Vendoring: update Hive to the latest version (#2263)

* Updates vendoring docs and scripts

* Makes use of `go mod tidy -compat=1.17`:
  we do not have to be compatible with prior versions.
  Saves a bit of headache when dealing with dependencies.
* Makes `hack/update-go-module-dependencies.sh` ignore `github.com/openshift/hive`:
  it is not part of OCP dependencies and is not following `release-4.Y` branching.
  We want to update it separately.

* Vendoring: update Hive to the latest version

* make generate

docs/updating-dependencies.md

@@ -21,7 +21,7 @@ The reason for calling script instead of directly calling:
 
 ```bash
 go get -u ./...
-go mod tidy
+go mod tidy -compat=1.17
 go mod vendor
 ```
 
@@ -43,7 +43,7 @@ the PR, one can simply call
 go get <module>@<release> OR
 go get -u <module>@<release>
 
-go mod tidy
+go mod tidy -compat=1.17
 go mod vendor
 ```
 
@@ -59,4 +59,4 @@ source code will be vendored in.
 changes have to be made there also. Otherwise next run of `make vendor` will
 overwrite new changes.
 
-More information on working with modules: https://blog.golang.org/using-go-modules
+More information on working with modules: https://blog.golang.org/using-go-modules

go.mod

@@ -41,16 +41,16 @@ require (
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/gomega v1.19.0
 	github.com/openshift/api v3.9.1-0.20191111211345-a27ff30ebf09+incompatible
-	github.com/openshift/client-go v0.0.0-20211209144617-7385dd6338e3
+	github.com/openshift/client-go v0.0.0-20220525160904-9e1acff93e4a
 	github.com/openshift/console-operator v0.0.0-20220407014945-45d37e70e0c2
 	github.com/openshift/hive v1.1.16
 	github.com/openshift/hive/apis v0.0.0
 	github.com/openshift/installer v0.16.1
-	github.com/openshift/library-go v0.0.0-20220405134141-226b07263a02
+	github.com/openshift/library-go v0.0.0-20220525173854-9b950a41acdc
 	github.com/openshift/machine-config-operator v3.11.0+incompatible
 	github.com/pires/go-proxyproto v0.6.2
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.48.1
+	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.50.0
 	github.com/prometheus/client_golang v1.12.1
 	github.com/prometheus/common v0.33.0
 	github.com/sirupsen/logrus v1.8.1
@@ -58,20 +58,21 @@ require (
 	github.com/ugorji/go/codec v1.2.7
 	golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29
 	golang.org/x/net v0.0.0-20220403103023-749bd193bc2b
-	golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a
+	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
 	golang.org/x/tools v0.1.10
 	gotest.tools/gotestsum v1.6.4
-	k8s.io/api v0.23.5
+	k8s.io/api v0.24.1
-	k8s.io/apiextensions-apiserver v0.23.5
+	k8s.io/apiextensions-apiserver v0.24.1
-	k8s.io/apimachinery v0.23.5
+	k8s.io/apimachinery v0.24.1
+	k8s.io/cli-runtime v0.24.1
 	k8s.io/client-go v12.0.0+incompatible
-	k8s.io/code-generator v0.23.2
+	k8s.io/code-generator v0.24.1
-	k8s.io/kubectl v0.23.5
+	k8s.io/kubectl v0.24.1
 	k8s.io/kubernetes v1.23.5
 	sigs.k8s.io/cluster-api-provider-azure v1.2.1
-	sigs.k8s.io/controller-runtime v0.11.2
+	sigs.k8s.io/controller-runtime v0.12.1
-	sigs.k8s.io/controller-tools v0.7.0
+	sigs.k8s.io/controller-tools v0.9.0
 )
 
 require (
@@ -84,7 +85,7 @@ require (
 	github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/BurntSushi/toml v1.1.0 // indirect
-	github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 // indirect
+	github.com/Djarvur/go-err113 v0.1.0 // indirect
 	github.com/IBM-Cloud/bluemix-go v0.0.0-20220407050707-b4cd0d4da813 // indirect
 	github.com/IBM/go-sdk-core/v5 v5.9.5 // indirect
 	github.com/IBM/networking-go-sdk v0.28.0 // indirect
@@ -105,6 +106,7 @@ require (
 	github.com/ashanbrown/forbidigo v1.2.0 // indirect
 	github.com/ashanbrown/makezero v0.0.0-20210520155254-b6261585ddde // indirect
 	github.com/aws/aws-sdk-go v1.43.34 // indirect
+	github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bkielbasa/cyclop v1.2.0 // indirect
 	github.com/bombsimon/wsl/v3 v3.3.0 // indirect
@@ -158,7 +160,7 @@ require (
 	github.com/go-toolsmith/strparse v1.0.0 // indirect
 	github.com/go-toolsmith/typep v1.0.2 // indirect
 	github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b // indirect
-	github.com/gobuffalo/flect v0.2.3 // indirect
+	github.com/gobuffalo/flect v0.2.5 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gofrs/flock v0.8.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
@@ -257,9 +259,9 @@ require (
 	github.com/openshift/cloud-credential-operator v0.0.0-20220316185125-ed0612946f4b // indirect
 	github.com/openshift/cluster-api v0.0.0-20191129101638-b09907ac6668 // indirect
 	github.com/openshift/cluster-api-provider-baremetal v0.0.0-20220218121658-fc0acaaec338 // indirect
-	github.com/openshift/cluster-api-provider-ibmcloud v0.0.0-20211008100740-4d7907adbd6b // indirect
+	github.com/openshift/cluster-api-provider-ibmcloud v0.0.1-0.20220201105455-8014e5e894b0 // indirect
 	github.com/openshift/cluster-api-provider-libvirt v0.2.1-0.20191219173431-2336783d4603 // indirect
-	github.com/openshift/cluster-api-provider-ovirt v0.1.1-0.20211111151530-06177b773958 // indirect
+	github.com/openshift/cluster-api-provider-ovirt v0.1.1-0.20220323121149-e3f2850dd519 // indirect
 	github.com/ovirt/go-ovirt v0.0.0-20210308100159-ac0bcbc88d7c // indirect
 	github.com/pascaldekloe/name v0.0.0-20180628100202-0fd16699aae1 // indirect
 	github.com/pborman/uuid v1.2.1 // indirect
@@ -273,7 +275,7 @@ require (
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/procfs v0.7.3 // indirect
 	github.com/quasilyte/go-ruleguard v0.3.4 // indirect
-	github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95 // indirect
+	github.com/quasilyte/regex/syntax v0.0.0-20200805063351-8f842688393c // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/russross/blackfriday v1.6.0 // indirect
 	github.com/ryancurrah/gomodguard v1.2.3 // indirect
@@ -291,7 +293,7 @@ require (
 	github.com/spf13/viper v1.10.0 // indirect
 	github.com/ssgreg/nlreturn/v2 v2.1.0 // indirect
 	github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 // indirect
-	github.com/stretchr/objx v0.2.0 // indirect
+	github.com/stretchr/objx v0.3.0 // indirect
 	github.com/subosito/gotenv v1.2.0 // indirect
 	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
 	github.com/tdakkota/asciicheck v0.0.0-20200416200610-e657995f937b // indirect
@@ -334,10 +336,9 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 	honnef.co/go/tools v0.2.1 // indirect
-	k8s.io/apiserver v0.23.5 // indirect
+	k8s.io/apiserver v0.24.1 // indirect
-	k8s.io/cli-runtime v0.23.5 // indirect
+	k8s.io/component-base v0.24.1 // indirect
-	k8s.io/component-base v0.23.5 // indirect
+	k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 // indirect
-	k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c // indirect
 	k8s.io/klog v1.0.0 // indirect
 	k8s.io/klog/v2 v2.60.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20220401212409-b28bf2818661 // indirect
@@ -550,7 +551,6 @@ replace (
 	github.com/openshift/cluster-api-provider-libvirt => github.com/openshift/cluster-api-provider-libvirt v0.2.1-0.20191219173431-2336783d4603
 	github.com/openshift/cluster-api-provider-ovirt => github.com/openshift/cluster-api-provider-ovirt v0.1.1-0.20211215231458-35ce9aafee1f
 	github.com/openshift/console-operator => github.com/openshift/console-operator v0.0.0-20220318130441-e44516b9c315
-	github.com/openshift/hive/apis => github.com/openshift/hive/apis v0.0.0-20220624202239-6ac23a86d03b
 	github.com/openshift/installer => github.com/jewzaam/installer-aro v0.9.0-master.0.20220524230743-7e2aa7a0cc1a
 	github.com/openshift/library-go => github.com/openshift/library-go v0.0.0-20220303081124-fb4e7a2872f0
 	github.com/openshift/machine-api-operator => github.com/openshift/machine-api-operator v0.2.1-0.20220124104622-668c5b52b104
@@ -579,3 +579,8 @@ replace (
 	sourcegraph.com/sourcegraph/go-diff => github.com/sourcegraph/go-diff v0.5.1
 	vbom.ml/util => github.com/fvbommel/util v0.0.3
 )
+
+replace (
+	github.com/openshift/hive => github.com/openshift/hive v1.1.17-0.20220719141355-c63c9b0281d8
+	github.com/openshift/hive/apis => github.com/openshift/hive/apis v0.0.0-20220719141355-c63c9b0281d8
+)

hack/update-go-module-dependencies.sh

@@ -29,6 +29,10 @@ for x in vendor/github.com/openshift/*; do
 	case $x in
 		# Review the list of special cases on each release.
 
+		# Do not update Hive: it is not part of OCP
+		vendor/github.com/openshift/hive)
+			;;
+
 		# Replace the installer with our own fork below in this script.
 		vendor/github.com/openshift/installer)
 			;;
@@ -64,5 +68,5 @@ go mod edit -replace github.com/openshift/installer=$(go list -mod=mod -m github
 
 go get -u ./...
 
-go mod tidy
+go mod tidy -compat=1.17
 go mod vendor

pkg/operator/deploy/staticresources/aro.openshift.io_clusters.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
+    controller-gen.kubebuilder.io/version: v0.9.0
   creationTimestamp: null
   name: clusters.aro.openshift.io
 spec:

pkg/operator/deploy/staticresources/preview.aro.openshift.io_previewfeatures.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
+    controller-gen.kubebuilder.io/version: v0.9.0
   creationTimestamp: null
   name: previewfeatures.preview.aro.openshift.io
 spec:

vendor/github.com/Djarvur/go-err113/comparison.go

@@ -32,12 +32,12 @@ func inspectComparision(pass *analysis.Pass, n ast.Node) bool { // nolint: unpar
 		negate = "!"
 	}
 
-	newExpr := fmt.Sprintf("%s%s.Is(%s, %s)", negate, "errors", rawString(be.X), rawString(be.Y))
+	newExpr := fmt.Sprintf("%s%s.Is(%s, %s)", negate, "errors", be.X, be.Y)
 
 	pass.Report(
 		analysis.Diagnostic{
 			Pos:     be.Pos(),
-			Message: fmt.Sprintf("do not compare errors directly %q, use %q instead", oldExpr, newExpr),
+			Message: fmt.Sprintf("do not compare errors directly, use errors.Is() instead: %q", oldExpr),
 			SuggestedFixes: []analysis.SuggestedFix{
 				{
 					Message: fmt.Sprintf("should replace %q with %q", oldExpr, newExpr),
@@ -109,15 +109,3 @@ func areBothErrors(x, y ast.Expr, typesInfo *types.Info) bool {
 
 	return true
 }
-
-func rawString(x ast.Expr) string {
-	switch t := x.(type) {
-	case *ast.Ident:
-		return t.Name
-	case *ast.SelectorExpr:
-		return fmt.Sprintf("%s.%s", rawString(t.X), t.Sel.Name)
-	case *ast.CallExpr:
-		return fmt.Sprintf("%s()", rawString(t.Fun))
-	}
-	return fmt.Sprintf("%s", x)
-}

vendor/github.com/Djarvur/go-err113/definition.go

@@ -67,7 +67,7 @@ func inspectDefinition(pass *analysis.Pass, tlds map[*ast.CallExpr]struct{}, n a
 
 func toString(ex ast.Expr, info *types.Info) string {
 	if tv, ok := info.Types[ex]; ok && tv.Value != nil {
-		return tv.Value.ExactString()
+		return tv.Value.String()
 	}
 
 	return ""

vendor/github.com/gobuffalo/flect/camelize.go

@@ -22,10 +22,6 @@ func (i Ident) Camelize() Ident {
 	for i, part := range i.Parts {
 		var x string
 		var capped bool
-		if strings.ToLower(part) == "id" {
-			out = append(out, "ID")
-			continue
-		}
 		for _, c := range part {
 			if unicode.IsLetter(c) || unicode.IsDigit(c) {
 				if i == 0 {

vendor/github.com/gobuffalo/flect/pascalize.go

@@ -1,7 +1,7 @@
 package flect
 
 import (
-	"unicode"
+	"strings"
 )
 
 // Pascalize returns a string with each segment capitalized
@@ -21,5 +21,12 @@ func (i Ident) Pascalize() Ident {
 	if len(c.String()) == 0 {
 		return c
 	}
-	return New(string(unicode.ToUpper(rune(c.Original[0]))) + c.Original[1:])
+	if len(i.Parts) == 0 {
+		return i
+	}
+	capLen := 1
+	if _, ok := baseAcronyms[strings.ToUpper(i.Parts[0])]; ok {
+		capLen = len(i.Parts[0])
+	}
+	return New(string(strings.ToUpper(c.Original[0:capLen])) + c.Original[capLen:])
 }

vendor/github.com/gobuffalo/flect/plural_rules.go

@@ -6,18 +6,18 @@ var pluralRules = []rule{}
 func AddPlural(suffix string, repl string) {
 	pluralMoot.Lock()
 	defer pluralMoot.Unlock()
-	pluralRules = append(pluralRules, rule{
+	pluralRules = append([]rule{{
 		suffix: suffix,
 		fn: func(s string) string {
 			s = s[:len(s)-len(suffix)]
 			return s + repl
 		},
-	})
+	}}, pluralRules...)
 
-	pluralRules = append(pluralRules, rule{
+	pluralRules = append([]rule{{
 		suffix: repl,
 		fn:     noop,
-	})
+	}}, pluralRules...)
