ey-id" or "sha1" is expected to be setfailed to find key with serial number %s, slot 0x9a might be emptyruntime: unexpected error while checking standard file descriptor casGToWaitingForSuspendG with non-isWaitingForSuspendG wait reasonruntime: ReadTrace called from multiple goroutines simultaneously
sync: WaitGroup.Add called from inside and outside synctest bubbletls: certificate private key (%T) does not implement crypto.Signerclient doesn't support ECDHE, can only use legacy RSA key exchangetls: server sent an unexpected quic_transport_parameters extensiontls: client sent an unexpected quic_transport_parameters extensionprovisioner cannot have both `projectIDs` and `organizationID` setoidc.AuthorizeSSHSign; sshCA is disabled for oidc provisioner '%s'no x509 certificates found in roots attribute for provisioner '%s'x5c.authorizeToken; error verifying x5c certificate chain in tokenx509: policy constraints requireExplicitPolicy field overflows intx509: certificate is not valid for any names, but wanted to match x509: requested SignatureAlgorithm does not match private key typessh: certificates cannot be used as authority (public key type %q)crl.cacheDuration must be greater than or equal to crl.renewPeriodgrpc: credentials.Bundle must return non-nil transport credentialscredentials: cannot check peer: missing selected ALPN property. %sBuilding new tls configuration using step-ca x509 Signer Interface %d, maxheader: %d, sl: %d, tl: %d, normcount: %vdecoding bool array or slice: length exceeds input size (%d elements)decoding int8 array or slice: length exceeds input size (%d elements)decoding uint array or slice: length exceeds input size (%d elements)received frame with incorrect message type %v, expected lower byte %vgot %s for stream %d; expected CONTINUATION following %s for stream %dCRL Generation requested, but database does not support CRL generationerror decoding login response: pemCertificateChain should not be emptyerror converting to certificates provisioner from linkedca provisionercapi:sha1=%s;store-location=%s;store=%s;skip-find-certificate-key=truecloudCAS GetCertificateAuthority: PemCACertificate should not be emptycloudCAS CreateCertificateAuthority failed: PemCaCertificates is emptysync/atomic: compare and swap of inconsistently typed value into Valuebytes.Buffer: UnreadByte: previous operation was not a successful readK8s Service Account provisioner cannot be initialized without pub keystoken is not valid: failed to verify certificate against configured CAx509: PKCS#8 wrapping contained private key with unknown algorithm: %vx509: certificate relies on legacy Common Name field, use SANs insteadprovisioner %q does not have a default decrypter certificate availableblockingPicker: the picked transport is not ready, loop back to repickinvalid retry throttling config: maxTokens (%v) out of range (0, 1000]error creating certificate request: unsupported signature algorithm %qSpecific error conditions are indicated in the “subproblems” arrayCSR IPs do not match identifiers exactly: CSR IPs = %v, Order IPs = %vcrypto/ecdsa: only crypto/rand.Reader is allowed in FIPS 140-only modecrypto/ed25519: use of Ed25519ctx is not allowed in FIPS 140-only modeexpected XksProxyConnectivityType to be of type string, got %T insteadexpected BackingKeyIdResponseType to be of type string, got %T insteadInvalid Configuration: Dualstack and custom endpoint are not supportedfailed deleting AK %q because %d key(s) exist that were attested by itthe operation has been aborted to allow the server application to exitthe Smart Card Resource Manager is too busy to complete this operationrequest serial number %q and certificate serial number %q do not matchFailure! Error encountered moving mount %s to %s, with migration ID %spkcs7: zero parents provided to verify the signature of certificate %qgo-jose/go-jose: invalid SHA-256 thumbprint (must be %d bytes, not %d)the command may require writing of NV and NV is not current accessibleerror details: name = ErrorInfo reason = %s domain = %s metadata = %s
timeout exceeded while waiting for trace observer shutdown to completeSupportability/DistributedTrace/AcceptPayload/Ignored/UntrustedAccounttbsCertList.crlExtensions.*.IssuingDistributionPoint.distributionPointtbsCertList.revokedCertificates.crlEntryExtensions.*.CertificateIssuerMemory that is reserved for runtime mcache structures, but not in-use.trustboundary: trust boundary request failed with status: %s, body: %sdecoding int16 array or slice: length exceeds input size (%d elements)decoding int32 array or slice: length exceeds input size (%d elements)decoding int64 array or slice: length exceeds input size (%d elements)Failed to send request to S2Av2 for server peer cert chain validation.Failed to send request to S2Av2 for client peer cert chain validation.chacha20poly1305: invalid buffer overlap of output and additional datainternal error: attempt to send frame on a half-closed-local stream: %vfailed to load softKMS: please define decryptionKeyPEM or decryptionKeycreateCertificateAuthorityRequest `type=%d' is invalid or not supportedrange function recovered a loop body panic and did not resume panickingtls: peer doesn't support any of the certificate's signature algorithmsdynamic table size update MUST occur at the beginning of a header blocktoo many concurrent operations on a single file or socket (max 1048575)k8ssa.authorizeToken; k8sSA TokenReview API integration not implementedx509: issuer has name constraints but leaf doesn't have a SAN extensionjson: invalid use of ,string struct tag, trying to unmarshal %q into %vtransport: set send compressor called after headers sent or stream donegrpc: error unmarshalling service config %s due to methodConfig[%d]: %vThe request must include a value for the "externalAccountBinding" fieldcrypto/ecdsa: use of custom curves is not allowed in FIPS 140-only modeinvalid value for environment variable, %s=%s, need true, false or autoexpected KeyAgreementAlgorithmSpec to be of type string, got %T insteadEnvironmentCredential will authenticate with UsernamePasswordCredentialTo troubleshoot, visit https://aka.ms/azsdk/go/identity/troubleshoot#%s/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKeyPrimaryVersionassumed two-phase MFA login, returned secret is missing MFARequirementsgo-jose/go-jose/jwt: validation field, token issued in the future (iat)cbor: cannot set TagsMd to TagsForbidden when TimeTag is EncTagRequiredunsupported key derivation function or function not appropriate for useexec: command with a non-nil Cancel was not created with CommandContextgoogle: could not find default credentials. See %v for more informationInvalid API request. Not allowed to perform this action using ManagedDB%d compactor(s) succeeded. One or more tables from level %d compacted.
