Remove deprecation of standalone mode (#680 )

* Remove deprecation of standalone mode * Update standalone-mode.md
fix(deps): update module k8s.io/klog/v2 to v2.40.1 (#679 )
2026-02-28 16:00:19 +00:00 · 2022-01-08 17:48:00 +09:00 · 2021-12-19 04:11:07 +00:00 · 2021-12-17 16:41:23 +00:00 · 2021-12-14 23:53:29 +00:00 · 2021-12-03 20:38:18 +00:00
115 changed files with 3227 additions and 2406 deletions
--- a/.circleci/Makefile
+++ b/.circleci/Makefile
@@ -1,16 +0,0 @@
-.PHONY: all
-all:
-
-.PHONY: install-test-deps
-install-test-deps:
-	go get -v github.com/int128/goxzst
-
-.PHONY: install-release-deps
-install-release-deps: go
-	go get -v github.com/int128/goxzst github.com/int128/ghcp
-
-go:
-	curl -sSfL -o go.tgz "https://golang.org/dl/go`ruby go_version_from_config.rb < config.yml`.darwin-amd64.tar.gz"
-	tar -xf go.tgz
-	rm go.tgz
-	./go/bin/go version
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,60 +0,0 @@
-version: 2.1
-
-jobs:
-  test:
-    docker:
-      - image: cimg/go:1.15.2
-    steps:
-      - checkout
-      - restore_cache:
-          keys:
-            - go-sum-{{ checksum "go.sum" }}
-      - run: make -C .circleci install-test-deps
-      - run: make check
-      - run: bash <(curl -s https://codecov.io/bash)
-      - run: make dist
-      - save_cache:
-          key: go-sum-{{ checksum "go.sum" }}
-          paths:
-            - ~/go/pkg
-      - store_artifacts:
-          path: gotest.log
-
-  release:
-    macos:
-      # https://circleci.com/docs/2.0/testing-ios/
-      xcode: 11.5.0
-    steps:
-      - run: echo 'export PATH="$HOME/go/bin:$PWD/.circleci/go/bin:$PATH"' >> $BASH_ENV
-      - checkout
-      - restore_cache:
-          keys:
-            - go-macos-{{ checksum "go.sum" }}
-      - run: make -C .circleci install-release-deps
-      - run: make dist
-      - run: |
-          if [ "$CIRCLE_TAG" ]; then
-            make release
-          fi
-      - save_cache:
-          key: go-macos-{{ checksum "go.sum" }}
-          paths:
-            - ~/go/pkg
-
-workflows:
-  version: 2
-  build:
-    jobs:
-      - test:
-          filters:
-            tags:
-              only: /^v.*/
-      - release:
-          context: open-source
-          requires:
-            - test
-          filters:
-            branches:
-              only: /^release-feature.*/
-            tags:
-              only: /^v.*/
--- a/.circleci/go.mod
+++ b/.circleci/go.mod
@@ -1,3 +0,0 @@
-module github.com/int128/kubelogin/.circleci
-
-go 1.13
--- a/.circleci/go_version_from_config.rb
+++ b/.circleci/go_version_from_config.rb
@@ -1,11 +0,0 @@
-require 'yaml'
-
-config = YAML.load(STDIN)
-
-image = config["jobs"]["test"]["docker"][0]["image"]
-if !image.start_with?("cimg/go:")
-  raise "unknown image #{image} in #{configPath}"
-end
-
-goVersion = image.delete_prefix("cimg/go:")
-print(goVersion)
--- a/.github/ISSUE_TEMPLATE/question.md
+++ b/.github/ISSUE_TEMPLATE/question.md
@@ -0,0 +1,20 @@
+---
+name: Question
+about: Feel free to ask a question
+title: ''
+labels: question
+assignees: ''
+
+---
+
+## Describe the question
+A clear and concise description of what the issue is.
+
+## To reproduce
+A console log or steps to reproduce the issue.
+
+## Your environment
+- OS: e.g. macOS
+- kubelogin version: e.g. v1.19
+- kubectl version: e.g. v1.19
+- OpenID Connect provider: e.g. Google
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,8 +0,0 @@
-{
-  "extends": [
-    "config:base"
-  ],
-  "postUpdateOptions": [
-    "gomodTidy"
-  ]
-}
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -0,0 +1,6 @@
+{
+  "extends": [
+    "config:base",
+    "github>int128/go-actions",
+  ],
+}
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -0,0 +1,52 @@
+name: docker
+
+on:
+  pull_request:
+    branches:
+      - master
+    paths:
+      - .github/workflows/docker.yaml
+      - pkg/**
+      - go.*
+      - Dockerfile
+      - Makefile
+  push:
+    branches:
+      - master
+    paths:
+      - .github/workflows/docker.yaml
+      - pkg/**
+      - go.*
+      - Dockerfile
+      - Makefile
+    tags:
+      - v*
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: docker/metadata-action@v3
+        id: metadata
+        with:
+          images: ghcr.io/${{ github.repository }}
+      - uses: int128/docker-build-cache-config-action@v1
+        id: cache
+        with:
+          image: ghcr.io/${{ github.repository }}/cache
+      - uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/setup-qemu-action@v1
+      - uses: docker/setup-buildx-action@v1
+      - uses: docker/build-push-action@v2
+        with:
+          push: ${{ github.event_name == 'push' }}
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
+          cache-from: ${{ steps.cache.outputs.cache-from }}
+          cache-to: ${{ steps.cache.outputs.cache-to }}
+          platforms: linux/amd64,linux/arm64
--- a/.github/workflows/go.yaml
+++ b/.github/workflows/go.yaml
@@ -0,0 +1,45 @@
+name: go
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - .github/workflows/go.yaml
+      - pkg/**
+      - go.*
+    tags:
+      - v*
+  pull_request:
+    branches:
+      - master
+    paths:
+      - .github/workflows/go.yaml
+      - pkg/**
+      - go.*
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v2
+      - uses: int128/go-actions/setup@v1
+        with:
+          go-version: 1.16
+      - uses: golangci/golangci-lint-action@v2
+        with:
+          version: v1.43.0
+          skip-go-installation: true
+          skip-pkg-cache: true
+          skip-build-cache: true
+
+  test:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v2
+      - uses: int128/go-actions/setup@v1
+        with:
+          go-version: 1.16
+      - run: go test -v -race ./...
--- a/.github/workflows/golangci-lint.yaml
+++ b/.github/workflows/golangci-lint.yaml
@@ -1,14 +0,0 @@
-on:
-  push:
-    paths:
-      - .github/workflows/golangci-lint.yaml
-      - '**.go'
-jobs:
-  golangci:
-    name: lint
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: golangci/golangci-lint-action@v2
-        with:
-          version: v1.30
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,70 @@
+name: release
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - .github/workflows/release.yaml
+      - pkg/**
+      - go.*
+    tags:
+      - v*
+  pull_request:
+    branches:
+      - master
+    paths:
+      - .github/workflows/release.yaml
+      - pkg/**
+      - go.*
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        platform:
+          - runs-on: ubuntu-latest
+            GOOS: linux
+            GOARCH: amd64
+            CGO_ENABLED: 0 # https://github.com/int128/kubelogin/issues/567
+          - runs-on: ubuntu-latest
+            GOOS: linux
+            GOARCH: arm64
+          - runs-on: ubuntu-latest
+            GOOS: linux
+            GOARCH: arm
+          - runs-on: macos-latest
+            GOOS: darwin
+            GOARCH: amd64
+            CGO_ENABLED: 1 # https://github.com/int128/kubelogin/issues/249
+          - runs-on: macos-latest
+            GOOS: darwin
+            GOARCH: arm64
+          - runs-on: windows-latest
+            GOOS: windows
+            GOARCH: amd64
+    runs-on: ${{ matrix.platform.runs-on }}
+    env:
+      GOOS: ${{ matrix.platform.GOOS }}
+      GOARCH: ${{ matrix.platform.GOARCH }}
+      CGO_ENABLED: ${{ matrix.platform.CGO_ENABLED }}
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v2
+      - uses: int128/go-actions/setup@v1
+        with:
+          go-version: 1.16
+      - run: go build -ldflags "-X main.version=${GITHUB_REF##*/}"
+      - uses: int128/go-actions/release@v1
+        with:
+          binary: kubelogin
+
+  publish:
+    if: startswith(github.ref, 'refs/tags/')
+    needs:
+      - build
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v2
+      - uses: rajatjindal/krew-release-bot@v0.0.40
--- a/.github/workflows/system-test.yaml
+++ b/.github/workflows/system-test.yaml
@@ -1,10 +1,23 @@
+name: system-test
+
 on:
-  push:
-    paths: 
+  pull_request:
+    branches:
+      - master
+    paths:
      - .github/workflows/system-test.yaml
      - system_test/**
      - pkg/**
      - go.*
+  push:
+    branches:
+      - master
+    paths:
+      - .github/workflows/system-test.yaml
+      - system_test/**
+      - pkg/**
+      - go.*
+
 jobs:
  system-test:
    # https://help.github.com/en/actions/automating-your-workflow-with-github-actions/software-installed-on-github-hosted-runners#ubuntu-1804-lts
@@ -12,7 +25,7 @@ jobs:
    steps:
      - uses: actions/setup-go@v2
        with:
-          go-version: 1.15
+          go-version: 1.16
        id: go
      - uses: actions/checkout@v2
      - uses: actions/cache@v2
--- a/.gitignore
+++ b/.gitignore
@@ -2,11 +2,9 @@

 /acceptance_test/output/

-/dist/output
 /coverage.out
-/gotest.log

 /kubelogin
 /kubectl-oidc_login
-
-/.circleci/go/
+/kubelogin_*.zip
+/kubelogin_*.zip.sha256
--- a/.krew.yaml
+++ b/.krew.yaml
@@ -0,0 +1,62 @@
+apiVersion: krew.googlecontainertools.github.com/v1alpha2
+kind: Plugin
+metadata:
+  name: oidc-login
+spec:
+  homepage: https://github.com/int128/kubelogin
+  shortDescription: Log in to the OpenID Connect provider
+  description: |
+    This is a kubectl plugin for Kubernetes OpenID Connect (OIDC) authentication.
+
+    ## Credential plugin mode
+    kubectl executes oidc-login before calling the Kubernetes APIs.
+    oidc-login automatically opens the browser and you can log in to the provider.
+    After authentication, kubectl gets the token from oidc-login and you can access the cluster.
+    See https://github.com/int128/kubelogin#credential-plugin-mode for more.
+
+    ## Standalone mode
+    Run `kubectl oidc-login`.
+    It automatically opens the browser and you can log in to the provider.
+    After authentication, it writes the token to the kubeconfig and you can access the cluster.
+    See https://github.com/int128/kubelogin#standalone-mode for more.
+
+  caveats: |
+    You need to setup the OIDC provider, Kubernetes API server, role binding and kubeconfig.
+  version: {{ .TagName }}
+  platforms:
+  - bin: kubelogin
+    {{ addURIAndSha "https://github.com/int128/kubelogin/releases/download/{{ .TagName }}/kubelogin_linux_amd64.zip" .TagName }}
+    selector:
+      matchLabels:
+        os: linux
+        arch: amd64
+  - bin: kubelogin
+    {{ addURIAndSha "https://github.com/int128/kubelogin/releases/download/{{ .TagName }}/kubelogin_linux_arm64.zip" .TagName }}
+    selector:
+      matchLabels:
+        os: linux
+        arch: arm64
+  - bin: kubelogin
+    {{ addURIAndSha "https://github.com/int128/kubelogin/releases/download/{{ .TagName }}/kubelogin_linux_arm.zip" .TagName }}
+    selector:
+      matchLabels:
+        os: linux
+        arch: arm
+  - bin: kubelogin
+    {{ addURIAndSha "https://github.com/int128/kubelogin/releases/download/{{ .TagName }}/kubelogin_darwin_amd64.zip" .TagName }}
+    selector:
+      matchLabels:
+        os: darwin
+        arch: amd64
+  - bin: kubelogin
+    {{ addURIAndSha "https://github.com/int128/kubelogin/releases/download/{{ .TagName }}/kubelogin_darwin_arm64.zip" .TagName }}
+    selector:
+      matchLabels:
+        os: darwin
+        arch: arm64
+  - bin: kubelogin.exe
+    {{ addURIAndSha "https://github.com/int128/kubelogin/releases/download/{{ .TagName }}/kubelogin_windows_amd64.zip" .TagName }}
+    selector:
+      matchLabels:
+        os: windows
+        arch: amd64
--- a/12
+++ b/12
@@ -0,0 +1,12 @@
+FROM golang:1.17 as builder
+
+WORKDIR /builder
+COPY go.* .
+RUN go mod download
+COPY main.go .
+COPY pkg pkg
+RUN go build
+
+FROM gcr.io/distroless/base-debian10
+COPY --from=builder /builder/kubelogin /
+ENTRYPOINT ["/kubelogin"]
--- a/48
+++ b/48
@@ -1,48 +0,0 @@
-# CircleCI specific variables
-CIRCLE_TAG ?= latest
-GITHUB_USERNAME := $(CIRCLE_PROJECT_USERNAME)
-GITHUB_REPONAME := $(CIRCLE_PROJECT_REPONAME)
-
-TARGET := kubelogin
-TARGET_OSARCH := linux_amd64 darwin_amd64 windows_amd64 linux_arm linux_arm64
-VERSION ?= $(CIRCLE_TAG)
-LDFLAGS := -X main.version=$(VERSION)
-
-all: $(TARGET)
-
-$(TARGET): $(wildcard **/*.go)
-	go build -o $@ -ldflags "$(LDFLAGS)"
-
-.PHONY: check
-check:
-	go test -v -race -cover -coverprofile=coverage.out ./... > gotest.log
-
-.PHONY: dist
-dist: dist/output
-dist/output:
-	# make the zip files for GitHub Releases
-	VERSION=$(VERSION) goxzst -d dist/output -i "LICENSE" -o "$(TARGET)" -osarch "$(TARGET_OSARCH)" -t "dist/kubelogin.rb dist/oidc-login.yaml dist/Dockerfile" -- -ldflags "$(LDFLAGS)"
-	# test the zip file
-	zipinfo dist/output/kubelogin_linux_amd64.zip
-	# make the krew yaml structure
-	mkdir -p dist/output/plugins
-	mv dist/output/oidc-login.yaml dist/output/plugins/oidc-login.yaml
-
-.PHONY: release
-release: dist
-	# publish the binaries
-	ghcp release -u "$(GITHUB_USERNAME)" -r "$(GITHUB_REPONAME)" -t "$(VERSION)" dist/output/
-	# publish the Homebrew formula
-	ghcp commit -u "$(GITHUB_USERNAME)" -r "homebrew-$(GITHUB_REPONAME)" -b "bump-$(VERSION)" -m "Bump the version to $(VERSION)" -C dist/output/ kubelogin.rb
-	ghcp pull-request -u "$(GITHUB_USERNAME)" -r "homebrew-$(GITHUB_REPONAME)" -b "bump-$(VERSION)" --title "Bump the version to $(VERSION)"
-	# publish the Dockerfile
-	ghcp commit -u "$(GITHUB_USERNAME)" -r "$(GITHUB_REPONAME)-docker" -b "bump-$(VERSION)" -m "Bump the version to $(VERSION)" -C dist/output/ Dockerfile
-	ghcp pull-request -u "$(GITHUB_USERNAME)" -r "$(GITHUB_REPONAME)-docker" -b "bump-$(VERSION)" --title "Bump the version to $(VERSION)"
-	# publish the Krew manifest
-	ghcp fork-commit -u kubernetes-sigs -r krew-index -b "oidc-login-$(VERSION)" -m "Bump oidc-login to $(VERSION)" -C dist/output/ plugins/oidc-login.yaml
-
-.PHONY: clean
-clean:
-	-rm $(TARGET)
-	-rm -r dist/output/
-	-rm coverage.out gotest.log
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# kubelogin [![CircleCI](https://circleci.com/gh/int128/kubelogin.svg?style=shield)](https://circleci.com/gh/int128/kubelogin) [![Go Report Card](https://goreportcard.com/badge/github.com/int128/kubelogin)](https://goreportcard.com/report/github.com/int128/kubelogin)
+# kubelogin [![go](https://github.com/int128/kubelogin/actions/workflows/go.yaml/badge.svg)](https://github.com/int128/kubelogin/actions/workflows/go.yaml) [![Go Report Card](https://goreportcard.com/badge/github.com/int128/kubelogin)](https://goreportcard.com/report/github.com/int128/kubelogin)

 This is a kubectl plugin for [Kubernetes OpenID Connect (OIDC) authentication](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens), also known as `kubectl oidc-login`.

@@ -31,6 +31,8 @@ kubectl krew install oidc-login
 choco install kubelogin
 ```

+If you install via GitHub releases, you need to put the `kubelogin` binary on your path under the name `kubectl-oidc_login` so that the [kubectl plugin mechanism](https://kubernetes.io/docs/tasks/extend-kubectl/kubectl-plugins/) can find it when you invoke `kubectl oidc-login`. The other install methods do this for you.
+
 You need to set up the OIDC provider, cluster role binding, Kubernetes API server and kubeconfig.
 The kubeconfig looks like:

@@ -65,7 +67,7 @@ Kubelogin automatically opens the browser, and you can log in to the provider.

 <img src="docs/keycloak-login.png" alt="keycloak-login" width="455" height="329">

-After authentication, kubelogin returns the credentials to kubectl and finally kubectl calls the Kubernetes APIs with the credential.
+After authentication, kubelogin returns the credentials to kubectl and kubectl then calls the Kubernetes APIs with these credentials.

 ```
 % kubectl get pods
@@ -78,13 +80,13 @@ Kubelogin writes the ID token and refresh token to the token cache file.

 If the cached ID token is valid, kubelogin just returns it.
 If the cached ID token has expired, kubelogin will refresh the token using the refresh token.
-If the refresh token has expired, kubelogin will perform reauthentication.
+If the refresh token has expired, kubelogin will perform re-authentication (you will have to login via browser again).


 ### Troubleshoot

 You can log out by removing the token cache directory (default `~/.kube/cache/oidc-login`).
-Kubelogin will perform authentication if the token cache file does not exist.
+Kubelogin will ask you to login via browser again if the token cache file does not exist i.e., it starts with a clean slate

 You can dump claims of an ID token by `setup` command.

@@ -101,6 +103,21 @@ You got a token with the following claims:
 }
 ```

+You can increase the log level by `-v1` option.
+
+```yaml
+users:
+- name: oidc
+  user:
+    exec:
+      apiVersion: client.authentication.k8s.io/v1beta1
+      command: kubectl
+      args:
+      - oidc-login
+      - get-token
+      - -v1
+```
+
 You can verify kubelogin works with your provider using [acceptance test](acceptance_test).


@@ -108,7 +125,7 @@ You can verify kubelogin works with your provider using [acceptance test](accept

 - [Setup guide](docs/setup.md)
 - [Usage and options](docs/usage.md)
- [Standalone mode](docs/standalone-mode.md) (deprecated)
+- [Standalone mode](docs/standalone-mode.md)


 ## Related works
@@ -123,19 +140,18 @@ You can access the Kubernetes Dashboard using kubelogin and [kauthproxy](https:/
 This is an open source software licensed under Apache License 2.0.
 Feel free to open issues and pull requests for improving code and documents.

+Your pull request will be merged into master with squash.
+
 ### Development

-Go 1.13 or later is required.
+Go 1.16+ is required.

 ```sh
-# Run lint and tests
-make check
-
-# Compile and run the command
 make
 ./kubelogin
 ```

-### System test
+See also:

-See [system test](system_test) for more.
+- [system test](system_test)
+- [acceptance_test](acceptance_test)
--- a/dist/Dockerfile
+++ b/dist/Dockerfile
@@ -1,13 +0,0 @@
-FROM alpine:3.12
-
-ARG KUBELOGIN_VERSION="{{ env "VERSION" }}"
-ARG KUBELOGIN_SHA256="{{ sha256 .linux_amd64_archive }}"
-
-# Download the release and test the checksum
-RUN wget -O /kubelogin.zip "https://github.com/int128/kubelogin/releases/download/$KUBELOGIN_VERSION/kubelogin_linux_amd64.zip" && \
-    echo "$KUBELOGIN_SHA256  /kubelogin.zip" | sha256sum -c - && \
-    unzip /kubelogin.zip && \
-    rm /kubelogin.zip
-
-USER daemon
-ENTRYPOINT ["/kubelogin"]
--- a/dist/kubelogin.rb
+++ b/dist/kubelogin.rb
@@ -1,27 +0,0 @@
-class Kubelogin < Formula
-  desc "A kubectl plugin for Kubernetes OpenID Connect authentication"
-  homepage "https://github.com/int128/kubelogin"
-  baseurl = "https://github.com/int128/kubelogin/releases/download"
-  version "{{ env "VERSION" }}"
-  
-  if OS.mac?
-    kernel = "darwin"
-    sha256 "{{ sha256 .darwin_amd64_archive }}"
-  elsif OS.linux?
-    kernel = "linux"
-    sha256 "{{ sha256 .linux_amd64_archive }}"
-  end 
-   
-  url baseurl + "/#{version}/kubelogin_#{kernel}_amd64.zip"
-    
-  def install
-    bin.install "kubelogin" => "kubelogin"
-    ln_s bin/"kubelogin", bin/"kubectl-oidc_login"
-  end
-  
-  test do
-    system "#{bin}/kubelogin -h"
-    system "#{bin}/kubectl-oidc_login -h"
-  end
-    
-end
--- a/dist/oidc-login.yaml
+++ b/dist/oidc-login.yaml
@@ -1,86 +0,0 @@
-apiVersion: krew.googlecontainertools.github.com/v1alpha2
-kind: Plugin
-metadata:
-  name: oidc-login
-spec:
-  homepage: https://github.com/int128/kubelogin
-  shortDescription: Log in to the OpenID Connect provider
-  description: |
-    This is a kubectl plugin for Kubernetes OpenID Connect (OIDC) authentication.
-
-    ## Credential plugin mode
-    kubectl executes oidc-login before calling the Kubernetes APIs.
-    oidc-login automatically opens the browser and you can log in to the provider.
-    After authentication, kubectl gets the token from oidc-login and you can access the cluster.
-    See https://github.com/int128/kubelogin#credential-plugin-mode for more.
-
-    ## Standalone mode
-    Run `kubectl oidc-login`.
-    It automatically opens the browser and you can log in to the provider.
-    After authentication, it writes the token to the kubeconfig and you can access the cluster.
-    See https://github.com/int128/kubelogin#standalone-mode for more.
-
-  caveats: |
-    You need to setup the OIDC provider, Kubernetes API server, role binding and kubeconfig.
-  version: {{ env "VERSION" }}
-  platforms:
-    - uri: https://github.com/int128/kubelogin/releases/download/{{ env "VERSION" }}/kubelogin_linux_amd64.zip
-      sha256: "{{ sha256 .linux_amd64_archive }}"
-      bin: kubelogin
-      files:
-        - from: kubelogin
-          to: .
-        - from: LICENSE
-          to: .
-      selector:
-        matchLabels:
-          os: linux
-          arch: amd64
-    - uri: https://github.com/int128/kubelogin/releases/download/{{ env "VERSION" }}/kubelogin_darwin_amd64.zip
-      sha256: "{{ sha256 .darwin_amd64_archive }}"
-      bin: kubelogin
-      files:
-        - from: kubelogin
-          to: .
-        - from: LICENSE
-          to: .
-      selector:
-        matchLabels:
-          os: darwin
-          arch: amd64
-    - uri: https://github.com/int128/kubelogin/releases/download/{{ env "VERSION" }}/kubelogin_windows_amd64.zip
-      sha256: "{{ sha256 .windows_amd64_archive }}"
-      bin: kubelogin.exe
-      files:
-        - from: kubelogin.exe
-          to: .
-        - from: LICENSE
-          to: .
-      selector:
-        matchLabels:
-          os: windows
-          arch: amd64
-    - uri: https://github.com/int128/kubelogin/releases/download/{{ env "VERSION" }}/kubelogin_linux_arm.zip
-      sha256: "{{ sha256 .linux_arm_archive }}"
-      bin: kubelogin
-      files:
-        - from: kubelogin
-          to: .
-        - from: LICENSE
-          to: .
-      selector:
-        matchLabels:
-          os: linux
-          arch: arm
-    - uri: https://github.com/int128/kubelogin/releases/download/{{ env "VERSION" }}/kubelogin_linux_arm64.zip
-      sha256: "{{ sha256 .linux_arm64_archive }}"
-      bin: kubelogin
-      files:
-        - from: kubelogin
-          to: .
-        - from: LICENSE
-          to: .
-      selector:
-        matchLabels:
-          os: linux
-          arch: arm64
--- a/docs/setup.md
+++ b/docs/setup.md
@@ -129,6 +129,25 @@ You do not need to set `YOUR_CLIENT_SECRET`.
 If you need `groups` claim for access control,
 see [jetstack/okta-kubectl-auth](https://github.com/jetstack/okta-kubectl-auth/blob/master/docs/okta-setup.md) and [#250](https://github.com/int128/kubelogin/issues/250).

+### Ping Identity
+
+Login with an account that has permissions to create applications.
+Create an OIDC application with the following configuration:
+
+- Redirect URIs:
+    - `http://localhost:8000`
+    - `http://localhost:18000` (used if the port 8000 is already in use)
+- Grant type: Authorization Code
+- PKCE Enforcement: Required
+
+Leverage the following variables in the next steps.
+
+Variable                | Value
+------------------------|------
+`ISSUER_URL`            | `https://auth.pingone.com/<PingOne Tenant Id>/as`
+`YOUR_CLIENT_ID`        |  random string
+
+`YOUR_CLIENT_SECRET` is not required for this configuration.

 ## 2. Verify authentication

--- a/docs/standalone-mode.md
+++ b/docs/standalone-mode.md
@@ -1,9 +1,12 @@
 # Standalone mode

-You can run kubelogin as a standalone command.
-In this mode, you need to manually run the command before running kubectl.
+Kubelogin supports the standalone mode as well.
+It writes the token to the kubeconfig (typically `~/.kube/config`) after authentication.

-Configure the kubeconfig like:
+
+## Getting started
+
+Configure your kubeconfig like:

 ```yaml
 - name: keycloak
@@ -31,7 +34,7 @@ It automatically opens the browser and you can log in to the provider.

 After authentication, kubelogin writes the ID token and refresh token to the kubeconfig.

-```
+```console
 % kubelogin
 Open http://localhost:8000 for authentication
 You got a valid token until 2019-05-18 10:28:51 +0900 JST
@@ -40,7 +43,7 @@ Updated ~/.kubeconfig

 Now you can access the cluster.

-```
+```console
 % kubectl get pods
 NAME                          READY   STATUS    RESTARTS   AGE
 echoserver-86c78fdccd-nzmd5   1/1     Running   0          26d
@@ -64,7 +67,7 @@ users:

 If the ID token is valid, kubelogin does nothing.