 }
 
 var singleToPlural = map[string]string{
@@ -224,7 +224,6 @@ var singularToPluralSuffixList = []singularToPluralSuffix{
 	{"oci", "ocus"},
 	{"ode", "odes"},
 	{"ofe", "oves"},
-	{"oot", "eet"},
 	{"pfe", "pves"},
 	{"pse", "psis"},
 	{"qfe", "qves"},
@@ -281,8 +280,8 @@ var singularToPluralSuffixList = []singularToPluralSuffix{
 }
 
 func init() {
-	for _, suffix := range singularToPluralSuffixList {
+	for i := len(singularToPluralSuffixList) - 1; i >= 0; i-- {
-		AddPlural(suffix.singular, suffix.plural)
+		AddPlural(singularToPluralSuffixList[i].singular, singularToPluralSuffixList[i].plural)
-		AddSingular(suffix.plural, suffix.singular)
+		AddSingular(singularToPluralSuffixList[i].plural, singularToPluralSuffixList[i].singular)
 	}
 }

vendor/github.com/gobuffalo/flect/singular_rules.go

@@ -6,18 +6,18 @@ var singularRules = []rule{}
 func AddSingular(ext string, repl string) {
 	singularMoot.Lock()
 	defer singularMoot.Unlock()
-	singularRules = append(singularRules, rule{
+	singularRules = append([]rule{{
 		suffix: ext,
 		fn: func(s string) string {
 			s = s[:len(s)-len(ext)]
 			return s + repl
 		},
-	})
+	}}, singularRules...)
 
-	singularRules = append(singularRules, rule{
+	singularRules = append([]rule{{
 		suffix: repl,
 		fn: func(s string) string {
 			return s
 		},
-	})
+	}}, singularRules...)
 }

vendor/github.com/openshift/hive/apis/hive/v1/clusterdeployment_types.go

@@ -668,6 +668,12 @@ type ControlPlaneConfigSpec struct {
 	// active, Hive will use the override URL for further communications with the API server of the remote cluster.
 	// +optional
 	APIURLOverride string `json:"apiURLOverride,omitempty"`
+
+	// APIServerIPOverride is the optional override of the API server IP address.
+	// Hive will use this IP address for creating TCP connections.
+	// Port from the original API server URL will be used.
+	// +optional
+	APIServerIPOverride string `json:"apiServerIPOverride,omitempty"`
 }
 
 // ControlPlaneServingCertificateSpec specifies serving certificate settings for

vendor/github.com/openshift/hive/apis/hive/v1/metricsconfig/durationMetrics.go

@@ -6,7 +6,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 // The purpose of these metrics should be to track outliers - ensure their duration is not set too low.
 type MetricsWithDuration struct {
 	// Name of the metric. It will correspond to an optional relevant metric in hive
-	// +kubebuilder:validation:Enum=currentStopping;currentResuming;currentWaitingForCO;cumulativeHibernated;cumulativeResumed
+	// +kubebuilder:validation:Enum=currentStopping;currentResuming;currentWaitingForCO;currentClusterSyncFailing;cumulativeHibernated;cumulativeResumed
 	Name DurationMetricType `json:"name"`
 	// Duration is the minimum time taken - the relevant metric will be logged only if the value reported by that metric
 	// is more than the time mentioned here. For example, if a user opts-in for current clusters stopping and mentions

vendor/github.com/openshift/hive/pkg/client/clientset/versioned/clientset.go

@@ -4,6 +4,7 @@ package versioned
 
 import (
 	"fmt"
+	"net/http"
 
 	hivev1 "github.com/openshift/hive/pkg/client/clientset/versioned/typed/hive/v1"
 	hiveinternalv1alpha1 "github.com/openshift/hive/pkg/client/clientset/versioned/typed/hiveinternal/v1alpha1"
@@ -47,26 +48,49 @@ func (c *Clientset) Discovery() discovery.DiscoveryInterface {
 // NewForConfig creates a new Clientset for the given config.
 // If config's RateLimiter is not set and QPS and Burst are acceptable,
 // NewForConfig will generate a rate-limiter in configShallowCopy.
+// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient),
+// where httpClient was generated with rest.HTTPClientFor(c).
 func NewForConfig(c *rest.Config) (*Clientset, error) {
 	configShallowCopy := *c
+
+	if configShallowCopy.UserAgent == "" {
+		configShallowCopy.UserAgent = rest.DefaultKubernetesUserAgent()
+	}
+
+	// share the transport between all clients
+	httpClient, err := rest.HTTPClientFor(&configShallowCopy)
+	if err != nil {
+		return nil, err
+	}
+
+	return NewForConfigAndClient(&configShallowCopy, httpClient)
+}
+
+// NewForConfigAndClient creates a new Clientset for the given config and http client.
+// Note the http client provided takes precedence over the configured transport values.
+// If config's RateLimiter is not set and QPS and Burst are acceptable,
+// NewForConfigAndClient will generate a rate-limiter in configShallowCopy.
+func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Clientset, error) {
+	configShallowCopy := *c
 	if configShallowCopy.RateLimiter == nil && configShallowCopy.QPS > 0 {
 		if configShallowCopy.Burst <= 0 {
 			return nil, fmt.Errorf("burst is required to be greater than 0 when RateLimiter is not set and QPS is set to greater than 0")
 		}
 		configShallowCopy.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(configShallowCopy.QPS, configShallowCopy.Burst)
 	}
+
 	var cs Clientset
 	var err error
-	cs.hiveV1, err = hivev1.NewForConfig(&configShallowCopy)
+	cs.hiveV1, err = hivev1.NewForConfigAndClient(&configShallowCopy, httpClient)
 	if err != nil {
 		return nil, err
 	}
-	cs.hiveinternalV1alpha1, err = hiveinternalv1alpha1.NewForConfig(&configShallowCopy)
+	cs.hiveinternalV1alpha1, err = hiveinternalv1alpha1.NewForConfigAndClient(&configShallowCopy, httpClient)
 	if err != nil {
 		return nil, err
 	}
 
-	cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy)
+	cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfigAndClient(&configShallowCopy, httpClient)
 	if err != nil {
 		return nil, err
 	}
@@ -76,12 +100,11 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
 // NewForConfigOrDie creates a new Clientset for the given config and
 // panics if there is an error in the config.
 func NewForConfigOrDie(c *rest.Config) *Clientset {
-	var cs Clientset
+	cs, err := NewForConfig(c)
-	cs.hiveV1 = hivev1.NewForConfigOrDie(c)
+	if err != nil {
-	cs.hiveinternalV1alpha1 = hiveinternalv1alpha1.NewForConfigOrDie(c)
+		panic(err)
-
+	}
-	cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
+	return cs
-	return &cs
 }
 
 // New creates a new Clientset for the given RESTClient.

vendor/github.com/openshift/hive/pkg/client/clientset/versioned/typed/hive/v1/hive_client.go

@@ -3,6 +3,8 @@
 package v1
 
 import (
+	"net/http"
+
 	v1 "github.com/openshift/hive/apis/hive/v1"
 	"github.com/openshift/hive/pkg/client/clientset/versioned/scheme"
 	rest "k8s.io/client-go/rest"
@@ -103,12 +105,28 @@ func (c *HiveV1Client) SyncSets(namespace string) SyncSetInterface {
 }
 
 // NewForConfig creates a new HiveV1Client for the given config.
+// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient),
+// where httpClient was generated with rest.HTTPClientFor(c).
 func NewForConfig(c *rest.Config) (*HiveV1Client, error) {
 	config := *c
 	if err := setConfigDefaults(&config); err != nil {
 		return nil, err
 	}
-	client, err := rest.RESTClientFor(&config)
+	httpClient, err := rest.HTTPClientFor(&config)
+	if err != nil {
+		return nil, err
+	}
+	return NewForConfigAndClient(&config, httpClient)
+}
+
+// NewForConfigAndClient creates a new HiveV1Client for the given config and http client.
+// Note the http client provided takes precedence over the configured transport values.
+func NewForConfigAndClient(c *rest.Config, h *http.Client) (*HiveV1Client, error) {
+	config := *c
+	if err := setConfigDefaults(&config); err != nil {
+		return nil, err
+	}
+	client, err := rest.RESTClientForConfigAndClient(&config, h)
 	if err != nil {
 		return nil, err
 	}

vendor/github.com/openshift/hive/pkg/client/clientset/versioned/typed/hiveinternal/v1alpha1/hiveinternal_client.go

@@ -3,6 +3,8 @@
 package v1alpha1
 
 import (
+	"net/http"
+
 	v1alpha1 "github.com/openshift/hive/apis/hiveinternal/v1alpha1"
 	"github.com/openshift/hive/pkg/client/clientset/versioned/scheme"
 	rest "k8s.io/client-go/rest"
@@ -33,12 +35,28 @@ func (c *HiveinternalV1alpha1Client) FakeClusterInstalls(namespace string) FakeC
 }
 
 // NewForConfig creates a new HiveinternalV1alpha1Client for the given config.
+// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient),
+// where httpClient was generated with rest.HTTPClientFor(c).
 func NewForConfig(c *rest.Config) (*HiveinternalV1alpha1Client, error) {
 	config := *c
 	if err := setConfigDefaults(&config); err != nil {
 		return nil, err
 	}
-	client, err := rest.RESTClientFor(&config)
+	httpClient, err := rest.HTTPClientFor(&config)
+	if err != nil {
+		return nil, err
+	}
+	return NewForConfigAndClient(&config, httpClient)
+}
+
+// NewForConfigAndClient creates a new HiveinternalV1alpha1Client for the given config and http client.
+// Note the http client provided takes precedence over the configured transport values.
+func NewForConfigAndClient(c *rest.Config, h *http.Client) (*HiveinternalV1alpha1Client, error) {
+	config := *c
+	if err := setConfigDefaults(&config); err != nil {
+		return nil, err
+	}
+	client, err := rest.RESTClientForConfigAndClient(&config, h)
 	if err != nil {
 		return nil, err
 	}

vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/types.go

@@ -15,6 +15,9 @@
 package v1
 
 import (
+	"fmt"
+	"strings"
+
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -167,11 +170,11 @@ type PrometheusSpec struct {
 	LogLevel string `json:"logLevel,omitempty"`
 	// Log format for Prometheus to be configured with.
 	LogFormat string `json:"logFormat,omitempty"`
-	// Interval between consecutive scrapes.
+	// Interval between consecutive scrapes. Default: `1m`
 	ScrapeInterval string `json:"scrapeInterval,omitempty"`
 	// Number of seconds to wait for target to respond before erroring.
 	ScrapeTimeout string `json:"scrapeTimeout,omitempty"`
-	// Interval between consecutive evaluations.
+	// Interval between consecutive evaluations. Default: `1m`
 	EvaluationInterval string `json:"evaluationInterval,omitempty"`
 	// /--rules.*/ command-line arguments.
 	Rules Rules `json:"rules,omitempty"`
@@ -269,9 +272,12 @@ type PrometheusSpec struct {
 	// InitContainers allows adding initContainers to the pod definition. Those can be used to e.g.
 	// fetch secrets for injection into the Prometheus configuration from external sources. Any errors
 	// during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
-	// Using initContainers for any use case other then secret fetching is entirely outside the scope
+	// InitContainers described here modify an operator
-	// of what the maintainers will support and by doing so, you accept that this behaviour may break
+	// generated init containers if they share the same name and modifications are
-	// at any time without notice.
+	// done via a strategic merge patch. The current init container name is:
+	// `init-config-reloader`. Overriding init containers is entirely outside the
+	// scope of what the maintainers will support and by doing so, you accept that
+	// this behaviour may break at any time without notice.
 	InitContainers []v1.Container `json:"initContainers,omitempty"`
 	// AdditionalScrapeConfigs allows specifying a key of a Secret containing
 	// additional Prometheus scrape configurations. Scrape configurations
@@ -341,9 +347,15 @@ type PrometheusSpec struct {
 	// the podmonitor and servicemonitor configs, and they will only discover endpoints
 	// within their current namespace.  Defaults to false.
 	IgnoreNamespaceSelectors bool `json:"ignoreNamespaceSelectors,omitempty"`
-	// EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert
+	// EnforcedNamespaceLabel If set, a label will be added to
-	// and metric that is user created. The label value will always be the namespace of the object that is
+	//
-	// being created.
+	// 1. all user-metrics (created by `ServiceMonitor`, `PodMonitor` and `ProbeConfig` object) and
+	// 2. in all `PrometheusRule` objects (except the ones excluded in `prometheusRulesExcludedFromEnforce`) to
+	//    * alerting & recording rules and
+	//    * the metrics used in their expressions (`expr`).
+	//
+	// Label name is this field's value.
+	// Label value is the namespace of the created object (mentioned above).
 	EnforcedNamespaceLabel string `json:"enforcedNamespaceLabel,omitempty"`
 	// PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing
 	// of adding namespace labels. Works only if enforcedNamespaceLabel set to true.
@@ -366,13 +378,29 @@ type PrometheusSpec struct {
 	// AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus.
 	// This is still experimental in Prometheus so it may change in any upcoming release.
 	AllowOverlappingBlocks bool `json:"allowOverlappingBlocks,omitempty"`
-	// EnforcedTargetLimit defines a global limit on the number of scraped targets.
+	// EnforcedTargetLimit defines a global limit on the number of scraped
-	// This overrides any TargetLimit set per ServiceMonitor or/and PodMonitor.
+	// targets.  This overrides any TargetLimit set per ServiceMonitor or/and
-	// It is meant to be used by admins to
+	// PodMonitor.  It is meant to be used by admins to enforce the TargetLimit
-	// enforce the TargetLimit to keep overall number of targets under
+	// to keep the overall number of targets under the desired limit.
-	// the desired limit.
+	// Note that if TargetLimit is lower, that value will be taken instead,
-	// Note that if TargetLimit is higher that value will be taken instead.
+	// except if either value is zero, in which case the non-zero value will be
+	// used.  If both values are zero, no limit is enforced.
 	EnforcedTargetLimit *uint64 `json:"enforcedTargetLimit,omitempty"`
+	// Per-scrape limit on number of labels that will be accepted for a sample. If
+	// more than this number of labels are present post metric-relabeling, the
+	// entire scrape will be treated as failed. 0 means no limit.
+	// Only valid in Prometheus versions 2.27.0 and newer.
+	EnforcedLabelLimit *uint64 `json:"enforcedLabelLimit,omitempty"`
+	// Per-scrape limit on length of labels name that will be accepted for a sample.
+	// If a label name is longer than this number post metric-relabeling, the entire
+	// scrape will be treated as failed. 0 means no limit.
+	// Only valid in Prometheus versions 2.27.0 and newer.
+	EnforcedLabelNameLengthLimit *uint64 `json:"enforcedLabelNameLengthLimit,omitempty"`
+	// Per-scrape limit on length of labels value that will be accepted for a sample.
+	// If a label value is longer than this number post metric-relabeling, the
+	// entire scrape will be treated as failed. 0 means no limit.
+	// Only valid in Prometheus versions 2.27.0 and newer.
+	EnforcedLabelValueLengthLimit *uint64 `json:"enforcedLabelValueLengthLimit,omitempty"`
 }
 
 // PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces
@@ -503,7 +531,77 @@ type QuerySpec struct {
 // +k8s:openapi-gen=true
 type WebSpec struct {
 	// The prometheus web page title
-	PageTitle *string `json:"pageTitle,omitempty"`
+	PageTitle *string       `json:"pageTitle,omitempty"`
+	TLSConfig *WebTLSConfig `json:"tlsConfig,omitempty"`
+}
+
+// WebTLSConfig defines the TLS parameters for HTTPS.
