: %v", errMsg)
 		}
 		t.controlBuf.put(&earlyAbortStream{
 			httpStatus:     http.StatusBadRequest,
@@ -545,9 +550,9 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 	}
 	if httpMethod != http.MethodPost {
 		t.mu.Unlock()
-		errMsg := fmt.Sprintf("http2Server.operateHeaders parsed a :method field: %v which should be POST", httpMethod)
-		if logger.V(logLevel) {
-			logger.Infof("transport: %v", errMsg)
+		errMsg := fmt.Sprintf("Received a HEADERS frame with :method %q which should be POST", httpMethod)
+		if t.logger.V(logLevel) {
+			t.logger.Infof("Aborting the stream early: %v", errMsg)
 		}
 		t.controlBuf.put(&earlyAbortStream{
 			httpStatus:     405,
@@ -563,8 +568,8 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 		var err error
 		if s.ctx, err = t.inTapHandle(s.ctx, &tap.Info{FullMethodName: s.method}); err != nil {
 			t.mu.Unlock()
-			if logger.V(logLevel) {
-				logger.Infof("transport: http2Server.operateHeaders got an error from InTapHandle: %v", err)
+			if t.logger.V(logLevel) {
+				t.logger.Infof("Aborting the stream early due to InTapHandle failure: %v", err)
 			}
 			stat, ok := status.FromError(err)
 			if !ok {
@@ -638,8 +643,8 @@ func (t *http2Server) HandleStreams(handle func(*Stream), traceCtx func(context.
 		atomic.StoreInt64(&t.lastRead, time.Now().UnixNano())
 		if err != nil {
 			if se, ok := err.(http2.StreamError); ok {
-				if logger.V(logLevel) {
-					logger.Warningf("transport: http2Server.HandleStreams encountered http2.StreamError: %v", se)
+				if t.logger.V(logLevel) {
+					t.logger.Warningf("Encountered http2.StreamError: %v", se)
 				}
 				t.mu.Lock()
 				s := t.activeStreams[se.StreamID]
@@ -682,8 +687,8 @@ func (t *http2Server) HandleStreams(handle func(*Stream), traceCtx func(context.
 		case *http2.GoAwayFrame:
 			// TODO: Handle GoAway from the client appropriately.
 		default:
-			if logger.V(logLevel) {
-				logger.Errorf("transport: http2Server.HandleStreams found unhandled frame type %v.", frame)
+			if t.logger.V(logLevel) {
+				t.logger.Infof("Received unsupported frame type %T", frame)
 			}
 		}
 	}
@@ -942,8 +947,8 @@ func (t *http2Server) checkForHeaderListSize(it interface{}) bool {
 	var sz int64
 	for _, f := range hdrFrame.hf {
 		if sz += int64(f.Size()); sz > int64(*t.maxSendHeaderListSize) {
-			if logger.V(logLevel) {
-				logger.Errorf("header list size to send violates the maximum size (%d bytes) set by client", *t.maxSendHeaderListSize)
+			if t.logger.V(logLevel) {
+				t.logger.Infof("Header list size to send violates the maximum size (%d bytes) set by client", *t.maxSendHeaderListSize)
 			}
 			return false
 		}
@@ -1056,7 +1061,7 @@ func (t *http2Server) WriteStatus(s *Stream, st *status.Status) error {
 		stBytes, err := proto.Marshal(p)
 		if err != nil {
 			// TODO: return error instead, when callers are able to handle it.
-			logger.Errorf("transport: failed to marshal rpc status: %v, error: %v", p, err)
+			t.logger.Errorf("Failed to marshal rpc status: %s, error: %v", pretty.ToJSON(p), err)
 		} else {
 			headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-status-details-bin", Value: encodeBinHeader(stBytes)})
 		}
@@ -1171,8 +1176,8 @@ func (t *http2Server) keepalive() {
 			select {
 			case <-ageTimer.C:
 				// Close the connection after grace period.