-```
+```console
 % kubelogin
 You already have a valid token until 2019-05-18 10:28:51 +0900 JST
 ```
@@ -75,8 +78,6 @@ If the refresh token has expired, kubelogin will proceed the authentication.

 ## Usage

-### Kubeconfig
-
 You can set path to the kubeconfig file by the option or the environment variable just like kubectl.
 It defaults to `~/.kube/config`.

@@ -104,26 +105,4 @@ Key | Direction | Value
 `id-token`                        | Write | ID token got from the provider.
 `refresh-token`                   | Write | Refresh token got from the provider.

-### Extra scopes
-
-You can set the extra scopes to request to the provider by `extra-scopes` in the kubeconfig.
-
-```sh
-kubectl config set-credentials keycloak --auth-provider-arg extra-scopes=email
-```
-
-Currently kubectl does not accept multiple scopes, so you need to edit the kubeconfig as like:
-
-```sh
-kubectl config set-credentials keycloak --auth-provider-arg extra-scopes=SCOPES
-sed -i '' -e s/SCOPES/email,profile/ $KUBECONFIG
-```
-
-### CA Certificates
-
-You can use your self-signed certificates for the provider.
-
-```sh
-kubectl config set-credentials keycloak \
-  --auth-provider-arg idp-certificate-authority=$HOME/.kube/keycloak-ca.pem
-```
+See also [usage.md](usage.md).
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -11,13 +11,17 @@ Flags:
      --oidc-client-id string                           Client ID of the provider (mandatory)
      --oidc-client-secret string                       Client secret of the provider
      --oidc-extra-scope strings                        Scopes to request to the provider
+      --oidc-use-pkce                                   Force PKCE usage
      --token-cache-dir string                          Path to a directory for token cache (default "~/.kube/cache/oidc-login")
-      --certificate-authority string                    Path to a cert file for the certificate authority
-      --certificate-authority-data string               Base64 encoded cert for the certificate authority
+      --certificate-authority stringArray               Path to a cert file for the certificate authority
+      --certificate-authority-data stringArray          Base64 encoded cert for the certificate authority
      --insecure-skip-tls-verify                        If set, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --tls-renegotiation-once                          If set, allow a remote server to request renegotiation once per connection
+      --tls-renegotiation-freely                        If set, allow a remote server to repeatedly request renegotiation
      --grant-type string                               Authorization grant type to use. One of (auto|authcode|authcode-keyboard|password) (default "auto")
      --listen-address strings                          [authcode] Address to bind to the local server. If multiple addresses are set, it will try binding in order (default [127.0.0.1:8000,127.0.0.1:18000])
      --skip-open-browser                               [authcode] Do not open the browser automatically
+      --browser-command string                          [authcode] Command to open the browser
      --authentication-timeout-sec int                  [authcode] Timeout of authentication in seconds (default 180)
      --local-server-cert string                        [authcode] Certificate path for the local server
      --local-server-key string                         [authcode] Certificate key path for the local server
@@ -29,13 +33,14 @@ Flags:
  -h, --help                                            help for get-token

 Global Flags:
-      --add_dir_header                   If true, adds the file directory to the header
+      --add_dir_header                   If true, adds the file directory to the header of the log messages
      --alsologtostderr                  log to standard error as well as files
      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
      --log_dir string                   If non-empty, write log files in this directory
      --log_file string                  If non-empty, use this log file
      --log_file_max_size uint           Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
      --logtostderr                      log to standard error instead of files (default true)
+      --one_output                       If true, only write logs to their native severity level (vs also writing to each lower severity level)
      --skip_headers                     If true, avoid header prefixes in the log messages
      --skip_log_headers                 If true, avoid headers when opening log files
      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
@@ -81,6 +86,16 @@ You can use your self-signed certificate for the provider.
 You can set the following environment variables if you are behind a proxy: `HTTP_PROXY`, `HTTPS_PROXY` and `NO_PROXY`.
 See also [net/http#ProxyFromEnvironment](https://golang.org/pkg/net/http/#ProxyFromEnvironment).

+### Home directory expansion
+
+If a value in the following options begins with a tilde character `~`, it is expanded to the home directory.
+
+- `--certificate-authority`
+- `--local-server-cert`
+- `--local-server-key`
+- `--token-cache-dir`
+
+
 ## Authentication flows

 Kubelogin support the following flows:
@@ -205,7 +220,7 @@ Password:

 ## Run in Docker

-You can run [the Docker image](https://quay.io/repository/int128/kubelogin) instead of the binary.
+You can run [the Docker image](https://ghcr.io/int128/kubelogin) instead of the binary.
 The kubeconfig looks like:

 ```yaml
@@ -222,7 +237,7 @@ users:
      - /tmp/.token-cache:/.token-cache
      - -p
      - 8000:8000
-      - quay.io/int128/kubelogin
+      - ghcr.io/int128/kubelogin
      - get-token
      - --token-cache-dir=/.token-cache
      - --listen-address=0.0.0.0:8000
--- a/go.mod
+++ b/go.mod
@@ -1,27 +1,25 @@
 module github.com/int128/kubelogin

-go 1.12
+go 1.16

 require (
-	github.com/chromedp/chromedp v0.5.3
-	github.com/coreos/go-oidc v2.2.1+incompatible
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
-	github.com/golang/mock v1.4.4
-	github.com/google/go-cmp v0.5.2
-	github.com/google/wire v0.4.0
-	github.com/int128/oauth2cli v1.13.0
-	github.com/pkg/browser v0.0.0-20180916011732-0a3d74bf9ce4
-	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
-	github.com/spf13/cobra v1.0.0
+	github.com/alexflint/go-filemutex v1.1.0
+	github.com/chromedp/chromedp v0.7.6
+	github.com/coreos/go-oidc/v3 v3.1.0
+	github.com/golang-jwt/jwt/v4 v4.2.0
+	github.com/golang/mock v1.6.0
+	github.com/google/go-cmp v0.5.6
+	github.com/google/wire v0.5.0
+	github.com/int128/oauth2cli v1.14.0
+	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8
+	github.com/spf13/cobra v1.3.0
 	github.com/spf13/pflag v1.0.5
-	golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a
-	golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43
-	golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208
-	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
-	google.golang.org/protobuf v1.25.0 // indirect
-	gopkg.in/square/go-jose.v2 v2.3.1 // indirect
-	gopkg.in/yaml.v2 v2.3.0
-	k8s.io/apimachinery v0.19.2
-	k8s.io/client-go v0.19.2
-	k8s.io/klog v1.0.0
+	golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9
+	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
+	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211
+	gopkg.in/yaml.v2 v2.4.0
+	k8s.io/apimachinery v0.22.4
+	k8s.io/client-go v0.22.4
+	k8s.io/klog/v2 v2.40.1
 )
--- a/go.sum
+++ b/go.sum
@@ -6,7 +6,6 @@ cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxK
 cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
 cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
 cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.51.0/go.mod h1:hWtGJ6gnXH+KgDv+V0zFGDvpi07n3z8ZNj3T1RW0Gcw=
 cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
 cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
 cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
@@ -14,6 +13,20 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV
 cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
 cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
 cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
+cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
+cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
+cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
+cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
+cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
+cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
+cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
+cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
+cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
+cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
+cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
+cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
+cloud.google.com/go v0.98.0/go.mod h1:ua6Ush4NALrHk5QXDWnjvZHN93OuF0HfuEPq9I1X0cM=
+cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
@@ -22,6 +35,7 @@ cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4g
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
+cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -32,107 +46,141 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
-github.com/Azure/go-autorest/autorest v0.9.6/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630=
-github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
-github.com/Azure/go-autorest/autorest/adal v0.8.2/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
-github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
-github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g=
-github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
-github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
-github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM=
-github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
-github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
+github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
+github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
+github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
+github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
+github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
+github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
+github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
+github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
+github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
+github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alexflint/go-filemutex v1.1.0 h1:IAWuUuRYL2hETx5b8vCgwnD+xSdlsTQY6s2JjBsqLdg=
+github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk=
+github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
+github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
+github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
+github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/chromedp/cdproto v0.0.0-20200116234248-4da64dd111ac h1:T7V5BXqnYd55Hj/g5uhDYumg9Fp3rMTS6bykYtTIFX4=
-github.com/chromedp/cdproto v0.0.0-20200116234248-4da64dd111ac/go.mod h1:PfAWWKJqjlGFYJEidUM6aVIWPr0EpobeyVWEEmplX7g=
-github.com/chromedp/chromedp v0.5.3 h1:F9LafxmYpsQhWQBdCs+6Sret1zzeeFyHS5LkRF//Ffg=
-github.com/chromedp/chromedp v0.5.3/go.mod h1:YLdPtndaHQ4rCpSpBG+IPpy9JvX0VD+7aaLxYgYj28w=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/chromedp/cdproto v0.0.0-20211126220118-81fa0469ad77 h1:Et/9YcQRCsaZVT74sy6AHwWy/FcbYqm39jNprlfXF7c=
+github.com/chromedp/cdproto v0.0.0-20211126220118-81fa0469ad77/go.mod h1:At5TxYYdxkbQL0TSefRjhLE3Q0lgvqKKMSFUglJ7i1U=
+github.com/chromedp/chromedp v0.7.6 h1:2juGaktzjwULlsn+DnvIZXFUckEp5xs+GOBroaea+jA=
+github.com/chromedp/chromedp v0.7.6/go.mod h1:ayT4YU/MGAALNfOg9gNrpGSAdnU51PMx+FCeuT1iXzo=
+github.com/chromedp/sysutil v1.0.0 h1:+ZxhTpfpZlmchB58ih/LBHX52ky7w2VhQVKQMucy3Ic=
+github.com/chromedp/sysutil v1.0.0/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
+github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
-github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk=
-github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
-github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
+github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/coreos/go-oidc/v3 v3.1.0 h1:6avEvcdvTa1qYsOZ6I5PRkSYHzpTNWgKYmaJfaYbrRw=
+github.com/coreos/go-oidc/v3 v3.1.0/go.mod h1:rEJ/idjfUyfkBit1eI1fvyr+64/g9dcKpAm8MJMesvo=
+github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
-github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
+github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
+github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws=
+github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
+github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
+github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-logr/logr v0.2.0 h1:QvGt2nLcHH0WK9orKa+ppBPAxREcH364nPUedEpK0TY=
-github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
-github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
-github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
-github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
+github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
+github.com/go-logr/logr v1.2.0 h1:QK40JKJyMdUDz+h+xvCsru/bJhvG0UxvePV0ufL/AcE=
+github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
+github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0=
-github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
-github.com/gobwas/pool v0.2.0 h1:QEmUOlnSjWtnpRGHF3SauEiOsy82Cup83Vf2LcMlnc8=
-github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
-github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo=
-github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
+github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=
+github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
+github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og=
+github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
+github.com/gobwas/ws v1.1.0 h1:7RFti/xnNkMJnrK7D1yQ/iCIB5OrrY/54/H930kIbHA=
+github.com/gobwas/ws v1.1.0/go.mod h1:nzvNcVha5eUziGrbxFCo6qFIojQHjJV5cLYIbezhfL0=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
-github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU=
+github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
 github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.4 h1:l75CXGRSwbaYNpl/Z2X1XIIAMSCquvXgpVZDhwEIJsc=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
-github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM=
+github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
+github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
+github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
 github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
@@ -143,26 +191,36 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
+github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
@@ -170,148 +228,231 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/wire v0.4.0 h1:kXcsA/rIGzJImVqPdhfnr6q0xsS9gU0515q1EPpJ9fE=
-github.com/google/wire v0.4.0/go.mod h1:ngWDr9Qvq3yZA10YrxfyGELY/AFWGVpy9c1LTRi1EoU=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/wire v0.5.0 h1:I7ELFeVBr3yfPIcc8+MWvrjk+3VjbcSzoXm3JVa+jD8=
+github.com/google/wire v0.5.0/go.mod h1:ngWDr9Qvq3yZA10YrxfyGELY/AFWGVpy9c1LTRi1EoU=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
-github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
+github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
+github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
+github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
+github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
+github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
+github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
+github.com/hashicorp/consul/api v1.11.0/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M=
+github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-hclog v1.0.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
+github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
+github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
+github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
+github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
+github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
+github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
+github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
+github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY=
+github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc=
+github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
+github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
+github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk=
+github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.5 h1:JboBksRwiiAJWvIYJVo46AfV+IAIKZpfrSzVKj42R4Q=
 github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/int128/listener v1.1.0 h1:2Jb41DWLpkQ3I9bIdBzO8H/tNwMvyl/OBZWtCV5Pjuw=
 github.com/int128/listener v1.1.0/go.mod h1:68WkmTN8PQtLzc9DucIaagAKeGVyMnyyKIkW4Xn47UA=
-github.com/int128/oauth2cli v1.13.0 h1:3wR48gSHdOPFgHmtnXzs4wEFA6p24prPqLXu6QUOujw=
-github.com/int128/oauth2cli v1.13.0/go.mod h1:EUpEzcUumoVjLPHD7y2KGxwfXYqxDVqwDfqQ+u7qAwM=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
+github.com/int128/oauth2cli v1.14.0 h1:r63NoO10ybUXIXUQxih8WOmt5HQpJubdTmhWh22B9VE=
+github.com/int128/oauth2cli v1.14.0/go.mod h1:LIoVAzgAsS2tDDBc8yopkcgY5oZR0+MJAeECkCwtxhA=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
-github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/knq/sysutil v0.0.0-20191005231841-15668db23d08 h1:V0an7KRw92wmJysvFvtqtKMAPmvS5O0jtB0nYo6t+gs=
-github.com/knq/sysutil v0.0.0-20191005231841-15668db23d08/go.mod h1:dFWs1zEqDjFtnBXsd1vPOZaLsESovai349994nHx3e0=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.0 h1:aizVhC/NAAcKWb+5QsU1iNOZb4Yws5UO2I+aIprQITM=
-github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w=
+github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
+github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
+github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
+github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
+github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
+github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
+github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
+github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
+github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
+github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/orisano/pixelmatch v0.0.0-20210112091706-4fa4c7ba91d5 h1:1SoBaSPudixRecmlHXb/GxmaD3fLMtHIDN13QujwQuc=
+github.com/orisano/pixelmatch v0.0.0-20210112091706-4fa4c7ba91d5/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0=
+github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
-github.com/pkg/browser v0.0.0-20180916011732-0a3d74bf9ce4 h1:49lOXmGaUpV9Fz3gd7TFZY106KVlPVa5jcYD1gaQf98=
-github.com/pkg/browser v0.0.0-20180916011732-0a3d74bf9ce4/go.mod h1:4OwLy04Bl9Ef3GJJCoec+30X3LQs/0/m4HFRt/2LUSA=
+github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
+github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAmPf4YLrFg6oQUotqHQeUNWwkvo7jZp1GLU=
-github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
+github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
+github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
+github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
+github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
+github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
+github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig=
+github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
+github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cobra v1.0.0 h1:6m/oheQuQ13N9ks4hubMG6BnvwOeaJrqSPLahSnczz8=
-github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
-github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
+github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4=
+github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
+github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cobra v1.3.0 h1:R7cSvGu+Vv+qX0gW5R/85dx2kmmJT5z5NM8ifdYjdn0=
+github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4=
+github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
+github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM=
+github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
-github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
+github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
+go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
+go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
+go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
+go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
+go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
+go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M=
+golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a h1:vclmkQCjlDX5OydZ9wv8rBCcS0QyQY66Mpf/7BZbInM=
-golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ=
+golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -334,6 +475,8 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl
 golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
 golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
@@ -342,23 +485,28 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB
 golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a h1:oWX7TPOiFAMXLq8o0ikBYfCJVlRHBcsciT5bXOrH628=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -367,56 +515,88 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200505041828-1ed23360d12c/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202 h1:VvcQYSHwXgi7W+TpUR6A9g6Up98WAHf3f/ulnJ62IyA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
+golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9 h1:0qxwC5n+ttVOINCBeRHO0nq9X7uy8SDsPoi5OaCdIEI=
+golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43 h1:ld7aEMNHoBnnDAX15v1T6z31v8HwR2A9FYOuAhWqkwc=
 golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg=
+golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a h1:WXEvlFVvvGxCJLG6REjsT03iWnKLEWinaScsxF2Vm2o=
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208 h1:qwRHBd0NqMbJxfbotnDhm2ByMI1Shq4Y6oRJo21SGJA=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42 h1:vEOn+mP2zCOVzKckCZy6YsCtDblrpj/w7B9nxGNELpg=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -426,27 +606,61 @@ golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4 h1:5/PjkGUjvEU5Gl6BxmvKRPpqo2uNMv4rcHBMwzk/st8=
-golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642 h1:B6caxRw+hozq68X2MY7jEpZh/cr4/aHLv9xU8Kkadrw=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201207223542-d4d67f95c62d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211205182925-97ca703d548d h1:FjkYO/PPp4Wi0EAUOVLxePm7qVW4r4ctbWpURyuOD0E=
+golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac h1:7zkz7BUtwNFFqcowJ+RIgu2MaV/MapERkDIy+mwPyjs=
+golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
@@ -460,6 +674,7 @@ golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgw
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -484,12 +699,24 @@ golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
+golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -509,15 +736,30 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M
 google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
 google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
 google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
+google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
+google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
+google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
+google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
+google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
+google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
+google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
+google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
+google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
+google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
+google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
+google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
+google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
+google.golang.org/api v0.59.0/go.mod h1:sT2boj7M9YJxZzgeZqXogmhfmRWDtPzT31xkieUbuZU=
+google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I=
+google.golang.org/api v0.62.0/go.mod h1:dKmwPCydfsad4qCH08MSdgWjfHOyfpd4VtDGgRFdavw=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5 h1:tycE03LOZYQNhDpS27tcQdAzLCVMaj7QT2SXxebnpCM=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@@ -541,15 +783,49 @@ google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfG
 google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
 google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
+google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
+google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
+google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
+google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
+google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
+google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
+google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
+google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211008145708-270636b82663/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211028162531-8db9c33dc351/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211129164237-f09f9a12af12/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211203200212-54befc351ae9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
@@ -560,6 +836,22 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa
 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
+google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
+google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
+google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
+google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
+google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
+google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -568,34 +860,39 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0 h1:UhZDfRO8JRQru4/+LlLE0BRKGF8L+PICnvYZmx/fEGA=
 google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
+google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/square/go-jose.v2 v2.3.1 h1:SK5KegNXmKmqE342YYN2qPHEnUYeoMiXXl1poUlI+o4=
-gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
+gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
+gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
-gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
+gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -603,24 +900,25 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.19.2/go.mod h1:IQpK0zFQ1xc5iNIQPqzgoOwuFugaYHK4iCknlAQP9nI=
-k8s.io/apimachinery v0.19.2/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA=
-k8s.io/client-go v0.19.2/go.mod h1:S5wPhCqyDNAlzM9CnEdgTGV4OqhsW3jGO1UM1epwfJA=
+k8s.io/api v0.22.4 h1:UvyHW0ezB2oIgHAxlYoo6UJQObYXU7awuNarwoHEOjw=
+k8s.io/api v0.22.4/go.mod h1:Rgs+9gIGYC5laXQSZZ9JqT5NevNgoGiOdVWi1BAB3qk=
+k8s.io/apimachinery v0.22.4 h1:9uwcvPpukBw/Ri0EUmWz+49cnFtaoiyEhQTK+xOe7Ck=
+k8s.io/apimachinery v0.22.4/go.mod h1:yU6oA6Gnax9RrxGzVvPFFJ+mpnW6PBSqp0sx0I0HHW0=
+k8s.io/client-go v0.22.4 h1:aAQ1Wk+I3bjCNk35YWUqbaueqrIonkfDPJSPDDe8Kfg=
+k8s.io/client-go v0.22.4/go.mod h1:Yzw4e5e7h1LNHA4uqnMVrpEpUs1hJOiuBsJKIlRCHDA=
 k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
-k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
-k8s.io/klog/v2 v2.2.0 h1:XRvcwJozkgZ1UQJmfMGpvRthQHOvihEhYtDfAaxMz/A=
-k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o=
-k8s.io/utils v0.0.0-20200729134348-d5654de09c73 h1:uJmqzgNWG7XyClnU/mLPBWwfKKF1K8Hf8whTseBgJcg=
-k8s.io/utils v0.0.0-20200729134348-d5654de09c73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec=
+k8s.io/klog/v2 v2.40.1 h1:P4RRucWk/lFOlDdkAr3mc7iWFkgKrZY9qZMAgek06S4=
+k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
+k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a h1:8dYfu/Fc9Gz2rNJKB9IQRGgQOh2clmRzNIPPY1xLY5g=
+k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.1 h1:YXTMot5Qz/X1iBRJhAt+vI+HVttY0WkSqqhKxQ0xVbA=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
+sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
+sigs.k8s.io/structured-merge-diff/v4 v4.1.2 h1:Hr/htKFmJEbtMgS/UD0N+gtgctAqz81t3nu+sPzynno=
+sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
 sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
--- a/integration_test/credetial_plugin_test.go
+++ b/integration_test/credetial_plugin_test.go
@@ -13,8 +13,8 @@ import (
 	"github.com/int128/kubelogin/integration_test/httpdriver"
 	"github.com/int128/kubelogin/integration_test/keypair"
 	"github.com/int128/kubelogin/integration_test/oidcserver"
-	"github.com/int128/kubelogin/pkg/adaptors/browser"
 	"github.com/int128/kubelogin/pkg/di"
+	"github.com/int128/kubelogin/pkg/infrastructure/browser"
 	"github.com/int128/kubelogin/pkg/testing/clock"
 	"github.com/int128/kubelogin/pkg/testing/logger"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -29,7 +29,7 @@ import (
 // 4. Verify the output.
 //
 func TestCredentialPlugin(t *testing.T) {
-	timeout := 3 * time.Second
+	timeout := 10 * time.Second
 	now := time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC)
 	tokenCacheDir := t.TempDir()

--- a/integration_test/httpdriver/http_driver.go
+++ b/integration_test/httpdriver/http_driver.go
@@ -60,6 +60,10 @@ func (c *client) Open(url string) error {
 	return nil
 }

+func (c *client) OpenCommand(_ context.Context, url, _ string) error {
+	return c.Open(url)
+}
+
 type zeroClient struct {
 	t *testing.T
 }
@@ -68,3 +72,7 @@ func (c *zeroClient) Open(url string) error {
 	c.t.Errorf("unexpected function call Open(%s)", url)
 	return nil
 }
+
+func (c *zeroClient) OpenCommand(_ context.Context, url, _ string) error {
+	return c.Open(url)
+}
--- a/integration_test/oidcserver/handler/handler.go
+++ b/integration_test/oidcserver/handler/handler.go
@@ -3,11 +3,10 @@ package handler

 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"net/http"
 	"testing"
-
-	"golang.org/x/xerrors"
 )

 func New(t *testing.T, provider Provider) *Handler {
@@ -29,7 +28,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		h.t.Logf("%d %s %s", wr.statusCode, r.Method, r.RequestURI)
 		return
 	}
-	if errResp := new(ErrorResponse); xerrors.As(err, &errResp) {
+	if errResp := new(ErrorResponse); errors.As(err, &errResp) {
 		h.t.Logf("400 %s %s: %s", r.Method, r.RequestURI, err)
 		w.Header().Add("Content-Type", "application/json")
 		w.WriteHeader(400)
@@ -62,14 +61,14 @@ func (h *Handler) serveHTTP(w http.ResponseWriter, r *http.Request) error {
 		w.Header().Add("Content-Type", "application/json")
 		e := json.NewEncoder(w)
 		if err := e.Encode(discoveryResponse); err != nil {
-			return xerrors.Errorf("could not render json: %w", err)
+			return fmt.Errorf("could not render json: %w", err)
 		}
 	case m == "GET" && p == "/certs":
 		certificatesResponse := h.provider.GetCertificates()
 		w.Header().Add("Content-Type", "application/json")
 		e := json.NewEncoder(w)
 		if err := e.Encode(certificatesResponse); err != nil {
-			return xerrors.Errorf("could not render json: %w", err)
+			return fmt.Errorf("could not render json: %w", err)
 		}
 	case m == "GET" && p == "/auth":
 		q := r.URL.Query()
@@ -84,13 +83,13 @@ func (h *Handler) serveHTTP(w http.ResponseWriter, r *http.Request) error {
 			RawQuery:            q,
 		})
 		if err != nil {
-			return xerrors.Errorf("authentication error: %w", err)
+			return fmt.Errorf("authentication error: %w", err)
 		}
 		to := fmt.Sprintf("%s?state=%s&code=%s", redirectURI, state, code)
 		http.Redirect(w, r, to, 302)
 	case m == "POST" && p == "/token":
 		if err := r.ParseForm(); err != nil {
-			return xerrors.Errorf("could not parse the form: %w", err)
+			return fmt.Errorf("could not parse the form: %w", err)
 		}
 		grantType := r.Form.Get("grant_type")
 		switch grantType {
@@ -100,12 +99,12 @@ func (h *Handler) serveHTTP(w http.ResponseWriter, r *http.Request) error {
 				CodeVerifier: r.Form.Get("code_verifier"),
 			})
 			if err != nil {
-				return xerrors.Errorf("token request error: %w", err)
+				return fmt.Errorf("token request error: %w", err)
 			}
 			w.Header().Add("Content-Type", "application/json")
 			e := json.NewEncoder(w)
 			if err := e.Encode(tokenResponse); err != nil {
-				return xerrors.Errorf("could not render json: %w", err)
+				return fmt.Errorf("could not render json: %w", err)
 			}
 		case "password":
 			// 4.3. Resource Owner Password Credentials Grant
@@ -113,12 +112,12 @@ func (h *Handler) serveHTTP(w http.ResponseWriter, r *http.Request) error {
 			username, password, scope := r.Form.Get("username"), r.Form.Get("password"), r.Form.Get("scope")
 			tokenResponse, err := h.provider.AuthenticatePassword(username, password, scope)
 			if err != nil {
-				return xerrors.Errorf("authentication error: %w", err)
+				return fmt.Errorf("authentication error: %w", err)
 			}
 			w.Header().Add("Content-Type", "application/json")
 			e := json.NewEncoder(w)
 			if err := e.Encode(tokenResponse); err != nil {
-				return xerrors.Errorf("could not render json: %w", err)
+				return fmt.Errorf("could not render json: %w", err)
 			}
 		case "refresh_token":
 			// 12.1. Refresh Request
@@ -126,12 +125,12 @@ func (h *Handler) serveHTTP(w http.ResponseWriter, r *http.Request) error {
 			refreshToken := r.Form.Get("refresh_token")
 			tokenResponse, err := h.provider.Refresh(refreshToken)
 			if err != nil {
-				return xerrors.Errorf("token refresh error: %w", err)
+				return fmt.Errorf("token refresh error: %w", err)
 			}
 			w.Header().Add("Content-Type", "application/json")
 			e := json.NewEncoder(w)
 			if err := e.Encode(tokenResponse); err != nil {
-				return xerrors.Errorf("could not render json: %w", err)
+				return fmt.Errorf("could not render json: %w", err)
 			}
 		default:
 			// 5.2. Error Response
--- a/integration_test/oidcserver/server.go
+++ b/integration_test/oidcserver/server.go
@@ -4,6 +4,7 @@ package oidcserver
 import (
 	"crypto/sha256"
 	"encoding/base64"
+	"fmt"
 	"math/big"
 	"strings"
 	"testing"
@@ -13,7 +14,6 @@ import (
 	"github.com/int128/kubelogin/integration_test/oidcserver/handler"
 	"github.com/int128/kubelogin/integration_test/oidcserver/http"
 	"github.com/int128/kubelogin/pkg/testing/jwt"
-	"golang.org/x/xerrors"
 )

 type Server interface {
@@ -133,7 +133,7 @@ func (sv *server) AuthenticateCode(req handler.AuthenticationRequest) (code stri