+// +k8s:openapi-gen=true
+type WebTLSConfig struct {
+	// Secret containing the TLS key for the server.
+	KeySecret v1.SecretKeySelector `json:"keySecret"`
+	// Contains the TLS certificate for the server.
+	Cert SecretOrConfigMap `json:"cert"`
+	// Server policy for client authentication. Maps to ClientAuth Policies.
+	// For more detail on clientAuth options:
+	// https://golang.org/pkg/crypto/tls/#ClientAuthType
+	ClientAuthType string `json:"clientAuthType,omitempty"`
+	// Contains the CA certificate for client certificate authentication to the server.
+	ClientCA SecretOrConfigMap `json:"client_ca,omitempty"`
+	// Minimum TLS version that is acceptable. Defaults to TLS12.
+	MinVersion string `json:"minVersion,omitempty"`
+	// Maximum TLS version that is acceptable. Defaults to TLS13.
+	MaxVersion string `json:"maxVersion,omitempty"`
+	// List of supported cipher suites for TLS versions up to TLS 1.2. If empty,
+	// Go default cipher suites are used. Available cipher suites are documented
+	// in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants
+	CipherSuites []string `json:"cipherSuites,omitempty"`
+	// Controls whether the server selects the
+	// client's most preferred cipher suite, or the server's most preferred
+	// cipher suite. If true then the server's preference, as expressed in
+	// the order of elements in cipherSuites, is used.
+	PreferServerCipherSuites *bool `json:"preferServerCipherSuites,omitempty"`
+	// Elliptic curves that will be used in an ECDHE handshake, in preference
+	// order. Available curves are documented in the go documentation:
+	// https://golang.org/pkg/crypto/tls/#CurveID
+	CurvePreferences []string `json:"curvePreferences,omitempty"`
+}
+
+// WebTLSConfigError is returned by WebTLSConfig.Validate() on
+// semantically invalid configurations.
+// +k8s:openapi-gen=false
+type WebTLSConfigError struct {
+	err string
+}
+
+func (e *WebTLSConfigError) Error() string {
+	return e.err
+}
+
+func (c *WebTLSConfig) Validate() error {
+	if c == nil {
+		return nil
+	}
+
+	if c.ClientCA != (SecretOrConfigMap{}) {
+		if err := c.ClientCA.Validate(); err != nil {
+			msg := fmt.Sprintf("invalid web tls config: %s", err.Error())
+			return &WebTLSConfigError{msg}
+		}
+	}
+
+	if c.Cert == (SecretOrConfigMap{}) {
+		return &WebTLSConfigError{"invalid web tls config: cert must be defined"}
+	} else if err := c.Cert.Validate(); err != nil {
+		msg := fmt.Sprintf("invalid web tls config: %s", err.Error())
+		return &WebTLSConfigError{msg}
+	}
+
+	if c.KeySecret == (v1.SecretKeySelector{}) {
+		return &WebTLSConfigError{"invalid web tls config: key must be defined"}
+	}
+
+	return nil
 }
 
 // ThanosSpec defines parameters for a Prometheus server within a Thanos deployment.
@@ -558,6 +656,8 @@ type ThanosSpec struct {
 	LogFormat string `json:"logFormat,omitempty"`
 	// MinTime for Thanos sidecar to be configured with. Option can be a constant time in RFC3339 format or time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y.
 	MinTime string `json:"minTime,omitempty"`
+	// ReadyTimeout is the maximum time Thanos sidecar will wait for Prometheus to start. Eg 10m
+	ReadyTimeout string `json:"readyTimeout,omitempty"`
 }
 
 // RemoteWriteSpec defines the remote_write configuration for prometheus.
@@ -569,6 +669,8 @@ type RemoteWriteSpec struct {
 	// name is used in metrics and logging in order to differentiate queues.
 	// Only valid in Prometheus versions 2.15.0 and newer.
 	Name string `json:"name,omitempty"`
+	// Enables sending of exemplars over remote write. Note that exemplar-storage itself must be enabled using the enableFeature option for exemplars to be scraped in the first place.  Only valid in Prometheus versions 2.27.0 and newer.
+	SendExemplars *bool `json:"sendExemplars,omitempty"`
 	// Timeout for requests to the remote write endpoint.
 	RemoteTimeout string `json:"remoteTimeout,omitempty"`
 	// Custom HTTP headers to be sent along with each remote write request.
@@ -577,12 +679,16 @@ type RemoteWriteSpec struct {
 	Headers map[string]string `json:"headers,omitempty"`
 	// The list of remote write relabel configurations.
 	WriteRelabelConfigs []RelabelConfig `json:"writeRelabelConfigs,omitempty"`
-	//BasicAuth for the URL.
+	// OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.
+	OAuth2 *OAuth2 `json:"oauth2,omitempty"`
+	// BasicAuth for the URL.
 	BasicAuth *BasicAuth `json:"basicAuth,omitempty"`
 	// Bearer token for remote write.
 	BearerToken string `json:"bearerToken,omitempty"`
 	// File to read bearer token for remote write.
 	BearerTokenFile string `json:"bearerTokenFile,omitempty"`
+	// Authorization section for remote write
+	Authorization *Authorization `json:"authorization,omitempty"`
 	// TLS Config to use for remote write.
 	TLSConfig *TLSConfig `json:"tlsConfig,omitempty"`
 	// Optional ProxyURL
@@ -634,10 +740,14 @@ type RemoteReadSpec struct {
 	ReadRecent bool `json:"readRecent,omitempty"`
 	// BasicAuth for the URL.
 	BasicAuth *BasicAuth `json:"basicAuth,omitempty"`
+	// OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.
+	OAuth2 *OAuth2 `json:"oauth2,omitempty"`
 	// Bearer token for remote read.
 	BearerToken string `json:"bearerToken,omitempty"`
 	// File to read bearer token for remote read.
 	BearerTokenFile string `json:"bearerTokenFile,omitempty"`
+	// Authorization section for remote read
+	Authorization *Authorization `json:"authorization,omitempty"`
 	// TLS Config to use for remote read.
 	TLSConfig *TLSConfig `json:"tlsConfig,omitempty"`
 	// Optional ProxyURL
@@ -684,6 +794,8 @@ type APIServerConfig struct {
 	BearerTokenFile string `json:"bearerTokenFile,omitempty"`
 	// TLS Config to use for accessing apiserver.
 	TLSConfig *TLSConfig `json:"tlsConfig,omitempty"`
+	// Authorization section for accessing apiserver
+	Authorization *Authorization `json:"authorization,omitempty"`
 }
 
 // AlertmanagerEndpoints defines a selection of a single Endpoints object
@@ -705,6 +817,8 @@ type AlertmanagerEndpoints struct {
 	// BearerTokenFile to read from filesystem to use when authenticating to
 	// Alertmanager.
 	BearerTokenFile string `json:"bearerTokenFile,omitempty"`
+	// Authorization section for this alertmanager endpoint
+	Authorization *SafeAuthorization `json:"authorization,omitempty"`
 	// Version of the Alertmanager API that Prometheus uses to send alerts. It
 	// can be "v1" or "v2".
 	APIVersion string `json:"apiVersion,omitempty"`
@@ -727,22 +841,35 @@ type ServiceMonitor struct {
 // ServiceMonitorSpec contains specification parameters for a ServiceMonitor.
 // +k8s:openapi-gen=true
 type ServiceMonitorSpec struct {
-	// The label to use to retrieve the job name from.
+	// Chooses the label of the Kubernetes `Endpoints`.
+	// Its value will be used for the `job`-label's value of the created metrics.
+	//
+	// Default & fallback value: the name of the respective Kubernetes `Endpoint`.
 	JobLabel string `json:"jobLabel,omitempty"`
-	// TargetLabels transfers labels on the Kubernetes Service onto the target.
+	// TargetLabels transfers labels from the Kubernetes `Service` onto the created metrics.
+	// All labels set in `selector.matchLabels` are automatically transferred.
 	TargetLabels []string `json:"targetLabels,omitempty"`
-	// PodTargetLabels transfers labels on the Kubernetes Pod onto the target.
+	// PodTargetLabels transfers labels on the Kubernetes `Pod` onto the created metrics.
 	PodTargetLabels []string `json:"podTargetLabels,omitempty"`
 	// A list of endpoints allowed as part of this ServiceMonitor.
 	Endpoints []Endpoint `json:"endpoints"`
 	// Selector to select Endpoints objects.
 	Selector metav1.LabelSelector `json:"selector"`
-	// Selector to select which namespaces the Endpoints objects are discovered from.
+	// Selector to select which namespaces the Kubernetes Endpoints objects are discovered from.
 	NamespaceSelector NamespaceSelector `json:"namespaceSelector,omitempty"`
 	// SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
 	SampleLimit uint64 `json:"sampleLimit,omitempty"`
 	// TargetLimit defines a limit on the number of scraped targets that will be accepted.
 	TargetLimit uint64 `json:"targetLimit,omitempty"`
+	// Per-scrape limit on number of labels that will be accepted for a sample.
+	// Only valid in Prometheus versions 2.27.0 and newer.
+	LabelLimit uint64 `json:"labelLimit,omitempty"`
+	// Per-scrape limit on length of labels name that will be accepted for a sample.
+	// Only valid in Prometheus versions 2.27.0 and newer.
+	LabelNameLengthLimit uint64 `json:"labelNameLengthLimit,omitempty"`
+	// Per-scrape limit on length of labels value that will be accepted for a sample.
+	// Only valid in Prometheus versions 2.27.0 and newer.
+	LabelValueLengthLimit uint64 `json:"labelValueLengthLimit,omitempty"`
 }
 
 // Endpoint defines a scrapeable endpoint serving Prometheus metrics.
@@ -770,6 +897,8 @@ type Endpoint struct {
 	// needs to be in the same namespace as the service monitor and accessible by
 	// the Prometheus Operator.
 	BearerTokenSecret v1.SecretKeySelector `json:"bearerTokenSecret,omitempty"`
+	// Authorization section for this endpoint
+	Authorization *SafeAuthorization `json:"authorization,omitempty"`
 	// HonorLabels chooses the metric's labels on collisions with target labels.
 	HonorLabels bool `json:"honorLabels,omitempty"`
 	// HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data.
@@ -777,6 +906,8 @@ type Endpoint struct {
 	// BasicAuth allow an endpoint to authenticate over basic authentication
 	// More info: https://prometheus.io/docs/operating/configuration/#endpoints
 	BasicAuth *BasicAuth `json:"basicAuth,omitempty"`
+	// OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.
+	OAuth2 *OAuth2 `json:"oauth2,omitempty"`
 	// MetricRelabelConfigs to apply to samples before ingestion.
 	MetricRelabelConfigs []*RelabelConfig `json:"metricRelabelings,omitempty"`
 	// RelabelConfigs to apply to samples before scraping.
@@ -816,6 +947,15 @@ type PodMonitorSpec struct {
 	SampleLimit uint64 `json:"sampleLimit,omitempty"`
 	// TargetLimit defines a limit on the number of scraped targets that will be accepted.
 	TargetLimit uint64 `json:"targetLimit,omitempty"`
+	// Per-scrape limit on number of labels that will be accepted for a sample.
+	// Only valid in Prometheus versions 2.27.0 and newer.
+	LabelLimit uint64 `json:"labelLimit,omitempty"`
+	// Per-scrape limit on length of labels name that will be accepted for a sample.
+	// Only valid in Prometheus versions 2.27.0 and newer.
+	LabelNameLengthLimit uint64 `json:"labelNameLengthLimit,omitempty"`
+	// Per-scrape limit on length of labels value that will be accepted for a sample.
+	// Only valid in Prometheus versions 2.27.0 and newer.
+	LabelValueLengthLimit uint64 `json:"labelValueLengthLimit,omitempty"`
 }
 
 // PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics.
@@ -848,6 +988,10 @@ type PodMetricsEndpoint struct {
 	// BasicAuth allow an endpoint to authenticate over basic authentication.
 	// More info: https://prometheus.io/docs/operating/configuration/#endpoint
 	BasicAuth *BasicAuth `json:"basicAuth,omitempty"`
+	// OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.
+	OAuth2 *OAuth2 `json:"oauth2,omitempty"`
+	// Authorization section for this endpoint
+	Authorization *SafeAuthorization `json:"authorization,omitempty"`
 	// MetricRelabelConfigs to apply to samples before ingestion.
 	MetricRelabelConfigs []*RelabelConfig `json:"metricRelabelings,omitempty"`
 	// RelabelConfigs to apply to samples before scraping.
@@ -904,6 +1048,23 @@ type ProbeSpec struct {
 	// BasicAuth allow an endpoint to authenticate over basic authentication.
 	// More info: https://prometheus.io/docs/operating/configuration/#endpoint
 	BasicAuth *BasicAuth `json:"basicAuth,omitempty"`
+	// OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.
+	OAuth2 *OAuth2 `json:"oauth2,omitempty"`
+	// Authorization section for this endpoint
+	Authorization *SafeAuthorization `json:"authorization,omitempty"`
+	// SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
+	SampleLimit uint64 `json:"sampleLimit,omitempty"`
+	// TargetLimit defines a limit on the number of scraped targets that will be accepted.
+	TargetLimit uint64 `json:"targetLimit,omitempty"`
+	// Per-scrape limit on number of labels that will be accepted for a sample.
+	// Only valid in Prometheus versions 2.27.0 and newer.
+	LabelLimit uint64 `json:"labelLimit,omitempty"`
+	// Per-scrape limit on length of labels name that will be accepted for a sample.
+	// Only valid in Prometheus versions 2.27.0 and newer.
+	LabelNameLengthLimit uint64 `json:"labelNameLengthLimit,omitempty"`
+	// Per-scrape limit on length of labels value that will be accepted for a sample.
+	// Only valid in Prometheus versions 2.27.0 and newer.
+	LabelValueLengthLimit uint64 `json:"labelValueLengthLimit,omitempty"`
 }
 
 // ProbeTargets defines a set of static and dynamically discovered targets for the prober.
@@ -951,6 +1112,51 @@ type ProberSpec struct {
 	// Path to collect metrics from.
 	// Defaults to `/probe`.
 	Path string `json:"path,omitempty"`
+	// Optional ProxyURL.
+	ProxyURL string `json:"proxyUrl,omitempty"`
+}
+
+// OAuth2 allows an endpoint to authenticate with OAuth2.