-				if logger.V(logLevel) {
-					logger.Infof("transport: closing server transport due to maximum connection age.")
+				if t.logger.V(logLevel) {
+					t.logger.Infof("Closing server transport due to maximum connection age")
 				}
 				t.controlBuf.put(closeConnection{})
 			case <-t.done:
@@ -1223,8 +1228,8 @@ func (t *http2Server) Close(err error) {
 		t.mu.Unlock()
 		return
 	}
-	if logger.V(logLevel) {
-		logger.Infof("transport: closing: %v", err)
+	if t.logger.V(logLevel) {
+		t.logger.Infof("Closing: %v", err)
 	}
 	t.state = closing
 	streams := t.activeStreams
@@ -1232,8 +1237,8 @@ func (t *http2Server) Close(err error) {
 	t.mu.Unlock()
 	t.controlBuf.finish()
 	close(t.done)
-	if err := t.conn.Close(); err != nil && logger.V(logLevel) {
-		logger.Infof("transport: error closing conn during Close: %v", err)
+	if err := t.conn.Close(); err != nil && t.logger.V(logLevel) {
+		t.logger.Infof("Error closing underlying net.Conn during Close: %v", err)
 	}
 	channelz.RemoveEntry(t.channelzID)
 	// Cancel all active streams.
diff --git a/vendor/google.golang.org/grpc/internal/transport/http_util.go b/vendor/google.golang.org/grpc/internal/transport/http_util.go
index 8fcae4f4d..19cbb18f5 100644
--- a/vendor/google.golang.org/grpc/internal/transport/http_util.go
+++ b/vendor/google.golang.org/grpc/internal/transport/http_util.go
@@ -38,7 +38,6 @@ import (
 	"golang.org/x/net/http2/hpack"
 	spb "google.golang.org/genproto/googleapis/rpc/status"
 	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/grpclog"
 	"google.golang.org/grpc/status"
 )
 
@@ -86,7 +85,6 @@ var (
 		// 504 Gateway timeout - UNAVAILABLE.
 		http.StatusGatewayTimeout: codes.Unavailable,
 	}
-	logger = grpclog.Component("transport")
 )
 
 // isReservedHeader checks whether hdr belongs to HTTP2 headers
diff --git a/vendor/google.golang.org/grpc/internal/transport/logging.go b/vendor/google.golang.org/grpc/internal/transport/logging.go
new file mode 100644
index 000000000..42ed2b07a
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/transport/logging.go
@@ -0,0 +1,40 @@
+/*
+ *
+ * Copyright 2023 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package transport
+
+import (
+	"fmt"
+
+	"google.golang.org/grpc/grpclog"
+	internalgrpclog "google.golang.org/grpc/internal/grpclog"
+)
+
+var logger = grpclog.Component("transport")
+
+func prefixLoggerForServerTransport(p *http2Server) *internalgrpclog.PrefixLogger {
+	return internalgrpclog.NewPrefixLogger(logger, fmt.Sprintf("[server-transport %p] ", p))
+}
+
+func prefixLoggerForServerHandlerTransport(p *serverHandlerTransport) *internalgrpclog.PrefixLogger {
+	return internalgrpclog.NewPrefixLogger(logger, fmt.Sprintf("[server-handler-transport %p] ", p))
+}
+
+func prefixLoggerForClientTransport(p *http2Client) *internalgrpclog.PrefixLogger {
+	return internalgrpclog.NewPrefixLogger(logger, fmt.Sprintf("[client-transport %p] ", p))
+}
diff --git a/vendor/google.golang.org/grpc/server.go b/vendor/google.golang.org/grpc/server.go
index 087b9ad7c..76d152a69 100644
--- a/vendor/google.golang.org/grpc/server.go
+++ b/vendor/google.golang.org/grpc/server.go
@@ -43,7 +43,6 @@ import (
 	"google.golang.org/grpc/internal"
 	"google.golang.org/grpc/internal/binarylog"
 	"google.golang.org/grpc/internal/channelz"
-	"google.golang.org/grpc/internal/grpcrand"
 	"google.golang.org/grpc/internal/grpcsync"
 	"google.golang.org/grpc/internal/grpcutil"
 	"google.golang.org/grpc/internal/transport"
@@ -146,7 +145,7 @@ type Server struct {
 	channelzID *channelz.Identifier
 	czData     *channelzData
 
-	serverWorkerChannels []chan *serverWorkerData
+	serverWorkerChannel chan *serverWorkerData
 }
 
 type serverOptions struct {
@@ -561,40 +560,38 @@ func NumStreamWorkers(numServerWorkers uint32) ServerOption {
 const serverWorkerResetThreshold = 1 << 16
 
 // serverWorkers blocks on a *transport.Stream channel forever and waits for
-// data to be fed by serveStreams. This allows different requests to be
+// data to be fed by serveStreams. This allows multiple requests to be
 // processed by the same goroutine, removing the need for expensive stack
 // re-allocations (see the runtime.morestack problem [1]).