 func (sv *server) Exchange(req handler.TokenRequest) (*handler.TokenResponse, error) {
 	if req.Code != "YOUR_AUTH_CODE" {
-		return nil, xerrors.Errorf("code wants %s but was %s", "YOUR_AUTH_CODE", req.Code)
+		return nil, fmt.Errorf("code wants %s but was %s", "YOUR_AUTH_CODE", req.Code)
 	}
 	if sv.lastAuthenticationRequest.CodeChallengeMethod == "S256" {
 		// https://tools.ietf.org/html/rfc7636#section-4.6
--- a/integration_test/standalone_test.go
+++ b/integration_test/standalone_test.go
@@ -10,8 +10,8 @@ import (
 	"github.com/int128/kubelogin/integration_test/keypair"
 	"github.com/int128/kubelogin/integration_test/kubeconfig"
 	"github.com/int128/kubelogin/integration_test/oidcserver"
-	"github.com/int128/kubelogin/pkg/adaptors/browser"
 	"github.com/int128/kubelogin/pkg/di"
+	"github.com/int128/kubelogin/pkg/infrastructure/browser"
 	"github.com/int128/kubelogin/pkg/testing/clock"
 	"github.com/int128/kubelogin/pkg/testing/logger"
 )
--- a/pkg/adaptors/certpool/cert.go
+++ b/pkg/adaptors/certpool/cert.go
@@ -1,71 +0,0 @@
-// Package certpool provides loading certificates from files or base64 encoded string.
-package certpool
-
-import (
-	"crypto/tls"
-	"crypto/x509"
-	"encoding/base64"
-	"io/ioutil"
-
-	"github.com/google/wire"
-	"golang.org/x/xerrors"
-)
-
-//go:generate mockgen -destination mock_certpool/mock_certpool.go github.com/int128/kubelogin/pkg/adaptors/certpool Interface
-
-// Set provides an implementation and interface.
-var Set = wire.NewSet(
-	wire.Value(NewFunc(New)),
-	wire.Struct(new(CertPool), "*"),
-	wire.Bind(new(Interface), new(*CertPool)),
-)
-
-type NewFunc func() Interface
-
-// New returns an instance which implements the Interface.
-func New() Interface {
-	return &CertPool{pool: x509.NewCertPool()}
-}
-
-type Interface interface {
-	AddFile(filename string) error
-	AddBase64Encoded(s string) error
-	SetRootCAs(cfg *tls.Config)
-}
-
-// CertPool represents a pool of certificates.
-type CertPool struct {
-	pool *x509.CertPool
-}
-
-// SetRootCAs sets cfg.RootCAs if it has any certificate.
-// Otherwise do nothing.
-func (p *CertPool) SetRootCAs(cfg *tls.Config) {
-	if len(p.pool.Subjects()) > 0 {
-		cfg.RootCAs = p.pool
-	}
-}
-
-// AddFile loads the certificate from the file.
-func (p *CertPool) AddFile(filename string) error {
-	b, err := ioutil.ReadFile(filename)
-	if err != nil {
-		return xerrors.Errorf("could not read %s: %w", filename, err)
-	}
-	if !p.pool.AppendCertsFromPEM(b) {
-		return xerrors.Errorf("could not append certificate from %s", filename)
-	}
-	return nil
-}
-
-// AddBase64Encoded loads the certificate from the base64 encoded string.
-func (p *CertPool) AddBase64Encoded(s string) error {
-	b, err := base64.StdEncoding.DecodeString(s)
-	if err != nil {
-		return xerrors.Errorf("could not decode base64: %w", err)
-	}
-	if !p.pool.AppendCertsFromPEM(b) {
-		return xerrors.Errorf("could not append certificate")
-	}
-	return nil
-}
--- a/pkg/adaptors/certpool/cert_test.go
+++ b/pkg/adaptors/certpool/cert_test.go
@@ -1,58 +0,0 @@
-package certpool
-
-import (
-	"crypto/tls"
-	"io/ioutil"
-	"testing"
-)
-
-func TestCertPool_AddFile(t *testing.T) {
-	t.Run("Valid", func(t *testing.T) {
-		p := New()
-		if err := p.AddFile("testdata/ca1.crt"); err != nil {
-			t.Errorf("AddFile error: %s", err)
-		}
-		var cfg tls.Config
-		p.SetRootCAs(&cfg)
-		if n := len(cfg.RootCAs.Subjects()); n != 1 {
-			t.Errorf("n wants 1 but was %d", n)
-		}
-	})
-	t.Run("Invalid", func(t *testing.T) {
-		p := New()
-		err := p.AddFile("testdata/Makefile")
-		if err == nil {
-			t.Errorf("AddFile wants an error but was nil")
-		}
-	})
-}
-
-func TestCertPool_AddBase64Encoded(t *testing.T) {
-	p := New()
-	if err := p.AddBase64Encoded(readFile(t, "testdata/ca2.crt.base64")); err != nil {
-		t.Errorf("AddBase64Encoded error: %s", err)
-	}
-	var cfg tls.Config
-	p.SetRootCAs(&cfg)
-	if n := len(cfg.RootCAs.Subjects()); n != 1 {
-		t.Errorf("n wants 1 but was %d", n)
-	}
-}
-
-func TestCertPool_SetRootCAs(t *testing.T) {
-	p := New()
-	var cfg tls.Config
-	p.SetRootCAs(&cfg)
-	if cfg.RootCAs != nil {
-		t.Errorf("cfg.RootCAs wants nil but was %+v", cfg.RootCAs)
-	}
-}
-
-func readFile(t *testing.T, filename string) string {
-	t.Helper()
-	b, err := ioutil.ReadFile(filename)
-	if err != nil {
-		t.Fatalf("ReadFile error: %s", err)
-	}
-	return string(b)
-}
--- a/pkg/adaptors/certpool/mock_certpool/mock_certpool.go
+++ b/pkg/adaptors/certpool/mock_certpool/mock_certpool.go
@@ -1,74 +0,0 @@
-// Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/int128/kubelogin/pkg/adaptors/certpool (interfaces: Interface)
-
-// Package mock_certpool is a generated GoMock package.
-package mock_certpool
-
-import (
-	tls "crypto/tls"
-	gomock "github.com/golang/mock/gomock"
-	reflect "reflect"
-)
-
-// MockInterface is a mock of Interface interface.
-type MockInterface struct {
-	ctrl     *gomock.Controller
-	recorder *MockInterfaceMockRecorder
-}
-
-// MockInterfaceMockRecorder is the mock recorder for MockInterface.
-type MockInterfaceMockRecorder struct {
-	mock *MockInterface
-}
-
-// NewMockInterface creates a new mock instance.
-func NewMockInterface(ctrl *gomock.Controller) *MockInterface {
-	mock := &MockInterface{ctrl: ctrl}
-	mock.recorder = &MockInterfaceMockRecorder{mock}
-	return mock
-}
-
-// EXPECT returns an object that allows the caller to indicate expected use.
-func (m *MockInterface) EXPECT() *MockInterfaceMockRecorder {
-	return m.recorder
-}
-
-// AddBase64Encoded mocks base method.
-func (m *MockInterface) AddBase64Encoded(arg0 string) error {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "AddBase64Encoded", arg0)
-	ret0, _ := ret[0].(error)
-	return ret0
-}
-
-// AddBase64Encoded indicates an expected call of AddBase64Encoded.
-func (mr *MockInterfaceMockRecorder) AddBase64Encoded(arg0 interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddBase64Encoded", reflect.TypeOf((*MockInterface)(nil).AddBase64Encoded), arg0)
-}
-
-// AddFile mocks base method.
-func (m *MockInterface) AddFile(arg0 string) error {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "AddFile", arg0)
-	ret0, _ := ret[0].(error)
-	return ret0
-}
-
-// AddFile indicates an expected call of AddFile.
-func (mr *MockInterfaceMockRecorder) AddFile(arg0 interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddFile", reflect.TypeOf((*MockInterface)(nil).AddFile), arg0)
-}
-
-// SetRootCAs mocks base method.
-func (m *MockInterface) SetRootCAs(arg0 *tls.Config) {
-	m.ctrl.T.Helper()
-	m.ctrl.Call(m, "SetRootCAs", arg0)
-}
-
-// SetRootCAs indicates an expected call of SetRootCAs.
-func (mr *MockInterfaceMockRecorder) SetRootCAs(arg0 interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetRootCAs", reflect.TypeOf((*MockInterface)(nil).SetRootCAs), arg0)
-}
--- a/pkg/adaptors/cmd/cmd_test.go
+++ b/pkg/adaptors/cmd/cmd_test.go
@@ -1,399 +0,0 @@
-package cmd
-
-import (
-	"context"
-	"testing"
-	"time"
-
-	"github.com/golang/mock/gomock"
-	"github.com/int128/kubelogin/pkg/testing/logger"
-	"github.com/int128/kubelogin/pkg/usecases/authentication"
-	"github.com/int128/kubelogin/pkg/usecases/authentication/authcode"
-	"github.com/int128/kubelogin/pkg/usecases/authentication/ropc"
-	"github.com/int128/kubelogin/pkg/usecases/credentialplugin"
-	"github.com/int128/kubelogin/pkg/usecases/credentialplugin/mock_credentialplugin"
-	"github.com/int128/kubelogin/pkg/usecases/standalone"
-	"github.com/int128/kubelogin/pkg/usecases/standalone/mock_standalone"
-)
-
-func TestCmd_Run(t *testing.T) {
-	const executable = "kubelogin"
-	const version = "HEAD"
-
-	t.Run("root", func(t *testing.T) {
-		tests := map[string]struct {
-			args []string
-			in   standalone.Input
-		}{
-			"Defaults": {
-				args: []string{executable},
-				in: standalone.Input{
-					GrantOptionSet: authentication.GrantOptionSet{
-						AuthCodeBrowserOption: &authcode.BrowserOption{
-							BindAddress:           defaultListenAddress,
-							AuthenticationTimeout: defaultAuthenticationTimeoutSec * time.Second,
-							RedirectURLHostname:   "localhost",
-						},
-					},
-				},
-			},
-			"when --listen-port is set, it should convert the port to address": {
-				args: []string{
-					executable,
-					"--listen-port", "10080",
-					"--listen-port", "20080",
-				},
-				in: standalone.Input{
-					GrantOptionSet: authentication.GrantOptionSet{
-						AuthCodeBrowserOption: &authcode.BrowserOption{
-							BindAddress:           []string{"127.0.0.1:10080", "127.0.0.1:20080"},
-							AuthenticationTimeout: defaultAuthenticationTimeoutSec * time.Second,
-							RedirectURLHostname:   "localhost",
-						},
-					},
-				},
-			},
-			"when --listen-port is set, it should ignore --listen-address flags": {
-				args: []string{
-					executable,
-					"--listen-port", "10080",
-					"--listen-port", "20080",
-					"--listen-address", "127.0.0.1:30080",
-					"--listen-address", "127.0.0.1:40080",
-				},
-				in: standalone.Input{
-					GrantOptionSet: authentication.GrantOptionSet{
-						AuthCodeBrowserOption: &authcode.BrowserOption{
-							BindAddress:           []string{"127.0.0.1:10080", "127.0.0.1:20080"},
-							AuthenticationTimeout: defaultAuthenticationTimeoutSec * time.Second,
-							RedirectURLHostname:   "localhost",
-						},
-					},
-				},
-			},
-			"FullOptions": {
-				args: []string{executable,
-					"--kubeconfig", "/path/to/kubeconfig",
-					"--context", "hello.k8s.local",
-					"--user", "google",
-					"--certificate-authority", "/path/to/cacert",
-					"--certificate-authority-data", "BASE64ENCODED",
-					"--insecure-skip-tls-verify",
-					"-v1",
-					"--grant-type", "authcode",
-					"--listen-address", "127.0.0.1:10080",
-					"--listen-address", "127.0.0.1:20080",
-					"--skip-open-browser",
-					"--authentication-timeout-sec", "10",
-					"--local-server-cert", "/path/to/local-server-cert",
-					"--local-server-key", "/path/to/local-server-key",
-					"--open-url-after-authentication", "https://example.com/success.html",
-					"--username", "USER",
-					"--password", "PASS",
-				},
-				in: standalone.Input{
-					KubeconfigFilename: "/path/to/kubeconfig",
-					KubeconfigContext:  "hello.k8s.local",
-					KubeconfigUser:     "google",
-					CACertFilename:     "/path/to/cacert",
-					CACertData:         "BASE64ENCODED",
-					SkipTLSVerify:      true,
-					GrantOptionSet: authentication.GrantOptionSet{
-						AuthCodeBrowserOption: &authcode.BrowserOption{
-							BindAddress:                []string{"127.0.0.1:10080", "127.0.0.1:20080"},
-							SkipOpenBrowser:            true,
-							AuthenticationTimeout:      10 * time.Second,
-							LocalServerCertFile:        "/path/to/local-server-cert",
-							LocalServerKeyFile:         "/path/to/local-server-key",
-							OpenURLAfterAuthentication: "https://example.com/success.html",
-							RedirectURLHostname:        "localhost",
-						},
-					},
-				},
-			},
-			"GrantType=authcode-keyboard": {
-				args: []string{executable,
-					"--grant-type", "authcode-keyboard",
-				},
-				in: standalone.Input{
-					GrantOptionSet: authentication.GrantOptionSet{
-						AuthCodeKeyboardOption: &authcode.KeyboardOption{},
-					},
-				},
-			},
-			"GrantType=password": {
-				args: []string{executable,
-					"--grant-type", "password",
-					"--listen-address", "127.0.0.1:10080",
-					"--listen-address", "127.0.0.1:20080",
-					"--username", "USER",
-					"--password", "PASS",
-				},
-				in: standalone.Input{
-					GrantOptionSet: authentication.GrantOptionSet{
-						ROPCOption: &ropc.Option{
-							Username: "USER",
-							Password: "PASS",
-						},
-					},
-				},
-			},
-			"GrantType=auto": {
-				args: []string{executable,
-					"--listen-address", "127.0.0.1:10080",
-					"--listen-address", "127.0.0.1:20080",
-					"--username", "USER",
-					"--password", "PASS",
-				},
-				in: standalone.Input{
-					GrantOptionSet: authentication.GrantOptionSet{
-						ROPCOption: &ropc.Option{
-							Username: "USER",
-							Password: "PASS",
-						},
-					},
-				},
-			},
-		}
-		for name, c := range tests {
-			t.Run(name, func(t *testing.T) {
-				ctrl := gomock.NewController(t)
-				defer ctrl.Finish()
-				ctx := context.TODO()
-				mockStandalone := mock_standalone.NewMockInterface(ctrl)
-				mockStandalone.EXPECT().
-					Do(ctx, c.in)
-				cmd := Cmd{
-					Root: &Root{
-						Standalone: mockStandalone,
-						Logger:     logger.New(t),
-					},
-					Logger: logger.New(t),
-				}
-				exitCode := cmd.Run(ctx, c.args, version)
-				if exitCode != 0 {
-					t.Errorf("exitCode wants 0 but %d", exitCode)
-				}
-			})
-		}
-
-		t.Run("TooManyArgs", func(t *testing.T) {
-			ctrl := gomock.NewController(t)
-			defer ctrl.Finish()
-			cmd := Cmd{
-				Root: &Root{
-					Standalone: mock_standalone.NewMockInterface(ctrl),
-					Logger:     logger.New(t),
-				},
-				Logger: logger.New(t),
-			}
-			exitCode := cmd.Run(context.TODO(), []string{executable, "some"}, version)
-			if exitCode != 1 {
-				t.Errorf("exitCode wants 1 but %d", exitCode)
-			}
-		})
-	})
-
-	t.Run("get-token", func(t *testing.T) {
-		tests := map[string]struct {
-			args []string
-			in   credentialplugin.Input
-		}{
-			"Defaults": {
-				args: []string{executable,
-					"get-token",
-					"--oidc-issuer-url", "https://issuer.example.com",
-					"--oidc-client-id", "YOUR_CLIENT_ID",
-				},
-				in: credentialplugin.Input{
-					TokenCacheDir: defaultTokenCacheDir,
-					IssuerURL:     "https://issuer.example.com",
-					ClientID:      "YOUR_CLIENT_ID",
-					GrantOptionSet: authentication.GrantOptionSet{
-						AuthCodeBrowserOption: &authcode.BrowserOption{
-							BindAddress:           []string{"127.0.0.1:8000", "127.0.0.1:18000"},
-							AuthenticationTimeout: defaultAuthenticationTimeoutSec * time.Second,
-							RedirectURLHostname:   "localhost",
-						},
-					},
-				},
-			},
-			"FullOptions": {
-				args: []string{executable,
-					"get-token",
-					"--oidc-issuer-url", "https://issuer.example.com",
-					"--oidc-client-id", "YOUR_CLIENT_ID",
-					"--oidc-client-secret", "YOUR_CLIENT_SECRET",
-					"--oidc-extra-scope", "email",
-					"--oidc-extra-scope", "profile",
-					"--certificate-authority", "/path/to/cacert",
-					"--certificate-authority-data", "BASE64ENCODED",
-					"--insecure-skip-tls-verify",
-					"-v1",
-					"--grant-type", "authcode",
-					"--listen-address", "127.0.0.1:10080",
-					"--listen-address", "127.0.0.1:20080",
-					"--skip-open-browser",
-					"--authentication-timeout-sec", "10",
-					"--local-server-cert", "/path/to/local-server-cert",
-					"--local-server-key", "/path/to/local-server-key",
-					"--open-url-after-authentication", "https://example.com/success.html",
-					"--oidc-auth-request-extra-params", "ttl=86400",
-					"--oidc-auth-request-extra-params", "reauth=true",
-					"--username", "USER",
-					"--password", "PASS",
-				},
-				in: credentialplugin.Input{
-					TokenCacheDir:  defaultTokenCacheDir,
-					IssuerURL:      "https://issuer.example.com",
-					ClientID:       "YOUR_CLIENT_ID",
-					ClientSecret:   "YOUR_CLIENT_SECRET",
-					ExtraScopes:    []string{"email", "profile"},
-					CACertFilename: "/path/to/cacert",
-					CACertData:     "BASE64ENCODED",
-					SkipTLSVerify:  true,
-					GrantOptionSet: authentication.GrantOptionSet{
-						AuthCodeBrowserOption: &authcode.BrowserOption{
-							BindAddress:                []string{"127.0.0.1:10080", "127.0.0.1:20080"},
-							SkipOpenBrowser:            true,
-							AuthenticationTimeout:      10 * time.Second,
-							LocalServerCertFile:        "/path/to/local-server-cert",
-							LocalServerKeyFile:         "/path/to/local-server-key",
-							OpenURLAfterAuthentication: "https://example.com/success.html",
-							RedirectURLHostname:        "localhost",
-							AuthRequestExtraParams:     map[string]string{"ttl": "86400", "reauth": "true"},
-						},
-					},
-				},
-			},
-			"GrantType=authcode-keyboard": {
-				args: []string{executable,
-					"get-token",
-					"--oidc-issuer-url", "https://issuer.example.com",
-					"--oidc-client-id", "YOUR_CLIENT_ID",
-					"--grant-type", "authcode-keyboard",
-					"--oidc-auth-request-extra-params", "ttl=86400",
-				},
-				in: credentialplugin.Input{
-					TokenCacheDir: defaultTokenCacheDir,
-					IssuerURL:     "https://issuer.example.com",
-					ClientID:      "YOUR_CLIENT_ID",
-					GrantOptionSet: authentication.GrantOptionSet{
-						AuthCodeKeyboardOption: &authcode.KeyboardOption{
-							AuthRequestExtraParams: map[string]string{"ttl": "86400"},
-						},
-					},
-				},
-			},
-			"GrantType=password": {
-				args: []string{executable,
-					"get-token",
-					"--oidc-issuer-url", "https://issuer.example.com",
-					"--oidc-client-id", "YOUR_CLIENT_ID",
-					"--grant-type", "password",
-					"--listen-address", "127.0.0.1:10080",
-					"--listen-address", "127.0.0.1:20080",
-					"--username", "USER",
-					"--password", "PASS",
-				},
-				in: credentialplugin.Input{
-					TokenCacheDir: defaultTokenCacheDir,
-					IssuerURL:     "https://issuer.example.com",
-					ClientID:      "YOUR_CLIENT_ID",
-					GrantOptionSet: authentication.GrantOptionSet{
-						ROPCOption: &ropc.Option{
-							Username: "USER",
-							Password: "PASS",
-						},
-					},
-				},
-			},
-			"GrantType=auto": {
-				args: []string{executable,
-					"get-token",
-					"--oidc-issuer-url", "https://issuer.example.com",
-					"--oidc-client-id", "YOUR_CLIENT_ID",
-					"--listen-address", "127.0.0.1:10080",
-					"--listen-address", "127.0.0.1:20080",
-					"--username", "USER",
-					"--password", "PASS",
-				},
-				in: credentialplugin.Input{
-					TokenCacheDir: defaultTokenCacheDir,
-					IssuerURL:     "https://issuer.example.com",
-					ClientID:      "YOUR_CLIENT_ID",
-					GrantOptionSet: authentication.GrantOptionSet{
-						ROPCOption: &ropc.Option{
-							Username: "USER",
-							Password: "PASS",
-						},
-					},
-				},
-			},
-		}
-		for name, c := range tests {
-			t.Run(name, func(t *testing.T) {
-				ctrl := gomock.NewController(t)
-				defer ctrl.Finish()
-				ctx := context.TODO()
-				getToken := mock_credentialplugin.NewMockInterface(ctrl)
-				getToken.EXPECT().
-					Do(ctx, c.in)
-				cmd := Cmd{
-					Root: &Root{
-						Logger: logger.New(t),
-					},
-					GetToken: &GetToken{
-						GetToken: getToken,
-						Logger:   logger.New(t),
-					},
-					Logger: logger.New(t),
-				}
-				exitCode := cmd.Run(ctx, c.args, version)
-				if exitCode != 0 {
-					t.Errorf("exitCode wants 0 but %d", exitCode)
-				}
-			})
-		}
-
-		t.Run("MissingMandatoryOptions", func(t *testing.T) {
-			ctrl := gomock.NewController(t)
-			defer ctrl.Finish()
-			ctx := context.TODO()
-			cmd := Cmd{
-				Root: &Root{
-					Logger: logger.New(t),
-				},
-				GetToken: &GetToken{
-					GetToken: mock_credentialplugin.NewMockInterface(ctrl),
-					Logger:   logger.New(t),
-				},
-				Logger: logger.New(t),
-			}
-			exitCode := cmd.Run(ctx, []string{executable, "get-token"}, version)
-			if exitCode != 1 {
-				t.Errorf("exitCode wants 1 but %d", exitCode)
-			}
-		})
-
-		t.Run("TooManyArgs", func(t *testing.T) {
-			ctrl := gomock.NewController(t)
-			defer ctrl.Finish()
-			ctx := context.TODO()
-			cmd := Cmd{
-				Root: &Root{
-					Logger: logger.New(t),
-				},
-				GetToken: &GetToken{
-					GetToken: mock_credentialplugin.NewMockInterface(ctrl),
-					Logger:   logger.New(t),
-				},
-				Logger: logger.New(t),
-			}
-			exitCode := cmd.Run(ctx, []string{executable, "get-token", "foo"}, version)
-			if exitCode != 1 {
-				t.Errorf("exitCode wants 1 but %d", exitCode)
-			}
-		})
-	})
-}
--- a/pkg/adaptors/cmd/tls.go
+++ b/pkg/adaptors/cmd/tls.go
@@ -1,15 +0,0 @@
-package cmd
-
-import "github.com/spf13/pflag"
-
-type tlsOptions struct {
-	CACertFilename string
-	CACertData     string
-	SkipTLSVerify  bool
-}
-
-func (o *tlsOptions) addFlags(f *pflag.FlagSet) {
-	f.StringVar(&o.CACertFilename, "certificate-authority", "", "Path to a cert file for the certificate authority")
-	f.StringVar(&o.CACertData, "certificate-authority-data", "", "Base64 encoded cert for the certificate authority")
-	f.BoolVar(&o.SkipTLSVerify, "insecure-skip-tls-verify", false, "If set, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure")
-}
--- a/pkg/adaptors/oidcclient/factory.go
+++ b/pkg/adaptors/oidcclient/factory.go
@@ -1,93 +0,0 @@
-// Package oidcclient provides a client of OpenID Connect.
-package oidcclient
-
-import (
-	"context"
-	"crypto/tls"
-	"fmt"
-	"net/http"
-
-	"github.com/coreos/go-oidc"
-	"github.com/google/wire"
-	"github.com/int128/kubelogin/pkg/adaptors/certpool"
-	"github.com/int128/kubelogin/pkg/adaptors/clock"
-	"github.com/int128/kubelogin/pkg/adaptors/logger"
-	"github.com/int128/kubelogin/pkg/adaptors/oidcclient/logging"
-	"golang.org/x/oauth2"
-	"golang.org/x/xerrors"
-)
-
-var Set = wire.NewSet(
-	wire.Struct(new(Factory), "*"),
-	wire.Bind(new(FactoryInterface), new(*Factory)),
-)
-
-type FactoryInterface interface {
-	New(ctx context.Context, config Config) (Interface, error)
-}
-
-// Config represents a configuration of OpenID Connect client.
-type Config struct {
-	IssuerURL     string
-	ClientID      string
-	ClientSecret  string
-	ExtraScopes   []string // optional
-	CertPool      certpool.Interface
-	SkipTLSVerify bool
-}
-
-type Factory struct {
-	Clock  clock.Interface
-	Logger logger.Interface
-}
-
-// New returns an instance of adaptors.Interface with the given configuration.
-func (f *Factory) New(ctx context.Context, config Config) (Interface, error) {
-	var tlsConfig tls.Config
-	tlsConfig.InsecureSkipVerify = config.SkipTLSVerify
-	config.CertPool.SetRootCAs(&tlsConfig)
-	baseTransport := &http.Transport{
-		TLSClientConfig: &tlsConfig,
-		Proxy:           http.ProxyFromEnvironment,
-	}
-	loggingTransport := &logging.Transport{
-		Base:   baseTransport,
-		Logger: f.Logger,
-	}
-	httpClient := &http.Client{
-		Transport: loggingTransport,
-	}
-
-	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
-	provider, err := oidc.NewProvider(ctx, config.IssuerURL)
-	if err != nil {
-		return nil, xerrors.Errorf("oidc discovery error: %w", err)
-	}
-	supportedPKCEMethods, err := extractSupportedPKCEMethods(provider)
-	if err != nil {
-		return nil, xerrors.Errorf("could not determine supported PKCE methods: %w", err)
-	}
-	return &client{
-		httpClient: httpClient,
-		provider:   provider,
-		oauth2Config: oauth2.Config{
-			Endpoint:     provider.Endpoint(),
-			ClientID:     config.ClientID,
-			ClientSecret: config.ClientSecret,
-			Scopes:       append(config.ExtraScopes, oidc.ScopeOpenID),
-		},
-		clock:                f.Clock,
-		logger:               f.Logger,
-		supportedPKCEMethods: supportedPKCEMethods,
-	}, nil
-}
-
-func extractSupportedPKCEMethods(provider *oidc.Provider) ([]string, error) {
-	var d struct {
-		CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"`
-	}
-	if err := provider.Claims(&d); err != nil {
-		return nil, fmt.Errorf("invalid discovery document: %w", err)
-	}
-	return d.CodeChallengeMethodsSupported, nil
-}
--- a/pkg/adaptors/tokencache/tokencache.go
+++ b/pkg/adaptors/tokencache/tokencache.go
@@ -1,97 +0,0 @@
-package tokencache
-
-import (
-	"crypto/sha256"
-	"encoding/gob"
-	"encoding/hex"
-	"encoding/json"
-	"os"
-	"path/filepath"
-
-	"github.com/google/wire"
-	"golang.org/x/xerrors"
-)
-
-//go:generate mockgen -destination mock_tokencache/mock_tokencache.go github.com/int128/kubelogin/pkg/adaptors/tokencache Interface
-
-// Set provides an implementation and interface for Kubeconfig.
-var Set = wire.NewSet(
-	wire.Struct(new(Repository), "*"),
-	wire.Bind(new(Interface), new(*Repository)),
-)
-
-type Interface interface {
-	FindByKey(dir string, key Key) (*Value, error)
-	Save(dir string, key Key, value Value) error
-}
-
-// Key represents a key of a token cache.
-type Key struct {
-	IssuerURL      string
-	ClientID       string
-	ClientSecret   string
-	ExtraScopes    []string
-	CACertFilename string
-	CACertData     string
-	SkipTLSVerify  bool
-}
-
-// Value represents a value of a token cache.
-type Value struct {
-	IDToken      string `json:"id_token,omitempty"`
-	RefreshToken string `json:"refresh_token,omitempty"`
-}
-
-// Repository provides access to the token cache on the local filesystem.
-// Filename of a token cache is sha256 digest of the issuer, zero-character and client ID.
-type Repository struct{}
-
-func (r *Repository) FindByKey(dir string, key Key) (*Value, error) {
-	filename, err := computeFilename(key)
-	if err != nil {
-		return nil, xerrors.Errorf("could not compute the key: %w", err)
-	}
-	p := filepath.Join(dir, filename)
-	f, err := os.Open(p)
-	if err != nil {
-		return nil, xerrors.Errorf("could not open file %s: %w", p, err)
-	}
-	defer f.Close()
-	d := json.NewDecoder(f)
-	var c Value
-	if err := d.Decode(&c); err != nil {
-		return nil, xerrors.Errorf("invalid json file %s: %w", p, err)
-	}
-	return &c, nil
-}
-
-func (r *Repository) Save(dir string, key Key, value Value) error {
-	if err := os.MkdirAll(dir, 0700); err != nil {
-		return xerrors.Errorf("could not create directory %s: %w", dir, err)
-	}
-	filename, err := computeFilename(key)
-	if err != nil {
-		return xerrors.Errorf("could not compute the key: %w", err)
-	}
-	p := filepath.Join(dir, filename)
-	f, err := os.OpenFile(p, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
-	if err != nil {
-		return xerrors.Errorf("could not create file %s: %w", p, err)
-	}
-	defer f.Close()
-	e := json.NewEncoder(f)
-	if err := e.Encode(&value); err != nil {
-		return xerrors.Errorf("json encode error: %w", err)
-	}
-	return nil
-}
-
-func computeFilename(key Key) (string, error) {
-	s := sha256.New()
-	e := gob.NewEncoder(s)
-	if err := e.Encode(&key); err != nil {
-		return "", xerrors.Errorf("could not encode the key: %w", err)
-	}
-	h := hex.EncodeToString(s.Sum(nil))
-	return h, nil
-}
--- a/pkg/adaptors/cmd/authentication.go
+++ b/pkg/adaptors/cmd/authentication.go
@@ -9,7 +9,6 @@ import (
 	"github.com/int128/kubelogin/pkg/usecases/authentication/authcode"
 	"github.com/int128/kubelogin/pkg/usecases/authentication/ropc"
 	"github.com/spf13/pflag"
-	"golang.org/x/xerrors"
 )

 type authenticationOptions struct {
@@ -18,6 +17,7 @@ type authenticationOptions struct {
 	ListenPort                 []int // deprecated
 	AuthenticationTimeoutSec   int
 	SkipOpenBrowser            bool
+	BrowserCommand             string
 	LocalServerCertFile        string
 	LocalServerKeyFile         string
 	OpenURLAfterAuthentication string
@@ -58,6 +58,7 @@ func (o *authenticationOptions) addFlags(f *pflag.FlagSet) {
 		panic(err)
 	}
 	f.BoolVar(&o.SkipOpenBrowser, "skip-open-browser", false, "[authcode] Do not open the browser automatically")
+	f.StringVar(&o.BrowserCommand, "browser-command", "", "[authcode] Command to open the browser")
 	f.IntVar(&o.AuthenticationTimeoutSec, "authentication-timeout-sec", defaultAuthenticationTimeoutSec, "[authcode] Timeout of authentication in seconds")
 	f.StringVar(&o.LocalServerCertFile, "local-server-cert", "", "[authcode] Certificate path for the local server")
 	f.StringVar(&o.LocalServerKeyFile, "local-server-key", "", "[authcode] Certificate key path for the local server")
@@ -68,12 +69,18 @@ func (o *authenticationOptions) addFlags(f *pflag.FlagSet) {
 	f.StringVar(&o.Password, "password", "", "[password] Password for resource owner password credentials grant")
 }