+// More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#oauth2
+// +k8s:openapi-gen=true
+type OAuth2 struct {
+	// The secret or configmap containing the OAuth2 client id
+	ClientID SecretOrConfigMap `json:"clientId"`
+	// The secret containing the OAuth2 client secret
+	ClientSecret v1.SecretKeySelector `json:"clientSecret"`
+	// The URL to fetch the token from
+	// +kubebuilder:validation:MinLength=1
+	TokenURL string `json:"tokenUrl"`
+	// OAuth2 scopes used for the token request
+	Scopes []string `json:"scopes,omitempty"`
+	// Parameters to append to the token URL
+	EndpointParams map[string]string `json:"endpointParams,omitempty"`
+}
+
+type OAuth2ValidationError struct {
+	err string
+}
+
+func (e *OAuth2ValidationError) Error() string {
+	return e.err
+}
+
+func (o *OAuth2) Validate() error {
+	if o.TokenURL == "" {
+		return &OAuth2ValidationError{err: "OAuth2 token url must be specified"}
+	}
+
+	if o.ClientID == (SecretOrConfigMap{}) {
+		return &OAuth2ValidationError{err: "OAuth2 client id must be specified"}
+	}
+
+	if err := o.ClientID.Validate(); err != nil {
+		return &OAuth2ValidationError{
+			err: fmt.Sprintf("invalid OAuth2 client id: %s", err.Error()),
+		}
+	}
+
+	return nil
 }
 
 // BasicAuth allow an endpoint to authenticate over basic authentication
@@ -1141,6 +1347,7 @@ type PrometheusRuleList struct {
 // PrometheusRule defines recording and alerting rules for a Prometheus instance
 // +genclient
 // +k8s:openapi-gen=true
+// +kubebuilder:resource:categories="prometheus-operator"
 type PrometheusRule struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
@@ -1170,7 +1377,8 @@ type RuleGroup struct {
 	PartialResponseStrategy string `json:"partial_response_strategy,omitempty"`
 }
 
-// Rule describes an alerting or recording rule.
+// Rule describes an alerting or recording rule
+// See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) or [recording](https://www.prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules) rule
 // +k8s:openapi-gen=true
 type Rule struct {
 	Record      string             `json:"record,omitempty"`
@@ -1482,3 +1690,55 @@ func (l *PrometheusRuleList) DeepCopyObject() runtime.Object {
 type ProbeTLSConfig struct {
 	SafeTLSConfig `json:",inline"`
 }
+
+// SafeAuthorization specifies a subset of the Authorization struct, that is
+// safe for use in Endpoints (no CrendetialsFile field)
+// +k8s:openapi-gen=true
+type SafeAuthorization struct {
+	// Set the authentication type. Defaults to Bearer, Basic will cause an
+	// error
+	Type string `json:"type,omitempty"`
+	// The secret's key that contains the credentials of the request
+	Credentials *v1.SecretKeySelector `json:"credentials,omitempty"`
+}
+
+// Validate semantically validates the given Authorization section.
+func (c *SafeAuthorization) Validate() error {
+	if strings.ToLower(strings.TrimSpace(c.Type)) == "basic" {
+		return &AuthorizationValidationError{`Authorization type cannot be set to "basic", use "basic_auth" instead`}
+	}
+	if c.Credentials == nil {
+		return &AuthorizationValidationError{"Authorization credentials are required"}
+	}
+	return nil
+}
+
+// Authorization contains optional `Authorization` header configuration.
+// This section is only understood by versions of Prometheus >= 2.26.0.
+type Authorization struct {
+	SafeAuthorization `json:",inline"`
+	// File to read a secret from, mutually exclusive with Credentials (from SafeAuthorization)
+	CredentialsFile string `json:"credentialsFile,omitempty"`
+}
+
+// Validate semantically validates the given Authorization section.
+func (c *Authorization) Validate() error {
+	if c.Credentials != nil && c.CredentialsFile != "" {
+		return &AuthorizationValidationError{"Authorization can not specify both Credentials and CredentialsFile"}
+	}
+	if strings.ToLower(strings.TrimSpace(c.Type)) == "basic" {
+		return &AuthorizationValidationError{"Authorization type cannot be set to \"basic\", use \"basic_auth\" instead"}
+	}
+	return nil
+}
+
+// AuthorizationValidationError is returned by Authorization.Validate()
+// on semantically invalid configurations.
+// +k8s:openapi-gen=false
+type AuthorizationValidationError struct {
+	err string
+}
+
+func (e *AuthorizationValidationError) Error() string {
+	return e.err
+}

vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/zz_generated.deepcopy.go

@@ -37,6 +37,11 @@ func (in *APIServerConfig) DeepCopyInto(out *APIServerConfig) {
 		*out = new(TLSConfig)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.Authorization != nil {
+		in, out := &in.Authorization, &out.Authorization
+		*out = new(Authorization)
+		(*in).DeepCopyInto(*out)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServerConfig.
@@ -103,6 +108,11 @@ func (in *AlertmanagerEndpoints) DeepCopyInto(out *AlertmanagerEndpoints) {
 		*out = new(TLSConfig)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.Authorization != nil {
+		in, out := &in.Authorization, &out.Authorization
+		*out = new(SafeAuthorization)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.Timeout != nil {
 		in, out := &in.Timeout, &out.Timeout
 		*out = new(string)
@@ -299,6 +309,37 @@ func (in *ArbitraryFSAccessThroughSMsConfig) DeepCopy() *ArbitraryFSAccessThroug
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Authorization) DeepCopyInto(out *Authorization) {
+	*out = *in
+	in.SafeAuthorization.DeepCopyInto(&out.SafeAuthorization)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authorization.
+func (in *Authorization) DeepCopy() *Authorization {
+	if in == nil {
+		return nil
+	}
+	out := new(Authorization)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AuthorizationValidationError) DeepCopyInto(out *AuthorizationValidationError) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationValidationError.
+func (in *AuthorizationValidationError) DeepCopy() *AuthorizationValidationError {
+	if in == nil {
+		return nil
+	}
+	out := new(AuthorizationValidationError)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *BasicAuth) DeepCopyInto(out *BasicAuth) {
 	*out = *in
@@ -393,6 +434,11 @@ func (in *Endpoint) DeepCopyInto(out *Endpoint) {
 		(*in).DeepCopyInto(*out)
 	}
 	in.BearerTokenSecret.DeepCopyInto(&out.BearerTokenSecret)
+	if in.Authorization != nil {
+		in, out := &in.Authorization, &out.Authorization
+		*out = new(SafeAuthorization)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.HonorTimestamps != nil {
 		in, out := &in.HonorTimestamps, &out.HonorTimestamps
 		*out = new(bool)
@@ -403,6 +449,11 @@ func (in *Endpoint) DeepCopyInto(out *Endpoint) {
 		*out = new(BasicAuth)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.OAuth2 != nil {
+		in, out := &in.OAuth2, &out.OAuth2
+		*out = new(OAuth2)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.MetricRelabelConfigs != nil {
 		in, out := &in.MetricRelabelConfigs, &out.MetricRelabelConfigs
 		*out = make([]*RelabelConfig, len(*in))
@@ -477,6 +528,50 @@ func (in *NamespaceSelector) DeepCopy() *NamespaceSelector {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OAuth2) DeepCopyInto(out *OAuth2) {
+	*out = *in
+	in.ClientID.DeepCopyInto(&out.ClientID)
+	in.ClientSecret.DeepCopyInto(&out.ClientSecret)
+	if in.Scopes != nil {
+		in, out := &in.Scopes, &out.Scopes
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.EndpointParams != nil {
+		in, out := &in.EndpointParams, &out.EndpointParams
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2.
+func (in *OAuth2) DeepCopy() *OAuth2 {
+	if in == nil {
+		return nil
+	}
+	out := new(OAuth2)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OAuth2ValidationError) DeepCopyInto(out *OAuth2ValidationError) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2ValidationError.
+func (in *OAuth2ValidationError) DeepCopy() *OAuth2ValidationError {
+	if in == nil {
+		return nil
+	}
+	out := new(OAuth2ValidationError)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *PodMetricsEndpoint) DeepCopyInto(out *PodMetricsEndpoint) {
 	*out = *in
@@ -516,6 +611,16 @@ func (in *PodMetricsEndpoint) DeepCopyInto(out *PodMetricsEndpoint) {
 		*out = new(BasicAuth)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.OAuth2 != nil {
+		in, out := &in.OAuth2, &out.OAuth2
+		*out = new(OAuth2)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Authorization != nil {
+		in, out := &in.Authorization, &out.Authorization
+		*out = new(SafeAuthorization)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.MetricRelabelConfigs != nil {
 		in, out := &in.MetricRelabelConfigs, &out.MetricRelabelConfigs
 		*out = make([]*RelabelConfig, len(*in))
@@ -708,6 +813,16 @@ func (in *ProbeSpec) DeepCopyInto(out *ProbeSpec) {
 		*out = new(BasicAuth)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.OAuth2 != nil {
+		in, out := &in.OAuth2, &out.OAuth2
+		*out = new(OAuth2)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Authorization != nil {
+		in, out := &in.Authorization, &out.Authorization
+		*out = new(SafeAuthorization)
+		(*in).DeepCopyInto(*out)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProbeSpec.
@@ -1217,6 +1332,21 @@ func (in *PrometheusSpec) DeepCopyInto(out *PrometheusSpec) {
 		*out = new(uint64)
 		**out = **in
 	}
+	if in.EnforcedLabelLimit != nil {
+		in, out := &in.EnforcedLabelLimit, &out.EnforcedLabelLimit
+		*out = new(uint64)
+		**out = **in
+	}
+	if in.EnforcedLabelNameLengthLimit != nil {
+		in, out := &in.EnforcedLabelNameLengthLimit, &out.EnforcedLabelNameLengthLimit
+		*out = new(uint64)
+		**out = **in
+	}
+	if in.EnforcedLabelValueLengthLimit != nil {
+		in, out := &in.EnforcedLabelValueLengthLimit, &out.EnforcedLabelValueLengthLimit
+		*out = new(uint64)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusSpec.
@@ -1329,6 +1459,16 @@ func (in *RemoteReadSpec) DeepCopyInto(out *RemoteReadSpec) {
 		*out = new(BasicAuth)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.OAuth2 != nil {
+		in, out := &in.OAuth2, &out.OAuth2
+		*out = new(OAuth2)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Authorization != nil {
+		in, out := &in.Authorization, &out.Authorization
+		*out = new(Authorization)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.TLSConfig != nil {
 		in, out := &in.TLSConfig, &out.TLSConfig
 		*out = new(TLSConfig)
@@ -1349,6 +1489,11 @@ func (in *RemoteReadSpec) DeepCopy() *RemoteReadSpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *RemoteWriteSpec) DeepCopyInto(out *RemoteWriteSpec) {
 	*out = *in
+	if in.SendExemplars != nil {
+		in, out := &in.SendExemplars, &out.SendExemplars
+		*out = new(bool)
+		**out = **in
+	}
 	if in.Headers != nil {
 		in, out := &in.Headers, &out.Headers
 		*out = make(map[string]string, len(*in))
@@ -1363,11 +1508,21 @@ func (in *RemoteWriteSpec) DeepCopyInto(out *RemoteWriteSpec) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
+	if in.OAuth2 != nil {
+		in, out := &in.OAuth2, &out.OAuth2
+		*out = new(OAuth2)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.BasicAuth != nil {
 		in, out := &in.BasicAuth, &out.BasicAuth
 		*out = new(BasicAuth)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.Authorization != nil {
+		in, out := &in.Authorization, &out.Authorization
+		*out = new(Authorization)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.TLSConfig != nil {
 		in, out := &in.TLSConfig, &out.TLSConfig
 		*out = new(TLSConfig)
@@ -1478,6 +1633,26 @@ func (in *RulesAlert) DeepCopy() *RulesAlert {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SafeAuthorization) DeepCopyInto(out *SafeAuthorization) {
+	*out = *in
+	if in.Credentials != nil {
+		in, out := &in.Credentials, &out.Credentials
+		*out = new(corev1.SecretKeySelector)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SafeAuthorization.
+func (in *SafeAuthorization) DeepCopy() *SafeAuthorization {
+	if in == nil {
+		return nil
+	}
+	out := new(SafeAuthorization)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *SafeTLSConfig) DeepCopyInto(out *SafeTLSConfig) {
 	*out = *in
@@ -1962,6 +2137,11 @@ func (in *WebSpec) DeepCopyInto(out *WebSpec) {
 		*out = new(string)
 		**out = **in
 	}
+	if in.TLSConfig != nil {
+		in, out := &in.TLSConfig, &out.TLSConfig
+		*out = new(WebTLSConfig)
+		(*in).DeepCopyInto(*out)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebSpec.
@@ -1973,3 +2153,51 @@ func (in *WebSpec) DeepCopy() *WebSpec {
 	in.DeepCopyInto(out)
 	return out
 }
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WebTLSConfig) DeepCopyInto(out *WebTLSConfig) {
+	*out = *in
+	in.KeySecret.DeepCopyInto(&out.KeySecret)
+	in.Cert.DeepCopyInto(&out.Cert)
+	in.ClientCA.DeepCopyInto(&out.ClientCA)
+	if in.CipherSuites != nil {
+		in, out := &in.CipherSuites, &out.CipherSuites
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.PreferServerCipherSuites != nil {
+		in, out := &in.PreferServerCipherSuites, &out.PreferServerCipherSuites
+		*out = new(bool)
+		**out = **in
+	}
+	if in.CurvePreferences != nil {
+		in, out := &in.CurvePreferences, &out.CurvePreferences
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebTLSConfig.
+func (in *WebTLSConfig) DeepCopy() *WebTLSConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(WebTLSConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WebTLSConfigError) DeepCopyInto(out *WebTLSConfigError) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebTLSConfigError.
+func (in *WebTLSConfigError) DeepCopy() *WebTLSConfigError {
+	if in == nil {
+		return nil
+	}
+	out := new(WebTLSConfigError)
+	in.DeepCopyInto(out)
+	return out
+}

vendor/github.com/quasilyte/regex/syntax/README.md

@@ -4,19 +4,17 @@ Package `syntax` provides regular expressions parser as well as AST definitions.
 
 ## Rationale
 
-There are several problems with the stdlib [regexp/syntax](https://golang.org/pkg/regexp/syntax/) package:
+The advantages of this package over stdlib [regexp/syntax](https://golang.org/pkg/regexp/syntax/):
 
-1. It does several transformations during the parsing that make it
+1. Does not transformations/optimizations during the parsing.
-   hard to do any kind of syntax analysis afterward.
+   The produced parse tree is loseless.
 
-2. The AST used there is optimized for the compilation and
+2. Simpler AST representation.
-   execution inside the [regexp](https://golang.org/pkg/regexp) package.
-   It's somewhat complicated, especially in a way character ranges are encoded.
 
-3. It only supports [re2](https://github.com/google/re2/wiki/Syntax) syntax.
+3. Can parse most PCRE operations in addition to [re2](https://github.com/google/re2/wiki/Syntax) syntax.
-   This parser recognizes most PCRE operations.
+   It can also handle PHP/Perl style patterns with delimiters.
 
-4. It's easier to extend this package than something from the standard library.
+4. This package is easier to extend than something from the standard library.
 
 This package does almost no assumptions about how generated AST is going to be used
 so it preserves as much syntax information as possible.
@@ -24,3 +22,8 @@ so it preserves as much syntax information as possible.