 //
 // [1] https://github.com/golang/go/issues/18138
-func (s *Server) serverWorker(ch chan *serverWorkerData) {
-	// To make sure all server workers don't reset at the same time, choose a
-	// random number of iterations before resetting.
-	threshold := serverWorkerResetThreshold + grpcrand.Intn(serverWorkerResetThreshold)
-	for completed := 0; completed < threshold; completed++ {
-		data, ok := <-ch
+func (s *Server) serverWorker() {
+	for completed := 0; completed < serverWorkerResetThreshold; completed++ {
+		data, ok := <-s.serverWorkerChannel
 		if !ok {
 			return
 		}
-		s.handleStream(data.st, data.stream, s.traceInfo(data.st, data.stream))
-		data.wg.Done()
+		s.handleSingleStream(data)
 	}
-	go s.serverWorker(ch)
+	go s.serverWorker()
 }
 
-// initServerWorkers creates worker goroutines and channels to process incoming
+func (s *Server) handleSingleStream(data *serverWorkerData) {
+	defer data.wg.Done()
+	s.handleStream(data.st, data.stream, s.traceInfo(data.st, data.stream))
+}
+
+// initServerWorkers creates worker goroutines and a channel to process incoming
 // connections to reduce the time spent overall on runtime.morestack.
 func (s *Server) initServerWorkers() {
-	s.serverWorkerChannels = make([]chan *serverWorkerData, s.opts.numServerWorkers)
+	s.serverWorkerChannel = make(chan *serverWorkerData)
 	for i := uint32(0); i < s.opts.numServerWorkers; i++ {
-		s.serverWorkerChannels[i] = make(chan *serverWorkerData)
-		go s.serverWorker(s.serverWorkerChannels[i])
+		go s.serverWorker()
 	}
 }
 
 func (s *Server) stopServerWorkers() {
-	for i := uint32(0); i < s.opts.numServerWorkers; i++ {
-		close(s.serverWorkerChannels[i])
-	}
+	close(s.serverWorkerChannel)
 }
 
 // NewServer creates a gRPC server which has no service registered and has not
@@ -946,26 +943,21 @@ func (s *Server) serveStreams(st transport.ServerTransport) {
 	defer st.Close(errors.New("finished serving streams for the server transport"))
 	var wg sync.WaitGroup
 
-	var roundRobinCounter uint32
 	st.HandleStreams(func(stream *transport.Stream) {
 		wg.Add(1)
 		if s.opts.numServerWorkers > 0 {
 			data := &serverWorkerData{st: st, wg: &wg, stream: stream}
 			select {
-			case s.serverWorkerChannels[atomic.AddUint32(&roundRobinCounter, 1)%s.opts.numServerWorkers] <- data:
+			case s.serverWorkerChannel <- data:
+				return
 			default:
 				// If all stream workers are busy, fallback to the default code path.