simple protocol queries must be run with standard_conforming_strings=onnumber of field descriptions must equal number of values, got %d and %dcollected metric %q { %s} has two or more labels with the same name: %sServer list entry:|%d|, ipStr:|%s|, port:|%d|, load balancer token:|%v|Unable to resolve %+q as an IPv6 address, appears to be an IPv4 addresshttp://169.254.169.254/metadata/instance/compute?api-version=2017-03-01bug: fieldBaseType() lookup of field(%s) on type(%s): do not have fieldcredentials: provided subject_token_field_name not found in credentialsINVALIDBOOLINT64FLOAT64STRINGBOOLSLICEINT64SLICEFLOAT64SLICESTRINGSLICEDigest length of %v bytes does not match Hash function size of %v bytesdecoding string array or slice: length exceeds input size (%d elements)decoding uint16 array or slice: length exceeds input size (%d elements)decoding uint32 array or slice: length exceeds input size (%d elements)decoding uint64 array or slice: length exceeds input size (%d elements)reflect: embedded type with methods not implemented for non-pointer typeruntime.Goexit called in a thread that was not created by the Go runtimeclient doesn't support any cipher suites compatible with the certificatetls: server's certificate contains an unsupported type of public key: %Ttls: second client hello encrypted client hello extension does not matchtls: certificate private key of type %T does not implement crypto.Signergcp.authorizeToken; gcp token google.compute_engine.zone cannot be emptyk8ssa.authorizeToken; error validating k8sSA token and extracting claimscertificate request contains unauthorized DNS names - got %v, allowed %vcrypto/rsa: use of multi-prime keys is not allowed in FIPS 140-only modecrypto/fips140: FIPS 140-3 mode enabled, but integrity check didn't passgrpc: Server.RegisterService found duplicate service registration for %qerror parsing DirectoryName SAN: empty value or asn1Value is not allowedunable to add custom RootCAs HTTPClient, has no WithTransportOptions, %Tinvalid value for shared config profile field, %s=%s, need true or falseexpected TrustAnchorCertificateType to be of type string, got %T insteadexpected KeyMaterialDescriptionType to be of type string, got %T insteadEnvironmentCredential will authenticate with ClientCertificateCredentialone or more of the supplied parameters could not be properly interpretedinvalid new AES management key length: %d bytes (expected 16, 24, or 32)AEIOUaeiouBCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz0123456789!@#$%^&*()go-jose/go-jose: invalid call to newFixedSizeBuffer (len(data) > length)got Content-Type = application/json, but could not unmarshal as JSON: %vcbor: invalid DefaultByteStringType: %s is not of kind string or []uint8provisioner does not match provisioner for which the EAB key was created{"loadBalancingConfig":[{"grpclb":{"childPolicy":[{"pick_first":{}}]}}]}error details: name = PreconditionFailure type = %s subj = %s desc = %s
google: read JWT from JSON credentials: 'type' field is %q (expected %q)Supportability/DistributedTrace/AcceptPayload/Ignored/CreateBeforeAccepttoken request had an empty authority.AuthParams.Scopes, which is invalidcredentials: auth handler must be specified for this credential filetypeNewDefaultCredentialsWithOptions: failed to create application oauth: %voauth2/google/externalaccount: unable to retrieve AWS session token - %sunable to load custom CA bundle, HTTPClient's transport unsupported typecallMarshalJSON called on type %T that does not have MarshalJSON defineddecoding float32 array or slice: length exceeds input size (%d elements)decoding float64 array or slice: length exceeds input size (%d elements)decoding uintptr array or slice: length exceeds input size (%d elements) can only be decoded from remote interface type; received concrete type application data received while processing fragmented handshake messagesFailed to receive server peer cert chain validation response from S2Av2.Failed to receive client peer cert chain validation response from S2Av2.createDecrypterRequest failed: signer does not implement crypto.Decryptererror revoking certificate: certificate authority extension was not foundtls: received unexpected handshake message of type %T when waiting for %Ttls: internal error: handshake returned an error but is marked successfultls: found a certificate rather than a key in the PEM for the private keygo package net: GODEBUG=netdns contains an invalid dns mode, ignoring it
challenge identifier %q doesn't match the attested hardware identifier %qCSR URIs do not match identifiers exactly: CSR URIs = %v, Order URIs = %vthe smart card has been reset, so any shared state information is invalidthe smart card has been removed, so further communication is not possible/google.cloud.security.privateca.v1.CertificateAuthorityService/GetCaPoolgo-jose/go-jose: key algorithm '%s' not supported in multi-recipient modego-jose/go-jose: invalid or SHA-256 thumbprint, does not match cert chaingo-jose/go-jose: invalid JWK, found 'oct' (symmetric) key with cert chainIgnoring resolver error because balancer is using a previous good update.Received a RST_STREAM frame with code %q, but found no mapped gRPC statusout of shared object/session memory or need space for internal operationsaccess disabled to EC2 IMDS via client option, or %q environment variable
endpoint host domain labels must match "[a-zA-Z0-9-]{1,63}", but found: expected AccessDeniedExceptionReason to be of type string, got %T insteadstringutils illegal argument: Minimum abbreviation width with offset is 7Inter: Biggest(j-1)
%s
vs Smallest(j):
%s
: level=%d j=%d numTables=%d%s: a non nil application or transaction must be provided to enrich a logTenantDiscoveryResponse: issuer was not found in the openid configurationdSTS authority must be an https URL such as https:///dstsv2/%soauth2/google/externalaccount: failed to unmarshal subject token file: %voauth2/google/externalaccount: invalid credential_source file format typeUnable to convert %s to an IPv4 address: unable to parse CIDR netmask: %vNoneMapMapKeyMapValueSliceSliceElemArrayArrayElemStructStructFieldWalkLocx509: failed to unmarshal certificate list issuing distribution point: %vHeap memory occupied by live objects that were marked by the previous GC.The total amount space that is scannable. Sum of all metrics in /gc/scan.type %T has field 'AdditionalFields' that is not a map[string]interface{}malformed response from server: malformed non-numeric status pseudo headernet/http: server replied with more than declared Content-Length; truncatedbytes.Buffer: UnreadRune: previous operation was not a successful ReadRuneunknown auth type: %s, only 'kubernetes' and 'approle' currently supportedruntime: cannot set cpu profile rate until previous profile has finished.
tls: certificate RSA key size too small for supported signature algorithmscrypto/rand: failed to read random data (see https://go.dev/issue/66821): aws.authorizeToken; invalid aws identity document - accountId is not validgcp.AuthorizeSSHSign; sshCA for Hosts is disabled for gcp provisioner '%s'gcp.AuthorizeSSHSign; sshCA for Users is disabled for gcp provisioner '%s'certificate request does not contain the valid DNS names - got %v, want %vcrypto/rsa: use of keys with odd size is not allowed in FIPS 140-only modethe smart card cannot be accessed because of other connections outstandingthe action was cancelled by the system, presumably to log off or shut downgcm: internal error: using generic implementation despite hardware support{"name": "{{ .name }}", "preferred_username": "{{ .preferred_username }}"}go-jose/go-jose: invalid JWK, x5c thumbprint does not match x5t#S256 valueSubConn %p reported connectivity state READY. Registering health listener.public and sensitive portions of an object are not cryptographically boundparsing nvram header: ekCert size %d smaller than specified cert length %dAddAttrs unsafely called on copy of Record made without using Record.Clonecannot use NewWriteBatchAt with managedDB=false. Use NewWriteBatch insteadpacket for query is too large. Try adjusting the `Config.MaxAllowedPacket`Number of currently allocated objects. Equals to /gc/heap/objects:objects.claims must be JSON. Are they base64 encoded? json.Unmarshal returned "%v"DirectPath is disabled. DirectPath is only available in a GCE environment.oauth2/google/externalaccount: executable command failed with exit code %voauth2/google/externalaccount: invalid body in subject token URL query: %vstruct type %q which has field %q which doesn't implement json.Unmarshalerdecoding complex64 array or slice: length exceeds input size (%d elements)an online certificate authority for secure automated certificate managementUnsolicited response received on idle HTTP channel starting with %q; err=%vadminHandler.authorizeToken; error verifying x5c certificate chain in tokenfailed storing certificate using Windows platform cryptography provider: %wfailed deleting certificate from Windows platform cryptography provider: %w^projects/[^/]+/locations/[^/]+/caPools/[^/]+/certificateAuthorities/[^/]+$cloudCAS 'certificateAuthority' is not valid certificate authority resourcetls: internal error: attempted to read record with pending application datatls: client sent encrypted_client_hello extension with unsupported versionstls: client sent encrypted_client_hello extension but did not offer TLS 1.3azure.AuthorizeSign; azure token validation failed - invalid resource groupssh: invalid encrypted private key length, not a multiple of the block sizethere are not enough orders for this account for this custom OIDC challengenumber of EKs (%d) bigger than the maximum allowed number (%d) of downloadsthe data buffer to receive returned data is too small for the returned data/google.cloud.security.privateca.v1.CertificateAuthorityService/ListCaPoolsconfigured Vault token contains non-printable characters and cannot be usedpkcs7: cannot decrypt data: only RSA PKCS#1 v1.5 and RSA OAEP are supportedpkcs7: cannot encrypt content: only DES-CBC, AES-CBC, and AES-GCM supportedEXPERIMENTAL. Number of times the selected subchannel becomes disconnected.header list size to send violates the maximum size (%d bytes) set by serverHeader list size to send violates the maximum size (%d bytes) set by clientencoding RSAParameters, ECCParameters, SymCipherParameters or KeyedHash: %vunreachable logic in Decoder.isValueNext, lastToken.kind: %v, openStack: %vexpected InvalidRequestExceptionReason to be of type string, got %T insteadcall another AcquireToken method to request a new token having these claimssecret ID was specified with an environment variable %q with an empty valueNumber of bytes obtained from system. Equals to /memory/classes/total:byte.collected metric %q { %s} has a label named %q whose value is not utf8: %#vTotal number of internal errors encountered by the promhttp metric handler.go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpcexpected AuthenticationSASLFinal message but received unexpected message %Tinvalid SCRAM server-first-message received from server: did not include r=invalid SCRAM server-first-message received from server: did not include s=invalid SCRAM server-first-message received from server: did not include i=http://metadata.google.internal/computeMetadata/v1/instance/?recursive=truehttps://iamcredentials.%s/v1/projects/-/serviceAccounts/%s/allowedLocationscredentials: failed to unmarshal response body from Secure Token Server: %wdecoding complex128 array or slice: length exceeds input size (%d elements)HTTP/1.0 400 Bad Request
Client sent an HTTP request to an HTTPS server.
