From 6ec703c6b5332f962208f3d26ba870ffe3872f6f Mon Sep 17 00:00:00 2001
From: Matt Morrison <matt.morrison@ditto.live>
Date: Wed, 6 Dec 2023 14:29:04 +1300
Subject: [PATCH 01/16] Rename mintel to sl1pm4t and update Go version

---
 .github/workflows/k8s.yml                     |   4 +-
 .gitignore                                    |   1 +
 README.md                                     |   8 +-
 charts/README.md                              |   4 +-
 charts/dex-k8s-authenticator/.helmignore      |  21 ----
 charts/dex-k8s-authenticator/Chart.yaml       |  10 --
 charts/dex-k8s-authenticator/README.md        | 119 ------------------
 .../dex-k8s-authenticator/templates/NOTES.txt |  19 ---
 .../templates/_helpers.tpl                    |  59 ---------
 .../templates/ca_secrets.yaml                 |  18 ---
 .../templates/configmap.yaml                  |  36 ------
 .../templates/deployment.yaml                 |  93 --------------
 .../templates/ingress.yaml                    |  40 ------
 .../templates/service.yaml                    |  33 -----
 charts/dex-k8s-authenticator/values.yaml      |  98 ---------------
 charts/dex/Chart.yaml                         |   6 +-
 charts/dex/README.md                          |   2 +-
 docs/eks.md                                   |   2 +-
 docs/ssl.md                                   |   2 +-
 go.mod                                        |  29 ++++-
 go.sum                                        |  14 +++
 tests/e2e/helm/dex-k8s-auth-overrides.yaml    |   2 +-
 22 files changed, 57 insertions(+), 563 deletions(-)
 delete mode 100644 charts/dex-k8s-authenticator/.helmignore
 delete mode 100644 charts/dex-k8s-authenticator/Chart.yaml
 delete mode 100644 charts/dex-k8s-authenticator/README.md
 delete mode 100644 charts/dex-k8s-authenticator/templates/NOTES.txt
 delete mode 100644 charts/dex-k8s-authenticator/templates/_helpers.tpl
 delete mode 100644 charts/dex-k8s-authenticator/templates/ca_secrets.yaml
 delete mode 100644 charts/dex-k8s-authenticator/templates/configmap.yaml
 delete mode 100644 charts/dex-k8s-authenticator/templates/deployment.yaml
 delete mode 100644 charts/dex-k8s-authenticator/templates/ingress.yaml
 delete mode 100644 charts/dex-k8s-authenticator/templates/service.yaml
 delete mode 100644 charts/dex-k8s-authenticator/values.yaml

diff --git a/.github/workflows/k8s.yml b/.github/workflows/k8s.yml
index 2d2e21d..0bdf6fc 100644
--- a/.github/workflows/k8s.yml
+++ b/.github/workflows/k8s.yml
@@ -46,8 +46,8 @@ jobs:
           name: kind
       - name: build-ci-image
         run: |
-          docker build -t mintel/dex-k8s-authenticator:${GITHUB_SHA} .
-          kind load docker-image mintel/dex-k8s-authenticator:${GITHUB_SHA}
+          docker build -t sl1pm4t/dex-k8s-authenticator:${GITHUB_SHA} .
+          kind load docker-image sl1pm4t/dex-k8s-authenticator:${GITHUB_SHA}
       - name: update-helm-values
         run: |
           set -x
diff --git a/.gitignore b/.gitignore
index fceea77..1de0a2d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
 bin
 ./idea
 *.iml
+dex-k8s-authenticator
diff --git a/README.md b/README.md
index 8fdf250..0098c21 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 # Dex K8s Authenticator
 
-[![golang-lint](https://github.com/mintel/dex-k8s-authenticator/workflows/golangci-lint/badge.svg)](https://github.com/mintel/dex-k8s-authenticator/actions/workflows/golangci-lint.yml)
-[![k8s-lint](https://github.com/mintel/dex-k8s-authenticator/workflows/k8s-lint/badge.svg)](https://github.com/mintel/dex-k8s-authenticator/actions/workflows/k8s.yml)
+[![golang-lint](https://github.com/sl1pm4t/dex-k8s-authenticator/workflows/golangci-lint/badge.svg)](https://github.com/sl1pm4t/dex-k8s-authenticator/actions/workflows/golangci-lint.yml)
+[![k8s-lint](https://github.com/sl1pm4t/dex-k8s-authenticator/workflows/k8s-lint/badge.svg)](https://github.com/sl1pm4t/dex-k8s-authenticator/actions/workflows/k8s.yml)
 
 A helper web-app which talks to one or more [Dex Identity services](https://github.com/dexidp/dex) to generate
 `kubectl` commands for creating and modifying a `kubeconfig`.
@@ -42,3 +42,7 @@ Feel free to raise feature-requests and bugs. PR's are also very welcome.
 
 This application is based on the original [example-app](https://github.com/coreos/dex/tree/master/cmd/example-app
 ) available in the CoreOS Dex repo.
+
+## Original Credit
+
+Credit to [mintel](https://github.com/mintel) for starting this project and open sourcing.
\ No newline at end of file
diff --git a/charts/README.md b/charts/README.md
index c9fc260..2d926ff 100644
--- a/charts/README.md
+++ b/charts/README.md
@@ -1,7 +1,7 @@
 # Helm charts for installing 'dex' with 'dex-k8s-authenticator'
 
 The charts in this folder install [`dex`](https://github.com/coreos/dex)
-with [`dex-k8s-authenticator`](https://github.com/mintel/dex-k8s-authenticator)
+with [`dex-k8s-authenticator`](https://github.com/sl1pm4t/dex-k8s-authenticator)
 
 `dex-k8s-authenticator` is a helper application for `dex`. `dex` lets you use external 
 Identify Providers (like Google, Microsoft, GitHub, LDAP) to authenticate access to Kubernetes cluster
@@ -12,7 +12,7 @@ Each install of `dex` and/or `dex-k8s-authenticator` can support multiple Kubern
 So you can install one of each for all your clusters, one in each cluster, or any combination.
 
 ```
-git clone https://github.com/mintel/dex-k8s-authenticator.git
+git clone https://github.com/sl1pm4t/dex-k8s-authenticator.git
 helm inspect values charts/dex > dex.yaml
 helm inspect values charts/dex-k8s-authenticator > dex-k8s-authenticator.yaml
 ```
diff --git a/charts/dex-k8s-authenticator/.helmignore b/charts/dex-k8s-authenticator/.helmignore
deleted file mode 100644
index f0c1319..0000000
--- a/charts/dex-k8s-authenticator/.helmignore
+++ /dev/null
@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
diff --git a/charts/dex-k8s-authenticator/Chart.yaml b/charts/dex-k8s-authenticator/Chart.yaml
deleted file mode 100644
index 4f96065..0000000
--- a/charts/dex-k8s-authenticator/Chart.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: v1
-appVersion: "v1.4.0"
-description: "Authenticator for using Dex with Kubernetes"
-name: dex-k8s-authenticator
-version: 1.4.0
-sources:
-- https://github.com/mintel/dex-k8s-authenticator
-maintainers:
-- name: Nick Badger
-  email: nbadger@mintel.com
diff --git a/charts/dex-k8s-authenticator/README.md b/charts/dex-k8s-authenticator/README.md
deleted file mode 100644
index d1fac3a..0000000
--- a/charts/dex-k8s-authenticator/README.md
+++ /dev/null
@@ -1,119 +0,0 @@
-# Helm chart for dex-k8s-authenticator
-
-This chart installs [`dex-k8s-authenticator`](https://github.com/mintel/dex-k8s-authenticator) in a Kubernetes cluster. 
-`dex-k8s-authenticator` is a helper application for [`dex`](https://github.com/coreos/dex). `dex` lets you use external 
-Identify Providers (like Google, Microsoft, GitHUb, LDAP) to authenticate access to Kubernetes cluster
-(e.g. for `kubectl`). This helper makes it easy to provide a web UI for one or more clusters.
-It give uses the information and commands to configure `kubectl` to work with the credentials `dex` provides.
-
-You can configure one or more clusters in this chart configuration, for the one or more `dex` installs you may have.
-
-```yaml
-# Default values for dex-k8s-authenticator.
-
-# Deploy environment label, e.g. dev, test, prod
-global:
-  deployEnv: dev
-
-replicaCount: 1
-
-image:
-  repository: mintel/dex-k8s-authenticator
-  tag: latest
-  pullPolicy: Always
-
-dexK8sAuthenticator:
-  port: 5555
-  debug: false
-  web_path_prefix: /
-  #logoUrl: http://<path-to-your-logo.png>
-  #kubectl_version: v1.16.2
-  #tlsCert: /path/to/dex-client.crt
-  #tlsKey: /path/to/dex-client.key
-  clusters:
-  - name: my-cluster
-    short_description: "My Cluster"
-    description: "Example Cluster Long Description..."
-    client_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok
-    issuer: https://dex.example.com
-    k8s_master_uri: https://my-cluster.example.com
-    client_id: my-cluster
-    redirect_uri: https://login.example.com/callback/my-cluster
-    k8s_ca_uri: https://url-to-your-ca.crt
-
-service:
-  type: ClusterIP
-  port: 5555
-  # loadBalancerIP: 127.0.0.1
-
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  path: /
-  hosts:
-    - chart-example.local
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 128Mi
-
-caCerts: 
-  enabled: false
-  secrets: {}
-  # Array of Self Signed Certificates
-  # cat CA.crt | base64 -w 0
-  #
-  #     name: The internal k8s name of the secret we create. It's also used in 
-  #     the volumeMount name. It must respect the k8s naming convension (avoid 
-  #     upper-case and '.' to be safe).
-  #
-  #     filename: The filename of the CA to be mounted. It must end in .crt for
-  #     update-ca-certificates to work
-  #
-  #     value: The base64 encoded value of the CA
-  #
-  #secrets:
-  #- name: ca-cert1
-  #  filename: ca1.crt
-  #  value: LS0tLS1......X2F
-  #- name: ca-cert2
-  #  filename: ca2.crt
-  #  value: DS1tFA1......X2F
-
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-```
-
-## SSL
-
-Additional reading [here](./ssl.md)
-
-### Adding Trusted Certs
-
-Multiple trusted certs can be added using the `caCerts` option. Make sure to `base64` encode each CA.
-
-### Service Requests on SSL
-
-Define the filepath to your cert and key using the following options in your helm chart.
-  - `dexK8sAuthenticator.tlsCert`
-  - `dexK8sAuthenticator.tlsKey`
-
-TODO: Requires more work as we don't have a way deploy self-signed certs or change to https scheme.
diff --git a/charts/dex-k8s-authenticator/templates/NOTES.txt b/charts/dex-k8s-authenticator/templates/NOTES.txt
deleted file mode 100644
index db64537..0000000
--- a/charts/dex-k8s-authenticator/templates/NOTES.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "dex-k8s-authenticator.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ template "dex-k8s-authenticator.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "dex-k8s-authenticator.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "dex-k8s-authenticator.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:80
-{{- end }}
diff --git a/charts/dex-k8s-authenticator/templates/_helpers.tpl b/charts/dex-k8s-authenticator/templates/_helpers.tpl
deleted file mode 100644
index 43422b7..0000000
--- a/charts/dex-k8s-authenticator/templates/_helpers.tpl
+++ /dev/null
@@ -1,59 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "dex-k8s-authenticator.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "dex-k8s-authenticator.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "dex-k8s-authenticator.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create the healthCheckPath for readiness and liveness probes.