+func (o *authenticationOptions) expandHomedir() {
+	o.LocalServerCertFile = expandHomedir(o.LocalServerCertFile)
+	o.LocalServerKeyFile = expandHomedir(o.LocalServerKeyFile)
+}
+
 func (o *authenticationOptions) grantOptionSet() (s authentication.GrantOptionSet, err error) {
 	switch {
 	case o.GrantType == "authcode" || (o.GrantType == "auto" && o.Username == ""):
 		s.AuthCodeBrowserOption = &authcode.BrowserOption{
 			BindAddress:                o.determineListenAddress(),
 			SkipOpenBrowser:            o.SkipOpenBrowser,
+			BrowserCommand:             o.BrowserCommand,
 			AuthenticationTimeout:      time.Duration(o.AuthenticationTimeoutSec) * time.Second,
 			LocalServerCertFile:        o.LocalServerCertFile,
 			LocalServerKeyFile:         o.LocalServerKeyFile,
@@ -91,7 +98,7 @@ func (o *authenticationOptions) grantOptionSet() (s authentication.GrantOptionSe
 			Password: o.Password,
 		}
 	default:
-		err = xerrors.Errorf("grant-type must be one of (%s)", allGrantType)
+		err = fmt.Errorf("grant-type must be one of (%s)", allGrantType)
 	}
 	return
 }
--- a/pkg/cmd/authentication_test.go
+++ b/pkg/cmd/authentication_test.go
@@ -0,0 +1,143 @@
+package cmd
+
+import (
+	"testing"
+	"time"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/int128/kubelogin/pkg/usecases/authentication"
+	"github.com/int128/kubelogin/pkg/usecases/authentication/authcode"
+	"github.com/int128/kubelogin/pkg/usecases/authentication/ropc"
+	"github.com/spf13/pflag"
+)
+
+func Test_authenticationOptions_grantOptionSet(t *testing.T) {
+	tests := map[string]struct {
+		args []string
+		want authentication.GrantOptionSet
+	}{
+		"NoFlag": {
+			want: authentication.GrantOptionSet{
+				AuthCodeBrowserOption: &authcode.BrowserOption{
+					BindAddress:           defaultListenAddress,
+					AuthenticationTimeout: defaultAuthenticationTimeoutSec * time.Second,
+					RedirectURLHostname:   "localhost",
+				},
+			},
+		},
+		"FullOptions": {
+			args: []string{
+				"--grant-type", "authcode",
+				"--listen-address", "127.0.0.1:10080",
+				"--listen-address", "127.0.0.1:20080",
+				"--skip-open-browser",
+				"--browser-command", "firefox",
+				"--authentication-timeout-sec", "10",
+				"--local-server-cert", "/path/to/local-server-cert",
+				"--local-server-key", "/path/to/local-server-key",
+				"--open-url-after-authentication", "https://example.com/success.html",
+				"--oidc-redirect-url-hostname", "example",
+				"--oidc-auth-request-extra-params", "ttl=86400",
+				"--oidc-auth-request-extra-params", "reauth=true",
+				"--username", "USER",
+				"--password", "PASS",
+			},
+			want: authentication.GrantOptionSet{
+				AuthCodeBrowserOption: &authcode.BrowserOption{
+					BindAddress:                []string{"127.0.0.1:10080", "127.0.0.1:20080"},
+					SkipOpenBrowser:            true,
+					BrowserCommand:             "firefox",
+					AuthenticationTimeout:      10 * time.Second,
+					LocalServerCertFile:        "/path/to/local-server-cert",
+					LocalServerKeyFile:         "/path/to/local-server-key",
+					OpenURLAfterAuthentication: "https://example.com/success.html",
+					RedirectURLHostname:        "example",
+					AuthRequestExtraParams:     map[string]string{"ttl": "86400", "reauth": "true"},
+				},
+			},
+		},
+		"when --listen-port is set, it should convert the port to address": {
+			args: []string{
+				"--listen-port", "10080",
+				"--listen-port", "20080",
+			},
+			want: authentication.GrantOptionSet{
+				AuthCodeBrowserOption: &authcode.BrowserOption{
+					BindAddress:           []string{"127.0.0.1:10080", "127.0.0.1:20080"},
+					AuthenticationTimeout: defaultAuthenticationTimeoutSec * time.Second,
+					RedirectURLHostname:   "localhost",
+				},
+			},
+		},
+		"when --listen-port is set, it should ignore --listen-address flags": {
+			args: []string{
+				"--listen-port", "10080",
+				"--listen-port", "20080",
+				"--listen-address", "127.0.0.1:30080",
+				"--listen-address", "127.0.0.1:40080",
+			},
+			want: authentication.GrantOptionSet{
+				AuthCodeBrowserOption: &authcode.BrowserOption{
+					BindAddress:           []string{"127.0.0.1:10080", "127.0.0.1:20080"},
+					AuthenticationTimeout: defaultAuthenticationTimeoutSec * time.Second,
+					RedirectURLHostname:   "localhost",
+				},
+			},
+		},
+		"GrantType=authcode-keyboard": {
+			args: []string{
+				"--grant-type", "authcode-keyboard",
+			},
+			want: authentication.GrantOptionSet{
+				AuthCodeKeyboardOption: &authcode.KeyboardOption{},
+			},
+		},
+		"GrantType=password": {
+			args: []string{
+				"--grant-type", "password",
+				"--listen-address", "127.0.0.1:10080",
+				"--listen-address", "127.0.0.1:20080",
+				"--username", "USER",
+				"--password", "PASS",
+			},
+			want: authentication.GrantOptionSet{
+				ROPCOption: &ropc.Option{
+					Username: "USER",
+					Password: "PASS",
+				},
+			},
+		},
+		"GrantType=auto": {
+			args: []string{
+				"--listen-address", "127.0.0.1:10080",
+				"--listen-address", "127.0.0.1:20080",
+				"--username", "USER",
+				"--password", "PASS",
+			},
+			want: authentication.GrantOptionSet{
+				ROPCOption: &ropc.Option{
+					Username: "USER",
+					Password: "PASS",
+				},
+			},
+		},
+	}
+
+	for name, c := range tests {
+		t.Run(name, func(t *testing.T) {
+			var o authenticationOptions
+			f := pflag.NewFlagSet("", pflag.ContinueOnError)
+			o.addFlags(f)
+			if err := f.Parse(c.args); err != nil {
+				t.Fatalf("Parse error: %s", err)
+			}
+			got, err := o.grantOptionSet()
+			if err != nil {
+				t.Fatalf("grantOptionSet error: %s", err)
+			}
+			if diff := cmp.Diff(c.want, got); diff != "" {
+				t.Errorf("mismatch (-want +got):\n%s", diff)
+			}
+		})
+	}
+}
--- a/pkg/adaptors/cmd/cmd.go
+++ b/pkg/adaptors/cmd/cmd.go
@@ -2,12 +2,12 @@ package cmd

 import (
 	"context"
+	"path/filepath"
 	"runtime"

 	"github.com/google/wire"
-	"github.com/int128/kubelogin/pkg/adaptors/logger"
+	"github.com/int128/kubelogin/pkg/infrastructure/logger"
 	"github.com/spf13/cobra"
-	"k8s.io/client-go/util/homedir"
 )

 // Set provides an implementation and interface for Cmd.
@@ -24,7 +24,7 @@ type Interface interface {
 }

 var defaultListenAddress = []string{"127.0.0.1:8000", "127.0.0.1:18000"}
-var defaultTokenCacheDir = homedir.HomeDir() + "/.kube/cache/oidc-login"
+var defaultTokenCacheDir = filepath.Join("~", ".kube", "cache", "oidc-login")

 const defaultAuthenticationTimeoutSec = 180

--- a/pkg/cmd/cmd_test.go
+++ b/pkg/cmd/cmd_test.go
@@ -0,0 +1,257 @@
+package cmd
+
+import (
+	"context"
+	"os"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/golang/mock/gomock"
+	"github.com/int128/kubelogin/pkg/oidc"
+	"github.com/int128/kubelogin/pkg/testing/logger"
+	"github.com/int128/kubelogin/pkg/tlsclientconfig"
+	"github.com/int128/kubelogin/pkg/usecases/authentication"
+	"github.com/int128/kubelogin/pkg/usecases/authentication/authcode"
+	"github.com/int128/kubelogin/pkg/usecases/credentialplugin"
+	"github.com/int128/kubelogin/pkg/usecases/credentialplugin/mock_credentialplugin"
+	"github.com/int128/kubelogin/pkg/usecases/standalone"
+	"github.com/int128/kubelogin/pkg/usecases/standalone/mock_standalone"
+)
+
+func TestCmd_Run(t *testing.T) {
+	const executable = "kubelogin"
+	const version = "HEAD"
+
+	t.Run("root", func(t *testing.T) {
+		tests := map[string]struct {
+			args []string
+			in   standalone.Input
+		}{
+			"Defaults": {
+				args: []string{executable},
+				in: standalone.Input{
+					GrantOptionSet: authentication.GrantOptionSet{
+						AuthCodeBrowserOption: &authcode.BrowserOption{
+							BindAddress:           defaultListenAddress,
+							AuthenticationTimeout: defaultAuthenticationTimeoutSec * time.Second,
+							RedirectURLHostname:   "localhost",
+						},
+					},
+				},
+			},
+			"FullOptions": {
+				args: []string{executable,
+					"--kubeconfig", "/path/to/kubeconfig",
+					"--context", "hello.k8s.local",
+					"--user", "google",
+					"-v1",
+				},
+				in: standalone.Input{
+					KubeconfigFilename: "/path/to/kubeconfig",
+					KubeconfigContext:  "hello.k8s.local",
+					KubeconfigUser:     "google",
+					GrantOptionSet: authentication.GrantOptionSet{
+						AuthCodeBrowserOption: &authcode.BrowserOption{
+							BindAddress:           defaultListenAddress,
+							AuthenticationTimeout: defaultAuthenticationTimeoutSec * time.Second,
+							RedirectURLHostname:   "localhost",
+						},
+					},
+				},
+			},
+		}
+		for name, c := range tests {
+			t.Run(name, func(t *testing.T) {
+				ctrl := gomock.NewController(t)
+				defer ctrl.Finish()
+				ctx := context.TODO()
+				mockStandalone := mock_standalone.NewMockInterface(ctrl)
+				mockStandalone.EXPECT().
+					Do(ctx, c.in)
+				cmd := Cmd{
+					Root: &Root{
+						Standalone: mockStandalone,
+						Logger:     logger.New(t),
+					},
+					Logger: logger.New(t),
+				}
+				exitCode := cmd.Run(ctx, c.args, version)
+				if exitCode != 0 {
+					t.Errorf("exitCode wants 0 but %d", exitCode)
+				}
+			})
+		}
+
+		t.Run("TooManyArgs", func(t *testing.T) {
+			ctrl := gomock.NewController(t)
+			defer ctrl.Finish()
+			cmd := Cmd{
+				Root: &Root{
+					Standalone: mock_standalone.NewMockInterface(ctrl),
+					Logger:     logger.New(t),
+				},
+				Logger: logger.New(t),
+			}
+			exitCode := cmd.Run(context.TODO(), []string{executable, "some"}, version)
+			if exitCode != 1 {
+				t.Errorf("exitCode wants 1 but %d", exitCode)
+			}
+		})
+	})
+
+	t.Run("get-token", func(t *testing.T) {
+		userHomeDir, err := os.UserHomeDir()
+		if err != nil {
+			t.Fatalf("os.UserHomeDir error: %s", err)
+		}
+
+		tests := map[string]struct {
+			args []string
+			in   credentialplugin.Input
+		}{
+			"Defaults": {
+				args: []string{executable,
+					"get-token",
+					"--oidc-issuer-url", "https://issuer.example.com",
+					"--oidc-client-id", "YOUR_CLIENT_ID",
+				},
+				in: credentialplugin.Input{
+					TokenCacheDir: filepath.Join(userHomeDir, ".kube/cache/oidc-login"),
+					Provider: oidc.Provider{
+						IssuerURL: "https://issuer.example.com",
+						ClientID:  "YOUR_CLIENT_ID",
+					},
+					GrantOptionSet: authentication.GrantOptionSet{
+						AuthCodeBrowserOption: &authcode.BrowserOption{
+							BindAddress:           defaultListenAddress,
+							AuthenticationTimeout: defaultAuthenticationTimeoutSec * time.Second,
+							RedirectURLHostname:   "localhost",
+						},
+					},
+				},
+			},
+			"FullOptions": {
+				args: []string{executable,
+					"get-token",
+					"--oidc-issuer-url", "https://issuer.example.com",
+					"--oidc-client-id", "YOUR_CLIENT_ID",
+					"--oidc-client-secret", "YOUR_CLIENT_SECRET",
+					"--oidc-extra-scope", "email",
+					"--oidc-extra-scope", "profile",
+					"-v1",
+				},
+				in: credentialplugin.Input{
+					TokenCacheDir: filepath.Join(userHomeDir, ".kube/cache/oidc-login"),
+					Provider: oidc.Provider{
+						IssuerURL:    "https://issuer.example.com",
+						ClientID:     "YOUR_CLIENT_ID",
+						ClientSecret: "YOUR_CLIENT_SECRET",
+						ExtraScopes:  []string{"email", "profile"},
+					},
+					GrantOptionSet: authentication.GrantOptionSet{
+						AuthCodeBrowserOption: &authcode.BrowserOption{
+							BindAddress:           defaultListenAddress,
+							AuthenticationTimeout: defaultAuthenticationTimeoutSec * time.Second,
+							RedirectURLHostname:   "localhost",
+						},
+					},
+				},
+			},
+			"HomedirExpansion": {
+				args: []string{executable,
+					"get-token",
+					"--oidc-issuer-url", "https://issuer.example.com",
+					"--oidc-client-id", "YOUR_CLIENT_ID",
+					"--certificate-authority", "~/.kube/ca.crt",
+					"--local-server-cert", "~/.kube/oidc-server.crt",
+					"--local-server-key", "~/.kube/oidc-server.key",
+					"--token-cache-dir", "~/.kube/oidc-cache",
+				},
+				in: credentialplugin.Input{
+					TokenCacheDir: filepath.Join(userHomeDir, ".kube/oidc-cache"),
+					Provider: oidc.Provider{
+						IssuerURL: "https://issuer.example.com",
+						ClientID:  "YOUR_CLIENT_ID",
+					},
+					GrantOptionSet: authentication.GrantOptionSet{
+						AuthCodeBrowserOption: &authcode.BrowserOption{
+							BindAddress:           defaultListenAddress,
+							AuthenticationTimeout: defaultAuthenticationTimeoutSec * time.Second,
+							RedirectURLHostname:   "localhost",
+							LocalServerCertFile:   filepath.Join(userHomeDir, ".kube/oidc-server.crt"),
+							LocalServerKeyFile:    filepath.Join(userHomeDir, ".kube/oidc-server.key"),
+						},
+					},
+					TLSClientConfig: tlsclientconfig.Config{
+						CACertFilename: []string{filepath.Join(userHomeDir, ".kube/ca.crt")},
+					},
+				},
+			},
+		}
+		for name, c := range tests {
+			t.Run(name, func(t *testing.T) {
+				ctrl := gomock.NewController(t)
+				defer ctrl.Finish()
+				ctx := context.TODO()
+				getToken := mock_credentialplugin.NewMockInterface(ctrl)
+				getToken.EXPECT().
+					Do(ctx, c.in)
+				cmd := Cmd{
+					Root: &Root{
+						Logger: logger.New(t),
+					},
+					GetToken: &GetToken{
+						GetToken: getToken,
+						Logger:   logger.New(t),
+					},
+					Logger: logger.New(t),
+				}
+				exitCode := cmd.Run(ctx, c.args, version)
+				if exitCode != 0 {
+					t.Errorf("exitCode wants 0 but %d", exitCode)
+				}
+			})
+		}
+
+		t.Run("MissingMandatoryOptions", func(t *testing.T) {
+			ctrl := gomock.NewController(t)
+			defer ctrl.Finish()
+			ctx := context.TODO()
+			cmd := Cmd{
+				Root: &Root{
+					Logger: logger.New(t),
+				},
+				GetToken: &GetToken{
+					GetToken: mock_credentialplugin.NewMockInterface(ctrl),
+					Logger:   logger.New(t),
+				},
+				Logger: logger.New(t),
+			}
+			exitCode := cmd.Run(ctx, []string{executable, "get-token"}, version)
+			if exitCode != 1 {
+				t.Errorf("exitCode wants 1 but %d", exitCode)
+			}
+		})
+
+		t.Run("TooManyArgs", func(t *testing.T) {
+			ctrl := gomock.NewController(t)
+			defer ctrl.Finish()
+			ctx := context.TODO()
+			cmd := Cmd{
+				Root: &Root{
+					Logger: logger.New(t),
+				},
+				GetToken: &GetToken{
+					GetToken: mock_credentialplugin.NewMockInterface(ctrl),
+					Logger:   logger.New(t),
+				},
+				Logger: logger.New(t),
+			}
+			exitCode := cmd.Run(ctx, []string{executable, "get-token", "foo"}, version)
+			if exitCode != 1 {
+				t.Errorf("exitCode wants 1 but %d", exitCode)
+			}
+		})
+	})
+}
--- a/pkg/adaptors/cmd/get_token.go
+++ b/pkg/adaptors/cmd/get_token.go
@@ -1,11 +1,14 @@
 package cmd

 import (
-	"github.com/int128/kubelogin/pkg/adaptors/logger"
+	"errors"
+	"fmt"
+
+	"github.com/int128/kubelogin/pkg/infrastructure/logger"
+	"github.com/int128/kubelogin/pkg/oidc"
 	"github.com/int128/kubelogin/pkg/usecases/credentialplugin"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
-	"golang.org/x/xerrors"
 )

 // getTokenOptions represents the options for get-token command.
@@ -14,6 +17,7 @@ type getTokenOptions struct {
 	ClientID              string
 	ClientSecret          string
 	ExtraScopes           []string
+	UsePKCE               bool
 	TokenCacheDir         string
 	tlsOptions            tlsOptions
 	authenticationOptions authenticationOptions
@@ -24,11 +28,19 @@ func (o *getTokenOptions) addFlags(f *pflag.FlagSet) {
 	f.StringVar(&o.ClientID, "oidc-client-id", "", "Client ID of the provider (mandatory)")
 	f.StringVar(&o.ClientSecret, "oidc-client-secret", "", "Client secret of the provider")
 	f.StringSliceVar(&o.ExtraScopes, "oidc-extra-scope", nil, "Scopes to request to the provider")
+	f.BoolVar(&o.UsePKCE, "oidc-use-pkce", false, "Force PKCE usage")
 	f.StringVar(&o.TokenCacheDir, "token-cache-dir", defaultTokenCacheDir, "Path to a directory for token cache")
 	o.tlsOptions.addFlags(f)
 	o.authenticationOptions.addFlags(f)
 }

+func (o *getTokenOptions) expandHomedir() error {
+	o.TokenCacheDir = expandHomedir(o.TokenCacheDir)
+	o.authenticationOptions.expandHomedir()
+	o.tlsOptions.expandHomedir()
+	return nil
+}
+
 type GetToken struct {
 	GetToken credentialplugin.Interface
 	Logger   logger.Interface
@@ -44,31 +56,35 @@ func (cmd *GetToken) New() *cobra.Command {
 				return err
 			}
 			if o.IssuerURL == "" {
-				return xerrors.New("--oidc-issuer-url is missing")
+				return errors.New("--oidc-issuer-url is missing")
 			}
 			if o.ClientID == "" {
-				return xerrors.New("--oidc-client-id is missing")
+				return errors.New("--oidc-client-id is missing")
 			}
 			return nil
 		},
 		RunE: func(c *cobra.Command, _ []string) error {
+			if err := o.expandHomedir(); err != nil {
+				return err
+			}
 			grantOptionSet, err := o.authenticationOptions.grantOptionSet()
 			if err != nil {
-				return xerrors.Errorf("get-token: %w", err)
+				return fmt.Errorf("get-token: %w", err)
 			}
 			in := credentialplugin.Input{
-				IssuerURL:      o.IssuerURL,
-				ClientID:       o.ClientID,
-				ClientSecret:   o.ClientSecret,
-				ExtraScopes:    o.ExtraScopes,
-				CACertFilename: o.tlsOptions.CACertFilename,
-				CACertData:     o.tlsOptions.CACertData,
-				SkipTLSVerify:  o.tlsOptions.SkipTLSVerify,
-				TokenCacheDir:  o.TokenCacheDir,
-				GrantOptionSet: grantOptionSet,
+				Provider: oidc.Provider{
+					IssuerURL:    o.IssuerURL,
+					ClientID:     o.ClientID,
+					ClientSecret: o.ClientSecret,
+					UsePKCE:      o.UsePKCE,
+					ExtraScopes:  o.ExtraScopes,
+				},
+				TokenCacheDir:   o.TokenCacheDir,
+				GrantOptionSet:  grantOptionSet,
+				TLSClientConfig: o.tlsOptions.tlsClientConfig(),
 			}
 			if err := cmd.GetToken.Do(c.Context(), in); err != nil {
-				return xerrors.Errorf("get-token: %w", err)
+				return fmt.Errorf("get-token: %w", err)
 			}
 			return nil
 		},
--- a/pkg/cmd/homedir.go
+++ b/pkg/cmd/homedir.go
@@ -0,0 +1,15 @@
+package cmd
+
+import (
+	"path/filepath"
+	"strings"
+
+	"k8s.io/client-go/util/homedir"
+)
+
+func expandHomedir(s string) string {
+	if !strings.HasPrefix(s, "~") {
+		return s
+	}
+	return filepath.Join(homedir.HomeDir(), strings.TrimPrefix(s, "~"))
+}
--- a/pkg/adaptors/cmd/root.go
+++ b/pkg/adaptors/cmd/root.go
@@ -1,12 +1,12 @@
 package cmd

 import (
-	"github.com/int128/kubelogin/pkg/adaptors/kubeconfig"
-	"github.com/int128/kubelogin/pkg/adaptors/logger"
+	"fmt"
+	"github.com/int128/kubelogin/pkg/infrastructure/logger"
+	"github.com/int128/kubelogin/pkg/kubeconfig"
 	"github.com/int128/kubelogin/pkg/usecases/standalone"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
-	"golang.org/x/xerrors"
 )

 const rootDescription = `Log in to the OpenID Connect provider.
@@ -51,19 +51,17 @@ func (cmd *Root) New() *cobra.Command {
 		RunE: func(c *cobra.Command, _ []string) error {
 			grantOptionSet, err := o.authenticationOptions.grantOptionSet()
 			if err != nil {
-				return xerrors.Errorf("invalid option: %w", err)
+				return fmt.Errorf("invalid option: %w", err)
 			}
 			in := standalone.Input{
 				KubeconfigFilename: o.Kubeconfig,
 				KubeconfigContext:  kubeconfig.ContextName(o.Context),
 				KubeconfigUser:     kubeconfig.UserName(o.User),
-				CACertFilename:     o.tlsOptions.CACertFilename,
-				CACertData:         o.tlsOptions.CACertData,
-				SkipTLSVerify:      o.tlsOptions.SkipTLSVerify,
 				GrantOptionSet:     grantOptionSet,
+				TLSClientConfig:    o.tlsOptions.tlsClientConfig(),
 			}
 			if err := cmd.Standalone.Do(c.Context(), in); err != nil {
-				return xerrors.Errorf("login: %w", err)
+				return fmt.Errorf("login: %w", err)
 			}
 			return nil
 		},
--- a/pkg/adaptors/cmd/setup.go
+++ b/pkg/adaptors/cmd/setup.go
@@ -1,10 +1,11 @@
 package cmd

 import (
+	"fmt"
+
 	"github.com/int128/kubelogin/pkg/usecases/setup"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
-	"golang.org/x/xerrors"
 )