failed deleting certificate using Windows platform cryptography provider: %wtls: failed to send closeNotify alert (but connection was closed anyway): %wtls: no cipher suite supported by both client and server; client offered: %xtls: server certificate contains incorrect key type for selected ciphersuiteazure.AuthorizeSign; azure token validation failed - invalid subscription idcertificate request does not contain the valid common name - got %s, want %scrypto/rsa: use of even public exponent is not allowed in FIPS 140-only modeThe request attempted to finalize an order that is not ready to be finalizedCSR names do not match identifiers exactly: CSR names = %v, Order names = %v/google.cloud.security.privateca.v1.CertificateAuthorityService/CreateCaPool/google.cloud.security.privateca.v1.CertificateAuthorityService/UpdateCaPool/google.cloud.security.privateca.v1.CertificateAuthorityService/DeleteCaPool/google.cloud.security.privateca.v1.CertificateAuthorityService/FetchCaCertsgo-jose/go-jose: invalid JWK, public keys in key and x5c fields do not matchgo-jose/go-jose/jwt: expected string or array value to unmarshal to Audiencetransport: trying to send header list size larger than the limit set by peertransport: http2Server.HandleStreams received bogus greeting from client: %qtransport: http2Server.HandleStreams saw invalid preface type %T from client5 command requires an authorization session for handle and it is not presentunsupported symmetric algorithm or key size, or not appropriate for instancethe 1st authorization session handle references a session that is not loadedthe 2nd authorization session handle references a session that is not loadedthe 3rd authorization session handle references a session that is not loadedthe 4th authorization session handle references a session that is not loadedthe 5th authorization session handle references a session that is not loadedthe 6th authorization session handle references a session that is not loadedthe 7th authorization session handle references a session that is not loadedTime from start of transaction to when the first response byte is available.credentials: could not find default credentials. See %v for more informationcredentials: missing `command` field — executable command must be providedWARNING: %T does not implement request.Retryer; using DefaultRetryer insteadinvalid Body.Read call. After hijacked, the original Request must not be usedTimeoutTimeout
MapIter.Next called on an iterator that does not have an associated map Value^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$failed creating attestation client: attestation CA base URL must not be emptycrypto/tls: ExportKeyingMaterial is unavailable when renegotiation is enabledinvalid function signature for %s: second return value should be error; is %shttp://metadata/computeMetadata/v1/instance/service-accounts/default/identitycertificate request does not contain the valid IP addresses - got %v, want %vgrpc: credentials.Bundle may not be used with individual TransportCredentialsClientConn's authority from transport creds %q and dial option %q don't matcherror parsing HardwareModuleName SAN: empty value or asn1Value is not allowedReload failed because the CA with new configuration could not be initialized.profile %q is configured to use SSO but is missing required configuration: %sINSERT INTO `%s`(nkey, nvalue) VALUES(?,?) ON DUPLICATE KEY UPDATE nvalue = ?go-jose/go-jose/jwt: expected claims to be value convertible into JSON objectonly data and encryptedData content types are supported in authenticated safeCannot use NewTransactionAt with managedDB=false. Use NewTransaction instead.number of field descriptions must equal number of destinations, got %d and %dcollected metric named %q collides with previously collected summary named %qoauth2/google/externalaccount: got invalid expiry from security token serviceexpected AuthenticationGSSContinue message but received unexpected message %Tinvalid PEM-encoded certificate data: expected CERTIFICATE block type, got %soauth2/google: failed to unmarshal response body from Secure Token Server: %vassume role with MFA enabled, but neither TokenCode nor TokenProvider are setpattern %q (registered at %s) conflicts with pattern %q (registered at %s):
%sreflect: embedded type with methods not implemented if type is not first fielderror decoding login response: pemCertificateChain is not a certificate bundlefailed retrieving certificate using Windows platform cryptography provider: %wrange function continued iteration after function for loop body returned falsegcp.authorizeToken; gcp token google.compute_engine.project_id cannot be emptycrypto/rsa: use of PKCS#1 v1.5 encryption is not allowed in FIPS 140-only modex509: signature check attempts limit reached while verifying certificate chain-//softquad software//dtd hotmetal pro 6.0::19990601::extensions to html 4.0//115792089210356248762697446949407573530086143415290314195533631308867097853951115792089210356248762697446949407573529996955224135760342422259061068512044369parsing error : could not find profile section name after processing files: %vno client ID specified. Check pod configuration or set ClientID in the optionsno tenant ID specified. Check pod configuration or set TenantID in the options/google.cloud.security.privateca.v1.CertificateAuthorityService/GetCertificateHealthy: %t. FailureTolerance: %d. Leader: %s. OptimisticFailureTolerance: %d
pkcs7: cannot convert encryption algorithm to oid, unknown private key type %Ttransport: http2Server.HandleStreams failed to read initial settings frame: %va _TPM_Init and Startup(CLEAR) is required before the TPM can resume operationinternal server error; please see the certificate authority logs for more infooauth2/google: can't get a token from the metadata service; not running on GCEmultiplication of durations resulted in overflow, one operand may be too largeBuffer length: %d greater than file size: %d. Manifest file might be corruptedhttps://sts.{region}.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15oauth2/google/externalaccount: the token returned by the executable is expiredfailed to load assume role for %s, source profile %s has no shared credentialsexpected AuthenticationSASLContinue message but received unexpected message %T//iam\.([^/]+)/projects/([^/]+)/locations/global/workloadIdentityPools/([^/]+)http2: server closing client connection; error reading frame from client %s: %vProvisioners that were migrated can now be removed from `ca.json` by editing itcannot convert slice with length %y to array or pointer to array with length %xtls: client certificate private key of type %T does not implement crypto.Signerazure.AuthorizeSign; azure token validation failed - invalid identity object idgcp.authorizeToken; gcp token google.compute_engine.instance_id cannot be emptyjwk.authorizeToken; invalid jwk token audience claim (aud); want %s, but got %svalidatePayload: failed to validate oidc token payload: email %q is not allowedoidc.AuthorizeSSHSign: failed to validate oidc token payload: subject not foundcertificate used to sign x5cInsecure token cannot be used for digital signatureFIPS and DualStack are enabled, but this partition does not support one or bothone or more of the supplied parameters values could not be properly interpretedgcp.authorizeToken; invalid gcp token - project does not belong to organizationmetadata: FromOutgoingContext got an odd number of input pairs for metadata: %dAzure ML supports specifying a user-assigned managed identity by client ID onlycannot use NewManagedWriteBatch with managedDB=false. Use NewWriteBatch insteadcollected metric named %q collides with previously collected histogram named %qcollected histogram named %q collides with previously collected metric named %qoauth2/google/externalaccount: unable to retrieve AWS security credentials - %soauth2/google/externalaccount: response contains unsuccessful response: (%v) %vhttp: RoundTripper implementation (%T) returned a nil *Response with a nil errorbug: unexpected way for two patterns %s and %s to conflict: methods %s, paths %sawskms does not support using different algorithms for hashing %q and masking %qtls: either ServerName or InsecureSkipVerify must be specified in the tls.Configcertificate request does not contain the valid email addresses - got %v, want %vx509: invalid signature: parent certificate cannot sign this kind of certificatecardinality violation: received no request message from non-client-streaming RPCcrypto/ecdh: internal error: nistec ScalarBaseMult failed for a fixed-size inputexpected XksProxyVpcEndpointServiceNameType to be of type string, got %T instead--------------------------------------------------------------------------------/google.cloud.security.privateca.v1.CertificateAuthorityService/ListCertificatescrypto/rand: blocked for 60 seconds waiting to read random data from the kernel
decoding Handle, Private, Public, CreationData, CreationHash, CreationTicket: %vchi: wildcard '*' must be the last pattern in a route, otherwise use a '{param}'failed to discard remaining HTTP response body, this may affect connection reuseauthenticated requests are not permitted for non TLS protected (https) endpointsxml: end tag in namespace %s does not match start tag <%s> in namespace %sFailed to read all bytes from the file.Bytes in file: %d Bytes actually Read: %dhttps://iamcredentials.%s/v1/locations/global/workforcePools/%s/allowedLocationsfailed loading certificate chain using Windows platform cryptography provider: %wfailed storing certificate chain using Windows platform cryptography provider: %w (bad use of unsafe.Pointer or having race conditions? try -d=checkptr or -race)
gcp.authorizeToken; gcp token google.compute_engine.instance_name cannot be emptysshpop.authorizeToken; sshpop public key could not be cast to ssh CryptoPublicKeycrypto/rsa: use of public exponent <= 2¹⁶ is not allowed in FIPS 140-only modecrypto/rsa: use of primes of different sizes is not allowed in FIPS 140-only modecardinality violation: received no response message from non-server-streaming RPCexternal account binding key with id '%s' was already bound to account '%s' on %schallenge identifier %q doesn't match any of the attested hardware identifiers %qassume role with MFA enabled, but AssumeRoleTokenProvider session option not set.