-				go func() {
-					s.handleStream(st, stream, s.traceInfo(st, stream))
-					wg.Done()
-				}()
 			}
-		} else {
-			go func() {
-				defer wg.Done()
-				s.handleStream(st, stream, s.traceInfo(st, stream))
-			}()
 		}
+		go func() {
+			defer wg.Done()
+			s.handleStream(st, stream, s.traceInfo(st, stream))
+		}()
 	}, func(ctx context.Context, method string) context.Context {
 		if !EnableTracing {
 			return ctx
diff --git a/vendor/google.golang.org/grpc/status/status.go b/vendor/google.golang.org/grpc/status/status.go
index 623be39f2..53910fb7c 100644
--- a/vendor/google.golang.org/grpc/status/status.go
+++ b/vendor/google.golang.org/grpc/status/status.go
@@ -77,7 +77,9 @@ func FromProto(s *spb.Status) *Status {
 // FromError returns a Status representation of err.
 //
 //   - If err was produced by this package or implements the method `GRPCStatus()
-//     *Status`, the appropriate Status is returned.
+//     *Status`, or if err wraps a type satisfying this, the appropriate Status is
+//     returned.  For wrapped errors, the message returned contains the entire
+//     err.Error() text and not just the wrapped status.
 //
 //   - If err is nil, a Status is returned with codes.OK and no message.
 //
@@ -88,10 +90,15 @@ func FromError(err error) (s *Status, ok bool) {
 	if err == nil {
 		return nil, true
 	}
-	if se, ok := err.(interface {
-		GRPCStatus() *Status
-	}); ok {
-		return se.GRPCStatus(), true
+	type grpcstatus interface{ GRPCStatus() *Status }
+	if gs, ok := err.(grpcstatus); ok {
+		return gs.GRPCStatus(), true
+	}
+	var gs grpcstatus
+	if errors.As(err, &gs) {
+		p := gs.GRPCStatus().Proto()
+		p.Message = err.Error()
+		return status.FromProto(p), true
 	}
 	return New(codes.Unknown, err.Error()), false
 }
@@ -103,19 +110,16 @@ func Convert(err error) *Status {
 	return s
 }
 
-// Code returns the Code of the error if it is a Status error, codes.OK if err
-// is nil, or codes.Unknown otherwise.
+// Code returns the Code of the error if it is a Status error or if it wraps a
+// Status error. If that is not the case, it returns codes.OK if err is nil, or
+// codes.Unknown otherwise.
 func Code(err error) codes.Code {
 	// Don't use FromError to avoid allocation of OK status.
 	if err == nil {
 		return codes.OK
 	}
-	if se, ok := err.(interface {
-		GRPCStatus() *Status
-	}); ok {
-		return se.GRPCStatus().Code()
-	}
-	return codes.Unknown
+
+	return Convert(err).Code()
 }
 
 // FromContextError converts a context error or wrapped context error into a
diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go
index 3c6e3c911..853ce0e30 100644
--- a/vendor/google.golang.org/grpc/version.go
+++ b/vendor/google.golang.org/grpc/version.go
@@ -19,4 +19,4 @@
 package grpc
 
 // Version is the current grpc version.