 It's easy to write another intermediate representation on top of it. The main
 function of this package is to convert a textual regexp pattern into a more
 structured form that can be processed more easily.
+
+## Users
+
+* [go-critic](https://github.com/go-critic/go-critic) - Go static analyzer
+* [NoVerify](https://github.com/VKCOM/noverify) - PHP static analyzer

vendor/github.com/quasilyte/regex/syntax/ast.go

@@ -1,7 +1,6 @@
 package syntax
 
 import (
-	"fmt"
 	"strings"
 )
 
@@ -63,85 +62,3 @@ func (e Expr) LastArg() Expr {
 type Operation byte
 
 type Form byte
-
-func FormatSyntax(re *Regexp) string {
-	return formatExprSyntax(re, re.Expr)
-}
-
-func formatExprSyntax(re *Regexp, e Expr) string {
-	switch e.Op {
-	case OpChar, OpLiteral:
-		switch e.Value {
-		case "{":
-			return "'{'"
-		case "}":
-			return "'}'"
-		default:
-			return e.Value
-		}
-	case OpString, OpEscapeChar, OpEscapeMeta, OpEscapeOctal, OpEscapeUni, OpEscapeHex, OpPosixClass:
-		return e.Value
-	case OpRepeat:
-		return fmt.Sprintf("(repeat %s %s)", formatExprSyntax(re, e.Args[0]), e.Args[1].Value)
-	case OpCaret:
-		return "^"
-	case OpDollar:
-		return "$"
-	case OpDot:
-		return "."
-	case OpQuote:
-		return fmt.Sprintf("(q %s)", e.Value)
-	case OpCharRange:
-		return fmt.Sprintf("%s-%s", formatExprSyntax(re, e.Args[0]), formatExprSyntax(re, e.Args[1]))
-	case OpCharClass:
-		return fmt.Sprintf("[%s]", formatArgsSyntax(re, e.Args))
-	case OpNegCharClass:
-		return fmt.Sprintf("[^%s]", formatArgsSyntax(re, e.Args))
-	case OpConcat:
-		return fmt.Sprintf("{%s}", formatArgsSyntax(re, e.Args))
-	case OpAlt:
-		return fmt.Sprintf("(or %s)", formatArgsSyntax(re, e.Args))
-	case OpCapture:
-		return fmt.Sprintf("(capture %s)", formatExprSyntax(re, e.Args[0]))
-	case OpNamedCapture:
-		return fmt.Sprintf("(capture %s %s)", formatExprSyntax(re, e.Args[0]), e.Args[1].Value)
-	case OpGroup:
-		return fmt.Sprintf("(group %s)", formatExprSyntax(re, e.Args[0]))
-	case OpAtomicGroup:
-		return fmt.Sprintf("(atomic %s)", formatExprSyntax(re, e.Args[0]))
-	case OpGroupWithFlags:
-		return fmt.Sprintf("(group %s ?%s)", formatExprSyntax(re, e.Args[0]), e.Args[1].Value)
-	case OpFlagOnlyGroup:
-		return fmt.Sprintf("(flags ?%s)", formatExprSyntax(re, e.Args[0]))
-	case OpPositiveLookahead:
-		return fmt.Sprintf("(?= %s)", formatExprSyntax(re, e.Args[0]))
-	case OpNegativeLookahead:
-		return fmt.Sprintf("(?! %s)", formatExprSyntax(re, e.Args[0]))
-	case OpPositiveLookbehind:
-		return fmt.Sprintf("(?<= %s)", formatExprSyntax(re, e.Args[0]))
-	case OpNegativeLookbehind:
-		return fmt.Sprintf("(?<! %s)", formatExprSyntax(re, e.Args[0]))
-	case OpPlus:
-		return fmt.Sprintf("(+ %s)", formatExprSyntax(re, e.Args[0]))
-	case OpStar:
-		return fmt.Sprintf("(* %s)", formatExprSyntax(re, e.Args[0]))
-	case OpQuestion:
-		return fmt.Sprintf("(? %s)", formatExprSyntax(re, e.Args[0]))
-	case OpNonGreedy:
-		return fmt.Sprintf("(non-greedy %s)", formatExprSyntax(re, e.Args[0]))
-	case OpPossessive:
-		return fmt.Sprintf("(possessive %s)", formatExprSyntax(re, e.Args[0]))
-	case OpComment:
-		return fmt.Sprintf("/*%s*/", e.Value)
-	default:
-		return fmt.Sprintf("<op=%d>", e.Op)
-	}
-}
-
-func formatArgsSyntax(re *Regexp, args []Expr) string {
-	parts := make([]string, len(args))
-	for i, e := range args {
-		parts[i] = formatExprSyntax(re, e)
-	}
-	return strings.Join(parts, " ")
-}

vendor/github.com/quasilyte/regex/syntax/errors.go

@@ -1,9 +1,5 @@
 package syntax
 
-import (
-	"fmt"
-)
-
 type ParseError struct {
 	Pos     Position
 	Message string
@@ -11,17 +7,21 @@ type ParseError struct {
 
 func (e ParseError) Error() string { return e.Message }
 
-func throwfPos(pos Position, format string, args ...interface{}) {
+func throw(pos Position, message string) {
-	panic(ParseError{
+	panic(ParseError{Pos: pos, Message: message})
-		Pos:     pos,
-		Message: fmt.Sprintf(format, args...),
-	})
 }
 
-func throwErrorf(posBegin, posEnd int, format string, args ...interface{}) {
+func throwExpectedFound(pos Position, expected, found string) {
-	pos := Position{
+	throw(pos, "expected '"+expected+"', found '"+found+"'")
-		Begin: uint16(posBegin),
+}
-		End:   uint16(posEnd),
+
-	}
+func throwUnexpectedToken(pos Position, token string) {
-	throwfPos(pos, format, args...)
+	throw(pos, "unexpected token: "+token)
+}
+
+func newPos(begin, end int) Position {
+	return Position{
+		Begin: uint16(begin),
+		End:   uint16(end),
+	}
 }

vendor/github.com/quasilyte/regex/syntax/lexer.go

@@ -2,7 +2,6 @@ package syntax
 
 import (
 	"strings"
-	"unicode"
 	"unicode/utf8"
 )
 
@@ -111,7 +110,7 @@ func (l *lexer) Peek() token {
 func (l *lexer) scan() {
 	for l.pos < len(l.input) {
 		ch := l.input[l.pos]
-		if ch > unicode.MaxASCII {
+		if ch >= utf8.RuneSelf {
 			_, size := utf8.DecodeRuneInString(l.input[l.pos:])
 			l.pushTok(tokChar, size)
 			l.maybeInsertConcat()
@@ -161,7 +160,7 @@ func (l *lexer) scan() {
 					} else if l.tryScanGroupName(l.pos + 2) {
 					} else if l.tryScanGroupFlags(l.pos + 2) {
 					} else {
-						throwErrorf(l.pos, l.pos+1, "group token is incomplete")
+						throw(newPos(l.pos, l.pos+1), "group token is incomplete")
 					}
 				}
 			} else {
@@ -190,7 +189,7 @@ func (l *lexer) scanCharClass() {
 
 	for l.pos < len(l.input) {
 		ch := l.input[l.pos]
-		if ch > unicode.MaxASCII {
+		if ch >= utf8.RuneSelf {
 			_, size := utf8.DecodeRuneInString(l.input[l.pos:])
 			l.pushTok(tokChar, size)
 			continue
@@ -224,17 +223,17 @@ func (l *lexer) scanCharClass() {
 func (l *lexer) scanEscape(insideCharClass bool) {
 	s := l.input
 	if l.pos+1 >= len(s) {
-		throwErrorf(l.pos, l.pos+1, `unexpected end of pattern: trailing '\'`)
+		throw(newPos(l.pos, l.pos+1), `unexpected end of pattern: trailing '\'`)
 	}
 	switch {
 	case s[l.pos+1] == 'p' || s[l.pos+1] == 'P':
 		if l.pos+2 >= len(s) {
-			throwErrorf(l.pos, l.pos+2, "unexpected end of pattern: expected uni-class-short or '{'")
+			throw(newPos(l.pos, l.pos+2), "unexpected end of pattern: expected uni-class-short or '{'")
 		}
 		if s[l.pos+2] == '{' {
 			j := strings.IndexByte(s[l.pos+2:], '}')
 			if j < 0 {
-				throwErrorf(l.pos, l.pos+2, "can't find closing '}'")
+				throw(newPos(l.pos, l.pos+2), "can't find closing '}'")
 			}
 			l.pushTok(tokEscapeUniFull, len(`\p{`)+j)
 		} else {
@@ -242,12 +241,12 @@ func (l *lexer) scanEscape(insideCharClass bool) {
 		}
 	case s[l.pos+1] == 'x':
 		if l.pos+2 >= len(s) {
-			throwErrorf(l.pos, l.pos+2, "unexpected end of pattern: expected hex-digit or '{'")
+			throw(newPos(l.pos, l.pos+2), "unexpected end of pattern: expected hex-digit or '{'")
 		}
 		if s[l.pos+2] == '{' {
 			j := strings.IndexByte(s[l.pos+2:], '}')
 			if j < 0 {
-				throwErrorf(l.pos, l.pos+2, "can't find closing '}'")
+				throw(newPos(l.pos, l.pos+2), "can't find closing '}'")
 			}
 			l.pushTok(tokEscapeHexFull, len(`\x{`)+j)
 		} else {
@@ -277,7 +276,7 @@ func (l *lexer) scanEscape(insideCharClass bool) {
 
 	default:
 		ch := l.byteAt(l.pos + 1)
-		if ch > unicode.MaxASCII {
+		if ch >= utf8.RuneSelf {
 			_, size := utf8.DecodeRuneInString(l.input[l.pos+1:])
 			l.pushTok(tokEscapeChar, len(`\`)+size)
 			return

vendor/github.com/quasilyte/regex/syntax/operation.go

@@ -65,46 +65,51 @@ const (
 
 	// OpQuote is a \Q...\E enclosed literal.
 	// Examples: `\Q.?\E` `\Q?q[]=1`
-	//
+	// FormQuoteUnclosed: `\Qabc`
-	// Note that closing \E is not mandatory.
+	// Args[0] - literal value (OpString)
 	OpQuote
 
 	// OpEscapeChar is a single char escape.
 	// Examples: `\d` `\a` `\n`
+	// Args[0] - escaped value (OpString)
 	OpEscapeChar
 
 	// OpEscapeMeta is an escaped meta char.
 	// Examples: `\(` `\[` `\+`
+	// Args[0] - escaped value (OpString)
 	OpEscapeMeta
 
 	// OpEscapeOctal is an octal char code escape (up to 3 digits).
 	// Examples: `\123` `\12`
+	// Args[0] - escaped value (OpString)
 	OpEscapeOctal
 
 	// OpEscapeHex is a hex char code escape.
 	// Examples: `\x7F` `\xF7`
 	// FormEscapeHexFull examples: `\x{10FFFF}` `\x{F}`.
+	// Args[0] - escaped value (OpString)
 	OpEscapeHex
 
 	// OpEscapeUni is a Unicode char class escape.
 	// Examples: `\pS` `\pL` `\PL`
 	// FormEscapeUniFull examples: `\p{Greek}` `\p{Symbol}` `\p{^L}`
+	// Args[0] - escaped value (OpString)
 	OpEscapeUni
 
 	// OpCharClass is a char class enclosed in [].
 	// Examples: `[abc]` `[a-z0-9\]]`
-	// Args - char class elements (can include OpCharRange and OpPosixClass).
+	// Args - char class elements (can include OpCharRange and OpPosixClass)
 	OpCharClass
 
 	// OpNegCharClass is a negated char class enclosed in [].
 	// Examples: `[^abc]` `[^a-z0-9\]]`
-	// Args - char class elements (can include OpCharRange and OpPosixClass).
+	// Args - char class elements (can include OpCharRange and OpPosixClass)
 	OpNegCharClass
 
 	// OpCharRange is an inclusive char range inside a char class.
 	// Examples: `0-9` `A-Z`
-	// Args[0] - range lower bound (OpChar or OpEscape).
+	// Args[0] - range lower bound
-	// Args[1] - range upper bound (OpChar or OpEscape).
+	// Args[1] - range upper bound
 	OpCharRange
 
 	// OpPosixClass is a named ASCII char set inside a char class.