--------------------------------------------------------------------------------the operation requires a Smart Card, but no Smart Card is currently in the device/google.cloud.security.privateca.v1.CertificateAuthorityService/CreateCertificate/google.cloud.security.privateca.v1.CertificateAuthorityService/RevokeCertificate/google.cloud.security.privateca.v1.CertificateAuthorityService/UpdateCertificatecrypto/aes: internal error: using generic implementation despite hardware supportunable to decrease reference of table: %s while verifying checksum with error: %sTenantDiscoveryResponse: token endpoint was not found in the openid configurationoauth2/google/externalaccount: HTTP request for URL-sourced credential failed: %voauth2/google/externalaccount: invalid response when retrieving subject token: %vhttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdcredentials: response must include `error` and `message` fields when unsuccessfulerror initializing linkedca: token authority and configured authority do not matchrefusing to use HTTP_PROXY value in CGI environment; see golang.org/s/cgihttpproxysshpop.authorizeToken; could not find valid ca signer to verify sshpop certificatex509: a root or intermediate certificate is not authorized to sign for this name: grpc: Server.RegisterService found the handler of type %v that does not satisfy %vwildcard character in domain constraint %q can only be used to match (full) labelshtml: bad parser state: element not found, in the after-body insertion modeinvalid value for environment variable, %s=%s, must be preferred/required/disabledcredential_source values must be EcsContainer, Ec2InstanceMetadata, or Environmentunknown SignatureType type %q; valid options are 'pkcs7', 'identity' and 'rsa2048'received goaway with stream id: %v, which exceeds stream id of previous goaway: %vtransport: http2Server.HandleStreams failed to receive the preface from client: %vonly Quote, Certify & Creation attestation structures are supported, got type 0x%x%s is a prerelease version and the constraint is only looking for release versionsunexpected resp from server for caching_sha2_password, perform full authenticationcollected metric %q { %s} was collected before with the same name and label valuesauthority must be an URL such as "https://login.microsoftonline.com/"credentials: could not extract target service account email for trust boundary: %wgl-go/%s auth/%s google-byoid-sdk source/%s sa-impersonation/%t config-lifetime/%tcredential source values must be EcsContainer, Ec2InstanceMetadata, or Environmentx509: multiple cert types set in issuing-distribution-point: user:%v CA:%v attr:%vMemory that is occupied by runtime mspan structures that are currently being used.http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdbug: comm.Client.JSONCall(): content was send with unsupported content-encoding %sonly handshakers created using NewClientHandshaker can perform a client handshakeronly handshakers created using NewServerHandshaker can perform a server handshakerreflect: embedded type with methods not implemented if there is more than one fieldpath to the containing the password to decrypt the
intermediate private key.>>> input does not meet minimum length requirement; must be at least %v characters
expected all size classes up to min size for malloc header to fit in one-page spanstls: failed to decrypt second client hello encrypted client hello extension payloadcrypto/hkdf: use of keys shorter than 112 bits is not allowed in FIPS 140-only modeazure.authorizeToken; azure token validation failed - invalid tenant id claim (tid)crypto/rsa: use of keys smaller than 2048 bits is not allowed in FIPS 140-only modex509: issuer has name constraints but leaf contains unknown or unconstrained name: (possibly because of %q while trying to verify candidate authority certificate %q)json: invalid use of ,string struct tag, trying to unmarshal unquoted value into %vmethod configs in service config will be ignored due to presence of config selectorincorrect certificate for tls-alpn-01 challenge: missing acmeValidationV1 extensioncrypto/cipher: use of CBC with non-AES ciphers is not allowed in FIPS 140-only modecrypto/cipher: use of CTR with non-AES ciphers is not allowed in FIPS 140-only modecrypto/cipher: use of GCM with non-AES ciphers is not allowed in FIPS 140-only modeinvalid value for environment variable, %s=%s, must be when_supported/when_requiredexpected XksProxyAuthenticationAccessKeyIdType to be of type string, got %T insteadcrypto/hmac: use of keys shorter than 112 bits is not allowed in FIPS 140-only mode --------------------------------------------------------------------------------Number of heap bytes released to OS. Equals to /memory/classes/heap/released:bytes.Failed to create credentials used for connecting to backends returned by grpclb: %vkerberos error: no GSSAPI provider registered, see https://github.com/otan/gopgkrb5x509: certificate list extension %v marked critical but expected to be non-criticalx509: certificate list extension %v marked non-critical but expected to be criticalMemory that is occupied by runtime mcache structures that are currently being used.trustboundary: provided universe domain (%q) does not match domain in audience (%q)https://iamcredentials..+/v1/projects/-/serviceAccounts/(.*@.*):generateAccessTokentls: downgrade attempt detected, possibly due to a MitM attack or a broken middleboxstack too short to match cached location; stk = %#x, l.pcs = %#x, original stk = %#xx509: signature algorithm specifies an %s public key, but have public key of type %TYou can force a restart by sending a SIGTERM signal and then restarting the step-ca.no token file specified. Check pod configuration or set TokenFilePath in the options%d bits RSA keys are (currently) not supported in go.step.sm/crypto; maximum is 2048certificate contained an ip assignment outside the limitations of the signing ca: %sfailed to execute CmpAndSwap transaction on %s/%s and failed to rollback transactionerror details: name = ResourceInfo type = %s resourcename = %s owner = %s desc = %s
Cannot acquire directory lock on %q. Another process is using this Badger database.credentials: missing required 'source_credentials' field in impersonated credentialshttps://iamcredentials\..+/v1/projects/-/serviceAccounts/(.*@.*):generateAccessTokenhttp: WriteHeader called with both Transfer-Encoding of %q and a Content-Length of %dreflect.Value.Interface: cannot return value obtained from unexported field or methodThe request lacked necessary authorization to be completed: certificate expired on %sgcp.authorizeToken; failed to validate gcp token payload - cannot find key for kid %scrypto/rsa: use of PSS salt longer than the hash is not allowed in FIPS 140-only modex509: failed to parse private key (use ParseECPrivateKey instead for this key format)x509: failed to parse public key (use ParsePKIXPublicKey instead for this key format)ssh check-host token x5cInsecure header has wrong type; expected []string, but got %Tcertificate/private-key pair used to sign token is not approved for digital signatureThe time it takes to resolve an endpoint (endpoint resolver, not DNS) for the requestauthenticating in this environment requires specifying a scope in TokenRequestOptionsattempt to delete child with id %d from a parent (id=%d) that doesn't currently existprotocol error: informational header with status code %d must not have END_STREAM setrandomstringutils illegal argument: Requested random string length %v is less than 0.TenantDiscoveryResponse: authorize endpoint was not found in the openid configurationbug: Token.AuthCode() received request with AppType == %v, which we do not recongnizeoauth2/google/externalaccount: aws version '%d' is not supported in the current buildWaterMark %s: Done entry %4d. Size: %4d Watermark: %-4d Looking for: %-4d. Value: %d