-
-Based on the following template values:
-    - healthCheckPath
-    - ingress.path
-    - dexK8sAuthenticator.web_path_prefix
-
-The default is '/healthz'
-*/}}
-
-{{- define "dex-k8s-authenticator.healthCheckPath" -}}
-{{- if .Values.healthCheckPath -}}
-  {{ .Values.healthCheckPath }}
-{{- else -}}
-  {{- if .Values.ingress.enabled -}}
-    {{ default "" .Values.ingress.path | trimSuffix "/" }}/healthz
-  {{- else -}}
-    {{- if .Values.dexK8sAuthenticator.web_path_prefix -}}
-      {{ .Values.dexK8sAuthenticator.web_path_prefix | trimSuffix "/" }}/healthz
-    {{- else -}}
-      {{ "/healthz" }}
-    {{- end -}}
-  {{- end -}}
-{{- end -}}
-{{- end -}}
diff --git a/charts/dex-k8s-authenticator/templates/ca_secrets.yaml b/charts/dex-k8s-authenticator/templates/ca_secrets.yaml
deleted file mode 100644
index 4868716..0000000
--- a/charts/dex-k8s-authenticator/templates/ca_secrets.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-{{- if .Values.caCerts.enabled }}
-{{- range .Values.caCerts.secrets }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ template "dex-k8s-authenticator.fullname" $ }}-{{ .name }}
-  labels:
-    app: {{ template "dex-k8s-authenticator.name" $ }}
-    env: {{ default "dev" $.Values.global.deployEnv }}
-    chart: {{ template "dex-k8s-authenticator.chart" $ }}
-    release: {{ $.Release.Name }}
-    heritage: {{ $.Release.Service }}
-type: Opaque
-data:
-  {{ .name }}: {{ .value }}
----
-{{- end }}
-{{- end }}
diff --git a/charts/dex-k8s-authenticator/templates/configmap.yaml b/charts/dex-k8s-authenticator/templates/configmap.yaml
deleted file mode 100644
index 89167d7..0000000
--- a/charts/dex-k8s-authenticator/templates/configmap.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "dex-k8s-authenticator.fullname" . }}
-  labels:
-    app: {{ template "dex-k8s-authenticator.fullname" . }}
-    env: {{ default "dev" .Values.global.deployEnv }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-data:
-  config.yaml: |-
-    {{- with .Values.dexK8sAuthenticator }}
-    listen: http://0.0.0.0:{{ default "5555" .port }}
-    web_path_prefix: {{ default "/" .web_path_prefix }}
-    debug: {{ default "false" .debug }}
-    {{- if .logoUrl }}
-    logo_uri: {{ .logoUrl }}
-    {{- end }}
-    {{- if .idpCaURI }}
-    idp_ca_uri: {{ .idpCaURI }}
-    {{- end }}
-    {{- if .idpCaPem }}
-    idp_ca_pem: {{ toYaml .idpCaPem | indent 4 }}
-    {{- end }}
-    {{- if and .tlsCert .tlsKey }} 
-    tls_cert: "{{ .tlsCert }}"
-    tls_key: "{{ .tlsKey }}"
-    {{- end }}
-    {{- if .trusted_root_ca }}
-    trusted_root_ca: {{ toYaml .trusted_root_ca | indent 4 }}
-    {{- end }}
-    clusters:
-{{ toYaml .clusters | indent 4 }}
-    {{- end }}
-
diff --git a/charts/dex-k8s-authenticator/templates/deployment.yaml b/charts/dex-k8s-authenticator/templates/deployment.yaml
deleted file mode 100644
index 8a6309b..0000000
--- a/charts/dex-k8s-authenticator/templates/deployment.yaml
+++ /dev/null
@@ -1,93 +0,0 @@
-{{- if semverCompare ">= 1.9-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: apps/v1
-{{- else if semverCompare ">= 1.8-0, <= 1.9-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: apps/v1beta2
-{{- else -}}
-apiVersion: apps/v1beta1
-{{- end }}
-kind: Deployment
-metadata:
-  name: {{ template "dex-k8s-authenticator.fullname" . }}
-  labels:
-    app: {{ template "dex-k8s-authenticator.name" . }}
-    env: {{ default "dev" .Values.global.deployEnv }}
-    chart: {{ template "dex-k8s-authenticator.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app: {{ template "dex-k8s-authenticator.name" . }}
-      env: {{ default "dev" .Values.global.deployEnv }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ template "dex-k8s-authenticator.name" . }}
-        env: {{ default "dev" .Values.global.deployEnv }}
-        release: {{ .Release.Name }}
-      annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
-    spec:
-      containers:
-      - name: {{ .Chart.Name }}
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        args: [ "--config", "config.yaml" ]
-        {{- with .Values.envFrom }}
-        envFrom:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-        ports:
-        - name: http
-          containerPort: {{ default "5555" .Values.dexK8sAuthenticator.port }}
-          protocol: TCP
-        livenessProbe:
-          httpGet:
-            path: {{ template "dex-k8s-authenticator.healthCheckPath" . }}
-            port: http
-        readinessProbe:
-          httpGet:
-            path: {{ template "dex-k8s-authenticator.healthCheckPath" . }}
-            port: http
-        volumeMounts:
-        - name: config
-          subPath: config.yaml
-          mountPath: /app/config.yaml
-{{- if .Values.caCerts.enabled }}
-{{- range .Values.caCerts.secrets }}
-        - name: {{ template "dex-k8s-authenticator.fullname" $ }}-{{ .name }}
-          subPath: {{ .name }}
-          mountPath: /certs/{{ .filename }}
-{{- end }}
-{{- end }}
-        resources:
-{{ toYaml .Values.resources | indent 10 }}
-    {{- with .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-      {{- if .Values.imagePullSecrets }}
-      imagePullSecrets:
-{{ toYaml .Values.imagePullSecrets | indent 8 }}
-      {{- end }}
-      volumes:
-      - name: config
-        configMap:
-          name: {{ template "dex-k8s-authenticator.fullname" . }}
-{{- if .Values.caCerts.enabled }}
-{{- range .Values.caCerts.secrets }}
-      - name: {{ template "dex-k8s-authenticator.fullname" $ }}-{{ .name }}
-        secret:
-          secretName: {{ template "dex-k8s-authenticator.fullname" $ }}-{{ .name }}
-{{- end }}
-{{- end }}
diff --git a/charts/dex-k8s-authenticator/templates/ingress.yaml b/charts/dex-k8s-authenticator/templates/ingress.yaml
deleted file mode 100644
index 54c0fa9..0000000
--- a/charts/dex-k8s-authenticator/templates/ingress.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "dex-k8s-authenticator.fullname" . -}}
-{{- $servicePort := .Values.service.port -}}
-{{- $ingressPath := .Values.ingress.path -}}
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-    app: {{ template "dex-k8s-authenticator.name" . }}
-    env: {{ default "dev" .Values.global.deployEnv }}
-    chart: {{ template "dex-k8s-authenticator.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-{{- with .Values.ingress.annotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
-{{- if .Values.ingress.tls }}
-  tls:
-  {{- range .Values.ingress.tls }}
-  - hosts:
-    {{- range .hosts }}
-    - {{ . }}
-    {{- end }}
-    secretName: {{ .secretName }}
-  {{- end }}
-{{- end }}
-  rules:
-  {{- range .Values.ingress.hosts }}
-  - host: {{ . }}
-    http:
-      paths:
-      - path: {{ $ingressPath }}
-        backend:
-          serviceName: {{ $fullName }}
-          servicePort: {{ $servicePort }}
-  {{- end }}
-{{- end }}
diff --git a/charts/dex-k8s-authenticator/templates/service.yaml b/charts/dex-k8s-authenticator/templates/service.yaml
deleted file mode 100644
index 36476e6..0000000
--- a/charts/dex-k8s-authenticator/templates/service.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "dex-k8s-authenticator.fullname" . }}
-  labels:
-    app: {{ template "dex-k8s-authenticator.name" . }}
-    env: {{ default "dev" .Values.global.deployEnv }}
-    chart: {{ template "dex-k8s-authenticator.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-{{- if .Values.service.labels }}
-{{ toYaml .Values.service.labels | indent 4 }}
-{{- end }}
-{{- if .Values.service.annotations }}
-  annotations:
-{{ toYaml .Values.service.annotations | indent 4 }}
-{{- end }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-  - port: {{ .Values.service.port }}
-    targetPort: http
-    protocol: TCP
-    name: http
-{{- if and  .Values.service.nodePort (eq "NodePort" .Values.service.type) }}
-    nodePort: {{ .Values.service.nodePort }}
-{{- end }}
-{{- if hasKey .Values.service "loadBalancerIP" }}
-  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
-{{- end }}
-  selector:
-    app: {{ template "dex-k8s-authenticator.name" . }}
-    release: {{ .Release.Name }}
diff --git a/charts/dex-k8s-authenticator/values.yaml b/charts/dex-k8s-authenticator/values.yaml
deleted file mode 100644
index 86c8685..0000000
--- a/charts/dex-k8s-authenticator/values.yaml
+++ /dev/null
@@ -1,98 +0,0 @@
-# Default values for dex-k8s-authenticator.
-
-# Deploy environment label, e.g. dev, test, prod
-global:
-  deployEnv: dev
-
-replicaCount: 1
-
-image:
-  repository: mintel/dex-k8s-authenticator
-  tag: 1.4.0
-  pullPolicy: Always
-
-imagePullSecrets: {}
-
-dexK8sAuthenticator:
-  port: 5555
-  debug: false
-  web_path_prefix: /
-  #logoUrl: http://<path-to-your-logo.png>
-  #tlsCert: /path/to/dex-client.crt
-  #tlsKey: /path/to/dex-client.key
-  clusters:
-  - name: my-cluster
-    short_description: "My Cluster"
-    description: "Example Cluster Long Description..."
-    client_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok
-    issuer: https://dex.example.com
-    k8s_master_uri: https://my-cluster.example.com
-    client_id: my-cluster
-    redirect_uri: https://login.example.com/callback/my-cluster
-    k8s_ca_uri: https://url-to-your-ca.crt
-
-service:
-  annotations: {}
-  type: ClusterIP
-  port: 5555
-  # loadBalancerIP: 127.0.0.1
-
-  # For nodeport, specify the following:
-  #   type: NodePort
-  #   nodePort: <port-number>
-
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  path: /
-  hosts:
-    - chart-example.local
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 128Mi
-
-caCerts:
-  enabled: false
-  secrets: []
-  # Array of Self Signed Certificates
-  # cat CA.crt | base64 -w 0
-  #
-  #     name: The internal k8s name of the secret we create. It's also used in
-  #     the volumeMount name. It must respect the k8s naming convension (avoid
-  #     upper-case and '.' to be safe).
-  #
-  #     filename: The filename of the CA to be mounted. It must end in .crt for
-  #     update-ca-certificates to work
-  #
-  #     value: The base64 encoded value of the CA
-  #
-  #secrets:
-  #- name: ca-cert1
-  #  filename: ca1.crt
-  #  value: LS0tLS1......X2F
-  #- name: ca-cert2
-  #  filename: ca2.crt
-  #  value: DS1tFA1......X2F
-
-envFrom: []
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
diff --git a/charts/dex/Chart.yaml b/charts/dex/Chart.yaml
index de9f1de..3ba27b5 100644
--- a/charts/dex/Chart.yaml
+++ b/charts/dex/Chart.yaml
@@ -6,7 +6,7 @@ version: 1.4.0
 icon: https://github.com/coreos/dex/blob/master/Documentation/logos/dex-horizontal-color.png
 sources:
 - https://github.com/coreos/dex
-- https://github.com/mintel/dex-k8s-authenticator/tree/master/charts/dex
+- https://github.com/sl1pm4t/dex-k8s-authenticator/tree/master/charts/dex
 maintainers:
-- name: Nick Badger
-  email: nbadger@mintel.com
+- name: Matt Morrison
+  email: matt.morrison@ditto.live
diff --git a/charts/dex/README.md b/charts/dex/README.md
index 67b1940..0d572b1 100644
--- a/charts/dex/README.md
+++ b/charts/dex/README.md
@@ -8,7 +8,7 @@ for the Kubernetes API server](https://kubernetes.io/docs/admin/authentication/#
 This is easy using [`kube-aws` installer](https://github.com/kubernetes-incubator/kube-aws/tree/master/contrib/dex).
 
 If you want an easy way to issue and install `kubectl` credentials, then you should also
-install [`dex-k8s-authenticator`](https://github.com/mintel/dex-k8s-authenticator). There
+install [`dex-k8s-authenticator`](https://github.com/sl1pm4t/dex-k8s-authenticator). There
 is a `helm` chart available for that too (in its repo).
 
 
diff --git a/docs/eks.md b/docs/eks.md
index f82d744..cba3939 100644
--- a/docs/eks.md
+++ b/docs/eks.md
@@ -21,7 +21,7 @@ Required Charts
 - nginx-ingress-controller - https://github.com/helm/charts/tree/master/stable/nginx-ingress
 - dex - https://github.com/helm/charts/tree/master/stable/dex
 - kube-oidc-proxy - https://github.com/jetstack/kube-oidc-proxy/tree/master/deploy/charts/kube-oidc-proxy
-- dex-k8s-authenticator - https://github.com/mintel/dex-k8s-authenticator/tree/master/charts
+- dex-k8s-authenticator - https://github.com/sl1pm4t/dex-k8s-authenticator/tree/master/charts
 
 You should also setup a DNS record that points to your nginx controller (load-balancer), and setup an AWS ACM certificate.