@@ -186,4 +191,5 @@ const (
 	FormEscapeUniFull
 	FormNamedCaptureAngle
 	FormNamedCaptureQuote
+	FormQuoteUnclosed
 )

vendor/github.com/quasilyte/regex/syntax/parser.go

@@ -2,7 +2,6 @@ package syntax
 
 import (
 	"errors"
-	"fmt"
 	"strings"
 )
 
@@ -94,13 +93,39 @@ func newParser(opts *ParserOptions) *Parser {
 		}
 	}
 
+	p.prefixParselets[tokQ] = func(tok token) *Expr {
+		litPos := tok.pos
+		litPos.Begin += uint16(len(`\Q`))
+		form := FormQuoteUnclosed
+		if strings.HasSuffix(p.tokenValue(tok), `\E`) {
+			litPos.End -= uint16(len(`\E`))
+			form = FormDefault
+		}
+		lit := p.newExpr(OpString, litPos)
+		return p.newExprForm(OpQuote, form, tok.pos, lit)
+	}
+
 	p.prefixParselets[tokEscapeHexFull] = func(tok token) *Expr {
-		return p.newExprForm(OpEscapeHex, FormEscapeHexFull, tok.pos)
+		litPos := tok.pos
+		litPos.Begin += uint16(len(`\x{`))
+		litPos.End -= uint16(len(`}`))
+		lit := p.newExpr(OpString, litPos)
+		return p.newExprForm(OpEscapeHex, FormEscapeHexFull, tok.pos, lit)
 	}
 	p.prefixParselets[tokEscapeUniFull] = func(tok token) *Expr {
-		return p.newExprForm(OpEscapeUni, FormEscapeUniFull, tok.pos)
+		litPos := tok.pos
+		litPos.Begin += uint16(len(`\p{`))
+		litPos.End -= uint16(len(`}`))
+		lit := p.newExpr(OpString, litPos)
+		return p.newExprForm(OpEscapeUni, FormEscapeUniFull, tok.pos, lit)
 	}
 
+	p.prefixParselets[tokEscapeHex] = func(tok token) *Expr { return p.parseEscape(OpEscapeHex, `\x`, tok) }
+	p.prefixParselets[tokEscapeOctal] = func(tok token) *Expr { return p.parseEscape(OpEscapeOctal, `\`, tok) }
+	p.prefixParselets[tokEscapeChar] = func(tok token) *Expr { return p.parseEscape(OpEscapeChar, `\`, tok) }
+	p.prefixParselets[tokEscapeMeta] = func(tok token) *Expr { return p.parseEscape(OpEscapeMeta, `\`, tok) }
+	p.prefixParselets[tokEscapeUni] = func(tok token) *Expr { return p.parseEscape(OpEscapeUni, `\p`, tok) }
+
 	p.prefixParselets[tokLparen] = func(tok token) *Expr { return p.parseGroup(OpCapture, tok) }
 	p.prefixParselets[tokLparenAtomic] = func(tok token) *Expr { return p.parseGroup(OpAtomicGroup, tok) }
 	p.prefixParselets[tokLparenPositiveLookahead] = func(tok token) *Expr { return p.parseGroup(OpPositiveLookahead, tok) }
@@ -163,6 +188,10 @@ func (p *Parser) setValues(e *Expr) {
 	e.Value = p.exprValue(e)
 }
 
+func (p *Parser) tokenValue(tok token) string {
+	return p.out.Pattern[tok.pos.Begin:tok.pos.End]
+}
+
 func (p *Parser) exprValue(e *Expr) string {
 	return p.out.Pattern[e.Begin():e.End()]
 }
@@ -239,7 +268,7 @@ func (p *Parser) allocExpr() *Expr {
 func (p *Parser) expect(kind tokenKind) Position {
 	tok := p.lexer.NextToken()
 	if tok.kind != kind {
-		throwErrorf(int(tok.pos.Begin), int(tok.pos.End), "expected '%s', found '%s'", kind, tok.kind)
+		throwExpectedFound(tok.pos, kind.String(), tok.kind.String())
 	}
 	return tok.pos
 }
@@ -248,7 +277,7 @@ func (p *Parser) parseExpr(precedence int) *Expr {
 	tok := p.lexer.NextToken()
 	prefix := p.prefixParselets[tok.kind]
 	if prefix == nil {
-		throwfPos(tok.pos, "unexpected token: %v", tok)
+		throwUnexpectedToken(tok.pos, tok.String())
 	}
 	left := prefix(tok)
 
@@ -277,7 +306,7 @@ func (p *Parser) parseCharClass(op Operation, tok token) *Expr {
 			break
 		}
 		if next.kind == tokNone {
-			throwfPos(tok.pos, "unterminated '['")
+			throw(tok.pos, "unterminated '['")
 		}
 	}
 
@@ -400,6 +429,13 @@ func (p *Parser) parseGroupWithFlags(tok token) *Expr {
 	return result
 }
 
+func (p *Parser) parseEscape(op Operation, prefix string, tok token) *Expr {
+	litPos := tok.pos
+	litPos.Begin += uint16(len(prefix))
+	lit := p.newExpr(OpString, litPos)
+	return p.newExpr(op, tok.pos, lit)
+}
+
 func (p *Parser) precedenceOf(tok token) int {
 	switch tok.kind {
 	case tokPipe:
@@ -436,14 +472,16 @@ func (p *Parser) newPCRE(source string) (*RegexpPCRE, error) {
 			return nil, errors.New("whitespace is not a valid delimiter")
 		}
 		if isAlphanumeric(delim) {
-			return nil, fmt.Errorf("'%c' is not a valid delimiter", delim)
+			return nil, errors.New("'" + string(delim) + "' is not a valid delimiter")
 		}
 	}
 
-	j := strings.LastIndexByte(source, endDelim)
+	const delimLen = 1
+	j := strings.LastIndexByte(source[delimLen:], endDelim)
 	if j == -1 {
-		return nil, fmt.Errorf("can't find '%c' ending delimiter", endDelim)
+		return nil, errors.New("can't find '" + string(endDelim) + "' ending delimiter")
 	}
+	j += delimLen
 
 	pcre := &RegexpPCRE{
 		Pattern:   source[1:j],
@@ -455,17 +493,11 @@ func (p *Parser) newPCRE(source string) (*RegexpPCRE, error) {
 }
 
 var tok2op = [256]Operation{
-	tokDollar:      OpDollar,
+	tokDollar:     OpDollar,
-	tokCaret:       OpCaret,
+	tokCaret:      OpCaret,
-	tokDot:         OpDot,
+	tokDot:        OpDot,
-	tokChar:        OpChar,
+	tokChar:       OpChar,
-	tokMinus:       OpChar,
+	tokMinus:      OpChar,
-	tokEscapeChar:  OpEscapeChar,
+	tokPosixClass: OpPosixClass,
-	tokEscapeMeta:  OpEscapeMeta,
+	tokComment:    OpComment,
-	tokEscapeHex:   OpEscapeHex,
-	tokEscapeOctal: OpEscapeOctal,
-	tokEscapeUni:   OpEscapeUni,
-	tokPosixClass:  OpPosixClass,
-	tokQ:           OpQuote,
-	tokComment:     OpComment,
 }

vendor/github.com/quasilyte/regex/syntax/utils.go

@@ -2,7 +2,7 @@ package syntax
 
 func isSpace(ch byte) bool {
 	switch ch {
-	case '\r', '\n', '\t', '\f', '\v':
+	case '\r', '\n', '\t', '\f', '\v', ' ':
 		return true
 	default:
 		return false

vendor/github.com/stretchr/objx/accessors.go

@@ -1,6 +1,7 @@
 package objx
 
 import (
+	"reflect"
 	"regexp"
 	"strconv"
 	"strings"
@@ -16,11 +17,18 @@ const (
 	// arrayAccesRegexString is the regex used to extract the array number
 	// from the access path
 	arrayAccesRegexString = `^(.+)\[([0-9]+)\]$`
+
+	// mapAccessRegexString is the regex used to extract the map key
+	// from the access path
+	mapAccessRegexString = `^([^\[]*)\[([^\]]+)\](.*)$`
 )
 
 // arrayAccesRegex is the compiled arrayAccesRegexString
 var arrayAccesRegex = regexp.MustCompile(arrayAccesRegexString)
 
+// mapAccessRegex is the compiled mapAccessRegexString
+var mapAccessRegex = regexp.MustCompile(mapAccessRegexString)
+
 // Get gets the value using the specified selector and
 // returns it inside a new Obj object.
 //
@@ -70,13 +78,45 @@ func getIndex(s string) (int, string) {
 	return -1, s
 }
 
+// getKey returns the key which is held in s by two brackets.
+// It also returns the next selector.
+func getKey(s string) (string, string) {
+	selSegs := strings.SplitN(s, PathSeparator, 2)
+	thisSel := selSegs[0]
+	nextSel := ""
+
+	if len(selSegs) > 1 {
+		nextSel = selSegs[1]
+	}
+
+	mapMatches := mapAccessRegex.FindStringSubmatch(s)
+	if len(mapMatches) > 0 {
+		if _, err := strconv.Atoi(mapMatches[2]); err != nil {
+			thisSel = mapMatches[1]
+			nextSel = "[" + mapMatches[2] + "]" + mapMatches[3]
+
+			if thisSel == "" {
+				thisSel = mapMatches[2]
+				nextSel = mapMatches[3]
+			}
+
+			if nextSel == "" {
+				selSegs = []string{"", ""}
+			} else if nextSel[0] == '.' {
+				nextSel = nextSel[1:]
+			}
+		}
+	}
+
+	return thisSel, nextSel
+}
+
 // access accesses the object using the selector and performs the
 // appropriate action.
 func access(current interface{}, selector string, value interface{}, isSet bool) interface{} {
-	selSegs := strings.SplitN(selector, PathSeparator, 2)
+	thisSel, nextSel := getKey(selector)
-	thisSel := selSegs[0]
-	index := -1
 
+	index := -1
 	if strings.Contains(thisSel, "[") {
 		index, thisSel = getIndex(thisSel)
 	}
@@ -88,7 +128,7 @@ func access(current interface{}, selector string, value interface{}, isSet bool)
 	switch current.(type) {
 	case map[string]interface{}:
 		curMSI := current.(map[string]interface{})
-		if len(selSegs) <= 1 && isSet {
+		if nextSel == "" && isSet {
 			curMSI[thisSel] = value
 			return nil
 		}
@@ -102,9 +142,10 @@ func access(current interface{}, selector string, value interface{}, isSet bool)
 	default:
 		current = nil
 	}
+
 	// do we need to access the item of an array?
 	if index > -1 {
-		if array, ok := current.([]interface{}); ok {
+		if array, ok := interSlice(current); ok {
 			if index < len(array) {
 				current = array[index]
 			} else {
@@ -112,8 +153,27 @@ func access(current interface{}, selector string, value interface{}, isSet bool)
 			}
 		}
 	}
-	if len(selSegs) > 1 {
+	if nextSel != "" {
-		current = access(current, selSegs[1], value, isSet)
+		current = access(current, nextSel, value, isSet)
 	}
 	return current
 }
+
+func interSlice(slice interface{}) ([]interface{}, bool) {
+	if array, ok := slice.([]interface{}); ok {
+		return array, ok
+	}
+
+	s := reflect.ValueOf(slice)
+	if s.Kind() != reflect.Slice {
+		return nil, false
+	}
+
+	ret := make([]interface{}, s.Len())
+
+	for i := 0; i < s.Len(); i++ {
+		ret[i] = s.Index(i).Interface()
+	}
+
+	return ret, true
+}

vendor/golang.org/x/oauth2/google/default.go

@@ -94,20 +94,20 @@ func DefaultTokenSource(ctx context.Context, scope ...string) (oauth2.TokenSourc
 // It looks for credentials in the following places,
 // preferring the first location found:
 //
-//   1. A JSON file whose path is specified by the
+//  1. A JSON file whose path is specified by the
-//      GOOGLE_APPLICATION_CREDENTIALS environment variable.
+//     GOOGLE_APPLICATION_CREDENTIALS environment variable.
-//      For workload identity federation, refer to
+//     For workload identity federation, refer to
-//      https://cloud.google.com/iam/docs/how-to#using-workload-identity-federation on
+//     https://cloud.google.com/iam/docs/how-to#using-workload-identity-federation on
-//      how to generate the JSON configuration file for on-prem/non-Google cloud
+//     how to generate the JSON configuration file for on-prem/non-Google cloud
-//      platforms.
+//     platforms.
-//   2. A JSON file in a location known to the gcloud command-line tool.
+//  2. A JSON file in a location known to the gcloud command-line tool.
-//      On Windows, this is %APPDATA%/gcloud/application_default_credentials.json.
+//     On Windows, this is %APPDATA%/gcloud/application_default_credentials.json.
-//      On other systems, $HOME/.config/gcloud/application_default_credentials.json.
+//     On other systems, $HOME/.config/gcloud/application_default_credentials.json.
-//   3. On Google App Engine standard first generation runtimes (<= Go 1.9) it uses
+//  3. On Google App Engine standard first generation runtimes (<= Go 1.9) it uses
-//      the appengine.AccessToken function.
+//     the appengine.AccessToken function.
-//   4. On Google Compute Engine, Google App Engine standard second generation runtimes
+//  4. On Google Compute Engine, Google App Engine standard second generation runtimes
-//      (>= Go 1.11), and Google App Engine flexible environment, it fetches
+//     (>= Go 1.11), and Google App Engine flexible environment, it fetches
-//      credentials from the metadata server.
+//     credentials from the metadata server.
 func FindDefaultCredentialsWithParams(ctx context.Context, params CredentialsParams) (*Credentials, error) {
 	// Make defensive copy of the slices in params.
 	params = params.deepCopy()

vendor/golang.org/x/oauth2/google/doc.go

@@ -15,14 +15,14 @@
 // For more information on using workload identity federation, refer to
 // https://cloud.google.com/iam/docs/how-to#using-workload-identity-federation.
 //
-// OAuth2 Configs
+// # OAuth2 Configs
 //
 // Two functions in this package return golang.org/x/oauth2.Config values from Google credential
 // data. Google supports two JSON formats for OAuth2 credentials: one is handled by ConfigFromJSON,
 // the other by JWTConfigFromJSON. The returned Config can be used to obtain a TokenSource or
 // create an http.Client.
 //
-// Workload Identity Federation
+// # Workload Identity Federation
 //
 // Using workload identity federation, your application can access Google Cloud
 // resources from Amazon Web Services (AWS), Microsoft Azure or any identity
@@ -36,9 +36,9 @@
 // Follow the detailed instructions on how to configure Workload Identity Federation
 // in various platforms:
 //
-//   Amazon Web Services (AWS): https://cloud.google.com/iam/docs/access-resources-aws
+//	Amazon Web Services (AWS): https://cloud.google.com/iam/docs/access-resources-aws
-//   Microsoft Azure: https://cloud.google.com/iam/docs/access-resources-azure
+//	Microsoft Azure: https://cloud.google.com/iam/docs/access-resources-azure
-//   OIDC identity provider: https://cloud.google.com/iam/docs/access-resources-oidc
+//	OIDC identity provider: https://cloud.google.com/iam/docs/access-resources-oidc
 //
 // For OIDC providers, the library can retrieve OIDC tokens either from a
 // local file location (file-sourced credentials) or from a local server
@@ -51,8 +51,7 @@
 // return the OIDC token. The response can be in plain text or JSON.
 // Additional required request headers can also be specified.
 //
-//
+// # Credentials
-// Credentials
 //
 // The Credentials type represents Google credentials, including Application Default
 // Credentials.

vendor/k8s.io/gengo/args/args.go

@@ -86,6 +86,9 @@ type GeneratorArgs struct {
 	// Any custom arguments go here
 	CustomArgs interface{}
 
+	// If specified, trim the prefix from OutputPackagePath before writing files.
+	TrimPathPrefix string
+
 	// Whether to use default command line flags
 	defaultCommandLineFlags bool
 }
@@ -104,6 +107,7 @@ func (g *GeneratorArgs) AddFlags(fs *pflag.FlagSet) {
 	fs.StringVarP(&g.GoHeaderFilePath, "go-header-file", "h", g.GoHeaderFilePath, "File containing boilerplate header text. The string YEAR will be replaced with the current 4-digit year.")
 	fs.BoolVar(&g.VerifyOnly, "verify-only", g.VerifyOnly, "If true, only verify existing output, do not write anything.")
 	fs.StringVar(&g.GeneratedBuildTag, "build-tag", g.GeneratedBuildTag, "A Go build tag to use to identify files generated by this command. Should be unique.")
+	fs.StringVar(&g.TrimPathPrefix, "trim-path-prefix", g.TrimPathPrefix, "If set, trim the specified prefix from --output-package when generating files.")
 }
 
 // LoadGoBoilerplate loads the boilerplate file passed to --go-header-file.