reflect: New of type that may not be allocated in heap (possibly undefined cgo C type)tls: MinVersion must be >= VersionTLS13 if EncryptedClientHelloConfigList is populatedtls: MaxVersion must be >= VersionTLS13 if EncryptedClientHelloConfigList is populatedgcp.authorizeToken; token google.compute_engine.instance_creation_timestamp is too oldx509: a root or intermediate certificate is not authorized for an extended key usage: x509: failed to parse public key (use ParsePKCS1PublicKey instead for this key format)Subchannel health check is unimplemented at server side, thus health check is disabledcardinality violation: received multiple request messages for non-client-streaming RPCthe reader cannot communicate with the card, due to ATR string configuration conflicts/google.cloud.security.privateca.v1.CertificateAuthorityService/GetCertificateTemplatefailed to setup Headers[%s]: Header starting by 'X-Vault-' are for internal usage onlysecret was written successfully, but unable to view version metadata from response: %wCREATE TABLE IF NOT EXISTS `%s`(nkey VARBINARY(255), nvalue BLOB, PRIMARY KEY (nkey));randomstringutils illegal argument: Parameter end (%v) must be greater than start (%v)descriptor %s already exists with the same fully-qualified name and const label valuesx509: revoked certificate extension %v marked critical but expected to be non-criticalx509: revoked certificate extension %v marked non-critical but expected to be critical^inotify\s+wd:([0-9a-f]+)\s+ino:([0-9a-f]+)\s+sdev:([0-9a-f]+)(?:\s+mask:([0-9a-f]+))?policy '%s' is unrecognized, please check for a newer agent version or contact supportcredentials: unable to determine the AWS metadata server security credentials endpointonly handshakers created using NewClientHandshaker can perform a client-side handshakeonly handshakers created using NewServerHandshaker can perform a server-side handshakeStep CA is starting. Please return to the onboarding guide in your browser to continue.requested duration of %v is less than the authorized minimum certificate duration of %vrequested duration of %v is more than the authorized maximum certificate duration of %vprovisioning credential expiration (%s) is before requested certificate validAfter (%s)extractSSHPOPCert; error unexpected type for sshpop header: want 'string', but got '%T'x5c.authorizeToken; x5c token has invalid audience claim (aud); expected %s, but got %sAK certificate is missing Extended Key Usage value tcg-kp-AIKCertificate (2.23.133.8.3)/google.cloud.security.privateca.v1.CertificateAuthorityService/GetCertificateAuthoritycertificate contained a subnet assignment outside the limitations of the signing ca: %soidc: invalid configuration, clientID must be provided or SkipClientIDCheck must be setoptions.WithoutAuthentication is incompatible with any option that provides credentialsapplication/vnd.google.protobuf; proto=io.prometheus.client.MetricFamily; encoding=textfailed storing intermediate certificate using Windows platform cryptography provider: %wssh certificate principals contains invalid name or IP addresses - got %v, want %s or %vprovisioning credential expiration (%s) is before requested certificate validBefore (%s)x509: failed to parse private key (use ParsePKCS8PrivateKey instead for this key format)x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)incorrect certificate for tls-alpn-01 challenge: acmeValidationV1 extension not critical/google.cloud.security.privateca.v1.CertificateAuthorityService/ListCertificateTemplatescbor: decoded time cannot be represented in RFC3339 format with sub-second precision: %vWARNING: DirectPath is misconfigured. DirectPath is only available in a GCE environment.missing 'source_credentials' field or 'service_account_impersonation_url' in credentialsA summary of the wall-time pause (stop-the-world) duration in garbage collection cycles.Memory that is reserved for heap objects but is not currently used to hold heap objects.adminHandler.authorizeToken; unable to load admin with subject(s) %s and provisioner '%s'missing or invalid value for argument 'crv'. expected 'Ed25519' or 'X25519', but got '%s'invalid value for shared config profile field, %s=%s, must be preferred/required/disabledpower has been removed from the smart card, so that further communication is not possible/google.cloud.security.privateca.v1.CertificateAuthorityService/CreateCertificateTemplate/google.cloud.security.privateca.v1.CertificateAuthorityService/DeleteCertificateTemplate/google.cloud.security.privateca.v1.CertificateAuthorityService/UpdateCertificateTemplateWithClientCertSource is currently only supported for HTTP. gRPC settings are incompatiblestrict mode has been removed. See https://github.com/go-sql-driver/mysql/wiki/strict-modeNumber of bytes used for other system allocations. Equals to /memory/classes/other:bytes.oauth2/google/externalaccount: provided subject_token_field_name not found in credentialshttp2: server sent GOAWAY and closed the connection; LastStreamID=%v, ErrCode=%v, debug=%qx509: template contains entry with ReasonCode ExtraExtension; use ReasonCode field insteadinvalid value for shared config profile field, %s=%s, must be when_supported/when_required/google.cloud.security.privateca.v1.CertificateAuthorityService/CreateCertificateAuthority/google.cloud.security.privateca.v1.CertificateAuthorityService/EnableCertificateAuthority/google.cloud.security.privateca.v1.CertificateAuthorityService/ListCertificateAuthorities/google.cloud.security.privateca.v1.CertificateAuthorityService/DeleteCertificateAuthority/google.cloud.security.privateca.v1.CertificateAuthorityService/UpdateCertificateAuthorityunsupported patch method provided; value for patch method should be string "rw" or "patch"pkcs7: cannot decrypt data: only RSA, DES, DES-EDE3, AES-256-CBC and AES-128-GCM supportedcollected histogram or summary named %q collides with previously collected metric named %qunexpected log attribute for key "%s": got value: %+v, type: %T; want value: %+v, type: %Tfailed loading intermediate CA certificate using Windows platform cryptography provider: %wtls: unexpected encrypted client hello extension in server hello despite ECH being acceptedx5c.authorizeToken; certificate used to sign x5c token cannot be used for digital signatureUnsupported codec %q. Defaulting to %q for now. This will start to fail in future releases.incorrect certificate for tls-alpn-01 challenge: malformed acmeValidationV1 extension value/google.cloud.security.privateca.v1.CertificateAuthorityService/DisableCertificateAuthorityattempt to add child of type %T with id %d to a parent (id=%d) that doesn't currently existthis functionality is currently only available in Certificate Manager: https://u.step.sm/cmrpc error: code = Internal desc = stream terminated by RST_STREAM with error code: NO_ERRORxml: EncodeToken of ProcInst xml target only valid for xml declaration, first token encodedtls: server sent encrypted client hello retry configs after accepting encrypted client hellotls: handshake hash for a client certificate requested after discarding the handshake bufferCertification Authority Authorization (CAA) records forbid the CA from issuing a certificate/google.cloud.security.privateca.v1.CertificateAuthorityService/ActivateCertificateAuthority/google.cloud.security.privateca.v1.CertificateAuthorityService/FetchCertificateAuthorityCsr/google.cloud.security.privateca.v1.CertificateAuthorityService/UndeleteCertificateAuthority/google.cloud.security.privateca.v1.CertificateAuthorityService/GetCertificateRevocationListreceived 403 from Vault server; please ensure that token's policy has "patch" capability: %whttp://169.254.169.254/metadata/instance/compute/location?format=text&api-version=2021-10-01application/vnd.google.protobuf; proto=io.prometheus.client.MetricFamily; encoding=delimitedtls: unsupported certificate: private key is *ed25519.PrivateKey, expected ed25519.PrivateKeysshpop.authorizeToken; sshpop token has invalid audience claim (aud): expected %s, but got %scrypto/rsa: %d-bit keys are insecure (see https://go.dev/pkg/crypto/rsa#hdr-Minimum_key_size)jose/generate: certificate doesn't contain any key usage (use --subtle to ignore usage field)invalid PSS salt length %d, expected rsa.PSSSaltLengthAuto, rsa.PSSSaltLengthEqualsHash or %dthe card cannot be accessed because the maximum number of PIN entry attempts has been reachedthe 1st handle in the handle area references a transient object or session that is not loadedthe 2nd handle in the handle area references a transient object or session that is not loadedthe 3rd handle in the handle area references a transient object or session that is not loadedthe 4th handle in the handle area references a transient object or session that is not loadedthe 5th handle in the handle area references a transient object or session that is not loadedthe 6th handle in the handle area references a transient object or session that is not loadedthe 7th handle in the handle area references a transient object or session that is not loadedno account was specified with public.WithSilentAccount(), or the specified account is invalidrandomstringutils illegal argument: Parameter end (%v) cannot be greater than len(chars) (%v)invalid checksum length. Either the data iscorrupted or the table options are incorrectly settrustboundary: failed to fetch trust boundary data for endpoint %s and no cache available: %wrequested duration of %s is less than minimum accepted duration for selected provisioner of %sauthority not allowed to sign SSH host certificates when SSH user certificate policy is activeauthority not allowed to sign SSH user certificates when SSH host certificate policy is activeThe requested could not be completed. Please see the certificate authority logs for more info.please run "azd auth login" from a command prompt to authenticate before using this credential/google.cloud.security.privateca.v1.CertificateAuthorityService/ListCertificateRevocationListsgrpc-status-details-bin mismatch: grpc-status=%v, grpc-message=%q, grpc-status-details-bin=%+vsize mismatch (see https://github.com/golang/protobuf/issues/1609): calculated=%d, measured=%ddeprecated: golang.org/x/oauth2: Transport.CancelRequest no longer does anything; use