 
diff --git a/docs/ssl.md b/docs/ssl.md
index dbb4afd..ef4ec4a 100644
--- a/docs/ssl.md
+++ b/docs/ssl.md
@@ -16,7 +16,7 @@ If using docker, you can mount a volume like so:
 docker run --rm -t -i \
     -v /tmp/certs:/certs:ro \
     -v /tmp/config.yml:/tmp/config.yml:ro \ 
-    mintel/dex-k8s-authenticator:latest --config /tmp/config.yml
+    mmorrison/dex-k8s-authenticator:latest --config /tmp/config.yml
 ```
 
 ### 2. `trusted_root_ca` config option
diff --git a/go.mod b/go.mod
index 4bbc72e..cf3d0d4 100644
--- a/go.mod
+++ b/go.mod
@@ -1,14 +1,35 @@
-module github.com/mintel/dex-k8s-authenticator
+module github.com/sl1pm4t/dex-k8s-authenticator
 
-go 1.16
+go 1.20
 
 require (
 	github.com/coreos/go-oidc v2.2.1+incompatible
-	github.com/pquerna/cachecontrol v0.1.0 // indirect
 	github.com/spf13/cast v1.3.1
 	github.com/spf13/cobra v1.1.3
 	github.com/spf13/viper v1.7.1
-	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a // indirect
 	golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c
+)
+
+require (
+	github.com/fsnotify/fsnotify v1.4.7 // indirect
+	github.com/golang/protobuf v1.4.2 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/magiconair/properties v1.8.1 // indirect
+	github.com/mitchellh/mapstructure v1.1.2 // indirect
+	github.com/pelletier/go-toml v1.2.0 // indirect
+	github.com/pquerna/cachecontrol v0.1.0 // indirect
+	github.com/spf13/afero v1.1.2 // indirect
+	github.com/spf13/jwalterweatherman v1.0.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/subosito/gotenv v1.2.0 // indirect
+	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a // indirect
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 // indirect
+	golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 // indirect
+	golang.org/x/text v0.3.3 // indirect
+	google.golang.org/appengine v1.6.6 // indirect
+	google.golang.org/protobuf v1.25.0 // indirect
+	gopkg.in/ini.v1 v1.51.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
diff --git a/go.sum b/go.sum
index a7071d9..a9d6e46 100644
--- a/go.sum
+++ b/go.sum
@@ -32,6 +32,7 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
@@ -60,6 +61,7 @@ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7
 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
@@ -114,6 +116,7 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.1 h1:JFrFEBb2xKufg6XkJsJr+WbKb4FQlURi5RUcBveYu9k=
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
@@ -127,6 +130,7 @@ github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hf
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
@@ -160,14 +164,17 @@ github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/magiconair/properties v1.8.1 h1:ZC2Vc7/ZFkGmsVC9KvOjumD+G5lXy2RtTKyzRKO2BQ4=
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
@@ -193,6 +200,7 @@ github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/pquerna/cachecontrol v0.1.0 h1:yJMy84ti9h/+OEWa752kBTKv4XC30OtVVHYv/8cTqKc=
@@ -214,7 +222,9 @@ github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
@@ -238,6 +248,7 @@ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
@@ -429,6 +440,7 @@ golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
@@ -507,6 +519,7 @@ google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/ini.v1 v1.51.0 h1:AQvPpx3LzTDM0AjnIRlVFwFFGC+npRopjZxLJj6gdno=
@@ -520,6 +533,7 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/tests/e2e/helm/dex-k8s-auth-overrides.yaml b/tests/e2e/helm/dex-k8s-auth-overrides.yaml
index f3bf07e..31044fa 100644
--- a/tests/e2e/helm/dex-k8s-auth-overrides.yaml
+++ b/tests/e2e/helm/dex-k8s-auth-overrides.yaml
@@ -1,5 +1,5 @@
 image:
-  repository: mintel/dex-k8s-authenticator
+  repository: mmorrison/dex-k8s-authenticator
   tag: ${CI_TAG}
   pullPolicy: Never
 

From a2c8d0dd7298c2a5eecd0c7e3aff8d7a5b0bf8bb Mon Sep 17 00:00:00 2001
From: Matt Morrison <matt.morrison@ditto.live>
Date: Wed, 6 Dec 2023 14:41:22 +1300
Subject: [PATCH 02/16] update helm lint action versions

---
 .github/workflows/k8s.yml | 51 +++++++++++++++++++++------------------
 1 file changed, 28 insertions(+), 23 deletions(-)

diff --git a/.github/workflows/k8s.yml b/.github/workflows/k8s.yml
index 0bdf6fc..aaeef6c 100644
--- a/.github/workflows/k8s.yml
+++ b/.github/workflows/k8s.yml
@@ -10,36 +10,41 @@ jobs:
     name: helm-lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
-      - name: helm-lint-dex
-        uses: stefanprodan/kube-tools@v1.5.0
+      - uses: actions/checkout@v4
+
+      - uses: alexellis/setup-arkade@v1
+
+      - uses: alexellis/arkade-get@master
         with:
-          helmv3: 3.0.0
-          run: |
-            helmv3 lint charts/dex
+          kubectl: latest
+          kustomize: latest
+          kubeconform: latest
+          kubeval: latest
+          helm: latest
+          jq: latest
+          yq: latest
+
+      - name: helm-lint-dex
+        run: |
+          helm lint charts/dex
+
       - name: helm-lint-dex-k8s-auth
-        uses: stefanprodan/kube-tools@v1.5.0
-        with:
-          helmv3: 3.0.0
-          command: |
-            helmv3 lint charts/dex-k8s-authenticator
+        run: |
+          helmv3 lint charts/dex-k8s-authenticator
+
       - name: helm-template
-        uses: stefanprodan/kube-tools@v1.5.0
-        with:
-          helmv3: 3.0.0
-          command: |
-            helmv3 template charts/dex --output-dir /github/workspace/rendered-charts/dex
-            helmv3 template charts/dex-k8s-authenticator --output-dir /github/workspace/rendered-charts/dex-k8s-authenticator
+        run: |
+          helm template charts/dex --output-dir /github/workspace/rendered-charts/dex
+          helm template charts/dex-k8s-authenticator --output-dir /github/workspace/rendered-charts/dex-k8s-authenticator
+
       - name: kubeval
-        uses: stefanprodan/kube-tools@v1.5.0
-        with:
-          helmv3: 3.0.0
-          command: |
-            kubeval -d /github/workspace/rendered-charts --strict --ignore-missing-schemas
+        run: |
+          kubeval -d /github/workspace/rendered-charts --strict --ignore-missing-schemas
+
   e2e:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v4
       - name: setup-kind
         uses: engineerd/setup-kind@v0.5.0
         with:

From 0beac84615293699a5429cccfdc44ac7f143f19e Mon Sep 17 00:00:00 2001
From: Matt Morrison <matt.morrison@ditto.live>
Date: Wed, 6 Dec 2023 14:51:13 +1300
Subject: [PATCH 03/16] fix more tests

---
 .github/workflows/k8s.yml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/k8s.yml b/.github/workflows/k8s.yml
index aaeef6c..54a4e9d 100644
--- a/.github/workflows/k8s.yml
+++ b/.github/workflows/k8s.yml
@@ -30,7 +30,7 @@ jobs:
 
       - name: helm-lint-dex-k8s-auth
         run: |
-          helmv3 lint charts/dex-k8s-authenticator
+          helm lint charts/dex-k8s-authenticator
 
       - name: helm-template
         run: |
@@ -45,14 +45,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+
       - name: setup-kind
-        uses: engineerd/setup-kind@v0.5.0
+        uses: helm/kind-action@v1.5.0
         with:
-          name: kind
+          cluster_name: kind
+
       - name: build-ci-image
         run: |
           docker build -t sl1pm4t/dex-k8s-authenticator:${GITHUB_SHA} .
           kind load docker-image sl1pm4t/dex-k8s-authenticator:${GITHUB_SHA}
+
       - name: update-helm-values
         run: |
           set -x
@@ -60,16 +63,19 @@ jobs:
           export CI_TAG=$GITHUB_SHA
           envsubst < ./tests/e2e/helm/dex-overrides.yaml > /tmp/dex-overrides.yaml
           envsubst < ./tests/e2e/helm/dex-k8s-auth-overrides.yaml > /tmp/dex-k8s-auth-overrides.yaml
+
       - name: install-dex
         run: |
           helm install -f /tmp/dex-overrides.yaml dex ./charts/dex
           kubectl describe deployment dex
           kubectl rollout status deploy dex -w
+
       - name: install-dex-auth
         run: |
           helm install -f /tmp/dex-k8s-auth-overrides.yaml dex-k8s-authenticator ./charts/dex-k8s-authenticator
           kubectl describe deployment dex-k8s-authenticator
           kubectl rollout status deploy dex-k8s-authenticator -w
+
       - name: test
         run: |
             kubectl get pods 

From fd91426ea41318263edf9fa65fd989c4849dc0aa Mon Sep 17 00:00:00 2001
From: Matt Morrison <matt.morrison@ditto.live>
Date: Wed, 6 Dec 2023 15:08:18 +1300
Subject: [PATCH 04/16] remove copy of dex chart

---
 .github/workflows/golangci-lint.yml      |   4 +-
 .github/workflows/k8s.yml                |   8 +-
 charts/dex/.helmignore                   |  21 --
 charts/dex/Chart.yaml                    |  12 --
 charts/dex/README.md                     | 257 -----------------------
 charts/dex/templates/NOTES.txt           |  19 --
 charts/dex/templates/_helpers.tpl        |  76 -------
 charts/dex/templates/configmap.yaml      |  13 --
 charts/dex/templates/deployment.yaml     | 105 ---------
 charts/dex/templates/ingress.yaml        |  40 ----
 charts/dex/templates/rbac.yaml           |  63 ------
 charts/dex/templates/secret.yaml         |  31 ---
 charts/dex/templates/service.yaml        |  23 --
 charts/dex/templates/serviceaccount.yaml |  12 --
 charts/dex/values.yaml                   | 245 ---------------------
 15 files changed, 4 insertions(+), 925 deletions(-)
 delete mode 100644 charts/dex/.helmignore
 delete mode 100644 charts/dex/Chart.yaml
 delete mode 100644 charts/dex/README.md
 delete mode 100644 charts/dex/templates/NOTES.txt
 delete mode 100644 charts/dex/templates/_helpers.tpl
 delete mode 100644 charts/dex/templates/configmap.yaml
 delete mode 100644 charts/dex/templates/deployment.yaml
 delete mode 100644 charts/dex/templates/ingress.yaml
 delete mode 100644 charts/dex/templates/rbac.yaml
 delete mode 100644 charts/dex/templates/secret.yaml
 delete mode 100644 charts/dex/templates/service.yaml
 delete mode 100644 charts/dex/templates/serviceaccount.yaml
 delete mode 100644 charts/dex/values.yaml

diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
index f18fab1..15f28c4 100644
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -10,8 +10,8 @@ jobs:
     name: lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v2
+        uses: golangci/golangci-lint-action@v3
         with:
           version: v1.29
diff --git a/.github/workflows/k8s.yml b/.github/workflows/k8s.yml
index 54a4e9d..a3f2091 100644
--- a/.github/workflows/k8s.yml
+++ b/.github/workflows/k8s.yml
@@ -24,17 +24,12 @@ jobs:
           jq: latest
           yq: latest
 
-      - name: helm-lint-dex
-        run: |
-          helm lint charts/dex
-
       - name: helm-lint-dex-k8s-auth
         run: |
           helm lint charts/dex-k8s-authenticator
 
       - name: helm-template
         run: |
-          helm template charts/dex --output-dir /github/workspace/rendered-charts/dex
           helm template charts/dex-k8s-authenticator --output-dir /github/workspace/rendered-charts/dex-k8s-authenticator
 
       - name: kubeval
@@ -66,7 +61,8 @@ jobs:
 
       - name: install-dex
         run: |
-          helm install -f /tmp/dex-overrides.yaml dex ./charts/dex
+          helm repo add dexidp https://charts.dexidp.io
+          helm install -f /tmp/dex-overrides.yaml dex dexidp/dex
           kubectl describe deployment dex
           kubectl rollout status deploy dex -w
 
diff --git a/charts/dex/.helmignore b/charts/dex/.helmignore
deleted file mode 100644
index f0c1319..0000000
--- a/charts/dex/.helmignore
+++ /dev/null
@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
diff --git a/charts/dex/Chart.yaml b/charts/dex/Chart.yaml
deleted file mode 100644
index 3ba27b5..0000000
--- a/charts/dex/Chart.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-appVersion: "2.27.0"
-description: "Dex federated authentication service"
-name: dex
-version: 1.4.0
-icon: https://github.com/coreos/dex/blob/master/Documentation/logos/dex-horizontal-color.png
-sources:
-- https://github.com/coreos/dex
-- https://github.com/sl1pm4t/dex-k8s-authenticator/tree/master/charts/dex
-maintainers:
-- name: Matt Morrison
-  email: matt.morrison@ditto.live
diff --git a/charts/dex/README.md b/charts/dex/README.md
deleted file mode 100644
index 0d572b1..0000000
--- a/charts/dex/README.md
+++ /dev/null
@@ -1,257 +0,0 @@
-# Helm Chart for deploying dex
-
-This chart installs `dex` in a Kubernetes cluster. You can use this deployment for one cluster 
-or for any number of cluster you configure under `staticClients` in the configuration.