@@ -202,6 +206,8 @@ func (g *GeneratorArgs) Execute(nameSystems namer.NameSystems, defaultSystem str
 		return fmt.Errorf("Failed making a context: %v", err)
 	}
 
+	c.TrimPathPrefix = g.TrimPathPrefix
+
 	c.Verify = g.VerifyOnly
 	packages := pkgs(c, g)
 	if err := c.ExecutePackages(g.OutputBase, packages); err != nil {

vendor/k8s.io/gengo/generator/execute.go

@@ -64,7 +64,7 @@ type DefaultFileType struct {
 }
 
 func (ft DefaultFileType) AssembleFile(f *File, pathname string) error {
-	klog.V(2).Infof("Assembling file %q", pathname)
+	klog.V(5).Infof("Assembling file %q", pathname)
 	destFile, err := os.Create(pathname)
 	if err != nil {
 		return err
@@ -91,7 +91,7 @@ func (ft DefaultFileType) AssembleFile(f *File, pathname string) error {
 }
 
 func (ft DefaultFileType) VerifyFile(f *File, pathname string) error {
-	klog.V(2).Infof("Verifying file %q", pathname)
+	klog.V(5).Infof("Verifying file %q", pathname)
 	friendlyName := filepath.Join(f.PackageName, f.Name)
 	b := &bytes.Buffer{}
 	et := NewErrorTracker(b)
@@ -214,7 +214,22 @@ func (c *Context) addNameSystems(namers namer.NameSystems) *Context {
 // import path already, this will be appended to 'outDir'.
 func (c *Context) ExecutePackage(outDir string, p Package) error {
 	path := filepath.Join(outDir, p.Path())
-	klog.V(2).Infof("Processing package %q, disk location %q", p.Name(), path)
+
+	// When working outside of GOPATH, we typically won't want to generate the
+	// full path for a package. For example, if our current project's root/base
+	// package is github.com/foo/bar, outDir=., p.Path()=github.com/foo/bar/generated,
+	// then we really want to be writing files to ./generated, not ./github.com/foo/bar/generated.
+	// The following will trim a path prefix (github.com/foo/bar) from p.Path() to arrive at
+	// a relative path that works with projects not in GOPATH.
+	if c.TrimPathPrefix != "" {
+		separator := string(filepath.Separator)
+		if !strings.HasSuffix(c.TrimPathPrefix, separator) {
+			c.TrimPathPrefix += separator
+		}
+
+		path = strings.TrimPrefix(path, c.TrimPathPrefix)
+	}
+	klog.V(5).Infof("Processing package %q, disk location %q", p.Name(), path)
 	// Filter out any types the *package* doesn't care about.
 	packageContext := c.filteredBy(p.Filter)
 	os.MkdirAll(path, 0755)

vendor/k8s.io/gengo/generator/generator.go

@@ -183,6 +183,9 @@ type Context struct {
 
 	// Allows generators to add packages at runtime.
 	builder *parser.Builder
+
+	// If specified, trim the prefix from a package's path before writing files.
+	TrimPathPrefix string
 }
 
 // NewContext generates a context from the given builder, naming systems, and

vendor/k8s.io/gengo/parser/parse.go

@@ -52,7 +52,9 @@ type Builder struct {
 	// This might hold the same value for multiple names, e.g. if someone
 	// referenced ./pkg/name or in the case of vendoring, which canonicalizes
 	// differently that what humans would type.
-	buildPackages map[string]*build.Package
+	//
+	// This must only be accessed via getLoadedBuildPackage and setLoadedBuildPackage
+	buildPackages map[importPathString]*build.Package
 
 	fset *token.FileSet
 	// map of package path to list of parsed files
@@ -102,7 +104,7 @@ func New() *Builder {
 	c.CgoEnabled = false
 	return &Builder{
 		context:               &c,
-		buildPackages:         map[string]*build.Package{},
+		buildPackages:         map[importPathString]*build.Package{},
 		typeCheckedPackages:   map[importPathString]*tc.Package{},
 		fset:                  token.NewFileSet(),
 		parsed:                map[importPathString][]parsedFile{},
@@ -118,11 +120,37 @@ func (b *Builder) AddBuildTags(tags ...string) {
 	b.context.BuildTags = append(b.context.BuildTags, tags...)
 }
 
+func (b *Builder) getLoadedBuildPackage(importPath string) (*build.Package, bool) {
+	canonicalized := canonicalizeImportPath(importPath)
+	if string(canonicalized) != importPath {
+		klog.V(5).Infof("getLoadedBuildPackage: %s normalized to %s", importPath, canonicalized)
+	}
+	buildPkg, ok := b.buildPackages[canonicalized]
+	return buildPkg, ok
+}
+func (b *Builder) setLoadedBuildPackage(importPath string, buildPkg *build.Package) {
+	canonicalizedImportPath := canonicalizeImportPath(importPath)
+	if string(canonicalizedImportPath) != importPath {
+		klog.V(5).Infof("setLoadedBuildPackage: importPath %s normalized to %s", importPath, canonicalizedImportPath)
+	}
+
+	canonicalizedBuildPkgImportPath := canonicalizeImportPath(buildPkg.ImportPath)
+	if string(canonicalizedBuildPkgImportPath) != buildPkg.ImportPath {
+		klog.V(5).Infof("setLoadedBuildPackage: buildPkg.ImportPath %s normalized to %s", buildPkg.ImportPath, canonicalizedBuildPkgImportPath)
+	}
+
+	if canonicalizedImportPath != canonicalizedBuildPkgImportPath {
+		klog.V(5).Infof("setLoadedBuildPackage: normalized importPath (%s) differs from buildPkg.ImportPath (%s)", canonicalizedImportPath, canonicalizedBuildPkgImportPath)
+	}
+	b.buildPackages[canonicalizedImportPath] = buildPkg
+	b.buildPackages[canonicalizedBuildPkgImportPath] = buildPkg
+}
+
 // Get package information from the go/build package. Automatically excludes
 // e.g. test files and files for other platforms-- there is quite a bit of
 // logic of that nature in the build package.
 func (b *Builder) importBuildPackage(dir string) (*build.Package, error) {
-	if buildPkg, ok := b.buildPackages[dir]; ok {
+	if buildPkg, ok := b.getLoadedBuildPackage(dir); ok {
 		return buildPkg, nil
 	}
 	// This validates the `package foo // github.com/bar/foo` comments.
@@ -142,17 +170,7 @@ func (b *Builder) importBuildPackage(dir string) (*build.Package, error) {
 
 	// Remember it under the user-provided name.
 	klog.V(5).Infof("saving buildPackage %s", dir)
-	b.buildPackages[dir] = buildPkg
+	b.setLoadedBuildPackage(dir, buildPkg)
-	canonicalPackage := canonicalizeImportPath(buildPkg.ImportPath)
-	if dir != string(canonicalPackage) {
-		// Since `dir` is not the canonical name, see if we knew it under another name.
-		if buildPkg, ok := b.buildPackages[string(canonicalPackage)]; ok {
-			return buildPkg, nil
-		}
-		// Must be new, save it under the canonical name, too.
-		klog.V(5).Infof("saving buildPackage %s", canonicalPackage)
-		b.buildPackages[string(canonicalPackage)] = buildPkg
-	}
 
 	return buildPkg, nil
 }
@@ -167,7 +185,7 @@ func (b *Builder) AddFileForTest(pkg string, path string, src []byte) error {
 	if err := b.addFile(importPathString(pkg), path, src, true); err != nil {
 		return err
 	}
-	if _, err := b.typeCheckPackage(importPathString(pkg)); err != nil {
+	if _, err := b.typeCheckPackage(importPathString(pkg), true); err != nil {
 		return err
 	}
 	return nil
@@ -231,7 +249,11 @@ func (b *Builder) AddDirRecursive(dir string) error {
 
 	// filepath.Walk does not follow symlinks. We therefore evaluate symlinks and use that with
 	// filepath.Walk.
-	realPath, err := filepath.EvalSymlinks(b.buildPackages[dir].Dir)
+	buildPkg, ok := b.getLoadedBuildPackage(dir)
+	if !ok {
+		return fmt.Errorf("no loaded build package for %s", dir)
+	}
+	realPath, err := filepath.EvalSymlinks(buildPkg.Dir)
 	if err != nil {
 		return err
 	}
@@ -241,7 +263,11 @@ func (b *Builder) AddDirRecursive(dir string) error {
 			rel := filepath.ToSlash(strings.TrimPrefix(filePath, realPath))
 			if rel != "" {
 				// Make a pkg path.
-				pkg := path.Join(string(canonicalizeImportPath(b.buildPackages[dir].ImportPath)), rel)
+				buildPkg, ok := b.getLoadedBuildPackage(dir)
+				if !ok {
+					return fmt.Errorf("no loaded build package for %s", dir)
+				}
+				pkg := path.Join(string(canonicalizeImportPath(buildPkg.ImportPath)), rel)
 
 				// Add it.
 				if _, err := b.importPackage(pkg, true); err != nil {
@@ -269,7 +295,11 @@ func (b *Builder) AddDirTo(dir string, u *types.Universe) error {
 	if _, err := b.importPackage(dir, true); err != nil {
 		return err
 	}
-	return b.findTypesIn(canonicalizeImportPath(b.buildPackages[dir].ImportPath), u)
+	pkg, ok := b.getLoadedBuildPackage(dir)
+	if !ok {
+		return fmt.Errorf("no such package: %q", dir)
+	}
+	return b.findTypesIn(canonicalizeImportPath(pkg.ImportPath), u)
 }
 
 // AddDirectoryTo adds an entire directory to a given Universe. Unlike AddDir,
@@ -283,7 +313,11 @@ func (b *Builder) AddDirectoryTo(dir string, u *types.Universe) (*types.Package,
 	if _, err := b.importPackage(dir, true); err != nil {
 		return nil, err
 	}
-	path := canonicalizeImportPath(b.buildPackages[dir].ImportPath)
+	pkg, ok := b.getLoadedBuildPackage(dir)
+	if !ok || pkg == nil {
+		return nil, fmt.Errorf("no such package: %q", dir)
+	}
+	path := canonicalizeImportPath(pkg.ImportPath)
 	if err := b.findTypesIn(path, u); err != nil {
 		return nil, err
 	}
@@ -347,10 +381,11 @@ func isErrPackageNotFound(err error) bool {
 // needs to import a go package. 'path' is the import path.
 func (b *Builder) importPackage(dir string, userRequested bool) (*tc.Package, error) {
 	klog.V(5).Infof("importPackage %s", dir)
+
 	var pkgPath = importPathString(dir)
 
 	// Get the canonical path if we can.
-	if buildPkg := b.buildPackages[dir]; buildPkg != nil {
+	if buildPkg, _ := b.getLoadedBuildPackage(dir); buildPkg != nil {
 		canonicalPackage := canonicalizeImportPath(buildPkg.ImportPath)
 		klog.V(5).Infof("importPackage %s, canonical path is %s", dir, canonicalPackage)
 		pkgPath = canonicalPackage
@@ -374,7 +409,7 @@ func (b *Builder) importPackage(dir string, userRequested bool) (*tc.Package, er
 		}
 
 		// Get the canonical path now that it has been added.
-		if buildPkg := b.buildPackages[dir]; buildPkg != nil {
+		if buildPkg, _ := b.getLoadedBuildPackage(dir); buildPkg != nil {
 			canonicalPackage := canonicalizeImportPath(buildPkg.ImportPath)
 			klog.V(5).Infof("importPackage %s, canonical path is %s", dir, canonicalPackage)
 			pkgPath = canonicalPackage
@@ -388,13 +423,13 @@ func (b *Builder) importPackage(dir string, userRequested bool) (*tc.Package, er
 	// Run the type checker.  We may end up doing this to pkgs that are already
 	// done, or are in the queue to be done later, but it will short-circuit,
 	// and we can't miss pkgs that are only depended on.
-	pkg, err := b.typeCheckPackage(pkgPath)
+	pkg, err := b.typeCheckPackage(pkgPath, !ignoreError)
 	if err != nil {
 		switch {
 		case ignoreError && pkg != nil:
-			klog.V(2).Infof("type checking encountered some issues in %q, but ignoring.\n", pkgPath)
+			klog.V(4).Infof("type checking encountered some issues in %q, but ignoring.\n", pkgPath)
 		case !ignoreError && pkg != nil:
-			klog.V(2).Infof("type checking encountered some errors in %q\n", pkgPath)
+			klog.V(3).Infof("type checking encountered some errors in %q\n", pkgPath)
 			return nil, err
 		default:
 			return nil, err
@@ -415,7 +450,7 @@ func (a importAdapter) Import(path string) (*tc.Package, error) {
 // typeCheckPackage will attempt to return the package even if there are some
 // errors, so you may check whether the package is nil or not even if you get
 // an error.
-func (b *Builder) typeCheckPackage(pkgPath importPathString) (*tc.Package, error) {
+func (b *Builder) typeCheckPackage(pkgPath importPathString, logErr bool) (*tc.Package, error) {
 	klog.V(5).Infof("typeCheckPackage %s", pkgPath)
 	if pkg, ok := b.typeCheckedPackages[pkgPath]; ok {
 		if pkg != nil {
@@ -443,7 +478,11 @@ func (b *Builder) typeCheckPackage(pkgPath importPathString) (*tc.Package, error
 		// method. So there can't be cycles in the import graph.
 		Importer: importAdapter{b},
 		Error: func(err error) {
-			klog.V(2).Infof("type checker: %v\n", err)
+			if logErr {
+				klog.V(2).Infof("type checker: %v\n", err)
+			} else {
+				klog.V(3).Infof("type checker: %v\n", err)
+			}
 		},
 	}
 	pkg, err := c.Check(string(pkgPath), b.fset, files, nil)
@@ -592,6 +631,10 @@ func (b *Builder) importWithMode(dir string, mode build.ImportMode) (*build.Pack
 	if err != nil {
 		return nil, fmt.Errorf("unable to get current directory: %v", err)
 	}
+
+	// normalize to drop /vendor/ if present
+	dir = string(canonicalizeImportPath(dir))
+
 	buildPkg, err := b.context.Import(filepath.ToSlash(dir), cwd, mode)
 	if err != nil {
 		return nil, err
@@ -653,9 +696,11 @@ func (b *Builder) convertSignature(u types.Universe, t *tc.Signature) *types.Sig
 	signature := &types.Signature{}
 	for i := 0; i < t.Params().Len(); i++ {
 		signature.Parameters = append(signature.Parameters, b.walkType(u, nil, t.Params().At(i).Type()))
+		signature.ParameterNames = append(signature.ParameterNames, t.Params().At(i).Name())
 	}
 	for i := 0; i < t.Results().Len(); i++ {
 		signature.Results = append(signature.Results, b.walkType(u, nil, t.Results().At(i).Type()))
+		signature.ResultNames = append(signature.ResultNames, t.Results().At(i).Name())
 	}
 	if r := t.Recv(); r != nil {
 		signature.Receiver = b.walkType(u, nil, r.Type())

vendor/k8s.io/gengo/types/types.go

@@ -423,12 +423,12 @@ func (m Member) String() string {
 
 // Signature is a function's signature.
 type Signature struct {
-	// TODO: store the parameter names, not just types.
-
 	// If a method of some type, this is the type it's a member of.
-	Receiver   *Type
+	Receiver       *Type
-	Parameters []*Type
+	Parameters     []*Type
-	Results    []*Type
+	ParameterNames []string
+	Results        []*Type
+	ResultNames    []string
 
 	// True if the last in parameter is of the form ...T.