-const Version = "1.54.0"
+const Version = "1.55.0"
diff --git a/vendor/modules.txt b/vendor/modules.txt
index b4f68f5c4..dd762ec15 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1,16 +1,16 @@
-# cloud.google.com/go v0.110.0
+# cloud.google.com/go v0.110.2
 ## explicit; go 1.19
 cloud.google.com/go/internal
 cloud.google.com/go/internal/optional
 cloud.google.com/go/internal/trace
 cloud.google.com/go/internal/version
-# cloud.google.com/go/compute v1.19.0
+# cloud.google.com/go/compute v1.19.3
 ## explicit; go 1.19
 cloud.google.com/go/compute/internal
 # cloud.google.com/go/compute/metadata v0.2.3
 ## explicit; go 1.19
 cloud.google.com/go/compute/metadata
-# cloud.google.com/go/iam v1.0.0
+# cloud.google.com/go/iam v1.0.1
 ## explicit; go 1.19
 cloud.google.com/go/iam
 cloud.google.com/go/iam/apiv1/iampb
@@ -20,7 +20,7 @@ cloud.google.com/go/storage
 cloud.google.com/go/storage/internal
 cloud.google.com/go/storage/internal/apiv2
 cloud.google.com/go/storage/internal/apiv2/stubs
-# github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0
+# github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0
 ## explicit; go 1.18
 github.com/Azure/azure-sdk-for-go/sdk/azcore
 github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud
@@ -42,7 +42,9 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore/tracing
 ## explicit; go 1.18
 github.com/Azure/azure-sdk-for-go/sdk/internal/diag
 github.com/Azure/azure-sdk-for-go/sdk/internal/errorinfo
+github.com/Azure/azure-sdk-for-go/sdk/internal/exported
 github.com/Azure/azure-sdk-for-go/sdk/internal/log
+github.com/Azure/azure-sdk-for-go/sdk/internal/poller
 github.com/Azure/azure-sdk-for-go/sdk/internal/temporal
 github.com/Azure/azure-sdk-for-go/sdk/internal/uuid
 # github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0
@@ -68,8 +70,8 @@ github.com/VictoriaMetrics/fastcache
 github.com/VictoriaMetrics/fasthttp
 github.com/VictoriaMetrics/fasthttp/fasthttputil
 github.com/VictoriaMetrics/fasthttp/stackless
-# github.com/VictoriaMetrics/metrics v1.23.1
-## explicit; go 1.15
+# github.com/VictoriaMetrics/metrics v1.24.0
+## explicit; go 1.20
 github.com/VictoriaMetrics/metrics
 # github.com/VictoriaMetrics/metricsql v0.56.2
 ## explicit; go 1.13
@@ -81,7 +83,7 @@ github.com/VividCortex/ewma
 # github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137
 ## explicit; go 1.15
 github.com/alecthomas/units
-# github.com/aws/aws-sdk-go v1.44.237
+# github.com/aws/aws-sdk-go v1.44.265
 ## explicit; go 1.11
 github.com/aws/aws-sdk-go/aws
 github.com/aws/aws-sdk-go/aws/awserr
@@ -123,7 +125,7 @@ github.com/aws/aws-sdk-go/service/sso
 github.com/aws/aws-sdk-go/service/sso/ssoiface
 github.com/aws/aws-sdk-go/service/sts
 github.com/aws/aws-sdk-go/service/sts/stsiface
-# github.com/aws/aws-sdk-go-v2 v1.17.7
+# github.com/aws/aws-sdk-go-v2 v1.18.0
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2
 github.com/aws/aws-sdk-go-v2/aws
@@ -150,10 +152,10 @@ github.com/aws/aws-sdk-go-v2/internal/timeconv
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/eventstreamapi
-# github.com/aws/aws-sdk-go-v2/config v1.18.19
+# github.com/aws/aws-sdk-go-v2/config v1.18.25
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/config
-# github.com/aws/aws-sdk-go-v2/credentials v1.13.18
+# github.com/aws/aws-sdk-go-v2/credentials v1.13.24
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/credentials
 github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds
@@ -162,23 +164,23 @@ github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client
 github.com/aws/aws-sdk-go-v2/credentials/processcreds
 github.com/aws/aws-sdk-go-v2/credentials/ssocreds
 github.com/aws/aws-sdk-go-v2/credentials/stscreds