-
-You also need to configure each Kubernetes cluster to use `dex` by [setting the OIDC parameters
-for the Kubernetes API server](https://kubernetes.io/docs/admin/authentication/#openid-connect-tokens). 
-This is easy using [`kube-aws` installer](https://github.com/kubernetes-incubator/kube-aws/tree/master/contrib/dex).
-
-If you want an easy way to issue and install `kubectl` credentials, then you should also
-install [`dex-k8s-authenticator`](https://github.com/sl1pm4t/dex-k8s-authenticator). There
-is a `helm` chart available for that too (in its repo).
-
-
-```yaml
-# Default values for dex
-
-# Deploy environment label, e.g. dev, test, prod
-global:
-  deployEnv: dev
-
-replicaCount: 1
-
-image:
-  repository: quay.io/coreos/dex
-  tag: v2.10.0
-  pullPolicy: IfNotPresent
-
-service:
-  type: ClusterIP
-  port: 5556
-
-tls:
-  # Specify whether a TLS secret for Dex should be created
-  # The provided certificate and key values are used to populate the
-  # tlsCert and tlsKey values in the Dex configuration.
-  #
-  # If set to true, be sure to update the listen directive in the Dex
-  # configuration to use https.
-  create: false
-
-  # Provide values for certificate and key
-  # certificate: |-
-  #   -----BEGIN CERTIFICATE-----
-  #    ...
-  #    ----END CERTIFICATE-----
-  #
-  # key: |-
-  #   -----BEGIN RSA PRIVATE KEY-----
-  #   ...
-  #   -----END RSA PRIVATE KEY-----
- 
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  path: /
-  hosts:
-    - dex.example.com
-  tls: []
-  #  - secretName: dex.example.com
-  #    hosts:
-  #      - dex.example.com
-
-rbac:
-  # Specifies whether RBAC resources should be created
-  create: true
-
-serviceAccount:
-  # Specifies whether a ServiceAccount should be created
-  create: true
-  # The name of the ServiceAccount to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name:
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 50Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 50Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-
-# Configuration file for Dex
-# Certainly secret fields can use environment variables
-#
-config: |-
-  issuer: https://dex.example.com
-
-  storage:
-    type: kubernetes
-    config:
-      inCluster: true
-
-  web:
-    http: 0.0.0.0:5556
-
-    # If enabled, be sure to configure tls settings above, or use a tool
-    # such as let-encrypt to manage the certs.
-    # Currently this chart does not support both http and https, and the port
-    # is fixed to 5556
-    #
-    # https: 0.0.0.0:5556
-    # tlsCert: /etc/dex/tls/tls.crt
-    # tlsKey: /etc/dex/tls/tls.key
-
-  frontend:
-    theme: "coreos"
-    issuer: "Example Co"
-    issuerUrl: "https://example.com"
-    logoUrl: https://example.com/images/logo-250x25.png
-
-  expiry:
-    signingKeys: "6h"
-    idTokens: "24h"
-  
-  logger:
-    level: debug
-    format: json
-
-  oauth2:
-    responseTypes: ["code", "token", "id_token"]
-    skipApprovalScreen: true
-
-  # Remember you can have multiple connectors of the same 'type' (with different 'id's)
-  # If you need e.g. logins with groups for two different Microsoft 'tenants'
-  connectors:
-
-  # GitHub configure 'OAuth Apps' -> 'New OAuth App', add callback URL
-  # https://github.com/settings/developers
-  - type: github
-    id: github
-    name: GitHub
-    config:
-      clientID: $GITHUB_CLIENT_ID
-      clientSecret: $GITHUB_CLIENT_SECRET
-      redirectURI: https://dex.example.com/callback
-      # 'orgs' can be used to map groups from Github
-      # https://github.com/coreos/dex/blob/master/Documentation/connectors/github.md
-      #orgs:
-      #- name: foo
-      #  teams:
-      #  - team-red
-      #  - team-blue
-      #- name: bar
-
-  # Google APIs account, 'Create Credentials' -> 'OAuth Client ID', add callback URL
-  # https://console.developers.google.com/apis/credentials
-  - type: oidc
-    id: google
-    name: Google
-    config:
-      issuer: https://accounts.google.com
-      clientID: $GOOGLE_CLIENT_ID
-      clientSecret: $GOOGLE_CLIENT_SECRET
-      redirectURI: https://dex.example.com/callback
-      # Google supports whitelisting allowed domains when using G Suite
-      # (Google Apps). The following field can be set to a list of domains
-      # that can log in:
-      # hostedDomains:
-      #  - example.com
-      #  - other.example.com
-
-  # Microsoft App Dev account, 'Add an app'
-  # 'Application Secrets' -> 'Generate new password'
-  # 'Platforms' -> 'Add Platform' -> 'Web', add the callback URL
-  # https://apps.dev.microsoft.com/
-  - type: microsoft
-    id: microsoft
-    name: Microsoft
-    config:
-      clientID: $MICROSOFT_APPLICATION_ID
-      clientSecret: $MICROSOFT_CLIENT_SECRET
-      redirectURI: https://dex.example.com/callback
-      # Restrict access to one tenant
-      # tenant: <tenant name> or <tenant uuid>
-      # Restrict access to certain groups
-      # groups:
-      # - group-red
-      # - group-blue
-
-  # These may not match the schema used by your LDAP server
-  # https://github.com/coreos/dex/blob/master/Documentation/connectors/ldap.md
-  - type: ldap
-    id: ldap
-    name: "LDAP"
-    config:
-      host: ldap.example.com:389
-      startTLS: true
-      bindDN: "cn=serviceAccount,dc=example,dc=com"
-      bindPW: $LDAP_BINDPW
-      usernamePrompt: "Username"
-      userSearch:
-        # Query should be "(&(objectClass=inetorgperson)(cn=<username>))"
-        baseDN: "ou=Users,dc=example,dc=com"
-        filter: "(objectClass=inetorgperson)"
-        username: cn
-        # DN must be in capitals
-        idAttr: DN
-        emailAttr: mail
-        nameAttr: displayName
-      groupSearch:
-        # Query should be "(&(objectClass=groupOfUniqueNames)(uniqueMember=<userAttr>))"
-        baseDN: "ou=Groups,dc=example,dc=com"
-        filter: "(objectClass=groupOfUniqueNames)"
-        # DN must be in capitals
-        userAttr: DN
-        groupAttr: uniqueMember
-        nameAttr: cn
-
-  # The 'name' must match the k8s API server's 'oidc-client-id'
-  staticClients:
-  - id: my-cluster
-    name: "my-cluster"
-    secret: "pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok"
-    redirectURIs:
-    - https://login.example.com/callback/my-cluster
-  
-  enablePasswordDB: True
-  staticPasswords:
-  - email: "admin@example.com"
-    # bcrypt hash of the string "password"
-    hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
-    username: "admin"
-    userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"  
-
-
-# You should not enter your secrets here if this file will be stored in source control
-# Instead create a separate file to hold or override these values
-# You need only list the environment variables you used in the 'config' above
-# You can add any additional ones you need, or remove ones you don't need
-#
-envSecrets:
-  # GitHub
-  GITHUB_CLIENT_ID: "override-me"
-  GITHUB_CLIENT_SECRET: "override-me"
-  # Google (oidc)
-  GOOGLE_CLIENT_ID: "override-me"
-  GOOGLE_CLIENT_SECRET: "override-me"
-  # Microsoft
-  MICROSOFT_APPLICATION_ID: "override-me"
-  MICROSOFT_CLIENT_SECRET: "override-me"
-  # LDAP
-  LDAP_BINDPW: "override-me"
-```
\ No newline at end of file
diff --git a/charts/dex/templates/NOTES.txt b/charts/dex/templates/NOTES.txt
deleted file mode 100644
index 2722467..0000000
--- a/charts/dex/templates/NOTES.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "dex.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ template "dex.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "dex.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "dex.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:80
-{{- end }}
diff --git a/charts/dex/templates/_helpers.tpl b/charts/dex/templates/_helpers.tpl
deleted file mode 100644
index f3e2419..0000000
--- a/charts/dex/templates/_helpers.tpl
+++ /dev/null
@@ -1,76 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "dex.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "dex.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "dex.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "dex.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create -}}
-    {{ default (include "dex.fullname" .) .Values.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create the health check path
-*/}}
-
-{{/*
-Create secret key from environment variables
-*/}}
-{{- define "dex.envkey" -}}
-{{ . | replace "_" "-" | lower }}
-{{- end -}}
-
-{{/*
-Create the healthCheckPath for readiness and liveness probes.