 	Variadic bool

vendor/modules.txt

@@ -82,7 +82,7 @@ github.com/Azure/go-autorest/tracing
 # github.com/BurntSushi/toml v1.1.0 => github.com/BurntSushi/toml v0.3.1
 ## explicit
 github.com/BurntSushi/toml
-# github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24
+# github.com/Djarvur/go-err113 v0.1.0
 ## explicit; go 1.13
 github.com/Djarvur/go-err113
 # github.com/IBM-Cloud/bluemix-go v0.0.0-20220407050707-b4cd0d4da813
@@ -231,6 +231,8 @@ github.com/axw/gocov
 github.com/axw/gocov/gocov
 github.com/axw/gocov/gocov/internal/testflag
 github.com/axw/gocov/gocovutil
+# github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f
+## explicit
 # github.com/beorn7/perks v1.0.1
 ## explicit; go 1.11
 github.com/beorn7/perks/quantile
@@ -515,7 +517,7 @@ github.com/go-toolsmith/typep
 # github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b
 ## explicit
 github.com/go-xmlfmt/xmlfmt
-# github.com/gobuffalo/flect v0.2.3
+# github.com/gobuffalo/flect v0.2.5
 ## explicit; go 1.13
 github.com/gobuffalo/flect
 # github.com/gobwas/glob v0.2.3
@@ -1017,7 +1019,7 @@ github.com/openshift/api/operator/v1alpha1
 github.com/openshift/api/project/v1
 github.com/openshift/api/samples/v1
 github.com/openshift/api/security/v1
-# github.com/openshift/client-go v0.0.0-20211209144617-7385dd6338e3 => github.com/openshift/client-go v0.0.0-20211209144617-7385dd6338e3
+# github.com/openshift/client-go v0.0.0-20220525160904-9e1acff93e4a => github.com/openshift/client-go v0.0.0-20211209144617-7385dd6338e3
 ## explicit; go 1.16
 github.com/openshift/client-go/config/clientset/versioned
 github.com/openshift/client-go/config/clientset/versioned/fake
@@ -1070,7 +1072,7 @@ github.com/openshift/cluster-api/pkg/apis/machine/v1beta1
 ## explicit; go 1.17
 github.com/openshift/cluster-api-provider-baremetal/pkg/apis
 github.com/openshift/cluster-api-provider-baremetal/pkg/apis/baremetal/v1alpha1
-# github.com/openshift/cluster-api-provider-ibmcloud v0.0.0-20211008100740-4d7907adbd6b => github.com/openshift/cluster-api-provider-ibmcloud v0.0.0-20211008100740-4d7907adbd6b
+# github.com/openshift/cluster-api-provider-ibmcloud v0.0.1-0.20220201105455-8014e5e894b0 => github.com/openshift/cluster-api-provider-ibmcloud v0.0.0-20211008100740-4d7907adbd6b
 ## explicit; go 1.16
 github.com/openshift/cluster-api-provider-ibmcloud/pkg/apis
 github.com/openshift/cluster-api-provider-ibmcloud/pkg/apis/ibmcloudprovider/v1beta1
@@ -1078,20 +1080,20 @@ github.com/openshift/cluster-api-provider-ibmcloud/pkg/apis/ibmcloudprovider/v1b
 ## explicit
 github.com/openshift/cluster-api-provider-libvirt/pkg/apis
 github.com/openshift/cluster-api-provider-libvirt/pkg/apis/libvirtproviderconfig/v1beta1
-# github.com/openshift/cluster-api-provider-ovirt v0.1.1-0.20211111151530-06177b773958 => github.com/openshift/cluster-api-provider-ovirt v0.1.1-0.20211215231458-35ce9aafee1f
+# github.com/openshift/cluster-api-provider-ovirt v0.1.1-0.20220323121149-e3f2850dd519 => github.com/openshift/cluster-api-provider-ovirt v0.1.1-0.20211215231458-35ce9aafee1f
 ## explicit; go 1.17
 github.com/openshift/cluster-api-provider-ovirt/pkg/apis
 github.com/openshift/cluster-api-provider-ovirt/pkg/apis/ovirtprovider/v1beta1
 # github.com/openshift/console-operator v0.0.0-20220407014945-45d37e70e0c2 => github.com/openshift/console-operator v0.0.0-20220318130441-e44516b9c315
 ## explicit; go 1.16
 github.com/openshift/console-operator/pkg/api
-# github.com/openshift/hive v1.1.16
+# github.com/openshift/hive v1.1.16 => github.com/openshift/hive v1.1.17-0.20220719141355-c63c9b0281d8
-## explicit; go 1.16
+## explicit; go 1.18
 github.com/openshift/hive/pkg/client/clientset/versioned
 github.com/openshift/hive/pkg/client/clientset/versioned/scheme
 github.com/openshift/hive/pkg/client/clientset/versioned/typed/hive/v1
 github.com/openshift/hive/pkg/client/clientset/versioned/typed/hiveinternal/v1alpha1
-# github.com/openshift/hive/apis v0.0.0 => github.com/openshift/hive/apis v0.0.0-20220624202239-6ac23a86d03b
+# github.com/openshift/hive/apis v0.0.0 => github.com/openshift/hive/apis v0.0.0-20220719141355-c63c9b0281d8
 ## explicit; go 1.18
 github.com/openshift/hive/apis/hive/v1
 github.com/openshift/hive/apis/hive/v1/agent
@@ -1224,7 +1226,7 @@ github.com/openshift/installer/pkg/types/vsphere/defaults
 github.com/openshift/installer/pkg/types/vsphere/validation
 github.com/openshift/installer/pkg/validate
 github.com/openshift/installer/pkg/version
-# github.com/openshift/library-go v0.0.0-20220405134141-226b07263a02 => github.com/openshift/library-go v0.0.0-20220303081124-fb4e7a2872f0
+# github.com/openshift/library-go v0.0.0-20220525173854-9b950a41acdc => github.com/openshift/library-go v0.0.0-20220303081124-fb4e7a2872f0
 ## explicit; go 1.17
 github.com/openshift/library-go/pkg/config/clusteroperator/v1helpers
 # github.com/openshift/machine-config-operator v3.11.0+incompatible => github.com/openshift/machine-config-operator v0.0.1-0.20220319215057-e6ba00b88555
@@ -1272,7 +1274,7 @@ github.com/pquerna/cachecontrol/cacheobject
 # github.com/proglottis/gpgme v0.1.1
 ## explicit; go 1.11
 github.com/proglottis/gpgme
-# github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.48.1
+# github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.50.0
 ## explicit; go 1.14
 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring
 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1
@@ -1306,7 +1308,7 @@ github.com/quasilyte/go-ruleguard/ruleguard
 github.com/quasilyte/go-ruleguard/ruleguard/goutil
 github.com/quasilyte/go-ruleguard/ruleguard/quasigo
 github.com/quasilyte/go-ruleguard/ruleguard/typematch
-# github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95
+# github.com/quasilyte/regex/syntax v0.0.0-20200805063351-8f842688393c
 ## explicit; go 1.14
 github.com/quasilyte/regex/syntax
 # github.com/rivo/uniseg v0.2.0
@@ -1369,7 +1371,7 @@ github.com/ssgreg/nlreturn/v2/pkg/nlreturn
 # github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980
 ## explicit
 github.com/stefanberger/go-pkcs11uri
-# github.com/stretchr/objx v0.2.0
+# github.com/stretchr/objx v0.3.0
 ## explicit; go 1.12
 github.com/stretchr/objx
 # github.com/stretchr/testify v1.7.1
@@ -1548,7 +1550,7 @@ golang.org/x/net/internal/socks
 golang.org/x/net/internal/timeseries
 golang.org/x/net/proxy
 golang.org/x/net/trace
-# golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a
+# golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5
 ## explicit; go 1.11
 golang.org/x/oauth2
 golang.org/x/oauth2/authhandler
@@ -1853,7 +1855,7 @@ honnef.co/go/tools/staticcheck
 honnef.co/go/tools/stylecheck
 honnef.co/go/tools/unused
 honnef.co/go/tools/unused/typemap
-# k8s.io/api v0.23.5 => k8s.io/api v0.23.0
+# k8s.io/api v0.24.1 => k8s.io/api v0.23.0
 ## explicit; go 1.16
 k8s.io/api/admission/v1
 k8s.io/api/admission/v1beta1
@@ -1903,7 +1905,7 @@ k8s.io/api/scheduling/v1beta1
 k8s.io/api/storage/v1
 k8s.io/api/storage/v1alpha1
 k8s.io/api/storage/v1beta1
-# k8s.io/apiextensions-apiserver v0.23.5 => k8s.io/apiextensions-apiserver v0.23.0
+# k8s.io/apiextensions-apiserver v0.24.1 => k8s.io/apiextensions-apiserver v0.23.0
 ## explicit; go 1.16
 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions
 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
@@ -1912,7 +1914,7 @@ k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset
 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme
 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1
 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1
-# k8s.io/apimachinery v0.23.5 => k8s.io/apimachinery v0.23.0
+# k8s.io/apimachinery v0.24.1 => k8s.io/apimachinery v0.23.0
 ## explicit; go 1.16
 k8s.io/apimachinery/pkg/api/equality
 k8s.io/apimachinery/pkg/api/errors
@@ -1968,11 +1970,11 @@ k8s.io/apimachinery/pkg/watch
 k8s.io/apimachinery/third_party/forked/golang/json
 k8s.io/apimachinery/third_party/forked/golang/netutil
 k8s.io/apimachinery/third_party/forked/golang/reflect
-# k8s.io/apiserver v0.23.5 => k8s.io/apiserver v0.23.0
+# k8s.io/apiserver v0.24.1 => k8s.io/apiserver v0.23.0
 ## explicit; go 1.16
 k8s.io/apiserver/pkg/features
 k8s.io/apiserver/pkg/util/feature
-# k8s.io/cli-runtime v0.23.5 => k8s.io/cli-runtime v0.23.0
+# k8s.io/cli-runtime v0.24.1 => k8s.io/cli-runtime v0.23.0
 ## explicit; go 1.16
 k8s.io/cli-runtime/pkg/genericclioptions
 k8s.io/cli-runtime/pkg/printers
@@ -2167,7 +2169,7 @@ k8s.io/client-go/util/jsonpath
 k8s.io/client-go/util/keyutil
 k8s.io/client-go/util/retry
 k8s.io/client-go/util/workqueue
-# k8s.io/code-generator v0.23.2 => k8s.io/code-generator v0.23.0
+# k8s.io/code-generator v0.24.1 => k8s.io/code-generator v0.23.0
 ## explicit; go 1.16
 k8s.io/code-generator/cmd/client-gen
 k8s.io/code-generator/cmd/client-gen/args
@@ -2179,13 +2181,13 @@ k8s.io/code-generator/cmd/client-gen/path
 k8s.io/code-generator/cmd/client-gen/types
 k8s.io/code-generator/pkg/namer
 k8s.io/code-generator/pkg/util
-# k8s.io/component-base v0.23.5 => k8s.io/component-base v0.23.0
+# k8s.io/component-base v0.24.1 => k8s.io/component-base v0.23.0
 ## explicit; go 1.16
 k8s.io/component-base/config
 k8s.io/component-base/config/v1alpha1
 k8s.io/component-base/featuregate
 k8s.io/component-base/version
-# k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c
+# k8s.io/gengo v0.0.0-20211129171323-c02415ce4185
 ## explicit; go 1.13
 k8s.io/gengo/args
 k8s.io/gengo/generator
@@ -2204,7 +2206,7 @@ k8s.io/kube-openapi/pkg/schemaconv
 k8s.io/kube-openapi/pkg/util/proto
 k8s.io/kube-openapi/pkg/util/proto/validation
 k8s.io/kube-openapi/pkg/validation/spec
-# k8s.io/kubectl v0.23.5 => k8s.io/kubectl v0.23.0
+# k8s.io/kubectl v0.24.1 => k8s.io/kubectl v0.23.0
 ## explicit; go 1.16
 k8s.io/kubectl/pkg/cmd/util
 k8s.io/kubectl/pkg/drain
@@ -2261,7 +2263,7 @@ sigs.k8s.io/cluster-api-provider-azure/pkg/apis/azureprovider/v1beta1
 ## explicit; go 1.16
 sigs.k8s.io/cluster-api-provider-openstack/pkg/apis
 sigs.k8s.io/cluster-api-provider-openstack/pkg/apis/openstackproviderconfig/v1alpha1
-# sigs.k8s.io/controller-runtime v0.11.2 => sigs.k8s.io/controller-runtime v0.9.1
+# sigs.k8s.io/controller-runtime v0.12.1 => sigs.k8s.io/controller-runtime v0.9.1
 ## explicit; go 1.16
 sigs.k8s.io/controller-runtime
 sigs.k8s.io/controller-runtime/pkg/builder
@@ -2303,7 +2305,7 @@ sigs.k8s.io/controller-runtime/pkg/webhook
 sigs.k8s.io/controller-runtime/pkg/webhook/admission
 sigs.k8s.io/controller-runtime/pkg/webhook/conversion
 sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics
-# sigs.k8s.io/controller-tools v0.7.0 => sigs.k8s.io/controller-tools v0.5.0
+# sigs.k8s.io/controller-tools v0.9.0 => sigs.k8s.io/controller-tools v0.5.0
 ## explicit; go 1.15
 sigs.k8s.io/controller-tools/cmd/controller-gen
 sigs.k8s.io/controller-tools/pkg/crd
@@ -2498,7 +2500,6 @@ sigs.k8s.io/yaml
 # github.com/openshift/cluster-api-provider-libvirt => github.com/openshift/cluster-api-provider-libvirt v0.2.1-0.20191219173431-2336783d4603
 # github.com/openshift/cluster-api-provider-ovirt => github.com/openshift/cluster-api-provider-ovirt v0.1.1-0.20211215231458-35ce9aafee1f
 # github.com/openshift/console-operator => github.com/openshift/console-operator v0.0.0-20220318130441-e44516b9c315
-# github.com/openshift/hive/apis => github.com/openshift/hive/apis v0.0.0-20220624202239-6ac23a86d03b
 # github.com/openshift/installer => github.com/jewzaam/installer-aro v0.9.0-master.0.20220524230743-7e2aa7a0cc1a
 # github.com/openshift/library-go => github.com/openshift/library-go v0.0.0-20220303081124-fb4e7a2872f0
 # github.com/openshift/machine-api-operator => github.com/openshift/machine-api-operator v0.2.1-0.20220124104622-668c5b52b104
@@ -2525,3 +2526,5 @@ sigs.k8s.io/yaml
 # sigs.k8s.io/structured-merge-diff => sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06
 # sourcegraph.com/sourcegraph/go-diff => github.com/sourcegraph/go-diff v0.5.1
 # vbom.ml/util => github.com/fvbommel/util v0.0.3
+# github.com/openshift/hive => github.com/openshift/hive v1.1.17-0.20220719141355-c63c9b0281d8
+# github.com/openshift/hive/apis => github.com/openshift/hive/apis v0.0.0-20220719141355-c63c9b0281d8