contextsoauth2/google/externalaccount: missing `command` field — executable command must be providedRequest.NextPage deprecated. Use Pagination type for configurable pagination of API operationsRequest.EachPage deprecated. Use Pagination type for configurable pagination of API operationsPlease enter the password to encrypt your first provisioner, leave empty and we'll generate onerequested certificate notAfter (%s) is after the expiration of the provisioning credential (%s)Overall call duration (including retries and time to send or receive request and response body)incomplete environment variable configuration. Only AZURE_TENANT_ID and AZURE_CLIENT_ID are setthe requested protocols are incompatible with the protocol currently in use with the smart card/google.cloud.security.privateca.v1.CertificateAuthorityService/UpdateCertificateRevocationListoidc: issuer URL provided to client (%q) did not match the issuer URL returned by provider (%q)updateDiscardStats called: discard stats flushChan full, returning without pushing to flushChanthe first key[%d]=(hex)%s on %s page(%d) needs to be >= the key in the ancestor (%s). Stack: %vkey[%d]=(hex)%s on %s page(%d) needs to be > (found <) than previous element (hex)%s. Stack: %vkey[%d]=(hex)%s on %s page(%d) needs to be > (found =) than previous element (hex)%s. Stack: %vtoken request had an empty authority.AuthParams.Scopes, which may cause the following error: %wtried to encode %v via encoding to text and scanning but failed due to receiving same type backapplication/vnd.google.protobuf; proto=io.prometheus.client.MetricFamily; encoding=compact-textcrypto/rsa: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode(?i)\\[!"#$%&'()*+,./:;<=>?@[\\\]^_`{|}~-]|&(?:#x[a-f0-9]{1,8}|#[0-9]{1,8}|[a-z][a-z0-9]{1,31});b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aefaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab73617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5fthe TPM was unable to unmarshal a value because there were not enough octets in the input buffer%s does not equal %s. Expect version and constraint to equal when major and minor versions are 0grpctransport: DisableAuthentication is incompatible with options that set or detect credentialshttptransport: DisableAuthentication is incompatible with options that set or detect credentialshttp: RoundTripper implementation (%T) returned a *Response with content length %d but a nil Bodycrypto/hkdf: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only moderequested duration of %s is greater than maximum accepted duration for selected provisioner of %scardinality violation: expected for non server-streaming RPCs, but received another messageEndpoint replaced the value of these parameters with the values captured from the endpoint's pathcrypto/hmac: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only modeNumber of bytes in use by mspan structures. Equals to /memory/classes/metadata/mspan/inuse:bytes.Number of heap bytes when next garbage collection will take place. Equals to /gc/heap/goal:bytes.externalaccount: workforce_pool_user_project should not be set for non-workforce pool credentialsRequest.HasNextPage deprecated. Use Pagination type for configurable pagination of API operationsNoClientCertRequestClientCertRequireAnyClientCertVerifyClientCertIfGivenRequireAndVerifyClientCertcrypto/ecdsa: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only modeinvalid range for min request compression size bytes %d, must be within 0 and 10485760 inclusivelyPSS salt length %d is incorrect, expected rsa.PSSSaltLengthAuto, rsa.PSSSaltLengthEqualsHash or %dchi: wildcard '*' must be the last value in a route. trim trailing text or use a '{param}' insteadclient-side RPC versions is not compatible with this server, local versions: %v, peer versions: %vThe requested resource could not be found. Please see the certificate authority logs for more info.grpc: the credentials require transport level security (use grpc.WithTransportCredentials() to set)unsupported type provided for option value; value for patch method should be string "rw" or "patch"Number of bytes in use by mcache structures. Equals to /memory/classes/metadata/mcache/inuse:bytes.in order to enable Infinite Tracing, you must have both Distributed Tracing and Span Events enabledclient is configured to authenticate only personal Microsoft accounts, via the "consumers" endpointcredentials: missing required 'service_account_impersonation_url' field in impersonated credentialsoauth2/google/externalaccount: response must include `error` and `message` fields when unsuccessfulhttps://iamcredentials.%s/v1/projects/%s/locations/global/workloadIdentityPools/%s/allowedLocationsserver-side RPC versions are not compatible with this client, local versions: %v, peer versions: %vadminHandler.authorizeToken; certificate used to sign x5c token cannot be used for digital signatureed25519: expected opts.Hash zero (unhashed message, for standard Ed25519) or SHA-512 (for Ed25519ph)The time taken to acquire an identity (AWS credentials, bearer token, etc) from an Identity ProviderBalancer retrieved for name %q. grpc-go will be switching to case sensitive balancer registries soonnum values of :authority: %v, num values of host: %v, both must only have 1 value as per HTTP/2 specsecret ID for AppRole must be provided with a source file, environment variable, or plaintext string00000000001111111111222222222233333333334444444444555555555566666666667777777777888888888899999999990123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789Total number of heap objects frees. Equals to /gc/heap/frees:objects + /gc/heap/tiny/allocs:objects.credentials: invalid `timeout_millis` field — executable timeout must be between %v and %v secondsunsupported KMS type "capi": %s is compiled without Microsoft CryptoAPI Next Generation (CNG) supportNumber of bytes allocated in heap and currently in use. Equals to /memory/classes/heap/objects:bytes.http2: failed reading the frame payload: %w, note that the frame header looked like an HTTP/1.1 headercgocheck > 1 mode is no longer supported at runtime. Use GOEXPERIMENT=cgocheck2 at build time instead.ssh: signature algorithm %q isn't a key format; key is malformed and should be re-encoded with type %qignoring service config from resolver (%v) and applying the default because service config is disabledA non-default profile not prefixed with `profile ` found in %s, overriding non-default profile from %smanaged identity timed out. See https://aka.ms/azsdk/go/identity/troubleshoot#dac for more informationTargetVersionVoters: %v. TargetVersionNonVoters: %v. OtherVersionVoters: %v. OtherVersionNonVoters: %vBalancer registered with name %q. grpc-go will be switching to case sensitive balancer registries soonxtg-x-cel-gaulishen-GB-oxendicten-x-i-defaultund-x-i-enochiansee-x-i-mingonan-x-zh-minen-US-u-va-posixHTTP/1.1 400 Bad Request
Content-Type: text/plain; charset=utf-8
Connection: close
400 Bad Request
full goroutine stack dump
Profile Descriptions:
claims: MaxCertDuration cannot be less than MinCertDuration: MaxCertDuration - %v, MinCertDuration - %v can't acquire a token without user interaction. Call Authenticate to authenticate a user interactively(?i)^/subscriptions/([^/]+)/resourceGroups/([^/]+)/providers/Microsoft.Compute/virtualMachines/([^/]+)$Unmarshal(%T) only supports structs that have the field AdditionalFields or implements json.UnmarshalerINSERT INTO %s (nkey, nvalue) VALUES ($1, $2) ON CONFLICT (nkey) DO UPDATE SET nvalue = excluded.nvalue;Client received GoAway with error code ENHANCE_YOUR_CALM and debug data equal to ASCII "too_many_pings".the TPM has suspended operation on the command; forward progress was made and the command may be retriedoauth2/google/externalaccount: unable to determine the AWS metadata server security credentials endpointFailed to write a GOAWAY frame as part of connection close after %s. Giving up and closing the transport.the AnonymousCredentials is not a valid credential provider, and cannot be used to sign AWS requests withTenantDiscoveryResponse: issuer from OIDC discovery '%s' does not match authority '%s' or a known patternasn1: time did not serialize back to the original value and may be invalid: given %q, but serialized as %qed25519: expected opts.HashFunc() zero (unhashed message, for standard Ed25519) or SHA-512 (for Ed25519ph)invalid range for env var min request compression size bytes %q, must be within 0 and 10485760 inclusively%s: Subscription %q contains invalid characters. If this is the name of a subscription, use its ID insteadState: %v, Target: %s, CallsStarted: %v, CallsSucceeded: %v, CallsFailed: %v, LastCallStartedTimestamp: %vcould not compile valid credential providers from static config, environment, shared, or instance metadataNumber of bytes used by the profiling bucket hash table. Equals to /memory/classes/profiling/buckets:bytes.This is an error in the application. Please contact the distributor of this application if this is not you.the used on http-01 challenges. It can be changed for testing purposes.