-
-Based on the following template values:
-    - healthCheckPath
-    - ingress.path
-
-The default is '/healthz'
-*/}}
-
-{{- define "dex.healthCheckPath" -}}
-{{- if .Values.healthCheckPath -}}
-  {{ .Values.healthCheckPath }}
-{{- else -}}
-  {{- if .Values.ingress.enabled -}}
-    {{ default "" .Values.ingress.path | trimSuffix "/" }}/healthz
-  {{- else -}}
-    {{ default "/healthz" }}
-  {{- end -}}
-{{- end -}}
-{{- end -}}
diff --git a/charts/dex/templates/configmap.yaml b/charts/dex/templates/configmap.yaml
deleted file mode 100644
index da4df93..0000000
--- a/charts/dex/templates/configmap.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "dex.fullname" . }}
-  labels:
-    app: {{ template "dex.fullname" . }}
-    env: {{ default "dev" .Values.global.deployEnv }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-data:
-  config.yaml: |-
-{{ .Values.config | indent 4 }}
diff --git a/charts/dex/templates/deployment.yaml b/charts/dex/templates/deployment.yaml
deleted file mode 100644
index d20bea3..0000000
--- a/charts/dex/templates/deployment.yaml
+++ /dev/null
@@ -1,105 +0,0 @@
-{{- if semverCompare ">= 1.9-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: apps/v1
-{{- else if semverCompare ">= 1.8-0, <= 1.9-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: apps/v1beta2
-{{- else -}}
-apiVersion: apps/v1beta1
-{{- end }}
-kind: Deployment
-metadata:
-  name: {{ template "dex.fullname" . }}
-  labels:
-    app: {{ template "dex.name" . }}
-    env: {{ default "dev" .Values.global.deployEnv }}
-    chart: {{ template "dex.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    scheduler.alpha.kubernetes.io/critical-pod: ''
-spec:
-  replicas: {{ .Values.replicaCount }}
-  minReadySeconds: 30
-  strategy:
-    rollingUpdate:
-      maxUnavailable: 0
-  selector:
-    matchLabels:
-      app: {{ template "dex.name" . }}
-      env: {{ default "dev" .Values.global.deployEnv }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ template "dex.name" . }}
-        env: {{ default "dev" .Values.global.deployEnv }}
-        release: {{ .Release.Name }}
-      annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
-    spec:
-      volumes:
-      - name: config
-        configMap:
-          name: {{ template "dex.fullname" . }}
-          items:
-          - key: config.yaml
-            path: config.yaml
-{{- if .Values.tls.create }}
-      - name: tls
-        secret:
-          secretName: {{ template "dex.fullname" $ }}-tls
-{{- end }}
-      serviceAccountName: {{ template "dex.serviceAccountName" . }}
-      containers:
-      - name: {{ .Chart.Name }}
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        command: ["/usr/local/bin/dex", "serve", "/etc/dex/config.yaml"]
-        env:
-        {{- range $key, $value := .Values.envSecrets }}
-        - name: {{ $key }}
-          valueFrom:
-            secretKeyRef:
-              name: {{ template "dex.fullname" $ }}
-              key: {{ template "dex.envkey" $key }}
-        {{- end }}
-        ports:
-        - name: http
-          containerPort: 5556
-          protocol: TCP
-        livenessProbe:
-          httpGet:
-            path: {{ template "dex.healthCheckPath" . }}
-            port: 5556
-          {{- if .Values.tls.create }}
-            scheme: HTTPS
-          {{- end }}
-        readinessProbe:
-          httpGet:
-            path: {{ template "dex.healthCheckPath" . }}
-            port: 5556
-          {{- if .Values.tls.create }}
-            scheme: HTTPS
-          {{- end }}
-          initialDelaySeconds: 5
-          timeoutSeconds: 1
-        volumeMounts:
-        - name: config
-          mountPath: /etc/dex
-{{- if .Values.tls.create }}
-        - name: tls
-          mountPath: /etc/dex/tls
-{{- end }}
-        resources:
-{{ toYaml .Values.resources | indent 10 }}
-    {{- with .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml . | indent 6 }}
-    {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-{{ toYaml . | indent 6 }}
-    {{- end }}
diff --git a/charts/dex/templates/ingress.yaml b/charts/dex/templates/ingress.yaml
deleted file mode 100644
index e4ca6ea..0000000
--- a/charts/dex/templates/ingress.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "dex.fullname" . -}}
-{{- $servicePort := .Values.service.port -}}
-{{- $ingressPath := .Values.ingress.path -}}
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-    app: {{ template "dex.name" . }}
-    env: {{ default "dev" .Values.global.deployEnv }}
-    chart: {{ template "dex.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-{{- with .Values.ingress.annotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
-{{- if .Values.ingress.tls }}
-  tls:
-  {{- range .Values.ingress.tls }}
-  - hosts:
-    {{- range .hosts }}
-      - {{ . }}
-    {{- end }}
-    secretName: {{ .secretName }}
-  {{- end }}
-{{- end }}
-  rules:
-  {{- range .Values.ingress.hosts }}
-  - host: {{ . }}
-    http:
-      paths:
-      - path: {{ $ingressPath }}
-        backend:
-          serviceName: {{ $fullName }}
-          servicePort: {{ $servicePort }}
-  {{- end }}
-{{- end }}
diff --git a/charts/dex/templates/rbac.yaml b/charts/dex/templates/rbac.yaml
deleted file mode 100644
index 330a0f6..0000000
--- a/charts/dex/templates/rbac.yaml
+++ /dev/null
@@ -1,63 +0,0 @@
-{{- if .Values.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: {{ template "dex.fullname" . }}
-rules:
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - "*"
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
-metadata:
-  name: {{ template "dex.fullname" . }}
-  namespace: {{ .Release.Namespace }}
-rules:
-- apiGroups:
-  - dex.coreos.com
-  resources:
-  - authcodes
-  - authrequests
-  - connectors
-  - oauth2clients
-  - offlinesessionses
-  - passwords
-  - refreshtokens
-  - signingkeies
-  verbs:
-  - "*"
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "dex.fullname" . }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "dex.fullname" . }}
-subjects:
-- kind: ServiceAccount
-  name: {{ template "dex.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
-  name: {{ template "dex.fullname" . }}
-  namespace: {{ .Release.Namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ template "dex.fullname" . }}
-subjects:
-- kind: ServiceAccount
-  name: {{ template "dex.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
-{{- end }}
-
-
-
diff --git a/charts/dex/templates/secret.yaml b/charts/dex/templates/secret.yaml
deleted file mode 100644
index dbff447..0000000
--- a/charts/dex/templates/secret.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ template "dex.fullname" . }}
-  labels:
-    app: {{ template "dex.fullname" . }}
-    env: {{ default "dev" .Values.global.deployEnv }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-data:
-  {{- range $key, $value := .Values.envSecrets }}
-  {{ template "dex.envkey" $key }}: "{{ $value | b64enc }}"
-  {{- end }}
-{{- if .Values.tls.create }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ template "dex.fullname" . }}-tls
-  labels:
-    app: {{ template "dex.fullname" . }}
-    env: {{ default "dev" .Values.global.deployEnv }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-type: kubernetes.io/tls
-data:
-    tls.crt: {{ .Values.tls.certificate | b64enc }}
-    tls.key: {{ .Values.tls.key | b64enc }}
-{{- end }}
diff --git a/charts/dex/templates/service.yaml b/charts/dex/templates/service.yaml
deleted file mode 100644
index e730656..0000000
--- a/charts/dex/templates/service.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "dex.fullname" . }}
-  labels:
-    app: {{ template "dex.name" . }}
-    env: {{ default "dev" .Values.global.deployEnv }}
-    chart: {{ template "dex.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-  - port: {{ .Values.service.port }}
-    targetPort: http
-    protocol: TCP
-    name: http
-{{- if and  .Values.service.nodePort (eq "NodePort" .Values.service.type) }}
-    nodePort: {{ .Values.service.nodePort }}
-{{- end }}
-  selector:
-    app: {{ template "dex.name" . }}
-    release: {{ .Release.Name }}
diff --git a/charts/dex/templates/serviceaccount.yaml b/charts/dex/templates/serviceaccount.yaml
deleted file mode 100644
index c690f83..0000000
--- a/charts/dex/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccount.create }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "dex.serviceAccountName" . }}
-  labels:
-    app: {{ template "dex.fullname" . }}
-    env: {{ default "dev" .Values.global.deployEnv }}
-    chart: {{ template "dex.chart" . }}
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-{{- end }}
diff --git a/charts/dex/values.yaml b/charts/dex/values.yaml
deleted file mode 100644
index 2a559a0..0000000
--- a/charts/dex/values.yaml
+++ /dev/null
@@ -1,245 +0,0 @@
-# Default values for dex
-
-# Deploy environment label, e.g. dev, test, prod
-global:
-  deployEnv: dev
-
-replicaCount: 1
-
-image:
-  repository: dexidp/dex
-  tag: v2.27.0
-  pullPolicy: IfNotPresent
-
-service:
-  type: ClusterIP
-  port: 5556
-
-  # For nodeport, specify the following:
-  #   type: NodePort
-  #   nodePort: <port-number>
-
-tls:
-  # Specify whether a TLS secret for Dex should be created
-  # The provided certificate and key values are used to populate the
-  # tlsCert and tlsKey values in the Dex configuration.
-  #
-  # If set to true, be sure to update the listen directive in the Dex
-  # configuration to use https.
-  create: false
-
-  # Provide values for certificate and key
-  # certificate: |-
-  #   -----BEGIN CERTIFICATE-----
-  #    ...
-  #    ----END CERTIFICATE-----
-  #
-  # key: |-
-  #   -----BEGIN RSA PRIVATE KEY-----
-  #   ...
-  #   -----END RSA PRIVATE KEY-----
- 
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  path: /
-  hosts:
-    - dex.example.com
-  tls: []
-  #  - secretName: dex.example.com
-  #    hosts:
-  #      - dex.example.com
-
-rbac:
-  # Specifies whether RBAC resources should be created
-  create: true
-  
-serviceAccount:
-  # Specifies whether a ServiceAccount should be created
-  create: true
-  # The name of the ServiceAccount to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name:
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 50Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 50Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-
-# Configuration file for Dex
-# Certainly secret fields can use environment variables
-#
-config: |-
-  issuer: https://dex.example.com
-
-  storage:
-    type: kubernetes
-    config:
-      inCluster: true
-
-  web:
-    http: 0.0.0.0:5556
-
-    # If enabled, be sure to configure tls settings above, or use a tool
-    # such as let-encrypt to manage the certs.
-    # Currently this chart does not support both http and https, and the port
-    # is fixed to 5556
-    #
-    # https: 0.0.0.0:5556
-    # tlsCert: /etc/dex/tls/tls.crt
-    # tlsKey: /etc/dex/tls/tls.key
-
-  frontend:
-    theme: "coreos"
-    issuer: "Example Co"
-    issuerUrl: "https://example.com"
-    logoUrl: https://example.com/images/logo-250x25.png
-
-  expiry:
-    signingKeys: "6h"
-    idTokens: "24h"
-  
-  logger:
-    level: debug
-    format: json
-
-  oauth2:
-    responseTypes: ["code", "token", "id_token"]
-    skipApprovalScreen: true
-
-  # Remember you can have multiple connectors of the same 'type' (with different 'id's)
-  # If you need e.g. logins with groups for two different Microsoft 'tenants'
-  connectors:
-
-  # GitHub configure 'OAuth Apps' -> 'New OAuth App', add callback URL
-  # https://github.com/settings/developers
-  - type: github
-    id: github
-    name: GitHub
-    config:
-      clientID: $GITHUB_CLIENT_ID
-      clientSecret: $GITHUB_CLIENT_SECRET
-      redirectURI: https://dex.example.com/callback
-      # 'orgs' can be used to map groups from Github
-      # https://github.com/coreos/dex/blob/master/Documentation/connectors/github.md
-      #orgs:
-      #- name: foo
-      #  teams:
-      #  - team-red
-      #  - team-blue
-      #- name: bar
-
-  # Google APIs account, 'Create Credentials' -> 'OAuth Client ID', add callback URL
-  # https://console.developers.google.com/apis/credentials
-  - type: oidc
-    id: google
-    name: Google
-    config:
-      issuer: https://accounts.google.com
-      clientID: $GOOGLE_CLIENT_ID
-      clientSecret: $GOOGLE_CLIENT_SECRET
-      redirectURI: https://dex.example.com/callback
-      # Google supports whitelisting allowed domains when using G Suite
-      # (Google Apps). The following field can be set to a list of domains
-      # that can log in:
-      # hostedDomains:
-      #  - example.com
-      #  - other.example.com
-
-  # Microsoft App Dev account, 'Add an app'
-  # 'Application Secrets' -> 'Generate new password'