 // setupOptions represents the options for setup command.
@@ -13,6 +14,7 @@ type setupOptions struct {
 	ClientID              string
 	ClientSecret          string
 	ExtraScopes           []string
+	UsePKCE               bool
 	tlsOptions            tlsOptions
 	authenticationOptions authenticationOptions
 }
@@ -22,6 +24,7 @@ func (o *setupOptions) addFlags(f *pflag.FlagSet) {
 	f.StringVar(&o.ClientID, "oidc-client-id", "", "Client ID of the provider")
 	f.StringVar(&o.ClientSecret, "oidc-client-secret", "", "Client secret of the provider")
 	f.StringSliceVar(&o.ExtraScopes, "oidc-extra-scope", nil, "Scopes to request to the provider")
+	f.BoolVar(&o.UsePKCE, "oidc-use-pkce", false, "Force PKCE usage")
 	o.tlsOptions.addFlags(f)
 	o.authenticationOptions.addFlags(f)
 }
@@ -39,17 +42,16 @@ func (cmd *Setup) New() *cobra.Command {
 		RunE: func(c *cobra.Command, _ []string) error {
 			grantOptionSet, err := o.authenticationOptions.grantOptionSet()
 			if err != nil {
-				return xerrors.Errorf("setup: %w", err)
+				return fmt.Errorf("setup: %w", err)
 			}
 			in := setup.Stage2Input{
-				IssuerURL:      o.IssuerURL,
-				ClientID:       o.ClientID,
-				ClientSecret:   o.ClientSecret,
-				ExtraScopes:    o.ExtraScopes,
-				CACertFilename: o.tlsOptions.CACertFilename,
-				CACertData:     o.tlsOptions.CACertData,
-				SkipTLSVerify:  o.tlsOptions.SkipTLSVerify,
-				GrantOptionSet: grantOptionSet,
+				IssuerURL:       o.IssuerURL,
+				ClientID:        o.ClientID,
+				ClientSecret:    o.ClientSecret,
+				ExtraScopes:     o.ExtraScopes,
+				UsePKCE:         o.UsePKCE,
+				GrantOptionSet:  grantOptionSet,
+				TLSClientConfig: o.tlsOptions.tlsClientConfig(),
 			}
 			if c.Flags().Lookup("listen-address").Changed {
 				in.ListenAddressArgs = o.authenticationOptions.ListenAddress
@@ -59,7 +61,7 @@ func (cmd *Setup) New() *cobra.Command {
 				return nil
 			}
 			if err := cmd.Setup.DoStage2(c.Context(), in); err != nil {
-				return xerrors.Errorf("setup: %w", err)
+				return fmt.Errorf("setup: %w", err)
 			}
 			return nil
 		},
--- a/pkg/cmd/tls.go
+++ b/pkg/cmd/tls.go
@@ -0,0 +1,52 @@
+package cmd
+
+import (
+	"crypto/tls"
+
+	"github.com/int128/kubelogin/pkg/tlsclientconfig"
+	"github.com/spf13/pflag"
+)
+
+type tlsOptions struct {
+	CACertFilename            []string
+	CACertData                []string
+	SkipTLSVerify             bool
+	RenegotiateOnceAsClient   bool
+	RenegotiateFreelyAsClient bool
+}
+
+func (o *tlsOptions) addFlags(f *pflag.FlagSet) {
+	f.StringArrayVar(&o.CACertFilename, "certificate-authority", nil, "Path to a cert file for the certificate authority")
+	f.StringArrayVar(&o.CACertData, "certificate-authority-data", nil, "Base64 encoded cert for the certificate authority")
+	f.BoolVar(&o.SkipTLSVerify, "insecure-skip-tls-verify", false, "If set, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure")
+	f.BoolVar(&o.RenegotiateOnceAsClient, "tls-renegotiation-once", false, "If set, allow a remote server to request renegotiation once per connection")
+	f.BoolVar(&o.RenegotiateFreelyAsClient, "tls-renegotiation-freely", false, "If set, allow a remote server to repeatedly request renegotiation")
+}
+
+func (o *tlsOptions) expandHomedir() {
+	var caCertFilenames []string
+	for _, caCertFilename := range o.CACertFilename {
+		expanded := expandHomedir(caCertFilename)
+		caCertFilenames = append(caCertFilenames, expanded)
+	}
+	o.CACertFilename = caCertFilenames
+}
+
+func (o tlsOptions) tlsClientConfig() tlsclientconfig.Config {
+	return tlsclientconfig.Config{
+		CACertFilename: o.CACertFilename,
+		CACertData:     o.CACertData,
+		SkipTLSVerify:  o.SkipTLSVerify,
+		Renegotiation:  o.renegotiationSupport(),
+	}
+}
+
+func (o tlsOptions) renegotiationSupport() tls.RenegotiationSupport {
+	if o.RenegotiateOnceAsClient {
+		return tls.RenegotiateOnceAsClient
+	}
+	if o.RenegotiateFreelyAsClient {
+		return tls.RenegotiateFreelyAsClient
+	}
+	return tls.RenegotiateNever
+}
--- a/pkg/cmd/tls_test.go
+++ b/pkg/cmd/tls_test.go
@@ -0,0 +1,92 @@
+package cmd
+
+import (
+	"crypto/tls"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/int128/kubelogin/pkg/tlsclientconfig"
+	"github.com/spf13/pflag"
+)
+
+func Test_tlsOptions_tlsClientConfig(t *testing.T) {
+	tests := map[string]struct {
+		args []string
+		want tlsclientconfig.Config
+	}{
+		"NoFlag": {},
+		"SkipTLSVerify": {
+			args: []string{
+				"--insecure-skip-tls-verify",
+			},
+			want: tlsclientconfig.Config{
+				SkipTLSVerify: true,
+			},
+		},
+		"CACertFilename1": {
+			args: []string{
+				"--certificate-authority", "/path/to/cert1",
+			},
+			want: tlsclientconfig.Config{
+				CACertFilename: []string{"/path/to/cert1"},
+			},
+		},
+		"CACertFilename2": {
+			args: []string{
+				"--certificate-authority", "/path/to/cert1",
+				"--certificate-authority", "/path/to/cert2",
+			},
+			want: tlsclientconfig.Config{
+				CACertFilename: []string{"/path/to/cert1", "/path/to/cert2"},
+			},
+		},
+		"CACertData1": {
+			args: []string{
+				"--certificate-authority-data", "base64encoded1",
+			},
+			want: tlsclientconfig.Config{
+				CACertData: []string{"base64encoded1"},
+			},
+		},
+		"CACertData2": {
+			args: []string{
+				"--certificate-authority-data", "base64encoded1",
+				"--certificate-authority-data", "base64encoded2",
+			},
+			want: tlsclientconfig.Config{
+				CACertData: []string{"base64encoded1", "base64encoded2"},
+			},
+		},
+		"RenegotiateOnceAsClient": {
+			args: []string{
+				"--tls-renegotiation-once",
+			},
+			want: tlsclientconfig.Config{
+				Renegotiation: tls.RenegotiateOnceAsClient,
+			},
+		},
+		"RenegotiateFreelyAsClient": {
+			args: []string{
+				"--tls-renegotiation-freely",
+			},
+			want: tlsclientconfig.Config{
+				Renegotiation: tls.RenegotiateFreelyAsClient,
+			},
+		},
+	}
+
+	for name, c := range tests {
+		t.Run(name, func(t *testing.T) {
+			var o tlsOptions
+			f := pflag.NewFlagSet("", pflag.ContinueOnError)
+			o.addFlags(f)
+			if err := f.Parse(c.args); err != nil {
+				t.Fatalf("Parse error: %s", err)
+			}
+			got := o.tlsClientConfig()
+			if diff := cmp.Diff(c.want, got); diff != "" {
+				t.Errorf("mismatch (-want +got):\n%s", diff)
+			}
+		})
+	}
+}
--- a/pkg/credentialplugin/types.go
+++ b/pkg/credentialplugin/types.go
@@ -0,0 +1,10 @@
+// Package credentialplugin provides the types for client-go credential plugins.
+package credentialplugin
+
+import "time"
+
+// Output represents an output object of the credential plugin.
+type Output struct {
+	Token  string
+	Expiry time.Time
+}
--- a/pkg/adaptors/credentialpluginwriter/credential_plugin.go
+++ b/pkg/adaptors/credentialpluginwriter/credential_plugin.go
@@ -1,18 +1,18 @@
-// Package credentialpluginwriter provides a writer for a credential plugin.
-package credentialpluginwriter
+// Package writer provides a writer for a credential plugin.
+package writer

 import (
 	"encoding/json"
-	"time"
+	"fmt"

 	"github.com/google/wire"
-	"github.com/int128/kubelogin/pkg/adaptors/stdio"
-	"golang.org/x/xerrors"
+	"github.com/int128/kubelogin/pkg/credentialplugin"
+	"github.com/int128/kubelogin/pkg/infrastructure/stdio"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	clientauthenticationv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
 )

-//go:generate mockgen -destination mock_credentialpluginwriter/mock_credentialpluginwriter.go github.com/int128/kubelogin/pkg/adaptors/credentialpluginwriter Interface
+//go:generate mockgen -destination mock_writer/mock_writer.go github.com/int128/kubelogin/pkg/credentialplugin/writer Interface

 var Set = wire.NewSet(
 	wire.Struct(new(Writer), "*"),
@@ -20,13 +20,7 @@ var Set = wire.NewSet(
 )

 type Interface interface {
-	Write(out Output) error
-}
-
-// Output represents an output object of the credential plugin.
-type Output struct {
-	Token  string
-	Expiry time.Time
+	Write(out credentialplugin.Output) error
 }

 type Writer struct {
@@ -34,7 +28,7 @@ type Writer struct {
 }

 // Write writes the ExecCredential to standard output for kubectl.
-func (w *Writer) Write(out Output) error {
+func (w *Writer) Write(out credentialplugin.Output) error {
 	ec := &clientauthenticationv1beta1.ExecCredential{
 		TypeMeta: metav1.TypeMeta{
 			APIVersion: "client.authentication.k8s.io/v1beta1",
@@ -47,7 +41,7 @@ func (w *Writer) Write(out Output) error {
 	}
 	e := json.NewEncoder(w.Stdout)
 	if err := e.Encode(ec); err != nil {
-		return xerrors.Errorf("could not write the ExecCredential: %w", err)
+		return fmt.Errorf("could not write the ExecCredential: %w", err)
 	}
 	return nil
 }
--- a/pkg/adaptors/credentialpluginwriter/mock_credentialpluginwriter/mock_credentialpluginwriter.go
+++ b/pkg/adaptors/credentialpluginwriter/mock_credentialpluginwriter/mock_credentialpluginwriter.go
@@ -1,47 +1,47 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/int128/kubelogin/pkg/adaptors/credentialpluginwriter (interfaces: Interface)
+// Source: github.com/int128/kubelogin/pkg/credentialplugin/writer (interfaces: Interface)

-// Package mock_credentialpluginwriter is a generated GoMock package.
-package mock_credentialpluginwriter
+// Package mock_writer is a generated GoMock package.
+package mock_writer

 import (
 	gomock "github.com/golang/mock/gomock"
-	credentialpluginwriter "github.com/int128/kubelogin/pkg/adaptors/credentialpluginwriter"
+	credentialplugin "github.com/int128/kubelogin/pkg/credentialplugin"
 	reflect "reflect"
 )

-// MockInterface is a mock of Interface interface.
+// MockInterface is a mock of Interface interface
 type MockInterface struct {
 	ctrl     *gomock.Controller
 	recorder *MockInterfaceMockRecorder
 }

-// MockInterfaceMockRecorder is the mock recorder for MockInterface.
+// MockInterfaceMockRecorder is the mock recorder for MockInterface
 type MockInterfaceMockRecorder struct {
 	mock *MockInterface
 }

-// NewMockInterface creates a new mock instance.
+// NewMockInterface creates a new mock instance
 func NewMockInterface(ctrl *gomock.Controller) *MockInterface {
 	mock := &MockInterface{ctrl: ctrl}
 	mock.recorder = &MockInterfaceMockRecorder{mock}
 	return mock
 }

-// EXPECT returns an object that allows the caller to indicate expected use.
+// EXPECT returns an object that allows the caller to indicate expected use
 func (m *MockInterface) EXPECT() *MockInterfaceMockRecorder {
 	return m.recorder
 }

-// Write mocks base method.
-func (m *MockInterface) Write(arg0 credentialpluginwriter.Output) error {
+// Write mocks base method
+func (m *MockInterface) Write(arg0 credentialplugin.Output) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "Write", arg0)
 	ret0, _ := ret[0].(error)
 	return ret0
 }

-// Write indicates an expected call of Write.
+// Write indicates an expected call of Write
 func (mr *MockInterfaceMockRecorder) Write(arg0 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Write", reflect.TypeOf((*MockInterface)(nil).Write), arg0)
--- a/pkg/di/di.go
+++ b/pkg/di/di.go
@@ -5,24 +5,26 @@ package di

 import (
 	"github.com/google/wire"
-	"github.com/int128/kubelogin/pkg/adaptors/browser"
-	"github.com/int128/kubelogin/pkg/adaptors/certpool"
-	"github.com/int128/kubelogin/pkg/adaptors/clock"
-	"github.com/int128/kubelogin/pkg/adaptors/cmd"
-	"github.com/int128/kubelogin/pkg/adaptors/credentialpluginwriter"
-	"github.com/int128/kubelogin/pkg/adaptors/kubeconfig"
-	"github.com/int128/kubelogin/pkg/adaptors/logger"
-	"github.com/int128/kubelogin/pkg/adaptors/oidcclient"
-	"github.com/int128/kubelogin/pkg/adaptors/reader"
-	"github.com/int128/kubelogin/pkg/adaptors/stdio"
-	"github.com/int128/kubelogin/pkg/adaptors/tokencache"
+	"github.com/int128/kubelogin/pkg/cmd"
+	"github.com/int128/kubelogin/pkg/credentialplugin/writer"
+	"github.com/int128/kubelogin/pkg/infrastructure/browser"
+	"github.com/int128/kubelogin/pkg/infrastructure/clock"
+	"github.com/int128/kubelogin/pkg/infrastructure/logger"
+	"github.com/int128/kubelogin/pkg/infrastructure/mutex"
+	"github.com/int128/kubelogin/pkg/infrastructure/reader"
+	"github.com/int128/kubelogin/pkg/infrastructure/stdio"
+	kubeconfigLoader "github.com/int128/kubelogin/pkg/kubeconfig/loader"
+	kubeconfigWriter "github.com/int128/kubelogin/pkg/kubeconfig/writer"
+	"github.com/int128/kubelogin/pkg/oidc/client"
+	"github.com/int128/kubelogin/pkg/tlsclientconfig/loader"
+	"github.com/int128/kubelogin/pkg/tokencache/repository"
 	"github.com/int128/kubelogin/pkg/usecases/authentication"
 	"github.com/int128/kubelogin/pkg/usecases/credentialplugin"
 	"github.com/int128/kubelogin/pkg/usecases/setup"
 	"github.com/int128/kubelogin/pkg/usecases/standalone"
 )

-// NewCmd returns an instance of adaptors.Cmd.
+// NewCmd returns an instance of infrastructure.Cmd.
 func NewCmd() cmd.Interface {
 	wire.Build(
 		NewCmdForHeadless,
@@ -36,7 +38,7 @@ func NewCmd() cmd.Interface {
 	return nil
 }

-// NewCmdForHeadless returns an instance of adaptors.Cmd for headless testing.
+// NewCmdForHeadless returns an instance of infrastructure.Cmd for headless testing.
 func NewCmdForHeadless(clock.Interface, stdio.Stdin, stdio.Stdout, logger.Interface, browser.Interface) cmd.Interface {
 	wire.Build(
 		// use-cases
@@ -45,14 +47,16 @@ func NewCmdForHeadless(clock.Interface, stdio.Stdin, stdio.Stdout, logger.Interf
 		credentialplugin.Set,
 		setup.Set,

-		// adaptors
+		// infrastructure
 		cmd.Set,
 		reader.Set,
-		kubeconfig.Set,
-		tokencache.Set,
-		oidcclient.Set,
-		certpool.Set,
-		credentialpluginwriter.Set,
+		kubeconfigLoader.Set,
+		kubeconfigWriter.Set,
+		repository.Set,
+		client.Set,
+		loader.Set,
+		writer.Set,
+		mutex.Set,
 	)
 	return nil
 }
--- a/pkg/di/wire_gen.go
+++ b/pkg/di/wire_gen.go
@@ -6,17 +6,19 @@
 package di

 import (
-	"github.com/int128/kubelogin/pkg/adaptors/browser"
-	"github.com/int128/kubelogin/pkg/adaptors/certpool"
-	"github.com/int128/kubelogin/pkg/adaptors/clock"
-	"github.com/int128/kubelogin/pkg/adaptors/cmd"
-	"github.com/int128/kubelogin/pkg/adaptors/credentialpluginwriter"
-	"github.com/int128/kubelogin/pkg/adaptors/kubeconfig"
-	"github.com/int128/kubelogin/pkg/adaptors/logger"
-	"github.com/int128/kubelogin/pkg/adaptors/oidcclient"
-	"github.com/int128/kubelogin/pkg/adaptors/reader"
-	"github.com/int128/kubelogin/pkg/adaptors/stdio"
-	"github.com/int128/kubelogin/pkg/adaptors/tokencache"
+	"github.com/int128/kubelogin/pkg/cmd"
+	writer2 "github.com/int128/kubelogin/pkg/credentialplugin/writer"
+	"github.com/int128/kubelogin/pkg/infrastructure/browser"
+	"github.com/int128/kubelogin/pkg/infrastructure/clock"
+	"github.com/int128/kubelogin/pkg/infrastructure/logger"
+	"github.com/int128/kubelogin/pkg/infrastructure/mutex"
+	"github.com/int128/kubelogin/pkg/infrastructure/reader"
+	"github.com/int128/kubelogin/pkg/infrastructure/stdio"
+	loader2 "github.com/int128/kubelogin/pkg/kubeconfig/loader"
+	"github.com/int128/kubelogin/pkg/kubeconfig/writer"
+	"github.com/int128/kubelogin/pkg/oidc/client"
+	"github.com/int128/kubelogin/pkg/tlsclientconfig/loader"
+	"github.com/int128/kubelogin/pkg/tokencache/repository"
 	"github.com/int128/kubelogin/pkg/usecases/authentication"
 	"github.com/int128/kubelogin/pkg/usecases/authentication/authcode"
 	"github.com/int128/kubelogin/pkg/usecases/authentication/ropc"
@@ -28,7 +30,6 @@ import (

 // Injectors from di.go:

-// NewCmd returns an instance of adaptors.Cmd.
 func NewCmd() cmd.Interface {
 	clockReal := &clock.Real{}
 	stdin := _wireFileValue
@@ -44,9 +45,10 @@ var (
 	_wireOsFileValue = os.Stdout
 )

-// NewCmdForHeadless returns an instance of adaptors.Cmd for headless testing.
 func NewCmdForHeadless(clockInterface clock.Interface, stdin stdio.Stdin, stdout stdio.Stdout, loggerInterface logger.Interface, browserInterface browser.Interface) cmd.Interface {
-	factory := &oidcclient.Factory{
+	loaderLoader := loader.Loader{}
+	factory := &client.Factory{
+		Loader: loaderLoader,
 		Clock:  clockInterface,
 		Logger: loggerInterface,
 	}
@@ -66,36 +68,37 @@ func NewCmdForHeadless(clockInterface clock.Interface, stdin stdio.Stdin, stdout
 		Logger: loggerInterface,
 	}
 	authenticationAuthentication := &authentication.Authentication{
-		OIDCClient:       factory,
+		ClientFactory:    factory,
 		Logger:           loggerInterface,
 		Clock:            clockInterface,
 		AuthCodeBrowser:  authcodeBrowser,
 		AuthCodeKeyboard: keyboard,
 		ROPC:             ropcROPC,
 	}
-	kubeconfigKubeconfig := &kubeconfig.Kubeconfig{
-		Logger: loggerInterface,
-	}
-	newFunc := _wireNewFuncValue
+	loader3 := &loader2.Loader{}
+	writerWriter := &writer.Writer{}
 	standaloneStandalone := &standalone.Standalone{
-		Authentication: authenticationAuthentication,
-		Kubeconfig:     kubeconfigKubeconfig,
-		NewCertPool:    newFunc,
-		Logger:         loggerInterface,
+		Authentication:   authenticationAuthentication,
+		KubeconfigLoader: loader3,
+		KubeconfigWriter: writerWriter,
+		Logger:           loggerInterface,
 	}
 	root := &cmd.Root{
 		Standalone: standaloneStandalone,
 		Logger:     loggerInterface,
 	}
-	repository := &tokencache.Repository{}
-	writer := &credentialpluginwriter.Writer{
+	repositoryRepository := &repository.Repository{}
+	writer3 := &writer2.Writer{
 		Stdout: stdout,
 	}
+	mutexMutex := &mutex.Mutex{
+		Logger: loggerInterface,
+	}
 	getToken := &credentialplugin.GetToken{
 		Authentication:       authenticationAuthentication,
-		TokenCacheRepository: repository,
-		NewCertPool:          newFunc,
-		Writer:               writer,
+		TokenCacheRepository: repositoryRepository,
+		Writer:               writer3,
+		Mutex:                mutexMutex,
 		Logger:               loggerInterface,
 	}
 	cmdGetToken := &cmd.GetToken{
@@ -104,7 +107,6 @@ func NewCmdForHeadless(clockInterface clock.Interface, stdin stdio.Stdin, stdout
 	}
 	setupSetup := &setup.Setup{
 		Authentication: authenticationAuthentication,
-		NewCertPool:    newFunc,
 		Logger:         loggerInterface,
 	}
 	cmdSetup := &cmd.Setup{
@@ -118,7 +120,3 @@ func NewCmdForHeadless(clockInterface clock.Interface, stdin stdio.Stdin, stdout
 	}
 	return cmdCmd
 }
-
-var (
-	_wireNewFuncValue = certpool.NewFunc(certpool.New)
-)
--- a/pkg/infrastructure/browser/browser.go
+++ b/pkg/infrastructure/browser/browser.go
@@ -1,13 +1,15 @@
 package browser

 import (
+	"context"
 	"os"
+	"os/exec"

 	"github.com/google/wire"
 	"github.com/pkg/browser"
 )

-//go:generate mockgen -destination mock_browser/mock_browser.go github.com/int128/kubelogin/pkg/adaptors/browser Interface
+//go:generate mockgen -destination mock_browser/mock_browser.go github.com/int128/kubelogin/pkg/infrastructure/browser Interface

 func init() {
 	// In credential plugin mode, some browser launcher writes a message to stdout
@@ -23,6 +25,7 @@ var Set = wire.NewSet(

 type Interface interface {
 	Open(url string) error
+	OpenCommand(ctx context.Context, url, command string) error
 }

 type Browser struct{}
@@ -31,3 +34,11 @@ type Browser struct{}
 func (*Browser) Open(url string) error {
 	return browser.OpenURL(url)
 }
+
+// OpenCommand opens the browser using the command.
+func (*Browser) OpenCommand(ctx context.Context, url, command string) error {
+	c := exec.CommandContext(ctx, command, url)
+	c.Stdout = os.Stderr // see above
+	c.Stderr = os.Stderr
+	return c.Run()
+}
--- a/pkg/infrastructure/browser/mock_browser/mock_browser.go
+++ b/pkg/infrastructure/browser/mock_browser/mock_browser.go
@@ -1,38 +1,39 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/int128/kubelogin/pkg/adaptors/browser (interfaces: Interface)
+// Source: github.com/int128/kubelogin/pkg/infrastructure/browser (interfaces: Interface)

 // Package mock_browser is a generated GoMock package.
 package mock_browser

 import (
+	context "context"
 	gomock "github.com/golang/mock/gomock"
 	reflect "reflect"
 )

-// MockInterface is a mock of Interface interface.
+// MockInterface is a mock of Interface interface
 type MockInterface struct {
 	ctrl     *gomock.Controller
 	recorder *MockInterfaceMockRecorder
 }

-// MockInterfaceMockRecorder is the mock recorder for MockInterface.
+// MockInterfaceMockRecorder is the mock recorder for MockInterface
 type MockInterfaceMockRecorder struct {
 	mock *MockInterface
 }

-// NewMockInterface creates a new mock instance.
+// NewMockInterface creates a new mock instance
 func NewMockInterface(ctrl *gomock.Controller) *MockInterface {
 	mock := &MockInterface{ctrl: ctrl}
 	mock.recorder = &MockInterfaceMockRecorder{mock}
 	return mock
 }

-// EXPECT returns an object that allows the caller to indicate expected use.
+// EXPECT returns an object that allows the caller to indicate expected use
 func (m *MockInterface) EXPECT() *MockInterfaceMockRecorder {
 	return m.recorder
 }

-// Open mocks base method.
+// Open mocks base method
 func (m *MockInterface) Open(arg0 string) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "Open", arg0)
@@ -40,8 +41,22 @@ func (m *MockInterface) Open(arg0 string) error {
 	return ret0
 }

-// Open indicates an expected call of Open.
+// Open indicates an expected call of Open
 func (mr *MockInterfaceMockRecorder) Open(arg0 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Open", reflect.TypeOf((*MockInterface)(nil).Open), arg0)
 }
+
+// OpenCommand mocks base method
+func (m *MockInterface) OpenCommand(arg0 context.Context, arg1, arg2 string) error {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "OpenCommand", arg0, arg1, arg2)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+// OpenCommand indicates an expected call of OpenCommand
+func (mr *MockInterfaceMockRecorder) OpenCommand(arg0, arg1, arg2 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "OpenCommand", reflect.TypeOf((*MockInterface)(nil).OpenCommand), arg0, arg1, arg2)
+}
--- a/pkg/infrastructure/clock/clock.go
+++ b/pkg/infrastructure/clock/clock.go
--- a/pkg/infrastructure/logger/logger.go
+++ b/pkg/infrastructure/logger/logger.go
@@ -7,7 +7,7 @@ import (

 	"github.com/google/wire"
 	"github.com/spf13/pflag"
-	"k8s.io/klog"
+	"k8s.io/klog/v2"
 )

 // Set provides an implementation and interface for Logger.
@@ -56,5 +56,5 @@ func (*Logger) V(level int) Verbose {

 // IsEnabled returns true if the level is enabled.
 func (*Logger) IsEnabled(level int) bool {
-	return bool(klog.V(klog.Level(level)))
+	return klog.V(klog.Level(level)).Enabled()
 }
--- a/pkg/infrastructure/mutex/mock_mutex/mock_mutex.go
+++ b/pkg/infrastructure/mutex/mock_mutex/mock_mutex.go
@@ -0,0 +1,64 @@
+// Code generated by MockGen. DO NOT EDIT.
+// Source: github.com/int128/kubelogin/pkg/infrastructure/mutex (interfaces: Interface)
+
+// Package mock_mutex is a generated GoMock package.
+package mock_mutex
+
+import (
+	context "context"
+	gomock "github.com/golang/mock/gomock"
+	mutex "github.com/int128/kubelogin/pkg/infrastructure/mutex"
+	reflect "reflect"
+)
+
+// MockInterface is a mock of Interface interface
+type MockInterface struct {
+	ctrl     *gomock.Controller
+	recorder *MockInterfaceMockRecorder
+}
+
+// MockInterfaceMockRecorder is the mock recorder for MockInterface
+type MockInterfaceMockRecorder struct {
+	mock *MockInterface
+}
+
+// NewMockInterface creates a new mock instance
+func NewMockInterface(ctrl *gomock.Controller) *MockInterface {
+	mock := &MockInterface{ctrl: ctrl}
+	mock.recorder = &MockInterfaceMockRecorder{mock}
+	return mock
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use
+func (m *MockInterface) EXPECT() *MockInterfaceMockRecorder {
+	return m.recorder
+}
+
+// Acquire mocks base method
+func (m *MockInterface) Acquire(arg0 context.Context, arg1 string) (*mutex.Lock, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "Acquire", arg0, arg1)
+	ret0, _ := ret[0].(*mutex.Lock)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// Acquire indicates an expected call of Acquire
+func (mr *MockInterfaceMockRecorder) Acquire(arg0, arg1 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Acquire", reflect.TypeOf((*MockInterface)(nil).Acquire), arg0, arg1)
+}
+
+// Release mocks base method
+func (m *MockInterface) Release(arg0 *mutex.Lock) error {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "Release", arg0)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+// Release indicates an expected call of Release
+func (mr *MockInterfaceMockRecorder) Release(arg0 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Release", reflect.TypeOf((*MockInterface)(nil).Release), arg0)
+}
--- a/pkg/infrastructure/mutex/mutex.go
+++ b/pkg/infrastructure/mutex/mutex.go
@@ -0,0 +1,88 @@
+package mutex
+
+import (
+	"context"
+	"fmt"
+	"github.com/alexflint/go-filemutex"
+	"github.com/google/wire"
+	"github.com/int128/kubelogin/pkg/infrastructure/logger"
+	"os"
+	"path"
+)
+
+//go:generate mockgen -destination mock_mutex/mock_mutex.go github.com/int128/kubelogin/pkg/infrastructure/mutex Interface
+
+var Set = wire.NewSet(
+	wire.Struct(new(Mutex), "*"),
+	wire.Bind(new(Interface), new(*Mutex)),
+)
+
+type Interface interface {
+	Acquire(ctx context.Context, name string) (*Lock, error)
+	Release(lock *Lock) error
+}
+
+// Lock holds the lock data.
+type Lock struct {
+	Data interface{}
+	Name string
+}
+
+type Mutex struct {
+	Logger logger.Interface
+}
+
+// internalAcquire wait for acquisition of the lock
+func internalAcquire(fm *filemutex.FileMutex) chan error {
+	result := make(chan error)
+	go func() {
+		if err := fm.Lock(); err != nil {
+			result <- err
+		}
+		close(result)
+	}()
+	return result
+}
+
+// internalRelease disposes of resources associated with a lock
+func internalRelease(fm *filemutex.FileMutex, lfn string, log logger.Interface) error {
+	err := fm.Close()
+	if err != nil {
+		log.V(1).Infof("Error closing lock file %s: %s", lfn, err)
+	}
+	return err
+}
+
+// LockFileName get the lock file name from the lock name.
+func LockFileName(name string) string {
+	return path.Join(os.TempDir(), fmt.Sprintf(".kubelogin.%s.lock", name))
+}
+
+// Acquire acquire a lock for the specified name. The context could be used to set a timeout.
+func (m *Mutex) Acquire(ctx context.Context, name string) (*Lock, error) {
+	lfn := LockFileName(name)
+	fm, err := filemutex.New(lfn)
+	if err != nil {
+		return nil, fmt.Errorf("error creating mutex file %s: %w", lfn, err)
+	}
+
+	lockChan := internalAcquire(fm)
+	select {
+	case <-ctx.Done():
+		_ = internalRelease(fm, lfn, m.Logger)
+		return nil, ctx.Err()
+	case err := <-lockChan:
+		if err != nil {
+			_ = internalRelease(fm, lfn, m.Logger)
+			return nil, fmt.Errorf("error acquiring lock on file %s: %w", lfn, err)
+		}
+		return &Lock{Data: fm, Name: name}, nil
+	}
+}
+
+// Release release the specified lock
+func (m *Mutex) Release(lock *Lock) error {
+	fm := lock.Data.(*filemutex.FileMutex)
+	lfn := LockFileName(lock.Name)
+	return internalRelease(fm, lfn, m.Logger)
+}
--- a/pkg/infrastructure/mutex/mutex_test.go
+++ b/pkg/infrastructure/mutex/mutex_test.go
@@ -0,0 +1,64 @@
+package mutex
+
+import (
+	"fmt"
+	"github.com/int128/kubelogin/pkg/infrastructure/logger"
+	"golang.org/x/net/context"
+	"math/rand"
+	"sync"
+	"testing"
+	"time"
+)
+
+func TestMutex(t *testing.T) {
+
+	t.Run("Test successful parallel acquisition with no reentry allowed", func(t *testing.T) {
+
+		ctx, cancel := context.WithCancel(context.Background())
+		defer cancel()
+
+		nbConcurrency := 20
+		wg := sync.WaitGroup{}
+		events := make(chan int, nbConcurrency*2)
+		errors := make(chan error, nbConcurrency)
+		doLockUnlock := func() {
+			defer wg.Done()
+
+			m := Mutex{
+				Logger: logger.New(),
+			}
+			if mutex, err := m.Acquire(ctx, "test"); err == nil {
+				events <- 1
+				var dur = time.Duration(rand.Intn(5000))
+				time.Sleep(dur * time.Microsecond)
+				events <- -1
+				if err := m.Release(mutex); err != nil {
+					errors <- fmt.Errorf("Release error: %w", err)
+				}
+			} else {
+				errors <- fmt.Errorf("Acquire error: %w", err)
+			}
+		}
+
+		for i := 0; i < nbConcurrency; i++ {
+			wg.Add(1)
+			go doLockUnlock()
+		}
+
+		wg.Wait()
+		close(events)
+		close(errors)
+
+		countConcurrent := 0
+		for delta := range events {
+			countConcurrent += delta
+			if countConcurrent > 1 {
+				t.Errorf("The mutex did not prevented reentry: %d", countConcurrent)
+			}
+		}
+
+		for anError := range errors {
+			t.Errorf("The gorouting returned an error: %s", anError)
+		}
+	})
+}
--- a/pkg/infrastructure/reader/mock_reader/mock_reader.go
+++ b/pkg/infrastructure/reader/mock_reader/mock_reader.go
@@ -1,5 +1,5 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/int128/kubelogin/pkg/adaptors/reader (interfaces: Interface)
+// Source: github.com/int128/kubelogin/pkg/infrastructure/reader (interfaces: Interface)