-# github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.1
+# github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds/internal/config
-# github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.60
+# github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.67
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/feature/s3/manager
-# github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.31
+# github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/internal/configsources
-# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.25
+# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2
-# github.com/aws/aws-sdk-go-v2/internal/ini v1.3.32
+# github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/internal/ini
-# github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.23
+# github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.25
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/internal/v4a
 github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto
@@ -186,35 +188,35 @@ github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4
 # github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding
-# github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.26
+# github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.28
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/internal/checksum
-# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.25
+# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url
-# github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.0
+# github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.2
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared/arn
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared/config
-# github.com/aws/aws-sdk-go-v2/service/s3 v1.31.1
+# github.com/aws/aws-sdk-go-v2/service/s3 v1.33.1
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/s3
 github.com/aws/aws-sdk-go-v2/service/s3/internal/arn
 github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations
 github.com/aws/aws-sdk-go-v2/service/s3/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/s3/types
-# github.com/aws/aws-sdk-go-v2/service/sso v1.12.6
+# github.com/aws/aws-sdk-go-v2/service/sso v1.12.10
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/sso
 github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/sso/types
-# github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.6
+# github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/ssooidc
 github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/ssooidc/types
-# github.com/aws/aws-sdk-go-v2/service/sts v1.18.7
+# github.com/aws/aws-sdk-go-v2/service/sts v1.19.0
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/sts
 github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints
@@ -307,6 +309,27 @@ github.com/google/go-cmp/cmp/internal/diff
 github.com/google/go-cmp/cmp/internal/flags
 github.com/google/go-cmp/cmp/internal/function
 github.com/google/go-cmp/cmp/internal/value
+# github.com/google/s2a-go v0.1.3
+## explicit; go 1.16
+github.com/google/s2a-go
+github.com/google/s2a-go/fallback
+github.com/google/s2a-go/internal/authinfo
+github.com/google/s2a-go/internal/handshaker
+github.com/google/s2a-go/internal/handshaker/service
+github.com/google/s2a-go/internal/proto/common_go_proto
+github.com/google/s2a-go/internal/proto/s2a_context_go_proto
+github.com/google/s2a-go/internal/proto/s2a_go_proto
+github.com/google/s2a-go/internal/proto/v2/common_go_proto
+github.com/google/s2a-go/internal/proto/v2/s2a_context_go_proto
+github.com/google/s2a-go/internal/proto/v2/s2a_go_proto
+github.com/google/s2a-go/internal/record