-  # 'Platforms' -> 'Add Platform' -> 'Web', add the callback URL
-  # https://apps.dev.microsoft.com/
-  - type: microsoft
-    id: microsoft
-    name: Microsoft
-    config:
-      clientID: $MICROSOFT_APPLICATION_ID
-      clientSecret: $MICROSOFT_CLIENT_SECRET
-      redirectURI: https://dex.example.com/callback
-      # Restrict access to one tenant
-      # tenant: <tenant name> or <tenant uuid>
-      # Restrict access to certain groups
-      # groups:
-      # - group-red
-      # - group-blue
-
-  # These may not match the schema used by your LDAP server
-  # https://github.com/coreos/dex/blob/master/Documentation/connectors/ldap.md
-  - type: ldap
-    id: ldap
-    name: "LDAP"
-    config:
-      host: ldap.example.com:389
-      startTLS: true
-      bindDN: "cn=serviceAccount,dc=example,dc=com"
-      bindPW: $LDAP_BINDPW
-      usernamePrompt: "Username"
-      userSearch:
-        # Query should be "(&(objectClass=inetorgperson)(cn=<username>))"
-        baseDN: "ou=Users,dc=example,dc=com"
-        filter: "(objectClass=inetorgperson)"
-        username: cn
-        # DN must be in capitals
-        idAttr: DN
-        emailAttr: mail
-        nameAttr: displayName
-      groupSearch:
-        # Query should be "(&(objectClass=groupOfUniqueNames)(uniqueMember=<userAttr>))"
-        baseDN: "ou=Groups,dc=example,dc=com"
-        filter: "(objectClass=groupOfUniqueNames)"
-        # DN must be in capitals
-        userAttr: DN
-        groupAttr: uniqueMember
-        nameAttr: cn
-
-  # The 'name' must match the k8s API server's 'oidc-client-id'
-  staticClients:
-  - id: my-cluster
-    name: "my-cluster"
-    secret: "pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok"
-    redirectURIs:
-    - https://login.example.com/callback/my-cluster
-  
-  enablePasswordDB: True
-  staticPasswords:
-  - email: "admin@example.com"
-    # bcrypt hash of the string "password"
-    hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
-    username: "admin"
-    userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"  
-
-
-# You should not enter your secrets here if this file will be stored in source control
-# Instead create a separate file to hold or override these values
-# You need only list the environment variables you used in the 'config' above
-# You can add any additional ones you need, or remove ones you don't need
-#
-envSecrets:
-  # GitHub
-  GITHUB_CLIENT_ID: "override-me"
-  GITHUB_CLIENT_SECRET: "override-me"
-  # Google (oidc)
-  GOOGLE_CLIENT_ID: "override-me"
-  GOOGLE_CLIENT_SECRET: "override-me"
-  # Microsoft
-  MICROSOFT_APPLICATION_ID: "override-me"
-  MICROSOFT_CLIENT_SECRET: "override-me"
-  # LDAP
-  LDAP_BINDPW: "override-me"

From e39b4faa907b7dc3fd26caec6eebec6552a39f9f Mon Sep 17 00:00:00 2001
From: Matt Morrison <matt.morrison@ditto.live>
Date: Wed, 6 Dec 2023 15:32:28 +1300
Subject: [PATCH 05/16] fix go lints

---
 dex-auth.go | 4 ++--
 main.go     | 7 +++----
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/dex-auth.go b/dex-auth.go
index b7b9e1b..36d76d3 100644
--- a/dex-auth.go
+++ b/dex-auth.go
@@ -4,9 +4,9 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"net/http"
+	"os"
 	"path"
 	"time"
 
@@ -138,7 +138,7 @@ func (cluster *Cluster) handleCallback(w http.ResponseWriter, r *http.Request) {
 	if cluster.Config.IDP_Ca_Pem != "" {
 		IdpCaPem = cluster.Config.IDP_Ca_Pem
 	} else if cluster.Config.IDP_Ca_Pem_File != "" {
-		content, err := ioutil.ReadFile(cluster.Config.IDP_Ca_Pem_File)
+		content, err := os.ReadFile(cluster.Config.IDP_Ca_Pem_File)
 		if err != nil {
 			log.Fatalf("Failed to load CA from file %s, %s", cluster.Config.IDP_Ca_Pem_File, err)
 		}
diff --git a/main.go b/main.go
index d77945e..7885362 100644
--- a/main.go
+++ b/main.go
@@ -7,7 +7,6 @@ import (
 	"crypto/x509"
 	"encoding/base64"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"net/http"
 	"net/http/httputil"
@@ -139,7 +138,7 @@ func start_app(config Config) {
 	}
 	// Load CA certs from file
 	if config.Trusted_Root_Ca_File != "" {
-		content, err := ioutil.ReadFile(config.Trusted_Root_Ca_File)
+		content, err := os.ReadFile(config.Trusted_Root_Ca_File)
 		if err != nil {
 			log.Fatalf("Failed to read file Trusted Root CA %s, %v", config.Trusted_Root_Ca_File, err)
 		}
@@ -241,7 +240,7 @@ func start_app(config Config) {
 		}
 
 		if cluster.K8s_Ca_Pem_File != "" {
-			content, err := ioutil.ReadFile(cluster.K8s_Ca_Pem_File)
+			content, err := os.ReadFile(cluster.K8s_Ca_Pem_File)
 			if err != nil {
 				log.Fatalf("Failed to load CA from file %s, %s", cluster.K8s_Ca_Pem_File, err)
 			}
@@ -393,7 +392,7 @@ func initConfig() {
 		viper.AddConfigPath(path)
 		viper.SetDefault("web_path_prefix", "/")
 
-		config, err := ioutil.ReadFile(config_file)
+		config, err := os.ReadFile(config_file)
 		if err != nil {
 			log.Fatalf("Error reading config file, %s", err)
 		}

From 187efaecb7175c3e76b8972be7732e6975aaafad Mon Sep 17 00:00:00 2001
From: Matt Morrison <matt.morrison@ditto.live>
Date: Wed, 6 Dec 2023 15:39:48 +1300
Subject: [PATCH 06/16] update dex-overrides for modern ingress

---
 tests/e2e/helm/dex-overrides.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tests/e2e/helm/dex-overrides.yaml b/tests/e2e/helm/dex-overrides.yaml
index fd2c5dd..823e7db 100644
--- a/tests/e2e/helm/dex-overrides.yaml
+++ b/tests/e2e/helm/dex-overrides.yaml
@@ -9,7 +9,10 @@ ingress:
   enabled: true
   path: /
   hosts:
-  - dex.${NODE_IP}.nip.io
+  - host: dex.${NODE_IP}.nip.io
+    paths:
+      - path: /
+        pathType: ImplementationSpecific
 
 config: |-
   issuer: http://${NODE_IP}:30001

From b382efe620c564caf8b6e58359875cfe5476b97d Mon Sep 17 00:00:00 2001
From: Matt Morrison <matt.morrison@ditto.live>
Date: Wed, 6 Dec 2023 15:48:20 +1300
Subject: [PATCH 07/16] re-add dex-k8s-authenticator chart

---
 .gitignore                                    |   1 +
 charts/dex-k8s-authenticator/.helmignore      |  21 ++++
 charts/dex-k8s-authenticator/Chart.yaml       |  10 ++
 charts/dex-k8s-authenticator/README.md        | 119 ++++++++++++++++++
 .../dex-k8s-authenticator/templates/NOTES.txt |  19 +++
 .../templates/_helpers.tpl                    |  59 +++++++++
 .../templates/ca_secrets.yaml                 |  18 +++
 .../templates/configmap.yaml                  |  36 ++++++
 .../templates/deployment.yaml                 |  93 ++++++++++++++
 .../templates/ingress.yaml                    |  40 ++++++
 .../templates/service.yaml                    |  33 +++++
 charts/dex-k8s-authenticator/values.yaml      |  98 +++++++++++++++
 12 files changed, 547 insertions(+)
 create mode 100644 charts/dex-k8s-authenticator/.helmignore
 create mode 100644 charts/dex-k8s-authenticator/Chart.yaml
 create mode 100644 charts/dex-k8s-authenticator/README.md
 create mode 100644 charts/dex-k8s-authenticator/templates/NOTES.txt
 create mode 100644 charts/dex-k8s-authenticator/templates/_helpers.tpl
 create mode 100644 charts/dex-k8s-authenticator/templates/ca_secrets.yaml
 create mode 100644 charts/dex-k8s-authenticator/templates/configmap.yaml
 create mode 100644 charts/dex-k8s-authenticator/templates/deployment.yaml
 create mode 100644 charts/dex-k8s-authenticator/templates/ingress.yaml
 create mode 100644 charts/dex-k8s-authenticator/templates/service.yaml
 create mode 100644 charts/dex-k8s-authenticator/values.yaml

diff --git a/.gitignore b/.gitignore
index 1de0a2d..9cc4d2e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@ bin
 ./idea
 *.iml
 dex-k8s-authenticator
+!charts/dex-k8s-authenticator
diff --git a/charts/dex-k8s-authenticator/.helmignore b/charts/dex-k8s-authenticator/.helmignore
new file mode 100644
index 0000000..f0c1319
--- /dev/null
+++ b/charts/dex-k8s-authenticator/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/dex-k8s-authenticator/Chart.yaml b/charts/dex-k8s-authenticator/Chart.yaml
new file mode 100644
index 0000000..dce3f4a
--- /dev/null
+++ b/charts/dex-k8s-authenticator/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+appVersion: "v2.0.0"
+description: "Authenticator for using Dex with Kubernetes"
+name: dex-k8s-authenticator
+version: 2.0.0
+sources:
+- https://github.com/sl1pm4t/dex-k8s-authenticator
+maintainers:
+- name: Matt Morrison
+  email: matt.morrison@ditto.live
diff --git a/charts/dex-k8s-authenticator/README.md b/charts/dex-k8s-authenticator/README.md
new file mode 100644
index 0000000..1af50e3
--- /dev/null
+++ b/charts/dex-k8s-authenticator/README.md
@@ -0,0 +1,119 @@
+# Helm chart for dex-k8s-authenticator
+
+This chart installs [`dex-k8s-authenticator`](https://github.com/sl1pm4t/dex-k8s-authenticator) in a Kubernetes cluster. 
+`dex-k8s-authenticator` is a helper application for [`dex`](https://github.com/coreos/dex). `dex` lets you use external 
+Identify Providers (like Google, Microsoft, GitHUb, LDAP) to authenticate access to Kubernetes cluster
+(e.g. for `kubectl`). This helper makes it easy to provide a web UI for one or more clusters.
+It give uses the information and commands to configure `kubectl` to work with the credentials `dex` provides.
+
+You can configure one or more clusters in this chart configuration, for the one or more `dex` installs you may have.
+
+```yaml
+# Default values for dex-k8s-authenticator.
+
+# Deploy environment label, e.g. dev, test, prod
+global:
+  deployEnv: dev
+
+replicaCount: 1
+
+image:
+  repository: mmorrison/dex-k8s-authenticator
+  tag: latest
+  pullPolicy: Always
+
+dexK8sAuthenticator:
+  port: 5555
+  debug: false
+  web_path_prefix: /
+  #logoUrl: http://<path-to-your-logo.png>
+  #kubectl_version: v1.16.2
+  #tlsCert: /path/to/dex-client.crt
+  #tlsKey: /path/to/dex-client.key
+  clusters:
+  - name: my-cluster
+    short_description: "My Cluster"
+    description: "Example Cluster Long Description..."
+    client_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok
+    issuer: https://dex.example.com
+    k8s_master_uri: https://my-cluster.example.com
+    client_id: my-cluster
+    redirect_uri: https://login.example.com/callback/my-cluster
+    k8s_ca_uri: https://url-to-your-ca.crt
+
+service:
+  type: ClusterIP
+  port: 5555
+  # loadBalancerIP: 127.0.0.1
+
+ingress:
+  enabled: false
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  path: /
+  hosts:
+    - chart-example.local
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+
+caCerts: 
+  enabled: false
+  secrets: {}
+  # Array of Self Signed Certificates
+  # cat CA.crt | base64 -w 0
+  #
+  #     name: The internal k8s name of the secret we create. It's also used in 
+  #     the volumeMount name. It must respect the k8s naming convension (avoid 
+  #     upper-case and '.' to be safe).
+  #
+  #     filename: The filename of the CA to be mounted. It must end in .crt for
+  #     update-ca-certificates to work
+  #
+  #     value: The base64 encoded value of the CA
+  #
+  #secrets:
+  #- name: ca-cert1
+  #  filename: ca1.crt
+  #  value: LS0tLS1......X2F
+  #- name: ca-cert2
+  #  filename: ca2.crt
+  #  value: DS1tFA1......X2F
+
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+```
+
+## SSL
+
+Additional reading [here](./ssl.md)
+
+### Adding Trusted Certs
+
+Multiple trusted certs can be added using the `caCerts` option. Make sure to `base64` encode each CA.
+
+### Service Requests on SSL
+
+Define the filepath to your cert and key using the following options in your helm chart.
+  - `dexK8sAuthenticator.tlsCert`
+  - `dexK8sAuthenticator.tlsKey`
+
+TODO: Requires more work as we don't have a way deploy self-signed certs or change to https scheme.
diff --git a/charts/dex-k8s-authenticator/templates/NOTES.txt b/charts/dex-k8s-authenticator/templates/NOTES.txt
new file mode 100644
index 0000000..db64537
--- /dev/null
+++ b/charts/dex-k8s-authenticator/templates/NOTES.txt
@@ -0,0 +1,19 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "dex-k8s-authenticator.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ template "dex-k8s-authenticator.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "dex-k8s-authenticator.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "dex-k8s-authenticator.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:80
+{{- end }}
diff --git a/charts/dex-k8s-authenticator/templates/_helpers.tpl b/charts/dex-k8s-authenticator/templates/_helpers.tpl
new file mode 100644
index 0000000..43422b7
--- /dev/null
+++ b/charts/dex-k8s-authenticator/templates/_helpers.tpl
@@ -0,0 +1,59 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "dex-k8s-authenticator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "dex-k8s-authenticator.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "dex-k8s-authenticator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the healthCheckPath for readiness and liveness probes.