Requires **--insecure** flag.incorrect certificate for tls-alpn-01 challenge: obsolete id-pe-acmeIdentifier in acmeValidationV1 extensioncrypto/cipher: use of GCM with arbitrary IVs is not allowed in FIPS 140-only mode, use NewGCMWithRandomNonceReceived a HEADERS frame with a :connection header which makes the request malformed, as per the HTTP/2 specTPM is in field upgrade mode unless called via TPM2_FieldUpgradeData(), then it is not in field upgrade modeNumber of bytes used for garbage collection system metadata. Equals to /memory/classes/metadata/other:bytes.no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrorspath to the containing the password to decrypt the
certificate issuer private key used in the RA mode.requested certificate notBefore (%s) is before the active validity window of the provisioning credential (%s)'%s' is not a valid serial number - use a base 10 representation or a base 16 representation with '0x' prefixan NV Index is used before being initialized or the state saved by TPM2_Shutdown(STATE) could not be restoredinvalid nil message info; this suggests memory corruption due to a race or shallow copy on the message structright: %d is less than left: %d in overlappingTables for current level: %d, next level: %d, key range(%s, %s)Total number of bytes allocated in heap until now, even if released already. Equals to /gc/heap/allocs:bytes.EcsContainer was specified as the credential_source, but 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' was not setat most one of onlyContainsUserCerts, onlyContainsCACerts, and onlyContainsAttributeCerts may be set to TRUE.Memory occupied by live objects and dead objects that have not yet been marked free by the garbage collector.externalaccount: one of CredentialSource, SubjectTokenProvider, or AwsSecurityCredentialsProvider must be setaccount provisioner does not match requested provisioner; account provisioner = %s, requested provisioner = %s%s does not have same minor version as %s. Expected minor versions to match when constraint major version is 0key[%d]=(hex)%s on %s page(%d) needs to be < than key of the next element in ancestor (hex)%s. Pages stack: %vDeviceCode was either created outside its package or the creating method had an error. DeviceCode is not validclaims: DefaultCertDuration cannot be less than MinCertDuration: DefaultCertDuration - %v, MinCertDuration - %vclaims: MaxCertDuration cannot be less than DefaultCertDuration: MaxCertDuration - %v, DefaultCertDuration - %vCREATE TABLE IF NOT EXISTS %s (nkey BYTEA CHECK (octet_length(nkey) <= 255), nvalue BYTEA, PRIMARY KEY (nkey));oauth2/google/externalaccount: Workforce pool user project should not be set for non-workforce pool credentialsthe used on tls-alpn-01 challenges. It can be changed for testing purposes.
Requires **--insecure** flag.The request was forbidden by the certificate authority. Please see the certificate authority logs for more info.Valuethreshold greater than max batch size of %d. Either reduce opt.ValueThreshold or increase opt.MaxTableSize.SubConn %p reported connectivity state READY and the health listener is disabled. Transitioning SubConn to READY.http2: Transport: cannot retry err [%v] after Request.Body was written; define Request.GetBody to avoid this errorincorrect certificate for tls-alpn-01 challenge: leaf certificate must contain a single IP address or DNS name, %vselect attname, atttypid
from pg_attribute
where attrelid=$1
and not attisdropped
and attnum > 0
order by attnumATUnknownATUsernamePasswordATWindowsIntegratedATAuthCodeATInteractiveATClientCredentialsATDeviceCodeATRefreshTokenexternalaccount: only one of CredentialSource, SubjectTokenProvider, or AwsSecurityCredentialsProvider must be setuse of an authorization session with a context command or another command that cannot have an authorization sessiontrustboundary: GCEConfigProvider not properly initialized (missing ComputeUniverseDomainProvider or MetadataClient)the provided policy would lock out %s from the CA. Please create an x509 policy to include %s as an allowed DNS nameThe request lacked necessary authorization to be completed. Please see the certificate authority logs for more info.3940200619639447921227904010014361380507973927046544666794829340424572177149687032904726608825893800186160697311231939402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643DirectPath is disabled. To enable, please set the EnableDirectPath option along with the EnableDirectPathXds option.credentials: executables need to be explicitly allowed (set GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES to '1') to runtls: failed to find "CERTIFICATE" PEM block in certificate input after skipping PEM blocks of the following types: %vFor profile: %v, overriding %v value, defined in %v with a %v value found in a duplicate profile defined at file %v.
authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout modeNumber of heap bytes that are in use. Equals to /memory/classes/heap/objects:bytes + /memory/classes/heap/unused:bytesoauth2/google/externalaccount: invalid `timeout_millis` field — executable timeout must be between 5 and 120 secondsThe request could not be completed; malformed or missing data. Please see the certificate authority logs for more info.For profile: %v, overriding %v value, with a %v value found in a duplicate profile defined later in the same file %v.
WARNING: DirectPath is misconfigured. Please set the EnableDirectPath option along with the EnableDirectPathXds option.could not compile valid credential providers from static config, environment, shared, web identity or instance metadataThe certificate authority encountered an Internal Server Error. Please see the certificate authority logs for more info.static AWS client credentials haven't been properly configured (the access key or secret key were provided but not both)Memory used by execution trace buffers, structures for debugging the runtime, finalizer and profiler specials, and more.CSR Subject Common Name does not match identifiers exactly: CSR Subject Common Name = %s, Order Permanent Identifier = %sAzure Developer CLI requires multifactor authentication or additional claims. Run this command then retry the operation: the value of authorizationSize is out of range or the number of octets in the Authorization Area is greater than requiredNumber of heap bytes waiting to be used. Equals to /memory/classes/heap/released:bytes + /memory/classes/heap/free:bytes.incorrect certificate for tls-alpn-01 challenge: expected acmeValidationV1 extension value %s for this challenge but got %soauth2/google/externalaccount: One of CredentialSource, SubjectTokenSupplier, or AwsSecurityCredentialsSupplier must be setcredentials: "certificate" object cannot specify both a certificate_config_location and use_default_certificate_config=truetls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switchedMatch all
TrustedUserCAKeys /etc/ssh/ca.pub
HostCertificate /etc/ssh/{{.User.Certificate}}
HostKey /etc/ssh/{{.User.Key}}grpc: no transport security set (use grpc.WithTransportCredentials(insecure.NewCredentials()) explicitly or set credentials)this user requires clear text authentication. If you still want to use it, please add 'allowCleartextPasswords=1' to your DSNStack traces of all current goroutines. Use debug=2 as a query parameter to export in the same format as an unrecovered panic.The requested method is not implemented by the certificate authority. Please see the certificate authority logs for more info.Number of bytes obtained from system for stack allocator in non-CGO environments. Equals to /memory/classes/heap/stacks:bytes.A sampling of memory allocations of live objects. You can specify the gc GET parameter to run GC before taking the heap sample. --------------------------------------------------------------------------------------------------------------------------------================================================================================================================================The profile defined with name `%v` is ignored. A profile with the `profile ` prefix is invalid for the shared credentials file.