 // Package mock_reader is a generated GoMock package.
 package mock_reader
@@ -9,30 +9,30 @@ import (
 	reflect "reflect"
 )

-// MockInterface is a mock of Interface interface.
+// MockInterface is a mock of Interface interface
 type MockInterface struct {
 	ctrl     *gomock.Controller
 	recorder *MockInterfaceMockRecorder
 }

-// MockInterfaceMockRecorder is the mock recorder for MockInterface.
+// MockInterfaceMockRecorder is the mock recorder for MockInterface
 type MockInterfaceMockRecorder struct {
 	mock *MockInterface
 }

-// NewMockInterface creates a new mock instance.
+// NewMockInterface creates a new mock instance
 func NewMockInterface(ctrl *gomock.Controller) *MockInterface {
 	mock := &MockInterface{ctrl: ctrl}
 	mock.recorder = &MockInterfaceMockRecorder{mock}
 	return mock
 }

-// EXPECT returns an object that allows the caller to indicate expected use.
+// EXPECT returns an object that allows the caller to indicate expected use
 func (m *MockInterface) EXPECT() *MockInterfaceMockRecorder {
 	return m.recorder
 }

-// ReadPassword mocks base method.
+// ReadPassword mocks base method
 func (m *MockInterface) ReadPassword(arg0 string) (string, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "ReadPassword", arg0)
@@ -41,13 +41,13 @@ func (m *MockInterface) ReadPassword(arg0 string) (string, error) {
 	return ret0, ret1
 }

-// ReadPassword indicates an expected call of ReadPassword.
+// ReadPassword indicates an expected call of ReadPassword
 func (mr *MockInterfaceMockRecorder) ReadPassword(arg0 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ReadPassword", reflect.TypeOf((*MockInterface)(nil).ReadPassword), arg0)
 }

-// ReadString mocks base method.
+// ReadString mocks base method
 func (m *MockInterface) ReadString(arg0 string) (string, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "ReadString", arg0)
@@ -56,7 +56,7 @@ func (m *MockInterface) ReadString(arg0 string) (string, error) {
 	return ret0, ret1
 }

-// ReadString indicates an expected call of ReadString.
+// ReadString indicates an expected call of ReadString
 func (mr *MockInterfaceMockRecorder) ReadString(arg0 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ReadString", reflect.TypeOf((*MockInterface)(nil).ReadString), arg0)
--- a/pkg/infrastructure/reader/reader.go
+++ b/pkg/infrastructure/reader/reader.go
@@ -9,12 +9,11 @@ import (
 	"syscall"

 	"github.com/google/wire"
-	"github.com/int128/kubelogin/pkg/adaptors/stdio"
-	"golang.org/x/crypto/ssh/terminal"
-	"golang.org/x/xerrors"
+	"github.com/int128/kubelogin/pkg/infrastructure/stdio"
+	"golang.org/x/term"
 )

-//go:generate mockgen -destination mock_reader/mock_reader.go github.com/int128/kubelogin/pkg/adaptors/reader Interface
+//go:generate mockgen -destination mock_reader/mock_reader.go github.com/int128/kubelogin/pkg/infrastructure/reader Interface

 // Set provides an implementation and interface for Reader.
 var Set = wire.NewSet(
@@ -34,12 +33,12 @@ type Reader struct {
 // ReadString reads a string from the stdin.
 func (x *Reader) ReadString(prompt string) (string, error) {
 	if _, err := fmt.Fprint(os.Stderr, prompt); err != nil {
-		return "", xerrors.Errorf("write error: %w", err)
+		return "", fmt.Errorf("write error: %w", err)
 	}
 	r := bufio.NewReader(x.Stdin)
 	s, err := r.ReadString('\n')
 	if err != nil {
-		return "", xerrors.Errorf("read error: %w", err)
+		return "", fmt.Errorf("read error: %w", err)
 	}
 	s = strings.TrimRight(s, "\r\n")
 	return s, nil
@@ -48,14 +47,14 @@ func (x *Reader) ReadString(prompt string) (string, error) {
 // ReadPassword reads a password from the stdin without echo back.
 func (*Reader) ReadPassword(prompt string) (string, error) {
 	if _, err := fmt.Fprint(os.Stderr, prompt); err != nil {
-		return "", xerrors.Errorf("write error: %w", err)
+		return "", fmt.Errorf("write error: %w", err)
 	}
-	b, err := terminal.ReadPassword(int(syscall.Stdin))
+	b, err := term.ReadPassword(int(syscall.Stdin))
 	if err != nil {
-		return "", xerrors.Errorf("read error: %w", err)
+		return "", fmt.Errorf("read error: %w", err)
 	}
 	if _, err := fmt.Fprintln(os.Stderr); err != nil {
-		return "", xerrors.Errorf("write error: %w", err)
+		return "", fmt.Errorf("write error: %w", err)
 	}
 	return string(b), nil
 }
--- a/pkg/infrastructure/stdio/stdio.go
+++ b/pkg/infrastructure/stdio/stdio.go
--- a/pkg/jwt/decode.go
+++ b/pkg/jwt/decode.go
@@ -6,10 +6,9 @@ import (
 	"bytes"
 	"encoding/base64"
 	"encoding/json"
+	"fmt"
 	"strings"
 	"time"
-
-	"golang.org/x/xerrors"
 )

 // DecodeWithoutVerify decodes the JWT string and returns the claims.
@@ -17,18 +16,18 @@ import (
 func DecodeWithoutVerify(s string) (*Claims, error) {
 	payload, err := DecodePayloadAsRawJSON(s)
 	if err != nil {
-		return nil, xerrors.Errorf("could not decode the payload: %w", err)
+		return nil, fmt.Errorf("could not decode the payload: %w", err)
 	}
 	var claims struct {
 		Subject   string `json:"sub,omitempty"`
 		ExpiresAt int64  `json:"exp,omitempty"`
 	}
 	if err := json.NewDecoder(bytes.NewReader(payload)).Decode(&claims); err != nil {
-		return nil, xerrors.Errorf("could not decode the json of token: %w", err)
+		return nil, fmt.Errorf("could not decode the json of token: %w", err)
 	}
 	var prettyJson bytes.Buffer
 	if err := json.Indent(&prettyJson, payload, "", "  "); err != nil {
-		return nil, xerrors.Errorf("could not indent the json of token: %w", err)
+		return nil, fmt.Errorf("could not indent the json of token: %w", err)
 	}
 	return &Claims{
 		Subject: claims.Subject,
@@ -41,11 +40,11 @@ func DecodeWithoutVerify(s string) (*Claims, error) {
 func DecodePayloadAsPrettyJSON(s string) (string, error) {
 	payload, err := DecodePayloadAsRawJSON(s)
 	if err != nil {
-		return "", xerrors.Errorf("could not decode the payload: %w", err)
+		return "", fmt.Errorf("could not decode the payload: %w", err)
 	}
 	var prettyJson bytes.Buffer
 	if err := json.Indent(&prettyJson, payload, "", "  "); err != nil {
-		return "", xerrors.Errorf("could not indent the json of token: %w", err)
+		return "", fmt.Errorf("could not indent the json of token: %w", err)
 	}
 	return prettyJson.String(), nil
 }
@@ -54,11 +53,11 @@ func DecodePayloadAsPrettyJSON(s string) (string, error) {
 func DecodePayloadAsRawJSON(s string) ([]byte, error) {
 	parts := strings.SplitN(s, ".", 3)
 	if len(parts) != 3 {
-		return nil, xerrors.Errorf("wants %d segments but got %d segments", 3, len(parts))
+		return nil, fmt.Errorf("wants %d segments but got %d segments", 3, len(parts))
 	}
 	payloadJSON, err := decodePayload(parts[1])
 	if err != nil {
-		return nil, xerrors.Errorf("could not decode the payload: %w", err)
+		return nil, fmt.Errorf("could not decode the payload: %w", err)
 	}
 	return payloadJSON, nil
 }
@@ -66,7 +65,7 @@ func DecodePayloadAsRawJSON(s string) ([]byte, error) {
 func decodePayload(payload string) ([]byte, error) {
 	b, err := base64.URLEncoding.WithPadding(base64.NoPadding).DecodeString(payload)
 	if err != nil {
-		return nil, xerrors.Errorf("invalid base64: %w", err)
+		return nil, fmt.Errorf("invalid base64: %w", err)
 	}
 	return b, nil
 }
--- a/pkg/adaptors/kubeconfig/load.go
+++ b/pkg/adaptors/kubeconfig/load.go
@@ -1,21 +1,37 @@
-package kubeconfig
+package loader

 import (
+	"errors"
+	"fmt"
 	"strings"

-	"golang.org/x/xerrors"
+	"github.com/google/wire"
+	"github.com/int128/kubelogin/pkg/kubeconfig"
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
 )

-func (*Kubeconfig) GetCurrentAuthProvider(explicitFilename string, contextName ContextName, userName UserName) (*AuthProvider, error) {
+//go:generate mockgen -destination mock_loader/mock_loader.go github.com/int128/kubelogin/pkg/kubeconfig/loader Interface
+
+var Set = wire.NewSet(
+	wire.Struct(new(Loader), "*"),
+	wire.Bind(new(Interface), new(*Loader)),
+)
+
+type Interface interface {
+	GetCurrentAuthProvider(explicitFilename string, contextName kubeconfig.ContextName, userName kubeconfig.UserName) (*kubeconfig.AuthProvider, error)
+}
+
+type Loader struct{}
+
+func (Loader) GetCurrentAuthProvider(explicitFilename string, contextName kubeconfig.ContextName, userName kubeconfig.UserName) (*kubeconfig.AuthProvider, error) {
 	config, err := loadByDefaultRules(explicitFilename)
 	if err != nil {
-		return nil, xerrors.Errorf("could not load the kubeconfig: %w", err)
+		return nil, fmt.Errorf("could not load the kubeconfig: %w", err)
 	}
 	auth, err := findCurrentAuthProvider(config, contextName, userName)
 	if err != nil {
-		return nil, xerrors.Errorf("could not find the current auth provider: %w", err)
+		return nil, fmt.Errorf("could not find the current auth provider: %w", err)
 	}
 	return auth, nil
 }
@@ -25,7 +41,7 @@ func loadByDefaultRules(explicitFilename string) (*api.Config, error) {
 	rules.ExplicitPath = explicitFilename
 	config, err := rules.Load()
 	if err != nil {
-		return nil, xerrors.Errorf("load error: %w", err)
+		return nil, fmt.Errorf("load error: %w", err)
 	}
 	return config, err
 }
@@ -34,29 +50,29 @@ func loadByDefaultRules(explicitFilename string) (*api.Config, error) {
 // If contextName is given, this returns the user of the context.
 // If userName is given, this ignores the context and returns the user.
 // If any context or user is not found, this returns an error.
-func findCurrentAuthProvider(config *api.Config, contextName ContextName, userName UserName) (*AuthProvider, error) {
+func findCurrentAuthProvider(config *api.Config, contextName kubeconfig.ContextName, userName kubeconfig.UserName) (*kubeconfig.AuthProvider, error) {
 	if userName == "" {
 		if contextName == "" {
-			contextName = ContextName(config.CurrentContext)
+			contextName = kubeconfig.ContextName(config.CurrentContext)
 		}
 		contextNode, ok := config.Contexts[string(contextName)]
 		if !ok {
-			return nil, xerrors.Errorf("context %s does not exist", contextName)
+			return nil, fmt.Errorf("context %s does not exist", contextName)
 		}
-		userName = UserName(contextNode.AuthInfo)
+		userName = kubeconfig.UserName(contextNode.AuthInfo)
 	}
 	userNode, ok := config.AuthInfos[string(userName)]
 	if !ok {
-		return nil, xerrors.Errorf("user %s does not exist", userName)
+		return nil, fmt.Errorf("user %s does not exist", userName)
 	}
 	if userNode.AuthProvider == nil {
-		return nil, xerrors.New("auth-provider is missing")
+		return nil, errors.New("auth-provider is missing")
 	}
 	if userNode.AuthProvider.Name != "oidc" {
-		return nil, xerrors.Errorf("auth-provider.name must be oidc but is %s", userNode.AuthProvider.Name)
+		return nil, fmt.Errorf("auth-provider.name must be oidc but is %s", userNode.AuthProvider.Name)
 	}
 	if userNode.AuthProvider.Config == nil {
-		return nil, xerrors.New("auth-provider.config is missing")
+		return nil, errors.New("auth-provider.config is missing")
 	}

 	m := userNode.AuthProvider.Config
@@ -64,7 +80,7 @@ func findCurrentAuthProvider(config *api.Config, contextName ContextName, userNa
 	if m["extra-scopes"] != "" {
 		extraScopes = strings.Split(m["extra-scopes"], ",")
 	}
-	return &AuthProvider{
+	return &kubeconfig.AuthProvider{
 		LocationOfOrigin:            userNode.LocationOfOrigin,
 		UserName:                    userName,
 		ContextName:                 contextName,
--- a/pkg/adaptors/kubeconfig/load_test.go
+++ b/pkg/adaptors/kubeconfig/load_test.go
@@ -1,10 +1,11 @@
-package kubeconfig
+package loader

 import (
 	"os"
 	"testing"

 	"github.com/google/go-cmp/cmp"
+	"github.com/int128/kubelogin/pkg/kubeconfig"
 	"k8s.io/client-go/tools/clientcmd/api"
 )

@@ -105,7 +106,7 @@ func Test_findCurrentAuthProvider(t *testing.T) {
 		if err != nil {
 			t.Fatalf("Could not find the current auth: %s", err)
 		}
-		want := &AuthProvider{
+		want := &kubeconfig.AuthProvider{
 			LocationOfOrigin:            "/path/to/kubeconfig",
 			UserName:                    "theUser",
 			ContextName:                 "theContext",
@@ -145,7 +146,7 @@ func Test_findCurrentAuthProvider(t *testing.T) {
 		if err != nil {
 			t.Fatalf("Could not find the current auth: %s", err)
 		}
-		want := &AuthProvider{
+		want := &kubeconfig.AuthProvider{
 			LocationOfOrigin: "/path/to/kubeconfig",
 			UserName:         "theUser",
 			ContextName:      "theContext",
@@ -173,7 +174,7 @@ func Test_findCurrentAuthProvider(t *testing.T) {
 		if err != nil {
 			t.Fatalf("Could not find the current auth: %s", err)
 		}
-		want := &AuthProvider{
+		want := &kubeconfig.AuthProvider{
 			LocationOfOrigin: "/path/to/kubeconfig",
 			UserName:         "theUser",
 			IDPIssuerURL:     "https://accounts.google.com",
--- a/pkg/adaptors/kubeconfig/mock_kubeconfig/mock_kubeconfig.go
+++ b/pkg/adaptors/kubeconfig/mock_kubeconfig/mock_kubeconfig.go
@@ -1,39 +1,39 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/int128/kubelogin/pkg/adaptors/kubeconfig (interfaces: Interface)
+// Source: github.com/int128/kubelogin/pkg/kubeconfig/loader (interfaces: Interface)

-// Package mock_kubeconfig is a generated GoMock package.
-package mock_kubeconfig
+// Package mock_loader is a generated GoMock package.
+package mock_loader

 import (
 	gomock "github.com/golang/mock/gomock"
-	kubeconfig "github.com/int128/kubelogin/pkg/adaptors/kubeconfig"
+	kubeconfig "github.com/int128/kubelogin/pkg/kubeconfig"
 	reflect "reflect"
 )

-// MockInterface is a mock of Interface interface.
+// MockInterface is a mock of Interface interface
 type MockInterface struct {
 	ctrl     *gomock.Controller
 	recorder *MockInterfaceMockRecorder
 }

-// MockInterfaceMockRecorder is the mock recorder for MockInterface.
+// MockInterfaceMockRecorder is the mock recorder for MockInterface
 type MockInterfaceMockRecorder struct {
 	mock *MockInterface
 }

-// NewMockInterface creates a new mock instance.
+// NewMockInterface creates a new mock instance
 func NewMockInterface(ctrl *gomock.Controller) *MockInterface {
 	mock := &MockInterface{ctrl: ctrl}
 	mock.recorder = &MockInterfaceMockRecorder{mock}
 	return mock
 }

-// EXPECT returns an object that allows the caller to indicate expected use.
+// EXPECT returns an object that allows the caller to indicate expected use
 func (m *MockInterface) EXPECT() *MockInterfaceMockRecorder {
 	return m.recorder
 }

-// GetCurrentAuthProvider mocks base method.
+// GetCurrentAuthProvider mocks base method
 func (m *MockInterface) GetCurrentAuthProvider(arg0 string, arg1 kubeconfig.ContextName, arg2 kubeconfig.UserName) (*kubeconfig.AuthProvider, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetCurrentAuthProvider", arg0, arg1, arg2)
@@ -42,22 +42,8 @@ func (m *MockInterface) GetCurrentAuthProvider(arg0 string, arg1 kubeconfig.Cont
 	return ret0, ret1
 }

-// GetCurrentAuthProvider indicates an expected call of GetCurrentAuthProvider.
+// GetCurrentAuthProvider indicates an expected call of GetCurrentAuthProvider
 func (mr *MockInterfaceMockRecorder) GetCurrentAuthProvider(arg0, arg1, arg2 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetCurrentAuthProvider", reflect.TypeOf((*MockInterface)(nil).GetCurrentAuthProvider), arg0, arg1, arg2)
 }
-
-// UpdateAuthProvider mocks base method.
-func (m *MockInterface) UpdateAuthProvider(arg0 *kubeconfig.AuthProvider) error {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "UpdateAuthProvider", arg0)
-	ret0, _ := ret[0].(error)
-	return ret0
-}
-
-// UpdateAuthProvider indicates an expected call of UpdateAuthProvider.
-func (mr *MockInterfaceMockRecorder) UpdateAuthProvider(arg0 interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateAuthProvider", reflect.TypeOf((*MockInterface)(nil).UpdateAuthProvider), arg0)
-}
--- a/pkg/adaptors/kubeconfig/testdata/kubeconfig.google.yaml
+++ b/pkg/adaptors/kubeconfig/testdata/kubeconfig.google.yaml
--- a/pkg/adaptors/kubeconfig/testdata/kubeconfig.keycloak.yaml
+++ b/pkg/adaptors/kubeconfig/testdata/kubeconfig.keycloak.yaml
--- a/pkg/adaptors/kubeconfig/kubeconfig.go
+++ b/pkg/adaptors/kubeconfig/kubeconfig.go
@@ -1,23 +1,5 @@
 package kubeconfig

-import (
-	"github.com/google/wire"
-	"github.com/int128/kubelogin/pkg/adaptors/logger"
-)
-
-//go:generate mockgen -destination mock_kubeconfig/mock_kubeconfig.go github.com/int128/kubelogin/pkg/adaptors/kubeconfig Interface
-
-// Set provides an implementation and interface for Kubeconfig.
-var Set = wire.NewSet(
-	wire.Struct(new(Kubeconfig), "*"),
-	wire.Bind(new(Interface), new(*Kubeconfig)),
-)
-
-type Interface interface {
-	GetCurrentAuthProvider(explicitFilename string, contextName ContextName, userName UserName) (*AuthProvider, error)
-	UpdateAuthProvider(auth *AuthProvider) error
-}
-
 // ContextName represents name of a context.
 type ContextName string

@@ -39,7 +21,3 @@ type AuthProvider struct {
 	IDToken                     string      // (optional) id-token
 	RefreshToken                string      // (optional) refresh-token
 }
-
-type Kubeconfig struct {
-	Logger logger.Interface
-}
--- a/pkg/kubeconfig/writer/mock_writer/mock_writer.go
+++ b/pkg/kubeconfig/writer/mock_writer/mock_writer.go
@@ -0,0 +1,48 @@
+// Code generated by MockGen. DO NOT EDIT.
+// Source: github.com/int128/kubelogin/pkg/kubeconfig/writer (interfaces: Interface)
+
+// Package mock_writer is a generated GoMock package.
+package mock_writer
+
+import (
+	gomock "github.com/golang/mock/gomock"
+	kubeconfig "github.com/int128/kubelogin/pkg/kubeconfig"
+	reflect "reflect"
+)
+
+// MockInterface is a mock of Interface interface
+type MockInterface struct {
+	ctrl     *gomock.Controller
+	recorder *MockInterfaceMockRecorder
+}
+
+// MockInterfaceMockRecorder is the mock recorder for MockInterface
+type MockInterfaceMockRecorder struct {
+	mock *MockInterface
+}
+
+// NewMockInterface creates a new mock instance
+func NewMockInterface(ctrl *gomock.Controller) *MockInterface {
+	mock := &MockInterface{ctrl: ctrl}
+	mock.recorder = &MockInterfaceMockRecorder{mock}
+	return mock
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use
+func (m *MockInterface) EXPECT() *MockInterfaceMockRecorder {
+	return m.recorder
+}
+
+// UpdateAuthProvider mocks base method
+func (m *MockInterface) UpdateAuthProvider(arg0 kubeconfig.AuthProvider) error {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "UpdateAuthProvider", arg0)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+// UpdateAuthProvider indicates an expected call of UpdateAuthProvider
+func (mr *MockInterfaceMockRecorder) UpdateAuthProvider(arg0 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateAuthProvider", reflect.TypeOf((*MockInterface)(nil).UpdateAuthProvider), arg0)
+}
--- a/pkg/adaptors/kubeconfig/write.go
+++ b/pkg/adaptors/kubeconfig/write.go
@@ -1,35 +1,50 @@
-package kubeconfig
+package writer

 import (
+	"fmt"
 	"strings"

-	"golang.org/x/xerrors"
+	"github.com/google/wire"
+	"github.com/int128/kubelogin/pkg/kubeconfig"
 	"k8s.io/client-go/tools/clientcmd"
 )

-func (*Kubeconfig) UpdateAuthProvider(p *AuthProvider) error {
+//go:generate mockgen -destination mock_writer/mock_writer.go github.com/int128/kubelogin/pkg/kubeconfig/writer Interface
+
+var Set = wire.NewSet(
+	wire.Struct(new(Writer), "*"),
+	wire.Bind(new(Interface), new(*Writer)),
+)
+
+type Interface interface {
+	UpdateAuthProvider(p kubeconfig.AuthProvider) error
+}
+
+type Writer struct{}
+
+func (Writer) UpdateAuthProvider(p kubeconfig.AuthProvider) error {
 	config, err := clientcmd.LoadFromFile(p.LocationOfOrigin)
 	if err != nil {
-		return xerrors.Errorf("could not load %s: %w", p.LocationOfOrigin, err)
+		return fmt.Errorf("could not load %s: %w", p.LocationOfOrigin, err)
 	}
 	userNode, ok := config.AuthInfos[string(p.UserName)]
 	if !ok {
-		return xerrors.Errorf("user %s does not exist", p.UserName)
+		return fmt.Errorf("user %s does not exist", p.UserName)
 	}
 	if userNode.AuthProvider == nil {
-		return xerrors.Errorf("auth-provider is missing")
+		return fmt.Errorf("auth-provider is missing")
 	}
 	if userNode.AuthProvider.Name != "oidc" {
-		return xerrors.Errorf("auth-provider must be oidc but is %s", userNode.AuthProvider.Name)
+		return fmt.Errorf("auth-provider must be oidc but is %s", userNode.AuthProvider.Name)
 	}
 	copyAuthProviderConfig(p, userNode.AuthProvider.Config)
 	if err := clientcmd.WriteToFile(*config, p.LocationOfOrigin); err != nil {
-		return xerrors.Errorf("could not update %s: %w", p.LocationOfOrigin, err)
+		return fmt.Errorf("could not update %s: %w", p.LocationOfOrigin, err)
 	}
 	return nil
 }

-func copyAuthProviderConfig(p *AuthProvider, m map[string]string) {
+func copyAuthProviderConfig(p kubeconfig.AuthProvider, m map[string]string) {
 	setOrDeleteKey(m, "idp-issuer-url", p.IDPIssuerURL)
 	setOrDeleteKey(m, "client-id", p.ClientID)
 	setOrDeleteKey(m, "client-secret", p.ClientSecret)
--- a/pkg/adaptors/kubeconfig/write_test.go
+++ b/pkg/adaptors/kubeconfig/write_test.go
@@ -1,4 +1,4 @@
-package kubeconfig
+package writer

 import (
 	"io/ioutil"
@@ -6,10 +6,11 @@ import (
 	"testing"

 	"github.com/google/go-cmp/cmp"
+	"github.com/int128/kubelogin/pkg/kubeconfig"
 )

 func TestKubeconfig_UpdateAuth(t *testing.T) {
-	var k Kubeconfig
+	var w Writer

 	t.Run("MinimumKeys", func(t *testing.T) {
 		f := newKubeconfigFile(t)
@@ -18,7 +19,7 @@ func TestKubeconfig_UpdateAuth(t *testing.T) {
 				t.Errorf("Could not remove the temp file: %s", err)
 			}
 		}()
-		if err := k.UpdateAuthProvider(&AuthProvider{
+		if err := w.UpdateAuthProvider(kubeconfig.AuthProvider{
 			LocationOfOrigin: f.Name(),
 			UserName:         "google",
 			IDPIssuerURL:     "https://accounts.google.com",
@@ -65,7 +66,7 @@ users:
 				t.Errorf("Could not remove the temp file: %s", err)
 			}
 		}()
-		if err := k.UpdateAuthProvider(&AuthProvider{
+		if err := w.UpdateAuthProvider(kubeconfig.AuthProvider{
 			LocationOfOrigin:            f.Name(),
 			UserName:                    "google",
 			IDPIssuerURL:                "https://accounts.google.com",
--- a/pkg/adaptors/oidcclient/oidcclient.go
+++ b/pkg/adaptors/oidcclient/oidcclient.go
@@ -1,22 +1,21 @@
-package oidcclient
+package client

 import (
 	"context"
+	"fmt"
 	"net/http"
 	"time"

-	gooidc "github.com/coreos/go-oidc"
-	"github.com/int128/kubelogin/pkg/adaptors/clock"
-	"github.com/int128/kubelogin/pkg/adaptors/logger"
-	"github.com/int128/kubelogin/pkg/jwt"
+	gooidc "github.com/coreos/go-oidc/v3/oidc"
+	"github.com/int128/kubelogin/pkg/infrastructure/clock"
+	"github.com/int128/kubelogin/pkg/infrastructure/logger"
 	"github.com/int128/kubelogin/pkg/oidc"
 	"github.com/int128/kubelogin/pkg/pkce"
 	"github.com/int128/oauth2cli"
 	"golang.org/x/oauth2"
-	"golang.org/x/xerrors"
 )