+github.com/google/s2a-go/internal/record/internal/aeadcrypter
+github.com/google/s2a-go/internal/record/internal/halfconn
+github.com/google/s2a-go/internal/tokenmanager
+github.com/google/s2a-go/internal/v2
+github.com/google/s2a-go/internal/v2/certverifier
+github.com/google/s2a-go/internal/v2/remotesigner
+github.com/google/s2a-go/internal/v2/tlsconfigstore
 # github.com/google/uuid v1.3.0
 ## explicit
 github.com/google/uuid
@@ -324,7 +347,7 @@ github.com/googleapis/gax-go/v2/internal
 ## explicit; go 1.17
 github.com/grafana/regexp
 github.com/grafana/regexp/syntax
-# github.com/influxdata/influxdb v1.11.0
+# github.com/influxdata/influxdb v1.11.1
 ## explicit; go 1.19
 github.com/influxdata/influxdb/client/v2
 github.com/influxdata/influxdb/models
@@ -335,7 +358,7 @@ github.com/jmespath/go-jmespath
 # github.com/jpillora/backoff v1.0.0
 ## explicit; go 1.13
 github.com/jpillora/backoff
-# github.com/klauspost/compress v1.16.4
+# github.com/klauspost/compress v1.16.5
 ## explicit; go 1.18
 github.com/klauspost/compress
 github.com/klauspost/compress/flate
@@ -372,17 +395,17 @@ github.com/pkg/errors
 # github.com/pmezard/go-difflib v1.0.0
 ## explicit
 github.com/pmezard/go-difflib/difflib
-# github.com/prometheus/client_golang v1.14.0
+# github.com/prometheus/client_golang v1.15.1
 ## explicit; go 1.17
 github.com/prometheus/client_golang/prometheus
 github.com/prometheus/client_golang/prometheus/internal
 github.com/prometheus/client_golang/prometheus/promauto
 github.com/prometheus/client_golang/prometheus/testutil
 github.com/prometheus/client_golang/prometheus/testutil/promlint
-# github.com/prometheus/client_model v0.3.0
-## explicit; go 1.9
+# github.com/prometheus/client_model v0.4.0
+## explicit; go 1.18
 github.com/prometheus/client_model/go
-# github.com/prometheus/common v0.42.0
+# github.com/prometheus/common v0.43.0
 ## explicit; go 1.18
 github.com/prometheus/common/config
 github.com/prometheus/common/expfmt
@@ -397,8 +420,8 @@ github.com/prometheus/common/sigv4
 github.com/prometheus/procfs
 github.com/prometheus/procfs/internal/fs
 github.com/prometheus/procfs/internal/util
-# github.com/prometheus/prometheus v0.43.0
-## explicit; go 1.18
+# github.com/prometheus/prometheus v0.44.0
+## explicit; go 1.19
 github.com/prometheus/prometheus/config
 github.com/prometheus/prometheus/discovery
 github.com/prometheus/prometheus/discovery/targetgroup
@@ -432,6 +455,7 @@ github.com/prometheus/prometheus/util/logging
 github.com/prometheus/prometheus/util/osutil
 github.com/prometheus/prometheus/util/pool
 github.com/prometheus/prometheus/util/testutil
+github.com/prometheus/prometheus/util/zeropool
 # github.com/rivo/uniseg v0.4.4
 ## explicit; go 1.18
 github.com/rivo/uniseg
@@ -442,7 +466,7 @@ github.com/russross/blackfriday/v2
 ## explicit; go 1.13
 github.com/stretchr/testify/assert
 github.com/stretchr/testify/require
-# github.com/urfave/cli/v2 v2.25.1
+# github.com/urfave/cli/v2 v2.25.3
 ## explicit; go 1.18
 github.com/urfave/cli/v2
 # github.com/valyala/bytebufferpool v1.0.0
@@ -458,7 +482,7 @@ github.com/valyala/fastrand
 # github.com/valyala/fasttemplate v1.2.2
 ## explicit; go 1.12
 github.com/valyala/fasttemplate
-# github.com/valyala/gozstd v1.19.0
+# github.com/valyala/gozstd v1.20.1
 ## explicit; go 1.12
 github.com/valyala/gozstd
 # github.com/valyala/histogram v1.2.0
@@ -489,11 +513,11 @@ go.opencensus.io/trace
 go.opencensus.io/trace/internal
 go.opencensus.io/trace/propagation
 go.opencensus.io/trace/tracestate
-# go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.40.0
-## explicit; go 1.18
+# go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.41.1
+## explicit; go 1.19
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