+
+Based on the following template values:
+    - healthCheckPath
+    - ingress.path
+    - dexK8sAuthenticator.web_path_prefix
+
+The default is '/healthz'
+*/}}
+
+{{- define "dex-k8s-authenticator.healthCheckPath" -}}
+{{- if .Values.healthCheckPath -}}
+  {{ .Values.healthCheckPath }}
+{{- else -}}
+  {{- if .Values.ingress.enabled -}}
+    {{ default "" .Values.ingress.path | trimSuffix "/" }}/healthz
+  {{- else -}}
+    {{- if .Values.dexK8sAuthenticator.web_path_prefix -}}
+      {{ .Values.dexK8sAuthenticator.web_path_prefix | trimSuffix "/" }}/healthz
+    {{- else -}}
+      {{ "/healthz" }}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/dex-k8s-authenticator/templates/ca_secrets.yaml b/charts/dex-k8s-authenticator/templates/ca_secrets.yaml
new file mode 100644
index 0000000..4868716
--- /dev/null
+++ b/charts/dex-k8s-authenticator/templates/ca_secrets.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.caCerts.enabled }}
+{{- range .Values.caCerts.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "dex-k8s-authenticator.fullname" $ }}-{{ .name }}
+  labels:
+    app: {{ template "dex-k8s-authenticator.name" $ }}
+    env: {{ default "dev" $.Values.global.deployEnv }}
+    chart: {{ template "dex-k8s-authenticator.chart" $ }}
+    release: {{ $.Release.Name }}
+    heritage: {{ $.Release.Service }}
+type: Opaque
+data:
+  {{ .name }}: {{ .value }}
+---
+{{- end }}
+{{- end }}
diff --git a/charts/dex-k8s-authenticator/templates/configmap.yaml b/charts/dex-k8s-authenticator/templates/configmap.yaml
new file mode 100644
index 0000000..89167d7
--- /dev/null
+++ b/charts/dex-k8s-authenticator/templates/configmap.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "dex-k8s-authenticator.fullname" . }}
+  labels:
+    app: {{ template "dex-k8s-authenticator.fullname" . }}
+    env: {{ default "dev" .Values.global.deployEnv }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+data:
+  config.yaml: |-
+    {{- with .Values.dexK8sAuthenticator }}
+    listen: http://0.0.0.0:{{ default "5555" .port }}
+    web_path_prefix: {{ default "/" .web_path_prefix }}
+    debug: {{ default "false" .debug }}
+    {{- if .logoUrl }}
+    logo_uri: {{ .logoUrl }}
+    {{- end }}
+    {{- if .idpCaURI }}
+    idp_ca_uri: {{ .idpCaURI }}
+    {{- end }}
+    {{- if .idpCaPem }}
+    idp_ca_pem: {{ toYaml .idpCaPem | indent 4 }}
+    {{- end }}
+    {{- if and .tlsCert .tlsKey }} 
+    tls_cert: "{{ .tlsCert }}"
+    tls_key: "{{ .tlsKey }}"
+    {{- end }}
+    {{- if .trusted_root_ca }}
+    trusted_root_ca: {{ toYaml .trusted_root_ca | indent 4 }}
+    {{- end }}
+    clusters:
+{{ toYaml .clusters | indent 4 }}
+    {{- end }}
+
diff --git a/charts/dex-k8s-authenticator/templates/deployment.yaml b/charts/dex-k8s-authenticator/templates/deployment.yaml
new file mode 100644
index 0000000..8a6309b
--- /dev/null
+++ b/charts/dex-k8s-authenticator/templates/deployment.yaml
@@ -0,0 +1,93 @@
+{{- if semverCompare ">= 1.9-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: apps/v1
+{{- else if semverCompare ">= 1.8-0, <= 1.9-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: apps/v1beta2
+{{- else -}}
+apiVersion: apps/v1beta1
+{{- end }}
+kind: Deployment
+metadata:
+  name: {{ template "dex-k8s-authenticator.fullname" . }}
+  labels:
+    app: {{ template "dex-k8s-authenticator.name" . }}
+    env: {{ default "dev" .Values.global.deployEnv }}
+    chart: {{ template "dex-k8s-authenticator.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "dex-k8s-authenticator.name" . }}
+      env: {{ default "dev" .Values.global.deployEnv }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "dex-k8s-authenticator.name" . }}
+        env: {{ default "dev" .Values.global.deployEnv }}
+        release: {{ .Release.Name }}
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+    spec:
+      containers:
+      - name: {{ .Chart.Name }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        args: [ "--config", "config.yaml" ]
+        {{- with .Values.envFrom }}
+        envFrom:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        ports:
+        - name: http
+          containerPort: {{ default "5555" .Values.dexK8sAuthenticator.port }}
+          protocol: TCP
+        livenessProbe:
+          httpGet:
+            path: {{ template "dex-k8s-authenticator.healthCheckPath" . }}
+            port: http
+        readinessProbe:
+          httpGet:
+            path: {{ template "dex-k8s-authenticator.healthCheckPath" . }}
+            port: http
+        volumeMounts:
+        - name: config
+          subPath: config.yaml
+          mountPath: /app/config.yaml
+{{- if .Values.caCerts.enabled }}
+{{- range .Values.caCerts.secrets }}
+        - name: {{ template "dex-k8s-authenticator.fullname" $ }}-{{ .name }}
+          subPath: {{ .name }}
+          mountPath: /certs/{{ .filename }}
+{{- end }}
+{{- end }}
+        resources:
+{{ toYaml .Values.resources | indent 10 }}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+      {{- end }}
+      volumes:
+      - name: config
+        configMap:
+          name: {{ template "dex-k8s-authenticator.fullname" . }}
+{{- if .Values.caCerts.enabled }}
+{{- range .Values.caCerts.secrets }}
+      - name: {{ template "dex-k8s-authenticator.fullname" $ }}-{{ .name }}
+        secret:
+          secretName: {{ template "dex-k8s-authenticator.fullname" $ }}-{{ .name }}
+{{- end }}
+{{- end }}
diff --git a/charts/dex-k8s-authenticator/templates/ingress.yaml b/charts/dex-k8s-authenticator/templates/ingress.yaml
new file mode 100644
index 0000000..54c0fa9
--- /dev/null
+++ b/charts/dex-k8s-authenticator/templates/ingress.yaml
@@ -0,0 +1,40 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "dex-k8s-authenticator.fullname" . -}}
+{{- $servicePort := .Values.service.port -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    app: {{ template "dex-k8s-authenticator.name" . }}
+    env: {{ default "dev" .Values.global.deployEnv }}
+    chart: {{ template "dex-k8s-authenticator.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+  - hosts:
+    {{- range .hosts }}
+    - {{ . }}
+    {{- end }}
+    secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+  - host: {{ . }}
+    http:
+      paths:
+      - path: {{ $ingressPath }}
+        backend:
+          serviceName: {{ $fullName }}
+          servicePort: {{ $servicePort }}
+  {{- end }}
+{{- end }}
diff --git a/charts/dex-k8s-authenticator/templates/service.yaml b/charts/dex-k8s-authenticator/templates/service.yaml
new file mode 100644
index 0000000..36476e6
--- /dev/null
+++ b/charts/dex-k8s-authenticator/templates/service.yaml
@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "dex-k8s-authenticator.fullname" . }}
+  labels:
+    app: {{ template "dex-k8s-authenticator.name" . }}
+    env: {{ default "dev" .Values.global.deployEnv }}
+    chart: {{ template "dex-k8s-authenticator.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- if .Values.service.labels }}
+{{ toYaml .Values.service.labels | indent 4 }}
+{{- end }}
+{{- if .Values.service.annotations }}
+  annotations:
+{{ toYaml .Values.service.annotations | indent 4 }}
+{{- end }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+  - port: {{ .Values.service.port }}
+    targetPort: http
+    protocol: TCP
+    name: http
+{{- if and  .Values.service.nodePort (eq "NodePort" .Values.service.type) }}
+    nodePort: {{ .Values.service.nodePort }}
+{{- end }}
+{{- if hasKey .Values.service "loadBalancerIP" }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+{{- end }}
+  selector:
+    app: {{ template "dex-k8s-authenticator.name" . }}
+    release: {{ .Release.Name }}
diff --git a/charts/dex-k8s-authenticator/values.yaml b/charts/dex-k8s-authenticator/values.yaml
new file mode 100644
index 0000000..e249df2
--- /dev/null
+++ b/charts/dex-k8s-authenticator/values.yaml
@@ -0,0 +1,98 @@
+# Default values for dex-k8s-authenticator.
+
+# Deploy environment label, e.g. dev, test, prod
+global:
+  deployEnv: dev
+
+replicaCount: 1
+
+image:
+  repository: mmorrison/dex-k8s-authenticator
+  tag: 1.4.0
+  pullPolicy: Always
+
+imagePullSecrets: {}
+
+dexK8sAuthenticator:
+  port: 5555
+  debug: false
+  web_path_prefix: /
+  #logoUrl: http://<path-to-your-logo.png>
+  #tlsCert: /path/to/dex-client.crt
+  #tlsKey: /path/to/dex-client.key
+  clusters:
+  - name: my-cluster
+    short_description: "My Cluster"
+    description: "Example Cluster Long Description..."
+    client_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok
+    issuer: https://dex.example.com
+    k8s_master_uri: https://my-cluster.example.com
+    client_id: my-cluster
+    redirect_uri: https://login.example.com/callback/my-cluster
+    k8s_ca_uri: https://url-to-your-ca.crt
+
+service:
+  annotations: {}
+  type: ClusterIP
+  port: 5555
+  # loadBalancerIP: 127.0.0.1
+
+  # For nodeport, specify the following:
+  #   type: NodePort
+  #   nodePort: <port-number>
+
+ingress:
+  enabled: false
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  path: /
+  hosts:
+    - chart-example.local
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+
+caCerts:
+  enabled: false
+  secrets: []
+  # Array of Self Signed Certificates
+  # cat CA.crt | base64 -w 0
+  #
+  #     name: The internal k8s name of the secret we create. It's also used in
+  #     the volumeMount name. It must respect the k8s naming convension (avoid
+  #     upper-case and '.' to be safe).