-//go:generate mockgen -destination mock_oidcclient/mock_oidcclient.go github.com/int128/kubelogin/pkg/adaptors/oidcclient Interface
+//go:generate mockgen -destination mock_client/mock_client.go github.com/int128/kubelogin/pkg/oidc/client Interface

 type Interface interface {
 	GetAuthCodeURL(in AuthCodeURLInput) string
@@ -88,7 +87,7 @@ func (c *client) GetTokenByAuthCode(ctx context.Context, in GetTokenByAuthCodeIn
 	}
 	token, err := oauth2cli.GetToken(ctx, config)
 	if err != nil {
-		return nil, xerrors.Errorf("oauth2 error: %w", err)
+		return nil, fmt.Errorf("oauth2 error: %w", err)
 	}
 	return c.verifyToken(ctx, token, in.Nonce)
 }
@@ -109,7 +108,7 @@ func (c *client) ExchangeAuthCode(ctx context.Context, in ExchangeAuthCodeInput)
 	opts := tokenRequestOptions(in.PKCEParams)
 	token, err := cfg.Exchange(ctx, in.Code, opts...)
 	if err != nil {
-		return nil, xerrors.Errorf("exchange error: %w", err)
+		return nil, fmt.Errorf("exchange error: %w", err)
 	}
 	return c.verifyToken(ctx, token, in.Nonce)
 }
@@ -149,7 +148,7 @@ func (c *client) GetTokenByROPC(ctx context.Context, username, password string)
 	ctx = c.wrapContext(ctx)
 	token, err := c.oauth2Config.PasswordCredentialsToken(ctx, username, password)
 	if err != nil {
-		return nil, xerrors.Errorf("resource owner password credentials flow error: %w", err)
+		return nil, fmt.Errorf("resource owner password credentials flow error: %w", err)
 	}
 	return c.verifyToken(ctx, token, "")
 }
@@ -164,7 +163,7 @@ func (c *client) Refresh(ctx context.Context, refreshToken string) (*oidc.TokenS
 	source := c.oauth2Config.TokenSource(ctx, currentToken)
 	token, err := source.Token()
 	if err != nil {
-		return nil, xerrors.Errorf("could not refresh the token: %w", err)
+		return nil, fmt.Errorf("could not refresh the token: %w", err)
 	}
 	return c.verifyToken(ctx, token, "")
 }
@@ -174,27 +173,18 @@ func (c *client) Refresh(ctx context.Context, refreshToken string) (*oidc.TokenS
 func (c *client) verifyToken(ctx context.Context, token *oauth2.Token, nonce string) (*oidc.TokenSet, error) {
 	idToken, ok := token.Extra("id_token").(string)
 	if !ok {
-		return nil, xerrors.Errorf("id_token is missing in the token response: %s", token)
+		return nil, fmt.Errorf("id_token is missing in the token response: %s", token)
 	}
 	verifier := c.provider.Verifier(&gooidc.Config{ClientID: c.oauth2Config.ClientID, Now: c.clock.Now})
 	verifiedIDToken, err := verifier.Verify(ctx, idToken)
 	if err != nil {
-		return nil, xerrors.Errorf("could not verify the ID token: %w", err)
+		return nil, fmt.Errorf("could not verify the ID token: %w", err)
 	}
 	if nonce != "" && nonce != verifiedIDToken.Nonce {
-		return nil, xerrors.Errorf("nonce did not match (wants %s but got %s)", nonce, verifiedIDToken.Nonce)
-	}
-	pretty, err := jwt.DecodePayloadAsPrettyJSON(idToken)
-	if err != nil {
-		return nil, xerrors.Errorf("could not decode the token: %w", err)
+		return nil, fmt.Errorf("nonce did not match (wants %s but got %s)", nonce, verifiedIDToken.Nonce)
 	}
 	return &oidc.TokenSet{
-		IDToken: idToken,
-		IDTokenClaims: jwt.Claims{
-			Subject: verifiedIDToken.Subject,
-			Expiry:  verifiedIDToken.Expiry,
-			Pretty:  pretty,
-		},
+		IDToken:      idToken,
 		RefreshToken: token.RefreshToken,
 	}, nil
 }
--- a/pkg/oidc/client/factory.go
+++ b/pkg/oidc/client/factory.go
@@ -0,0 +1,91 @@
+// Package client provides a client of OpenID Connect.
+package client
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	gooidc "github.com/coreos/go-oidc/v3/oidc"
+	"github.com/google/wire"
+	"github.com/int128/kubelogin/pkg/infrastructure/clock"
+	"github.com/int128/kubelogin/pkg/infrastructure/logger"
+	"github.com/int128/kubelogin/pkg/oidc"
+	"github.com/int128/kubelogin/pkg/oidc/client/logging"
+	"github.com/int128/kubelogin/pkg/pkce"
+	"github.com/int128/kubelogin/pkg/tlsclientconfig"
+	"github.com/int128/kubelogin/pkg/tlsclientconfig/loader"
+	"golang.org/x/oauth2"
+)
+
+//go:generate mockgen -destination mock_client/mock_factory.go github.com/int128/kubelogin/pkg/oidc/client FactoryInterface
+
+var Set = wire.NewSet(
+	wire.Struct(new(Factory), "*"),
+	wire.Bind(new(FactoryInterface), new(*Factory)),
+)
+
+type FactoryInterface interface {
+	New(ctx context.Context, p oidc.Provider, tlsClientConfig tlsclientconfig.Config) (Interface, error)
+}
+
+type Factory struct {
+	Loader loader.Loader
+	Clock  clock.Interface
+	Logger logger.Interface
+}
+
+// New returns an instance of infrastructure.Interface with the given configuration.
+func (f *Factory) New(ctx context.Context, p oidc.Provider, tlsClientConfig tlsclientconfig.Config) (Interface, error) {
+	rawTLSClientConfig, err := f.Loader.Load(tlsClientConfig)
+	if err != nil {
+		return nil, fmt.Errorf("could not load the TLS client config: %w", err)
+	}
+	baseTransport := &http.Transport{
+		TLSClientConfig: rawTLSClientConfig,
+		Proxy:           http.ProxyFromEnvironment,
+	}
+	loggingTransport := &logging.Transport{
+		Base:   baseTransport,
+		Logger: f.Logger,
+	}
+	httpClient := &http.Client{
+		Transport: loggingTransport,
+	}
+
+	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
+	provider, err := gooidc.NewProvider(ctx, p.IssuerURL)
+	if err != nil {
+		return nil, fmt.Errorf("oidc discovery error: %w", err)
+	}
+	supportedPKCEMethods, err := extractSupportedPKCEMethods(provider)
+	if err != nil {
+		return nil, fmt.Errorf("could not determine supported PKCE methods: %w", err)
+	}
+	if len(supportedPKCEMethods) == 0 && p.UsePKCE {
+		supportedPKCEMethods = []string{pkce.MethodS256}
+	}
+	return &client{
+		httpClient: httpClient,
+		provider:   provider,
+		oauth2Config: oauth2.Config{
+			Endpoint:     provider.Endpoint(),
+			ClientID:     p.ClientID,
+			ClientSecret: p.ClientSecret,
+			Scopes:       append(p.ExtraScopes, gooidc.ScopeOpenID),
+		},
+		clock:                f.Clock,
+		logger:               f.Logger,
+		supportedPKCEMethods: supportedPKCEMethods,
+	}, nil
+}
+
+func extractSupportedPKCEMethods(provider *gooidc.Provider) ([]string, error) {
+	var d struct {
+		CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"`
+	}
+	if err := provider.Claims(&d); err != nil {
+		return nil, fmt.Errorf("invalid discovery document: %w", err)
+	}
+	return d.CodeChallengeMethodsSupported, nil
+}
--- a/pkg/adaptors/oidcclient/logging/transport.go
+++ b/pkg/adaptors/oidcclient/logging/transport.go
@@ -4,7 +4,7 @@ import (
 	"net/http"
 	"net/http/httputil"

-	"github.com/int128/kubelogin/pkg/adaptors/logger"
+	"github.com/int128/kubelogin/pkg/infrastructure/logger"
 )

 const (
--- a/pkg/adaptors/oidcclient/logging/transport_test.go
+++ b/pkg/adaptors/oidcclient/logging/transport_test.go
--- a/pkg/adaptors/oidcclient/mock_oidcclient/mock_oidcclient.go
+++ b/pkg/adaptors/oidcclient/mock_oidcclient/mock_oidcclient.go
@@ -1,42 +1,42 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/int128/kubelogin/pkg/adaptors/oidcclient (interfaces: Interface)
+// Source: github.com/int128/kubelogin/pkg/oidc/client (interfaces: Interface)

-// Package mock_oidcclient is a generated GoMock package.
-package mock_oidcclient
+// Package mock_client is a generated GoMock package.
+package mock_client

 import (
 	context "context"
 	gomock "github.com/golang/mock/gomock"
-	oidcclient "github.com/int128/kubelogin/pkg/adaptors/oidcclient"
 	oidc "github.com/int128/kubelogin/pkg/oidc"
+	client "github.com/int128/kubelogin/pkg/oidc/client"
 	reflect "reflect"
 )

-// MockInterface is a mock of Interface interface.
+// MockInterface is a mock of Interface interface
 type MockInterface struct {
 	ctrl     *gomock.Controller
 	recorder *MockInterfaceMockRecorder
 }

-// MockInterfaceMockRecorder is the mock recorder for MockInterface.
+// MockInterfaceMockRecorder is the mock recorder for MockInterface
 type MockInterfaceMockRecorder struct {
 	mock *MockInterface
 }

-// NewMockInterface creates a new mock instance.
+// NewMockInterface creates a new mock instance
 func NewMockInterface(ctrl *gomock.Controller) *MockInterface {
 	mock := &MockInterface{ctrl: ctrl}
 	mock.recorder = &MockInterfaceMockRecorder{mock}
 	return mock
 }

-// EXPECT returns an object that allows the caller to indicate expected use.
+// EXPECT returns an object that allows the caller to indicate expected use
 func (m *MockInterface) EXPECT() *MockInterfaceMockRecorder {
 	return m.recorder
 }

-// ExchangeAuthCode mocks base method.
-func (m *MockInterface) ExchangeAuthCode(arg0 context.Context, arg1 oidcclient.ExchangeAuthCodeInput) (*oidc.TokenSet, error) {
+// ExchangeAuthCode mocks base method
+func (m *MockInterface) ExchangeAuthCode(arg0 context.Context, arg1 client.ExchangeAuthCodeInput) (*oidc.TokenSet, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "ExchangeAuthCode", arg0, arg1)
 	ret0, _ := ret[0].(*oidc.TokenSet)
@@ -44,28 +44,28 @@ func (m *MockInterface) ExchangeAuthCode(arg0 context.Context, arg1 oidcclient.E
 	return ret0, ret1
 }

-// ExchangeAuthCode indicates an expected call of ExchangeAuthCode.
+// ExchangeAuthCode indicates an expected call of ExchangeAuthCode
 func (mr *MockInterfaceMockRecorder) ExchangeAuthCode(arg0, arg1 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ExchangeAuthCode", reflect.TypeOf((*MockInterface)(nil).ExchangeAuthCode), arg0, arg1)
 }

-// GetAuthCodeURL mocks base method.
-func (m *MockInterface) GetAuthCodeURL(arg0 oidcclient.AuthCodeURLInput) string {
+// GetAuthCodeURL mocks base method
+func (m *MockInterface) GetAuthCodeURL(arg0 client.AuthCodeURLInput) string {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetAuthCodeURL", arg0)
 	ret0, _ := ret[0].(string)
 	return ret0
 }

-// GetAuthCodeURL indicates an expected call of GetAuthCodeURL.
+// GetAuthCodeURL indicates an expected call of GetAuthCodeURL
 func (mr *MockInterfaceMockRecorder) GetAuthCodeURL(arg0 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetAuthCodeURL", reflect.TypeOf((*MockInterface)(nil).GetAuthCodeURL), arg0)
 }

-// GetTokenByAuthCode mocks base method.
-func (m *MockInterface) GetTokenByAuthCode(arg0 context.Context, arg1 oidcclient.GetTokenByAuthCodeInput, arg2 chan<- string) (*oidc.TokenSet, error) {
+// GetTokenByAuthCode mocks base method
+func (m *MockInterface) GetTokenByAuthCode(arg0 context.Context, arg1 client.GetTokenByAuthCodeInput, arg2 chan<- string) (*oidc.TokenSet, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetTokenByAuthCode", arg0, arg1, arg2)
 	ret0, _ := ret[0].(*oidc.TokenSet)
@@ -73,13 +73,13 @@ func (m *MockInterface) GetTokenByAuthCode(arg0 context.Context, arg1 oidcclient
 	return ret0, ret1
 }

-// GetTokenByAuthCode indicates an expected call of GetTokenByAuthCode.
+// GetTokenByAuthCode indicates an expected call of GetTokenByAuthCode
 func (mr *MockInterfaceMockRecorder) GetTokenByAuthCode(arg0, arg1, arg2 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetTokenByAuthCode", reflect.TypeOf((*MockInterface)(nil).GetTokenByAuthCode), arg0, arg1, arg2)
 }

-// GetTokenByROPC mocks base method.
+// GetTokenByROPC mocks base method
 func (m *MockInterface) GetTokenByROPC(arg0 context.Context, arg1, arg2 string) (*oidc.TokenSet, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetTokenByROPC", arg0, arg1, arg2)
@@ -88,13 +88,13 @@ func (m *MockInterface) GetTokenByROPC(arg0 context.Context, arg1, arg2 string)
 	return ret0, ret1
 }

-// GetTokenByROPC indicates an expected call of GetTokenByROPC.
+// GetTokenByROPC indicates an expected call of GetTokenByROPC
 func (mr *MockInterfaceMockRecorder) GetTokenByROPC(arg0, arg1, arg2 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetTokenByROPC", reflect.TypeOf((*MockInterface)(nil).GetTokenByROPC), arg0, arg1, arg2)
 }

-// Refresh mocks base method.
+// Refresh mocks base method
 func (m *MockInterface) Refresh(arg0 context.Context, arg1 string) (*oidc.TokenSet, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "Refresh", arg0, arg1)
@@ -103,13 +103,13 @@ func (m *MockInterface) Refresh(arg0 context.Context, arg1 string) (*oidc.TokenS
 	return ret0, ret1
 }

-// Refresh indicates an expected call of Refresh.
+// Refresh indicates an expected call of Refresh
 func (mr *MockInterfaceMockRecorder) Refresh(arg0, arg1 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Refresh", reflect.TypeOf((*MockInterface)(nil).Refresh), arg0, arg1)
 }

-// SupportedPKCEMethods mocks base method.
+// SupportedPKCEMethods mocks base method
 func (m *MockInterface) SupportedPKCEMethods() []string {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "SupportedPKCEMethods")
@@ -117,7 +117,7 @@ func (m *MockInterface) SupportedPKCEMethods() []string {
 	return ret0
 }

-// SupportedPKCEMethods indicates an expected call of SupportedPKCEMethods.
+// SupportedPKCEMethods indicates an expected call of SupportedPKCEMethods
 func (mr *MockInterfaceMockRecorder) SupportedPKCEMethods() *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SupportedPKCEMethods", reflect.TypeOf((*MockInterface)(nil).SupportedPKCEMethods))
--- a/pkg/oidc/client/mock_client/mock_factory.go
+++ b/pkg/oidc/client/mock_client/mock_factory.go
@@ -0,0 +1,52 @@
+// Code generated by MockGen. DO NOT EDIT.
+// Source: github.com/int128/kubelogin/pkg/oidc/client (interfaces: FactoryInterface)
+
+// Package mock_client is a generated GoMock package.
+package mock_client
+
+import (
+	context "context"
+	gomock "github.com/golang/mock/gomock"
+	oidc "github.com/int128/kubelogin/pkg/oidc"
+	client "github.com/int128/kubelogin/pkg/oidc/client"
+	tlsclientconfig "github.com/int128/kubelogin/pkg/tlsclientconfig"
+	reflect "reflect"
+)
+
+// MockFactoryInterface is a mock of FactoryInterface interface
+type MockFactoryInterface struct {
+	ctrl     *gomock.Controller
+	recorder *MockFactoryInterfaceMockRecorder
+}
+
+// MockFactoryInterfaceMockRecorder is the mock recorder for MockFactoryInterface
+type MockFactoryInterfaceMockRecorder struct {
+	mock *MockFactoryInterface
+}
+
+// NewMockFactoryInterface creates a new mock instance
+func NewMockFactoryInterface(ctrl *gomock.Controller) *MockFactoryInterface {
+	mock := &MockFactoryInterface{ctrl: ctrl}
+	mock.recorder = &MockFactoryInterfaceMockRecorder{mock}
+	return mock
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use
+func (m *MockFactoryInterface) EXPECT() *MockFactoryInterfaceMockRecorder {
+	return m.recorder
+}
+
+// New mocks base method
+func (m *MockFactoryInterface) New(arg0 context.Context, arg1 oidc.Provider, arg2 tlsclientconfig.Config) (client.Interface, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "New", arg0, arg1, arg2)
+	ret0, _ := ret[0].(client.Interface)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// New indicates an expected call of New
+func (mr *MockFactoryInterfaceMockRecorder) New(arg0, arg1, arg2 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "New", reflect.TypeOf((*MockFactoryInterface)(nil).New), arg0, arg1, arg2)
+}
--- a/pkg/oidc/oidc.go
+++ b/pkg/oidc/oidc.go
@@ -4,23 +4,34 @@ import (
 	"crypto/rand"
 	"encoding/base64"
 	"encoding/binary"
+	"fmt"

 	"github.com/int128/kubelogin/pkg/jwt"
-	"golang.org/x/xerrors"
 )

-// TokenSet represents an output DTO of
-// Interface.GetTokenByAuthCode, Interface.GetTokenByROPC and Interface.Refresh.
+// Provider represents an OIDC provider.
+type Provider struct {
+	IssuerURL    string
+	ClientID     string
+	ClientSecret string   // optional
+	ExtraScopes  []string // optional
+	UsePKCE      bool     // optional
+}
+
+// TokenSet represents a set of ID token and refresh token.
 type TokenSet struct {
-	IDToken       string
-	RefreshToken  string
-	IDTokenClaims jwt.Claims
+	IDToken      string
+	RefreshToken string
+}
+
+func (ts TokenSet) DecodeWithoutVerify() (*jwt.Claims, error) {
+	return jwt.DecodeWithoutVerify(ts.IDToken)
 }

 func NewState() (string, error) {
 	b, err := random32()
 	if err != nil {
-		return "", xerrors.Errorf("could not generate a random: %w", err)
+		return "", fmt.Errorf("could not generate a random: %w", err)
 	}
 	return base64URLEncode(b), nil
 }
@@ -28,7 +39,7 @@ func NewState() (string, error) {
 func NewNonce() (string, error) {
 	b, err := random32()
 	if err != nil {
-		return "", xerrors.Errorf("could not generate a random: %w", err)
+		return "", fmt.Errorf("could not generate a random: %w", err)
 	}
 	return base64URLEncode(b), nil
 }
@@ -36,7 +47,7 @@ func NewNonce() (string, error) {
 func random32() ([]byte, error) {
 	b := make([]byte, 32)
 	if err := binary.Read(rand.Reader, binary.LittleEndian, b); err != nil {
-		return nil, xerrors.Errorf("read error: %w", err)
+		return nil, fmt.Errorf("read error: %w", err)
 	}
 	return b, nil
 }
--- a/pkg/pkce/pkce.go
+++ b/pkg/pkce/pkce.go
@@ -7,15 +7,14 @@ import (
 	"crypto/sha256"
 	"encoding/base64"
 	"encoding/binary"
-
-	"golang.org/x/xerrors"
+	"fmt"
 )

 var Plain Params

 const (
 	// code challenge methods defined as https://tools.ietf.org/html/rfc7636#section-4.3
-	methodS256 = "S256"
+	MethodS256 = "S256"
 )

 // Params represents a set of the PKCE parameters.
@@ -34,7 +33,7 @@ func (p Params) IsZero() bool {
 // It returns Plain if no method is available.
 func New(methods []string) (Params, error) {
 	for _, method := range methods {
-		if method == methodS256 {
+		if method == MethodS256 {
 			return NewS256()
 		}
 	}
@@ -45,7 +44,7 @@ func New(methods []string) (Params, error) {
 func NewS256() (Params, error) {
 	b, err := random32()
 	if err != nil {
-		return Plain, xerrors.Errorf("could not generate a random: %w", err)
+		return Plain, fmt.Errorf("could not generate a random: %w", err)
 	}
 	return computeS256(b), nil
 }
@@ -53,7 +52,7 @@ func NewS256() (Params, error) {
 func random32() ([]byte, error) {
 	b := make([]byte, 32)
 	if err := binary.Read(rand.Reader, binary.LittleEndian, b); err != nil {
-		return nil, xerrors.Errorf("read error: %w", err)
+		return nil, fmt.Errorf("read error: %w", err)
 	}
 	return b, nil
 }
@@ -64,7 +63,7 @@ func computeS256(b []byte) Params {
 	_, _ = s.Write([]byte(v))
 	return Params{
 		CodeChallenge:       base64URLEncode(s.Sum(nil)),
-		CodeChallengeMethod: methodS256,
+		CodeChallengeMethod: MethodS256,
 		CodeVerifier:        v,
 	}
 }
--- a/pkg/testing/jwt/encode.go
+++ b/pkg/testing/jwt/encode.go
@@ -5,7 +5,7 @@ import (
 	"crypto/rsa"
 	"testing"

-	"github.com/dgrijalva/jwt-go"
+	"github.com/golang-jwt/jwt/v4"
 )

 var PrivateKey = generateKey(1024)
--- a/pkg/testing/logger/logger.go
+++ b/pkg/testing/logger/logger.go
@@ -3,7 +3,7 @@ package logger
 import (
 	"fmt"

-	"github.com/int128/kubelogin/pkg/adaptors/logger"
+	"github.com/int128/kubelogin/pkg/infrastructure/logger"
 	"github.com/spf13/pflag"
 )

--- a/pkg/tlsclientconfig/config.go
+++ b/pkg/tlsclientconfig/config.go
@@ -0,0 +1,11 @@
+package tlsclientconfig
+
+import "crypto/tls"
+
+// Config represents a config for TLS client.
+type Config struct {
+	CACertFilename []string
+	CACertData     []string
+	SkipTLSVerify  bool
+	Renegotiation  tls.RenegotiationSupport
+}
--- a/pkg/tlsclientconfig/loader/load.go
+++ b/pkg/tlsclientconfig/loader/load.go
@@ -0,0 +1,72 @@
+// Package loader provides loading certificates from files or base64 encoded string.
+package loader
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"io/ioutil"
+
+	"github.com/google/wire"
+	"github.com/int128/kubelogin/pkg/tlsclientconfig"
+)
+
+// Set provides an implementation and interface.
+var Set = wire.NewSet(
+	wire.Struct(new(Loader), "*"),
+	wire.Bind(new(Interface), new(*Loader)),
+)
+
+type Interface interface {
+	Load(config tlsclientconfig.Config) (*tls.Config, error)
+}
+
+// Loader represents a pool of certificates.
+type Loader struct{}
+
+func (l *Loader) Load(config tlsclientconfig.Config) (*tls.Config, error) {
+	rootCAs := x509.NewCertPool()
+	for _, f := range config.CACertFilename {
+		if err := addFile(rootCAs, f); err != nil {
+			return nil, fmt.Errorf("could not load the certificate from %s: %w", f, err)
+		}
+	}
+	for _, d := range config.CACertData {
+		if err := addBase64Encoded(rootCAs, d); err != nil {
+			return nil, fmt.Errorf("could not load the certificate: %w", err)
+		}
+	}
+	if len(rootCAs.Subjects()) == 0 {
+		// use the host's root CA set
+		rootCAs = nil
+	}
+	return &tls.Config{
+		RootCAs:            rootCAs,
+		InsecureSkipVerify: config.SkipTLSVerify,
+		Renegotiation:      config.Renegotiation,
+	}, nil
+}
+
+func addFile(p *x509.CertPool, filename string) error {
+	b, err := ioutil.ReadFile(filename)
+	if err != nil {
+		return fmt.Errorf("could not read: %w", err)
+	}
+	if !p.AppendCertsFromPEM(b) {
+		return errors.New("invalid certificate")
+	}
+	return nil
+}
+
+func addBase64Encoded(p *x509.CertPool, s string) error {
+	b, err := base64.StdEncoding.DecodeString(s)
+	if err != nil {
+		return fmt.Errorf("could not decode base64: %w", err)
+	}
+	if !p.AppendCertsFromPEM(b) {
+		return errors.New("invalid certificate")
+	}
+	return nil
+}
--- a/pkg/tlsclientconfig/loader/load_test.go
+++ b/pkg/tlsclientconfig/loader/load_test.go
@@ -0,0 +1,60 @@
+package loader
+
+import (
+	"io/ioutil"
+	"testing"
+
+	"github.com/int128/kubelogin/pkg/tlsclientconfig"
+)
+
+func TestLoader_Load(t *testing.T) {
+	var loader Loader
+	t.Run("Zero", func(t *testing.T) {
+		cfg, err := loader.Load(tlsclientconfig.Config{})
+		if err != nil {
+			t.Errorf("Load error: %s", err)
+		}
+		if cfg.RootCAs != nil {
+			t.Errorf("RootCAs wants nil but was %+v", cfg.RootCAs)
+		}
+	})
+	t.Run("ValidFile", func(t *testing.T) {
+		cfg, err := loader.Load(tlsclientconfig.Config{
+			CACertFilename: []string{"testdata/ca1.crt"},
+		})
+		if err != nil {
+			t.Errorf("Load error: %s", err)
+		}
+		if n := len(cfg.RootCAs.Subjects()); n != 1 {
+			t.Errorf("n wants 1 but was %d", n)
+		}
+	})
+	t.Run("InvalidFile", func(t *testing.T) {
+		_, err := loader.Load(tlsclientconfig.Config{
+			CACertFilename: []string{"testdata/Makefile"},
+		})
+		if err == nil {
+			t.Errorf("AddFile wants an error but was nil")
+		}
+	})
+	t.Run("ValidBase64", func(t *testing.T) {
+		cfg, err := loader.Load(tlsclientconfig.Config{
+			CACertData: []string{readFile(t, "testdata/ca2.crt.base64")},
+		})
+		if err != nil {
+			t.Errorf("Load error: %s", err)
+		}
+		if n := len(cfg.RootCAs.Subjects()); n != 1 {
+			t.Errorf("n wants 1 but was %d", n)
+		}
+	})
+}
+
+func readFile(t *testing.T, filename string) string {
+	t.Helper()
+	b, err := ioutil.ReadFile(filename)
+	if err != nil {
+		t.Fatalf("ReadFile error: %s", err)
+	}
+	return string(b)
+}
--- a/pkg/tlsclientconfig/loader/testdata/Makefile
+++ b/pkg/tlsclientconfig/loader/testdata/Makefile
--- a/pkg/tlsclientconfig/loader/testdata/ca1.crt
+++ b/pkg/tlsclientconfig/loader/testdata/ca1.crt
--- a/pkg/tlsclientconfig/loader/testdata/ca1.crt.base64
+++ b/pkg/tlsclientconfig/loader/testdata/ca1.crt.base64
--- a/pkg/tlsclientconfig/loader/testdata/ca2.crt
+++ b/pkg/tlsclientconfig/loader/testdata/ca2.crt
--- a/pkg/tlsclientconfig/loader/testdata/ca2.crt.base64
+++ b/pkg/tlsclientconfig/loader/testdata/ca2.crt.base64
--- a/pkg/tlsclientconfig/loader/testdata/ca3.crt
+++ b/pkg/tlsclientconfig/loader/testdata/ca3.crt
--- a/pkg/tlsclientconfig/loader/testdata/ca3.crt.base64
+++ b/pkg/tlsclientconfig/loader/testdata/ca3.crt.base64
--- a/pkg/tokencache/repository/mock_repository/mock_repository.go
+++ b/pkg/tokencache/repository/mock_repository/mock_repository.go
@@ -1,62 +1,63 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/int128/kubelogin/pkg/adaptors/tokencache (interfaces: Interface)
+// Source: github.com/int128/kubelogin/pkg/tokencache/repository (interfaces: Interface)

-// Package mock_tokencache is a generated GoMock package.
-package mock_tokencache
+// Package mock_repository is a generated GoMock package.
+package mock_repository

 import (
 	gomock "github.com/golang/mock/gomock"
-	tokencache "github.com/int128/kubelogin/pkg/adaptors/tokencache"
+	oidc "github.com/int128/kubelogin/pkg/oidc"
+	tokencache "github.com/int128/kubelogin/pkg/tokencache"
 	reflect "reflect"
 )

-// MockInterface is a mock of Interface interface.
+// MockInterface is a mock of Interface interface
 type MockInterface struct {
 	ctrl     *gomock.Controller
 	recorder *MockInterfaceMockRecorder
 }

-// MockInterfaceMockRecorder is the mock recorder for MockInterface.
+// MockInterfaceMockRecorder is the mock recorder for MockInterface
 type MockInterfaceMockRecorder struct {
 	mock *MockInterface
 }

-// NewMockInterface creates a new mock instance.
+// NewMockInterface creates a new mock instance
 func NewMockInterface(ctrl *gomock.Controller) *MockInterface {
 	mock := &MockInterface{ctrl: ctrl}
 	mock.recorder = &MockInterfaceMockRecorder{mock}
 	return mock
 }

-// EXPECT returns an object that allows the caller to indicate expected use.
+// EXPECT returns an object that allows the caller to indicate expected use
 func (m *MockInterface) EXPECT() *MockInterfaceMockRecorder {
 	return m.recorder
 }

-// FindByKey mocks base method.
-func (m *MockInterface) FindByKey(arg0 string, arg1 tokencache.Key) (*tokencache.Value, error) {
+// FindByKey mocks base method
+func (m *MockInterface) FindByKey(arg0 string, arg1 tokencache.Key) (*oidc.TokenSet, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "FindByKey", arg0, arg1)
-	ret0, _ := ret[0].(*tokencache.Value)
+	ret0, _ := ret[0].(*oidc.TokenSet)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }

-// FindByKey indicates an expected call of FindByKey.
+// FindByKey indicates an expected call of FindByKey
 func (mr *MockInterfaceMockRecorder) FindByKey(arg0, arg1 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "FindByKey", reflect.TypeOf((*MockInterface)(nil).FindByKey), arg0, arg1)
 }

-// Save mocks base method.
-func (m *MockInterface) Save(arg0 string, arg1 tokencache.Key, arg2 tokencache.Value) error {
+// Save mocks base method
+func (m *MockInterface) Save(arg0 string, arg1 tokencache.Key, arg2 oidc.TokenSet) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "Save", arg0, arg1, arg2)
 	ret0, _ := ret[0].(error)
 	return ret0
 }

-// Save indicates an expected call of Save.
+// Save indicates an expected call of Save
 func (mr *MockInterfaceMockRecorder) Save(arg0, arg1, arg2 interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Save", reflect.TypeOf((*MockInterface)(nil).Save), arg0, arg1, arg2)
--- a/pkg/tokencache/repository/repository.go
+++ b/pkg/tokencache/repository/repository.go
@@ -0,0 +1,93 @@
+package repository
+
+import (
+	"crypto/sha256"
+	"encoding/gob"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/google/wire"
+	"github.com/int128/kubelogin/pkg/oidc"
+	"github.com/int128/kubelogin/pkg/tokencache"
+)
+
+//go:generate mockgen -destination mock_repository/mock_repository.go github.com/int128/kubelogin/pkg/tokencache/repository Interface
+
+// Set provides an implementation and interface for Kubeconfig.
+var Set = wire.NewSet(
+	wire.Struct(new(Repository), "*"),
+	wire.Bind(new(Interface), new(*Repository)),
+)
+
+type Interface interface {
+	FindByKey(dir string, key tokencache.Key) (*oidc.TokenSet, error)
+	Save(dir string, key tokencache.Key, tokenSet oidc.TokenSet) error
+}
+
+type entity struct {
+	IDToken      string `json:"id_token,omitempty"`
+	RefreshToken string `json:"refresh_token,omitempty"`
+}
+
+// Repository provides access to the token cache on the local filesystem.
+// Filename of a token cache is sha256 digest of the issuer, zero-character and client ID.
+type Repository struct{}
+
+func (r *Repository) FindByKey(dir string, key tokencache.Key) (*oidc.TokenSet, error) {
+	filename, err := computeFilename(key)
+	if err != nil {
+		return nil, fmt.Errorf("could not compute the key: %w", err)
+	}
+	p := filepath.Join(dir, filename)
+	f, err := os.Open(p)
+	if err != nil {
+		return nil, fmt.Errorf("could not open file %s: %w", p, err)
+	}
+	defer f.Close()
+	d := json.NewDecoder(f)
+	var e entity
+	if err := d.Decode(&e); err != nil {
+		return nil, fmt.Errorf("invalid json file %s: %w", p, err)
+	}
+	return &oidc.TokenSet{
+		IDToken:      e.IDToken,
+		RefreshToken: e.RefreshToken,
+	}, nil
+}
+
+func (r *Repository) Save(dir string, key tokencache.Key, tokenSet oidc.TokenSet) error {
+	if err := os.MkdirAll(dir, 0700); err != nil {
+		return fmt.Errorf("could not create directory %s: %w", dir, err)
+	}
+	filename, err := computeFilename(key)
+	if err != nil {
+		return fmt.Errorf("could not compute the key: %w", err)
+	}
+	p := filepath.Join(dir, filename)
+	f, err := os.OpenFile(p, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
+	if err != nil {
+		return fmt.Errorf("could not create file %s: %w", p, err)
+	}
+	defer f.Close()
+	e := entity{
+		IDToken:      tokenSet.IDToken,
+		RefreshToken: tokenSet.RefreshToken,
+	}
+	if err := json.NewEncoder(f).Encode(&e); err != nil {
+		return fmt.Errorf("json encode error: %w", err)
+	}
+	return nil
+}
+
+func computeFilename(key tokencache.Key) (string, error) {
+	s := sha256.New()
+	e := gob.NewEncoder(s)
+	if err := e.Encode(&key); err != nil {
+		return "", fmt.Errorf("could not encode the key: %w", err)
+	}
+	h := hex.EncodeToString(s.Sum(nil))
+	return h, nil
+}
--- a/pkg/tokencache/repository/repository_test.go
+++ b/pkg/tokencache/repository/repository_test.go
@@ -1,4 +1,4 @@
-package tokencache
+package repository

 import (
 	"io/ioutil"
@@ -6,6 +6,8 @@ import (
 	"testing"

 	"github.com/google/go-cmp/cmp"
+	"github.com/int128/kubelogin/pkg/oidc"
+	"github.com/int128/kubelogin/pkg/tokencache"
 )

 func TestRepository_FindByKey(t *testing.T) {
@@ -13,7 +15,7 @@ func TestRepository_FindByKey(t *testing.T) {

 	t.Run("Success", func(t *testing.T) {
 		dir := t.TempDir()
-		key := Key{
+		key := tokencache.Key{
 			IssuerURL:      "YOUR_ISSUER",
 			ClientID:       "YOUR_CLIENT_ID",
 			ClientSecret:   "YOUR_CLIENT_SECRET",
@@ -31,12 +33,12 @@ func TestRepository_FindByKey(t *testing.T) {
 			t.Fatalf("could not write to the temp file: %s", err)
 		}

-		value, err := r.FindByKey(dir, key)
+		got, err := r.FindByKey(dir, key)
 		if err != nil {
 			t.Errorf("err wants nil but %+v", err)
 		}
-		want := &Value{IDToken: "YOUR_ID_TOKEN", RefreshToken: "YOUR_REFRESH_TOKEN"}
-		if diff := cmp.Diff(want, value); diff != "" {
+		want := &oidc.TokenSet{IDToken: "YOUR_ID_TOKEN", RefreshToken: "YOUR_REFRESH_TOKEN"}
+		if diff := cmp.Diff(want, got); diff != "" {
 			t.Errorf("mismatch (-want +got):\n%s", diff)
 		}
 	})
@@ -47,7 +49,7 @@ func TestRepository_Save(t *testing.T) {

 	t.Run("Success", func(t *testing.T) {
 		dir := t.TempDir()
-		key := Key{
+		key := tokencache.Key{
 			IssuerURL:      "YOUR_ISSUER",
 			ClientID:       "YOUR_CLIENT_ID",
 			ClientSecret:   "YOUR_CLIENT_SECRET",
@@ -55,8 +57,8 @@ func TestRepository_Save(t *testing.T) {
 			CACertFilename: "/path/to/cert",
 			SkipTLSVerify:  false,
 		}
-		value := Value{IDToken: "YOUR_ID_TOKEN", RefreshToken: "YOUR_REFRESH_TOKEN"}
-		if err := r.Save(dir, key, value); err != nil {
+		tokenSet := oidc.TokenSet{IDToken: "YOUR_ID_TOKEN", RefreshToken: "YOUR_REFRESH_TOKEN"}
+		if err := r.Save(dir, key, tokenSet); err != nil {
 			t.Errorf("err wants nil but %+v", err)
 		}

--- a/pkg/tokencache/types.go
+++ b/pkg/tokencache/types.go
@@ -0,0 +1,13 @@
+package tokencache
+
+// Key represents a key of a token cache.
+type Key struct {
+	IssuerURL      string
+	ClientID       string
+	ClientSecret   string
+	Username       string
+	ExtraScopes    []string
+	CACertFilename string
+	CACertData     string
+	SkipTLSVerify  bool
+}
--- a/pkg/usecases/authentication/authcode/browser.go
+++ b/pkg/usecases/authentication/authcode/browser.go
@@ -2,19 +2,20 @@ package authcode

 import (
 	"context"
+	"fmt"
 	"time"

-	"github.com/int128/kubelogin/pkg/adaptors/browser"
-	"github.com/int128/kubelogin/pkg/adaptors/logger"
-	"github.com/int128/kubelogin/pkg/adaptors/oidcclient"
+	"github.com/int128/kubelogin/pkg/infrastructure/browser"
+	"github.com/int128/kubelogin/pkg/infrastructure/logger"
 	"github.com/int128/kubelogin/pkg/oidc"
+	"github.com/int128/kubelogin/pkg/oidc/client"
 	"github.com/int128/kubelogin/pkg/pkce"
 	"golang.org/x/sync/errgroup"
-	"golang.org/x/xerrors"
 )

 type BrowserOption struct {
 	SkipOpenBrowser            bool
+	BrowserCommand             string
 	BindAddress                []string
 	AuthenticationTimeout      time.Duration
 	OpenURLAfterAuthentication string
@@ -30,25 +31,25 @@ type Browser struct {
 	Logger  logger.Interface
 }

-func (u *Browser) Do(ctx context.Context, o *BrowserOption, client oidcclient.Interface) (*oidc.TokenSet, error) {
+func (u *Browser) Do(ctx context.Context, o *BrowserOption, oidcClient client.Interface) (*oidc.TokenSet, error) {
 	u.Logger.V(1).Infof("starting the authentication code flow using the browser")
 	state, err := oidc.NewState()
 	if err != nil {
-		return nil, xerrors.Errorf("could not generate a state: %w", err)
+		return nil, fmt.Errorf("could not generate a state: %w", err)
 	}
 	nonce, err := oidc.NewNonce()
 	if err != nil {
-		return nil, xerrors.Errorf("could not generate a nonce: %w", err)
+		return nil, fmt.Errorf("could not generate a nonce: %w", err)
 	}
-	p, err := pkce.New(client.SupportedPKCEMethods())
+	p, err := pkce.New(oidcClient.SupportedPKCEMethods())
 	if err != nil {
-		return nil, xerrors.Errorf("could not generate PKCE parameters: %w", err)
+		return nil, fmt.Errorf("could not generate PKCE parameters: %w", err)
 	}
 	successHTML := BrowserSuccessHTML
 	if o.OpenURLAfterAuthentication != "" {
 		successHTML = BrowserRedirectHTML(o.OpenURLAfterAuthentication)
 	}
-	in := oidcclient.GetTokenByAuthCodeInput{
+	in := client.GetTokenByAuthCodeInput{
 		BindAddress:            o.BindAddress,
 		State:                  state,
 		Nonce:                  nonce,
@@ -59,6 +60,7 @@ func (u *Browser) Do(ctx context.Context, o *BrowserOption, client oidcclient.In
 		LocalServerCertFile:    o.LocalServerCertFile,
 		LocalServerKeyFile:     o.LocalServerKeyFile,
 	}
+
 	ctx, cancel := context.WithTimeout(ctx, o.AuthenticationTimeout)
 	defer cancel()
 	readyChan := make(chan string, 1)
@@ -70,35 +72,47 @@ func (u *Browser) Do(ctx context.Context, o *BrowserOption, client oidcclient.In
 			if !ok {
 				return nil
 			}
-			if o.SkipOpenBrowser {
-				u.Logger.Printf("Please visit the following URL in your browser: %s", url)
-				return nil
-			}
-			u.Logger.V(1).Infof("opening %s in the browser", url)
-			if err := u.Browser.Open(url); err != nil {
-				u.Logger.Printf(`error: could not open the browser: %s
-
-Please visit the following URL in your browser manually: %s`, err, url)
-				return nil
-			}
+			u.openURL(ctx, o, url)
 			return nil
 		case <-ctx.Done():
-			return xerrors.Errorf("context cancelled while waiting for the local server: %w", ctx.Err())
+			return fmt.Errorf("context cancelled while waiting for the local server: %w", ctx.Err())
 		}
 	})
 	eg.Go(func() error {
 		defer close(readyChan)
-		tokenSet, err := client.GetTokenByAuthCode(ctx, in, readyChan)
+		tokenSet, err := oidcClient.GetTokenByAuthCode(ctx, in, readyChan)
 		if err != nil {
-			return xerrors.Errorf("authorization code flow error: %w", err)
+			return fmt.Errorf("authorization code flow error: %w", err)
 		}
 		out = tokenSet
 		u.Logger.V(1).Infof("got a token set by the authorization code flow")
 		return nil
 	})
 	if err := eg.Wait(); err != nil {
-		return nil, xerrors.Errorf("authentication error: %w", err)
+		return nil, fmt.Errorf("authentication error: %w", err)
 	}
 	u.Logger.V(1).Infof("finished the authorization code flow via the browser")
 	return out, nil
 }
+
+func (u *Browser) openURL(ctx context.Context, o *BrowserOption, url string) {
+	if o.SkipOpenBrowser {
+		u.Logger.Printf("Please visit the following URL in your browser: %s", url)
+		return
+	}
+
+	u.Logger.V(1).Infof("opening %s in the browser", url)
+	if o.BrowserCommand != "" {
+		if err := u.Browser.OpenCommand(ctx, url, o.BrowserCommand); err != nil {
+			u.Logger.Printf(`error: could not open the browser: %s
+
+Please visit the following URL in your browser manually: %s`, err, url)
+		}
+		return
+	}
+	if err := u.Browser.Open(url); err != nil {
+		u.Logger.Printf(`error: could not open the browser: %s
+
+Please visit the following URL in your browser manually: %s`, err, url)
+	}
+}
--- a/pkg/usecases/authentication/authcode/browser_test.go
+++ b/pkg/usecases/authentication/authcode/browser_test.go
@@ -7,20 +7,14 @@ import (

 	"github.com/golang/mock/gomock"
 	"github.com/google/go-cmp/cmp"
-	"github.com/int128/kubelogin/pkg/adaptors/browser/mock_browser"
-	"github.com/int128/kubelogin/pkg/adaptors/oidcclient"
-	"github.com/int128/kubelogin/pkg/adaptors/oidcclient/mock_oidcclient"
-	"github.com/int128/kubelogin/pkg/jwt"
+	"github.com/int128/kubelogin/pkg/infrastructure/browser/mock_browser"
 	"github.com/int128/kubelogin/pkg/oidc"
+	"github.com/int128/kubelogin/pkg/oidc/client"
+	"github.com/int128/kubelogin/pkg/oidc/client/mock_client"
 	"github.com/int128/kubelogin/pkg/testing/logger"
 )

 func TestBrowser_Do(t *testing.T) {
-	dummyTokenClaims := jwt.Claims{
-		Subject: "YOUR_SUBJECT",
-		Expiry:  time.Date(2019, 1, 2, 3, 4, 5, 0, time.UTC),
-		Pretty:  "PRETTY_JSON",
-	}
 	timeout := 5 * time.Second

 	t.Run("Success", func(t *testing.T) {
@@ -38,11 +32,11 @@ func TestBrowser_Do(t *testing.T) {
 			RedirectURLHostname:        "localhost",
 			AuthRequestExtraParams:     map[string]string{"ttl": "86400", "reauth": "true"},
 		}
-		mockOIDCClient := mock_oidcclient.NewMockInterface(ctrl)
-		mockOIDCClient.EXPECT().SupportedPKCEMethods()
-		mockOIDCClient.EXPECT().
+		mockClient := mock_client.NewMockInterface(ctrl)
+		mockClient.EXPECT().SupportedPKCEMethods()
+		mockClient.EXPECT().
 			GetTokenByAuthCode(gomock.Any(), gomock.Any(), gomock.Any()).
-			Do(func(_ context.Context, in oidcclient.GetTokenByAuthCodeInput, readyChan chan<- string) {
+			Do(func(_ context.Context, in client.GetTokenByAuthCodeInput, readyChan chan<- string) {
 				if diff := cmp.Diff(o.BindAddress, in.BindAddress); diff != "" {
 					t.Errorf("BindAddress mismatch (-want +got):\n%s", diff)
 				}
@@ -64,21 +58,19 @@ func TestBrowser_Do(t *testing.T) {
 				readyChan <- "LOCAL_SERVER_URL"
 			}).
 			Return(&oidc.TokenSet{
-				IDToken:       "YOUR_ID_TOKEN",
-				RefreshToken:  "YOUR_REFRESH_TOKEN",
-				IDTokenClaims: dummyTokenClaims,
+				IDToken:      "YOUR_ID_TOKEN",
+				RefreshToken: "YOUR_REFRESH_TOKEN",
 			}, nil)
 		u := Browser{
 			Logger: logger.New(t),
 		}
-		got, err := u.Do(ctx, o, mockOIDCClient)
+		got, err := u.Do(ctx, o, mockClient)
 		if err != nil {
 			t.Errorf("Do returned error: %+v", err)
 		}
 		want := &oidc.TokenSet{
-			IDToken:       "YOUR_ID_TOKEN",
-			RefreshToken:  "YOUR_REFRESH_TOKEN",
-			IDTokenClaims: dummyTokenClaims,
+			IDToken:      "YOUR_ID_TOKEN",
+			RefreshToken: "YOUR_REFRESH_TOKEN",
 		}
 		if diff := cmp.Diff(want, got); diff != "" {
 			t.Errorf("mismatch (-want +got):\n%s", diff)
@@ -94,17 +86,16 @@ func TestBrowser_Do(t *testing.T) {
 			BindAddress:           []string{"127.0.0.1:8000"},
 			AuthenticationTimeout: 10 * time.Second,
 		}
-		mockOIDCClient := mock_oidcclient.NewMockInterface(ctrl)
-		mockOIDCClient.EXPECT().SupportedPKCEMethods()
-		mockOIDCClient.EXPECT().
+		mockClient := mock_client.NewMockInterface(ctrl)
+		mockClient.EXPECT().SupportedPKCEMethods()
+		mockClient.EXPECT().
 			GetTokenByAuthCode(gomock.Any(), gomock.Any(), gomock.Any()).
-			Do(func(_ context.Context, _ oidcclient.GetTokenByAuthCodeInput, readyChan chan<- string) {
+			Do(func(_ context.Context, _ client.GetTokenByAuthCodeInput, readyChan chan<- string) {
 				readyChan <- "LOCAL_SERVER_URL"
 			}).
 			Return(&oidc.TokenSet{
-				IDToken:       "YOUR_ID_TOKEN",
-				RefreshToken:  "YOUR_REFRESH_TOKEN",
-				IDTokenClaims: dummyTokenClaims,
+				IDToken:      "YOUR_ID_TOKEN",
+				RefreshToken: "YOUR_REFRESH_TOKEN",
 			}, nil)
 		mockBrowser := mock_browser.NewMockInterface(ctrl)
 		mockBrowser.EXPECT().
@@ -113,14 +104,54 @@ func TestBrowser_Do(t *testing.T) {
 			Logger:  logger.New(t),
 			Browser: mockBrowser,
 		}
-		got, err := u.Do(ctx, o, mockOIDCClient)
+		got, err := u.Do(ctx, o, mockClient)
 		if err != nil {
 			t.Errorf("Do returned error: %+v", err)
 		}
 		want := &oidc.TokenSet{
-			IDToken:       "YOUR_ID_TOKEN",
-			RefreshToken:  "YOUR_REFRESH_TOKEN",
-			IDTokenClaims: dummyTokenClaims,
+			IDToken:      "YOUR_ID_TOKEN",
+			RefreshToken: "YOUR_REFRESH_TOKEN",
+		}
+		if diff := cmp.Diff(want, got); diff != "" {
+			t.Errorf("mismatch (-want +got):\n%s", diff)
+		}
+	})
+
+	t.Run("OpenBrowserCommand", func(t *testing.T) {
+		ctrl := gomock.NewController(t)
+		defer ctrl.Finish()
+		ctx, cancel := context.WithTimeout(context.TODO(), timeout)
+		defer cancel()
+		o := &BrowserOption{
+			BindAddress:           []string{"127.0.0.1:8000"},
+			BrowserCommand:        "firefox",
+			AuthenticationTimeout: 10 * time.Second,
+		}
+		mockClient := mock_client.NewMockInterface(ctrl)
+		mockClient.EXPECT().SupportedPKCEMethods()
+		mockClient.EXPECT().
+			GetTokenByAuthCode(gomock.Any(), gomock.Any(), gomock.Any()).
+			Do(func(_ context.Context, _ client.GetTokenByAuthCodeInput, readyChan chan<- string) {
+				readyChan <- "LOCAL_SERVER_URL"
+			}).
+			Return(&oidc.TokenSet{
+				IDToken:      "YOUR_ID_TOKEN",
+				RefreshToken: "YOUR_REFRESH_TOKEN",
+			}, nil)
+		mockBrowser := mock_browser.NewMockInterface(ctrl)
+		mockBrowser.EXPECT().
+			OpenCommand(gomock.Any(), "LOCAL_SERVER_URL", "firefox")
+		u := Browser{
+			Logger:  logger.New(t),
+			Browser: mockBrowser,
+		}
+		got, err := u.Do(ctx, o, mockClient)
+		if err != nil {
+			t.Errorf("Do returned error: %+v", err)
+		}
+		want := &oidc.TokenSet{
+			IDToken:      "YOUR_ID_TOKEN",
+			RefreshToken: "YOUR_REFRESH_TOKEN",
 		}
 		if diff := cmp.Diff(want, got); diff != "" {
 			t.Errorf("mismatch (-want +got):\n%s", diff)
--- a/pkg/usecases/authentication/authcode/keyboard.go
+++ b/pkg/usecases/authentication/authcode/keyboard.go
@@ -2,13 +2,13 @@ package authcode

 import (
 	"context"
+	"fmt"

-	"github.com/int128/kubelogin/pkg/adaptors/logger"
-	"github.com/int128/kubelogin/pkg/adaptors/oidcclient"
-	"github.com/int128/kubelogin/pkg/adaptors/reader"
+	"github.com/int128/kubelogin/pkg/infrastructure/logger"
+	"github.com/int128/kubelogin/pkg/infrastructure/reader"
 	"github.com/int128/kubelogin/pkg/oidc"
+	"github.com/int128/kubelogin/pkg/oidc/client"
 	"github.com/int128/kubelogin/pkg/pkce"
-	"golang.org/x/xerrors"
 )

 const keyboardPrompt = "Enter code: "
@@ -24,21 +24,21 @@ type Keyboard struct {
 	Logger logger.Interface
 }

-func (u *Keyboard) Do(ctx context.Context, o *KeyboardOption, client oidcclient.Interface) (*oidc.TokenSet, error) {
+func (u *Keyboard) Do(ctx context.Context, o *KeyboardOption, oidcClient client.Interface) (*oidc.TokenSet, error) {
 	u.Logger.V(1).Infof("starting the authorization code flow with keyboard interactive")
 	state, err := oidc.NewState()
 	if err != nil {
-		return nil, xerrors.Errorf("could not generate a state: %w", err)
+		return nil, fmt.Errorf("could not generate a state: %w", err)
 	}
 	nonce, err := oidc.NewNonce()
 	if err != nil {
-		return nil, xerrors.Errorf("could not generate a nonce: %w", err)
+		return nil, fmt.Errorf("could not generate a nonce: %w", err)
 	}
-	p, err := pkce.New(client.SupportedPKCEMethods())
+	p, err := pkce.New(oidcClient.SupportedPKCEMethods())
 	if err != nil {
-		return nil, xerrors.Errorf("could not generate PKCE parameters: %w", err)
+		return nil, fmt.Errorf("could not generate PKCE parameters: %w", err)
 	}
-	authCodeURL := client.GetAuthCodeURL(oidcclient.AuthCodeURLInput{
+	authCodeURL := oidcClient.GetAuthCodeURL(client.AuthCodeURLInput{
 		State:                  state,
 		Nonce:                  nonce,
 		PKCEParams:             p,
@@ -48,18 +48,18 @@ func (u *Keyboard) Do(ctx context.Context, o *KeyboardOption, client oidcclient.
 	u.Logger.Printf("Please visit the following URL in your browser: %s", authCodeURL)
 	code, err := u.Reader.ReadString(keyboardPrompt)
 	if err != nil {
-		return nil, xerrors.Errorf("could not read an authorization code: %w", err)
+		return nil, fmt.Errorf("could not read an authorization code: %w", err)
 	}

 	u.Logger.V(1).Infof("exchanging the code and token")
-	tokenSet, err := client.ExchangeAuthCode(ctx, oidcclient.ExchangeAuthCodeInput{
+	tokenSet, err := oidcClient.ExchangeAuthCode(ctx, client.ExchangeAuthCodeInput{
 		Code:        code,
 		PKCEParams:  p,
 		Nonce:       nonce,
 		RedirectURI: oobRedirectURI,
 	})
 	if err != nil {
-		return nil, xerrors.Errorf("could not exchange the authorization code: %w", err)
+		return nil, fmt.Errorf("could not exchange the authorization code: %w", err)
 	}
 	u.Logger.V(1).Infof("finished the authorization code flow with keyboard interactive")
 	return tokenSet, nil
--- a/pkg/usecases/authentication/authcode/keyboard_test.go
+++ b/pkg/usecases/authentication/authcode/keyboard_test.go
@@ -7,22 +7,16 @@ import (

 	"github.com/golang/mock/gomock"
 	"github.com/google/go-cmp/cmp"
-	"github.com/int128/kubelogin/pkg/adaptors/oidcclient"
-	"github.com/int128/kubelogin/pkg/adaptors/oidcclient/mock_oidcclient"
-	"github.com/int128/kubelogin/pkg/adaptors/reader/mock_reader"
-	"github.com/int128/kubelogin/pkg/jwt"
+	"github.com/int128/kubelogin/pkg/infrastructure/reader/mock_reader"
 	"github.com/int128/kubelogin/pkg/oidc"
+	"github.com/int128/kubelogin/pkg/oidc/client"
+	"github.com/int128/kubelogin/pkg/oidc/client/mock_client"
 	"github.com/int128/kubelogin/pkg/testing/logger"
 )

 var nonNil = gomock.Not(gomock.Nil())

 func TestKeyboard_Do(t *testing.T) {
-	dummyTokenClaims := jwt.Claims{
-		Subject: "YOUR_SUBJECT",
-		Expiry:  time.Date(2019, 1, 2, 3, 4, 5, 0, time.UTC),
-		Pretty:  "PRETTY_JSON",
-	}
 	timeout := 5 * time.Second

 	t.Run("Success", func(t *testing.T) {
@@ -33,27 +27,26 @@ func TestKeyboard_Do(t *testing.T) {
 		o := &KeyboardOption{
 			AuthRequestExtraParams: map[string]string{"ttl": "86400", "reauth": "true"},
 		}
-		mockOIDCClient := mock_oidcclient.NewMockInterface(ctrl)
-		mockOIDCClient.EXPECT().SupportedPKCEMethods()
-		mockOIDCClient.EXPECT().
+		mockClient := mock_client.NewMockInterface(ctrl)
+		mockClient.EXPECT().SupportedPKCEMethods()
+		mockClient.EXPECT().
 			GetAuthCodeURL(nonNil).
-			Do(func(in oidcclient.AuthCodeURLInput) {
+			Do(func(in client.AuthCodeURLInput) {
 				if diff := cmp.Diff(o.AuthRequestExtraParams, in.AuthRequestExtraParams); diff != "" {
 					t.Errorf("AuthRequestExtraParams mismatch (-want +got):\n%s", diff)
 				}
 			}).
 			Return("https://issuer.example.com/auth")
-		mockOIDCClient.EXPECT().
+		mockClient.EXPECT().
 			ExchangeAuthCode(nonNil, nonNil).
-			Do(func(_ context.Context, in oidcclient.ExchangeAuthCodeInput) {
+			Do(func(_ context.Context, in client.ExchangeAuthCodeInput) {
 				if in.Code != "YOUR_AUTH_CODE" {
 					t.Errorf("Code wants YOUR_AUTH_CODE but was %s", in.Code)
 				}
 			}).
 			Return(&oidc.TokenSet{
-				IDToken:       "YOUR_ID_TOKEN",
-				IDTokenClaims: dummyTokenClaims,
-				RefreshToken:  "YOUR_REFRESH_TOKEN",
+				IDToken:      "YOUR_ID_TOKEN",
+				RefreshToken: "YOUR_REFRESH_TOKEN",
 			}, nil)
 		mockReader := mock_reader.NewMockInterface(ctrl)
 		mockReader.EXPECT().
@@ -63,14 +56,13 @@ func TestKeyboard_Do(t *testing.T) {
 			Reader: mockReader,
 			Logger: logger.New(t),
 		}
-		got, err := u.Do(ctx, o, mockOIDCClient)
+		got, err := u.Do(ctx, o, mockClient)
 		if err != nil {
 			t.Errorf("Do returned error: %+v", err)
 		}
 		want := &oidc.TokenSet{
-			IDToken:       "YOUR_ID_TOKEN",
-			IDTokenClaims: dummyTokenClaims,
-			RefreshToken:  "YOUR_REFRESH_TOKEN",
+			IDToken:      "YOUR_ID_TOKEN",
+			RefreshToken: "YOUR_REFRESH_TOKEN",
 		}
 		if diff := cmp.Diff(want, got); diff != "" {
 			t.Errorf("mismatch (-want +got):\n%s", diff)
--- a/Show More
+++ b/Show More