-# go.opentelemetry.io/otel v1.14.0
-## explicit; go 1.18
+# go.opentelemetry.io/otel v1.15.1
+## explicit; go 1.19
 go.opentelemetry.io/otel
 go.opentelemetry.io/otel/attribute
 go.opentelemetry.io/otel/baggage
@@ -506,27 +530,36 @@ go.opentelemetry.io/otel/propagation
 go.opentelemetry.io/otel/semconv/internal/v2
 go.opentelemetry.io/otel/semconv/v1.17.0
 go.opentelemetry.io/otel/semconv/v1.17.0/httpconv
-# go.opentelemetry.io/otel/metric v0.37.0
-## explicit; go 1.18
+# go.opentelemetry.io/otel/metric v0.38.1
+## explicit; go 1.19
 go.opentelemetry.io/otel/metric
+go.opentelemetry.io/otel/metric/embedded
 go.opentelemetry.io/otel/metric/global
-go.opentelemetry.io/otel/metric/instrument
 go.opentelemetry.io/otel/metric/internal/global
-# go.opentelemetry.io/otel/trace v1.14.0
-## explicit; go 1.18
+# go.opentelemetry.io/otel/trace v1.15.1
+## explicit; go 1.19
 go.opentelemetry.io/otel/trace
-# go.uber.org/atomic v1.10.0
+# go.uber.org/atomic v1.11.0
 ## explicit; go 1.18
 go.uber.org/atomic
 # go.uber.org/goleak v1.2.1
 ## explicit; go 1.18
 go.uber.org/goleak
 go.uber.org/goleak/internal/stack
-# golang.org/x/exp v0.0.0-20230321023759-10a507213a29
-## explicit; go 1.18
+# golang.org/x/crypto v0.9.0
+## explicit; go 1.17
+golang.org/x/crypto/chacha20
+golang.org/x/crypto/chacha20poly1305
+golang.org/x/crypto/cryptobyte
+golang.org/x/crypto/cryptobyte/asn1
+golang.org/x/crypto/hkdf
+golang.org/x/crypto/internal/alias
+golang.org/x/crypto/internal/poly1305
+# golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc
+## explicit; go 1.20
 golang.org/x/exp/constraints
 golang.org/x/exp/slices
-# golang.org/x/net v0.8.0
+# golang.org/x/net v0.10.0
 ## explicit; go 1.17
 golang.org/x/net/context
 golang.org/x/net/http/httpguts
@@ -538,7 +571,7 @@ golang.org/x/net/internal/socks
 golang.org/x/net/internal/timeseries
 golang.org/x/net/proxy
 golang.org/x/net/trace
-# golang.org/x/oauth2 v0.6.0
+# golang.org/x/oauth2 v0.8.0
 ## explicit; go 1.17
 golang.org/x/oauth2
 golang.org/x/oauth2/authhandler
@@ -548,15 +581,16 @@ golang.org/x/oauth2/google/internal/externalaccount
 golang.org/x/oauth2/internal
 golang.org/x/oauth2/jws
 golang.org/x/oauth2/jwt
-# golang.org/x/sync v0.1.0
+# golang.org/x/sync v0.2.0
 ## explicit
 golang.org/x/sync/errgroup
-# golang.org/x/sys v0.7.0
+# golang.org/x/sys v0.8.0
 ## explicit; go 1.17
+golang.org/x/sys/cpu
 golang.org/x/sys/internal/unsafeheader
 golang.org/x/sys/unix
 golang.org/x/sys/windows
-# golang.org/x/text v0.8.0
+# golang.org/x/text v0.9.0
 ## explicit; go 1.17
 golang.org/x/text/secure/bidirule
 golang.org/x/text/transform
@@ -569,7 +603,7 @@ golang.org/x/time/rate
 ## explicit; go 1.17
 golang.org/x/xerrors
 golang.org/x/xerrors/internal
-# google.golang.org/api v0.116.0
+# google.golang.org/api v0.123.0
 ## explicit; go 1.19
 google.golang.org/api/googleapi
 google.golang.org/api/googleapi/transport
@@ -601,7 +635,7 @@ google.golang.org/appengine/internal/socket
 google.golang.org/appengine/internal/urlfetch
 google.golang.org/appengine/socket
 google.golang.org/appengine/urlfetch
-# google.golang.org/genproto v0.0.0-20230403163135-c38d8f061ccd
+# google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1
 ## explicit; go 1.19
 google.golang.org/genproto/googleapis/api
 google.golang.org/genproto/googleapis/api/annotations
@@ -610,7 +644,7 @@ google.golang.org/genproto/googleapis/rpc/errdetails
 google.golang.org/genproto/googleapis/rpc/status
 google.golang.org/genproto/googleapis/type/date
 google.golang.org/genproto/googleapis/type/expr
-# google.golang.org/grpc v1.54.0
+# google.golang.org/grpc v1.55.0
 ## explicit; go 1.17
 google.golang.org/grpc
 google.golang.org/grpc/attributes