only one credential type may be specified per profile: source profile, credential source, credential process, web identity tokena previously registered descriptor with the same fully-qualified name as %s has different label names or a different help stringoauth2/google/externalaccount: Only one of CredentialSource, SubjectTokenSupplier, or AwsSecurityCredentialsSupplier must be settls: failed to find PEM block with type ending in "PRIVATE KEY" in key input after skipping PEM blocks of the following types: %vdescriptors reported by collector have inconsistent label names or help strings for the same fully-qualified name, offender is %sThe certificate authority received an unexpected HTTP status code - '%d'. Please see the certificate authority logs for more info.Number of heap bytes allocated and currently in use, same as go_memstats_alloc_bytes. Equals to /memory/classes/heap/objects:bytes.0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f0000c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650v?([0-9|x|X|\*]+)(\.[0-9|x|X|\*]+)?(\.[0-9|x|X|\*]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?credentials: "certificate" object must either specify a certificate_config_location or use_default_certificate_config should be true {{.Name}}
{{.Usage}} {{if .Required}}(Required){{else}}(Optional){{end}}{{if .Multiple}} (Multiple can be specified){{end}}
The current runtime.GOMAXPROCS setting, or the number of operating system threads that can execute user-level Go code simultaneously.DirectPath is disabled. Please make sure the token source is fetched from GCE metadata server and the default service account is used.oauth2/google/externalaccount: executables need to be explicitly allowed (set GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES to '1') to runAllowing TLS connection from client with ALPN disabled. TLS connections with ALPN disabled will be disallowed in future grpc-go releasescredentials type %q does not implement the AuthorityValidator interface, but authority override specified with CallAuthority call optionNumber of bytes obtained from system for stack allocator. Equals to /memory/classes/heap/stacks:bytes + /memory/classes/os-stacks:bytes.DEBUG ERROR: Request %s/%s:
---[ REQUEST DUMP ERROR ]-----------------------------
%s
------------------------------------------------------DEBUG: Request %s/%s Details:
---[ REQUEST POST-SIGN ]-----------------------------
%s
-----------------------------------------------------DEBUG ERROR: Response %s/%s:
---[ RESPONSE DUMP ERROR ]-----------------------------
%s
-----------------------------------------------------DEBUG: Response %s/%s Details:
---[ RESPONSE ]--------------------------------------
%s
-----------------------------------------------------HTTP/1.1 431 Request Header Fields Too Large
Content-Type: text/plain; charset=utf-8
Connection: close
431 Request Header Fields Too Large%s must be set when RequireAzureTokenCredentials is true. See https://aka.ms/azsdk/go/identity/docs#DefaultAzureCredential for more information(?i)^/subscriptions/([^/]+)/resourceGroups/([^/]+)/providers/Microsoft.(Compute/virtualMachines|ManagedIdentity/userAssignedIdentities)/([^/]+)$Maps given program counters to function names. Counters can be specified in a GET raw query or POST body, multiple counters are separated by '+'.jose/generate: certificate's key usage is ambiguous, it should be for signature or encipherment, but not both (use --subtle to ignore usage field)Distribution of the time goroutines have spent in the scheduler in a runnable state before actually running. Bucket counts increase monotonically.error retrieving identity document:
Are you in an AWS VM?
Is the metadata service enabled?
Are you using the proper metadata service version?The time it takes to connect to the service, send the request, and get back HTTP status code and headers (including time queued waiting to be sent)crypto/tls: ExportKeyingMaterial is unavailable when neither TLS 1.3 nor Extended Master Secret are negotiated; override with GODEBUG=tlsunsafeekm=1Allowing TLS connection to server %q with ALPN disabled. TLS connections to servers with ALPN disabled will be disallowed in future grpc-go releasesWARNING: DirectPath is misconfigured. Please make sure the token source is fetched from GCE metadata server and the default service account is used.{"Capacity": %v, "Available": %v, "Active": %v, "InUse": %v, "MaxCapacity": %v, "WaitCount": %v, "WaitTime": %v, "IdleTimeout": %v, "IdleClosed": %v}EcsContainer was specified as the credential_source, but neither 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' or AWS_CONTAINER_CREDENTIALS_FULL_URI' was setthe commandCode in the policy is not the commandCode of the command or the command code in a policy command references a command that is not implemented^projects/([^/]+)/locations/([a-zA-Z0-9_-]{1,63})/keyRings/([a-zA-Z0-9_-]{1,63})/cryptoKeys/([a-zA-Z0-9_-]{1,63})/cryptoKeyVersions/([a-zA-Z0-9_-]{1,63})$Buffer log messages logged at this level or lower (-1 means don't buffer; 0 means buffer INFO only; ...). Has limited applicability on non-prod platforms.68647976601306097149819007990813932172694353001433054093944634591855431833976560521225596406614545549772963113914808580371219879997166438125740282911150571516864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449invalid tenantID. You can locate your tenantID by following the instructions listed here: https://learn.microsoft.com/partner-center/find-ids-and-domain-names%s.GetToken(): Azure CLI requires multifactor authentication or additional claims. Run this command then retry the operation: az login%s --claims-challenge %sIf a CRL contains a critical extension that the application cannot process, then the application MUST NOT use that CRL to determine the status of certificates.failed to parse %q due to error %q. This may be due to a limitation of this module's certificate loader. Consider calling NewClientCertificateCredential insteadAttempting credential expiration extension due to a credential service availability issue. A refresh of these credentials will be attempted again in %v minutes.CPU profile. You can specify the duration in the seconds GET parameter. After you get the profile file, use the go tool pprof command to investigate the profile.A profile defined with name `%v` is ignored. For use within a shared configuration file, a non-default profile must have `profile ` prefixed to the profile name.Number of bytes used for mspan structures obtained from system. Equals to /memory/classes/metadata/mspan/inuse:bytes + /memory/classes/metadata/mspan/free:bytes.the protection algorithms (hash and symmetric) are not reasonably balanced; the digest size of the hash must be larger than the key size of the symmetric algorithmHeap size target percentage configured by the user, otherwise 100. This value is set by the GOGC environment variable, and the runtime/debug.SetGCPercent function.Azure Developer CLI requires multifactor authentication or additional claims, however the installed version doesn't support this. Upgrade to version 1.18.1 or laterNumber of bytes used for mcache structures obtained from system. Equals to /memory/classes/metadata/mcache/inuse:bytes + /memory/classes/metadata/mcache/free:bytes.path to the containing the password to decrypt the
private key used to sign SSH host certificates. If the flag is not passed it
will default to --password-file.path to the containing the password to decrypt the
private key used to sign SSH user certificates. If the flag is not passed it
will default to --password-file.CHECKSUM_MISMATCH: Table checksum does not match checksum in MANIFEST. NOT including table %s. This would lead to missing data.
sha256 %x Expected
sha256 %x Found
cbor: DecMode with non-default StringExpectedEncoding or ByteSliceExpectedEncoding treats tag %d as built-in and conflicts with the provided TagSet's registration of %vService Fabric API doesn't support specifying a user-assigned identity. The identity is determined by cluster resource configuration. See https://aka.ms/servicefabricmi{{.Step.SSH.UserKey.Type}} {{.Step.SSH.UserKey.Marshal | toString | b64enc}}
{{- range .Step.SSH.UserFederatedKeys}}
{{.Type}} {{.Marshal | toString | b64enc}}
{{- end }}
oauth2/google: The credentials do not contain the necessary fields need to refresh the access token. You must specify refresh_token, token_url, client_id, and client_secret.If a CRL contains a critical CRL entry extension that the application cannot process, then the application MUST NOT use that CRL to determine the status of any certificates.Cumulative count of heap allocations triggered by the application. Note that this does not include tiny objects as defined by /gc/heap/tiny/allocs:objects, only tiny blocks.%s.GetToken(): Azure PowerShell requires multifactor authentication or additional claims. Run this command then retry the operation: Connect-AzAccount%s -ClaimsChallenge '%s'%[1]s and %[2]s both match some paths, like %[3]q.
But neither is more specific than the other.
%[1]s matches %[4]q, but %[2]s doesn't.
%[2]s matches %[5]q, but %[1]s doesn't.Go runtime memory limit configured by the user, otherwise math.MaxInt64. This value is set by the GOMEMLIMIT environment variable, and the runtime/debug.SetMemoryLimit function.{{- if or .User.GOOS "none" | eq "windows" }}Include "{{ .User.StepPath | replace "\\" "/" | trimPrefix "C:" }}/ssh/config"{{- else }}Include "{{.User.StepPath}}/ssh/config"{{- end }}oauth2/google: Token should be created with fields to make it valid (`token` and `expiry`), or fields to allow it to refresh (`refresh_token`, `token_url`, `client_id`, `client_secret`).Request Signature:
---[ CANONICAL STRING ]-----------------------------
%s
---[ STRING TO SIGN ]--------------------------------
%s%s
-----------------------------------------------------http2: TLSConfig.CipherSuites is missing an HTTP/2-required AES_128_GCM_SHA256 cipher (need at least one of TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 or TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)A trace of execution of the current program. You can specify the duration in the seconds GET parameter. After you get the trace file, use the go tool trace command to investigate the trace.this user requires old password authentication. If you still want to use it, please add 'allowOldPasswords=1' to your DSN. See also https://github.com/go-sql-driver/mysql/wiki/old_passwords