+  #
+  #     filename: The filename of the CA to be mounted. It must end in .crt for
+  #     update-ca-certificates to work
+  #
+  #     value: The base64 encoded value of the CA
+  #
+  #secrets:
+  #- name: ca-cert1
+  #  filename: ca1.crt
+  #  value: LS0tLS1......X2F
+  #- name: ca-cert2
+  #  filename: ca2.crt
+  #  value: DS1tFA1......X2F
+
+envFrom: []
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

From 69e183d987126de1e03ed7fca8ceb7c4918d2efe Mon Sep 17 00:00:00 2001
From: Matt Morrison <matt.morrison@ditto.live>
Date: Wed, 6 Dec 2023 15:48:29 +1300
Subject: [PATCH 08/16] update ingress for modern k8s

---
 .../templates/ingress.yaml                     | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/charts/dex-k8s-authenticator/templates/ingress.yaml b/charts/dex-k8s-authenticator/templates/ingress.yaml
index 54c0fa9..15449a4 100644
--- a/charts/dex-k8s-authenticator/templates/ingress.yaml
+++ b/charts/dex-k8s-authenticator/templates/ingress.yaml
@@ -2,7 +2,13 @@
 {{- $fullName := include "dex-k8s-authenticator.fullname" . -}}
 {{- $servicePort := .Values.service.port -}}
 {{- $ingressPath := .Values.ingress.path -}}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
 apiVersion: extensions/v1beta1
+{{- end }}
 kind: Ingress
 metadata:
   name: {{ $fullName }}
@@ -33,8 +39,18 @@ spec:
     http:
       paths:
       - path: {{ $ingressPath }}
+        {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+        pathType: ImplementationSpecific
+        {{- end }}
         backend:
+          {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+          service:
+            name: {{ $fullName }}
+            port:
+              number: {{ $svcPort }}
+          {{- else }}
           serviceName: {{ $fullName }}
-          servicePort: {{ $servicePort }}
+          servicePort: {{ $svcPort }}
+          {{- end }}
   {{- end }}
 {{- end }}

From 3bb732ceb10b285e41ff3ab2f980548e4978c771 Mon Sep 17 00:00:00 2001
From: Matt Morrison <matt.morrison@ditto.live>
Date: Wed, 6 Dec 2023 15:54:29 +1300
Subject: [PATCH 09/16] Do a go build

---
 .github/workflows/golangci-lint.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
index 15f28c4..6f8f657 100644
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -11,6 +11,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v4
+        with:
+          go-version-file: 'go.mod'
+
+      - run: go build -v
+
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:

From dc51d9569d340c07735bd2b6f15bcb85bd2505f1 Mon Sep 17 00:00:00 2001
From: Matt Morrison <matt.morrison@ditto.live>
Date: Wed, 6 Dec 2023 15:56:01 +1300
Subject: [PATCH 10/16] fix: servicePort

---
 charts/dex-k8s-authenticator/templates/ingress.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/charts/dex-k8s-authenticator/templates/ingress.yaml b/charts/dex-k8s-authenticator/templates/ingress.yaml
index 15449a4..c8a3ab9 100644
--- a/charts/dex-k8s-authenticator/templates/ingress.yaml
+++ b/charts/dex-k8s-authenticator/templates/ingress.yaml
@@ -47,10 +47,10 @@ spec:
           service:
             name: {{ $fullName }}
             port:
-              number: {{ $svcPort }}
+              number: {{ $servicePort }}
           {{- else }}
           serviceName: {{ $fullName }}
-          servicePort: {{ $svcPort }}
+          servicePort: {{ $servicePort }}
           {{- end }}
   {{- end }}
 {{- end }}

From 7e027ad44e7c5157275f41c1c8d18a0100c52753 Mon Sep 17 00:00:00 2001
From: Matt Morrison <matt.morrison@ditto.live>
Date: Wed, 6 Dec 2023 16:05:20 +1300
Subject: [PATCH 11/16] Update dependencies

---
 .gitignore |   1 +
 go.mod     |  49 +++--
 go.sum     | 606 ++++++++---------------------------------------------
 3 files changed, 112 insertions(+), 544 deletions(-)

diff --git a/.gitignore b/.gitignore
index 9cc4d2e..59516a6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@ bin
 *.iml
 dex-k8s-authenticator
 !charts/dex-k8s-authenticator
+.idea
diff --git a/go.mod b/go.mod
index cf3d0d4..4ec9a47 100644
--- a/go.mod
+++ b/go.mod
@@ -4,32 +4,35 @@ go 1.20
 
 require (
 	github.com/coreos/go-oidc v2.2.1+incompatible
-	github.com/spf13/cast v1.3.1
-	github.com/spf13/cobra v1.1.3
-	github.com/spf13/viper v1.7.1
-	golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c
+	github.com/spf13/cast v1.6.0
+	github.com/spf13/cobra v1.8.0
+	github.com/spf13/viper v1.17.0
+	golang.org/x/oauth2 v0.15.0
 )
 
 require (
-	github.com/fsnotify/fsnotify v1.4.7 // indirect
-	github.com/golang/protobuf v1.4.2 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/inconshreveable/mousetrap v1.0.0 // indirect
-	github.com/magiconair/properties v1.8.1 // indirect
-	github.com/mitchellh/mapstructure v1.1.2 // indirect
-	github.com/pelletier/go-toml v1.2.0 // indirect
-	github.com/pquerna/cachecontrol v0.1.0 // indirect
-	github.com/spf13/afero v1.1.2 // indirect
-	github.com/spf13/jwalterweatherman v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
+	github.com/pquerna/cachecontrol v0.2.0 // indirect
+	github.com/sagikazarmark/locafero v0.4.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/subosito/gotenv v1.2.0 // indirect
-	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a // indirect
-	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 // indirect
-	golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 // indirect
-	golang.org/x/text v0.3.3 // indirect
-	google.golang.org/appengine v1.6.6 // indirect
-	google.golang.org/protobuf v1.25.0 // indirect
-	gopkg.in/ini.v1 v1.51.0 // indirect
-	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	golang.org/x/crypto v0.16.0 // indirect
+	golang.org/x/exp v0.0.0-20231127185646-65229373498e // indirect
+	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/go.sum b/go.sum
index a9d6e46..7cb01ea 100644
--- a/go.sum
+++ b/go.sum
@@ -1,547 +1,111 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
-cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
-cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
-cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
-github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
-github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
-github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
-github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk=
 github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
-github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1 h1:JFrFEBb2xKufg6XkJsJr+WbKb4FQlURi5RUcBveYu9k=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
-github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
-github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
-github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
-github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
-github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
-github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
-github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/magiconair/properties v1.8.1 h1:ZC2Vc7/ZFkGmsVC9KvOjumD+G5lXy2RtTKyzRKO2BQ4=
-github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
-github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
-github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
-github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
-github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
-github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
+github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=
+github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
-github.com/pquerna/cachecontrol v0.1.0 h1:yJMy84ti9h/+OEWa752kBTKv4XC30OtVVHYv/8cTqKc=
-github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
-github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
-github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI=
-github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng=
-github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cobra v1.1.3 h1:xghbfqPkxzxP3C/f3n5DdpAbdKLj4ZE4BWQI362l53M=
-github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
-github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk=
-github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pquerna/cachecontrol v0.2.0 h1:vBXSNuE5MYP9IJ5kjsdo8uq+w41jSPgvba2DEnkRx9k=
+github.com/pquerna/cachecontrol v0.2.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI=
+github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
+github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
+github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
+github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
+github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
+github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
+github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
+github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
+github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
+github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
+github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
+github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
-github.com/spf13/viper v1.7.1 h1:pM5oEahlgWv/WnHXpgbKz7iLIxRf65tye2Ci+XFK5sk=
-github.com/spf13/viper v1.7.1/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
+github.com/spf13/viper v1.17.0 h1:I5txKw7MJasPL/BrfkbA0Jyo/oELqVmux4pR/UxOMfI=
+github.com/spf13/viper v1.17.0/go.mod h1:BmMMMLQXSbcHK6KAOiFLz0l5JHrU89OdIRHvsk0+yVI=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
-github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
+github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc=
-golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
+golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/exp v0.0.0-20231127185646-65229373498e h1:Gvh4YaCaXNs6dKTlfgismwWZKyjVZXwOPfIyUaqU3No=
+golang.org/x/exp v0.0.0-20231127185646-65229373498e/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 h1:qWPm9rbaAMKs8Bq/9LRpbMqxWRVUAQwMI9fVrssnTfw=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c h1:pkQiBZBvdos9qq4wBAHqlzuZHEXo07pqV06ef90u1WI=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
+golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 h1:nxC68pudNYkKU6jWhgrqdreuFiOQWj1Fs7T3VrH4Pjw=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
-google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/ini.v1 v1.51.0 h1:AQvPpx3LzTDM0AjnIRlVFwFFGC+npRopjZxLJj6gdno=
-gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
-gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
+gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

From aaa8fc61ba34434630c1b3c1d3852a8047ed128c Mon Sep 17 00:00:00 2001
From: Matt Morrison <matt.morrison@ditto.live>
Date: Wed, 6 Dec 2023 16:10:26 +1300
Subject: [PATCH 12/16] Update go + alpine versions in Dockerfile

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 99d7a11..a1c13b2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.16.4-alpine3.13
+FROM golang:1.20-alpine
 
 RUN apk add --no-cache --update alpine-sdk bash
 
@@ -15,7 +15,7 @@ COPY . .
 
 RUN make build
 
-FROM alpine:3.13.5
+FROM alpine:3.18
 
 # Dex connectors, such as GitHub and Google logins require root certificates.
 # Proper installations should manage those certificates, but it's a bad user

From d071f9603ddb06bd38be2c3a7e55c1782aa8b5b0 Mon Sep 17 00:00:00 2001
From: Matt Morrison <matt.morrison@ditto.live>
Date: Wed, 6 Dec 2023 16:12:27 +1300
Subject: [PATCH 13/16] try fix FS perm error

---
 .github/workflows/k8s.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/k8s.yml b/.github/workflows/k8s.yml
index a3f2091..a7ad3f1 100644
--- a/.github/workflows/k8s.yml
+++ b/.github/workflows/k8s.yml
@@ -30,11 +30,11 @@ jobs:
 
       - name: helm-template
         run: |
-          helm template charts/dex-k8s-authenticator --output-dir /github/workspace/rendered-charts/dex-k8s-authenticator
+          helm template charts/dex-k8s-authenticator --output-dir ./tmp/workspace/rendered-charts/dex-k8s-authenticator
 
       - name: kubeval
         run: |
-          kubeval -d /github/workspace/rendered-charts --strict --ignore-missing-schemas
+          kubeval -d ./tmp/workspace/rendered-charts --strict --ignore-missing-schemas
 
   e2e:
     runs-on: ubuntu-latest

From 228eb461c7e1de63034d48682dfc4d4481629c7c Mon Sep 17 00:00:00 2001
From: Matt Morrison <matt.morrison@ditto.live>
Date: Wed, 6 Dec 2023 18:57:16 +1300
Subject: [PATCH 14/16] fixes

---
 .github/workflows/golangci-lint.yml | 2 +-
 tests/e2e/helm/dex-overrides.yaml   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
index 6f8f657..88d1820 100644
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -21,4 +21,4 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
-          version: v1.29
+          version: v1.55.2
diff --git a/tests/e2e/helm/dex-overrides.yaml b/tests/e2e/helm/dex-overrides.yaml
index 823e7db..57a1999 100644
--- a/tests/e2e/helm/dex-overrides.yaml
+++ b/tests/e2e/helm/dex-overrides.yaml
@@ -14,7 +14,7 @@ ingress:
       - path: /
         pathType: ImplementationSpecific
 
-config: |-
+config:
   issuer: http://${NODE_IP}:30001
 
   storage:

From 52cd5ca94d545e7e448d9f6bc7e9000ee2d82787 Mon Sep 17 00:00:00 2001
From: Matt Morrison <matt.morrison@ditto.live>
Date: Wed, 6 Dec 2023 19:12:12 +1300
Subject: [PATCH 15/16] moar fixes

---
 charts/dex-k8s-authenticator/templates/ingress.yaml | 2 +-
 dex-auth.go                                         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/charts/dex-k8s-authenticator/templates/ingress.yaml b/charts/dex-k8s-authenticator/templates/ingress.yaml
index c8a3ab9..816d9c4 100644
--- a/charts/dex-k8s-authenticator/templates/ingress.yaml
+++ b/charts/dex-k8s-authenticator/templates/ingress.yaml
@@ -39,7 +39,7 @@ spec:
     http:
       paths:
       - path: {{ $ingressPath }}
-        {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+        {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
         pathType: ImplementationSpecific
         {{- end }}
         backend:
diff --git a/dex-auth.go b/dex-auth.go
index 36d76d3..3f24195 100644
--- a/dex-auth.go
+++ b/dex-auth.go
@@ -110,7 +110,7 @@ func (cluster *Cluster) handleCallback(w http.ResponseWriter, r *http.Request) {
 	rawIDToken, ok := token.Extra("id_token").(string)
 	if !ok {
 		cluster.renderHTMLError(w, userErrorMsg, http.StatusBadRequest)
-		log.Printf("handleCallback: no id_token in response: %q", token)
+		log.Printf("handleCallback: no id_token in response: %v", token)
 		return
 	}
 

From dfb3f8d0a1f0f57d169eb7b126b20853eb9f19a6 Mon Sep 17 00:00:00 2001
From: Matt Morrison <matt.morrison@ditto.live>
Date: Wed, 6 Dec 2023 21:04:08 +1300
Subject: [PATCH 16/16] consistent docker image name

---
 charts/dex-k8s-authenticator/README.md     | 2 +-
 charts/dex-k8s-authenticator/values.yaml   | 4 ++--
 docs/ssl.md                                | 2 +-
 tests/e2e/helm/dex-k8s-auth-overrides.yaml | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/charts/dex-k8s-authenticator/README.md b/charts/dex-k8s-authenticator/README.md
index 1af50e3..05684d3 100644
--- a/charts/dex-k8s-authenticator/README.md
+++ b/charts/dex-k8s-authenticator/README.md
@@ -18,7 +18,7 @@ global:
 replicaCount: 1
 
 image:
-  repository: mmorrison/dex-k8s-authenticator
+  repository: ghcr.io/sl1pm4t/dex-k8s-authenticator
   tag: latest
   pullPolicy: Always
 
diff --git a/charts/dex-k8s-authenticator/values.yaml b/charts/dex-k8s-authenticator/values.yaml
index e249df2..bdf89b9 100644
--- a/charts/dex-k8s-authenticator/values.yaml
+++ b/charts/dex-k8s-authenticator/values.yaml
@@ -7,8 +7,8 @@ global:
 replicaCount: 1
 
 image:
-  repository: mmorrison/dex-k8s-authenticator
-  tag: 1.4.0
+  repository: sl1pm4t/dex-k8s-authenticator
+  tag: 2.0.0
   pullPolicy: Always
 
 imagePullSecrets: {}
diff --git a/docs/ssl.md b/docs/ssl.md
index ef4ec4a..b68ea87 100644
--- a/docs/ssl.md
+++ b/docs/ssl.md
@@ -16,7 +16,7 @@ If using docker, you can mount a volume like so:
 docker run --rm -t -i \
     -v /tmp/certs:/certs:ro \
     -v /tmp/config.yml:/tmp/config.yml:ro \ 
-    mmorrison/dex-k8s-authenticator:latest --config /tmp/config.yml
+    sl1pm4t/dex-k8s-authenticator:latest --config /tmp/config.yml
 ```
 
 ### 2. `trusted_root_ca` config option
diff --git a/tests/e2e/helm/dex-k8s-auth-overrides.yaml b/tests/e2e/helm/dex-k8s-auth-overrides.yaml
index 31044fa..d7079f0 100644
--- a/tests/e2e/helm/dex-k8s-auth-overrides.yaml
+++ b/tests/e2e/helm/dex-k8s-auth-overrides.yaml
@@ -1,5 +1,5 @@
 image:
-  repository: mmorrison/dex-k8s-authenticator
+  repository: sl1pm4t/dex-k8s-authenticator
   tag: ${CI_TAG}
   pullPolicy: Never