Merge branch 'master' into thane/7655-vote-extensions

2026-02-09 05:20:10 +00:00 · 2022-04-14 16:44:19 -04:00
parent faec1d3c52 a0f51d0370
commit 61899b2dab
10 changed files with 458 additions and 274 deletions
--- a/CHANGELOG_PENDING.md
+++ b/CHANGELOG_PENDING.md
@@ -19,7 +19,7 @@ Special thanks to external contributors on this release:
  - [rpc] \#7713 Remove unused options for websocket clients. (@creachadair)
  - [config] \#7930 Add new event subscription options and defaults. (@creachadair)
  - [rpc] \#7982 Add new Events interface and deprecate Subscribe. (@creachadair)
-  - [cli] \#8081 make the reset command safe to use. (@marbar3778)
+  - [cli] \#8081 make the reset command safe to use by intoducing `reset-state` command. Fixed by \#8259. (@marbar3778, @cmwaters)
  - [config] \#8222 default indexer configuration to null. (@creachadair)

 - Apps
--- a/UPGRADING.md
+++ b/UPGRADING.md
@@ -126,6 +126,25 @@ lays out the reasoning for the changes as well as [RFC
 009](https://tinyurl.com/rfc009) for a discussion of the complexities of
 upgrading consensus parameters.

+### CLI Changes
+
+The functionality around resetting a node has been extended to make it safer. The
+`unsafe-reset-all` command has been replaced by a `reset` command with four
+subcommands: `blockchain`, `peers`, `unsafe-signer` and `unsafe-all`.
+
+- `tendermint reset blockchain`: Clears a node of all blocks, consensus state, evidence,
+  and indexed transactions. NOTE: This command does not reset application state.
+  If you need to rollback the last application state (to recover from application
+  nondeterminism), see instead the `tendermint rollback` command.
+- `tendermint reset peers`: Clears the peer store, which persists information on peers used
+  by the networking layer. This can be used to get rid of stale addresses or to switch
+  to a predefined set of static peers.
+- `tendermint reset unsafe-signer`: Resets the watermark level of the PrivVal File signer
+  allowing it to sign votes from the genesis height. This should only be used in testing as
+  it can lead to the node double signing.
+- `tendermint reset unsafe-all`: A summation of the other three commands. This will delete
+  the entire `data` directory which may include application data as well.
+
 ## v0.35

 ### ABCI Changes
--- a/cmd/tendermint/commands/reset_priv_validator.go
+++ b/cmd/tendermint/commands/reset_priv_validator.go
@@ -13,81 +13,92 @@ import (
 	"github.com/tendermint/tendermint/types"
 )

-// MakeResetAllCommand constructs a command that removes the database of
+// MakeResetCommand constructs a command that removes the database of
 // the specified Tendermint core instance.
-func MakeResetAllCommand(conf *config.Config, logger log.Logger) *cobra.Command {
+func MakeResetCommand(conf *config.Config, logger log.Logger) *cobra.Command {
 	var keyType string

-	cmd := &cobra.Command{
-		Use:   "unsafe-reset-all",
-		Short: "(unsafe) Remove all the data and WAL, reset this node's validator to genesis state",
+	resetCmd := &cobra.Command{
+		Use:   "reset",
+		Short: "Set of commands to conveniently reset tendermint related data",
+	}
+
+	resetBlocksCmd := &cobra.Command{
+		Use:   "blockchain",
+		Short: "Removes all blocks, state, transactions and evidence stored by the tendermint node",
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return resetAll(conf.DBDir(), conf.PrivValidator.KeyFile(),
+			return ResetState(conf.DBDir(), logger)
+		},
+	}
+
+	resetPeersCmd := &cobra.Command{
+		Use:   "peers",
+		Short: "Removes all peer addresses",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return ResetPeerStore(conf.DBDir())
+		},
+	}
+
+	resetSignerCmd := &cobra.Command{
+		Use:   "unsafe-signer",
+		Short: "esets private validator signer state",
+		Long: `Resets private validator signer state. 
+Only use in testing. This can cause the node to double sign`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return ResetFilePV(conf.PrivValidator.KeyFile(), conf.PrivValidator.StateFile(), logger, keyType)
+		},
+	}
+
+	resetAllCmd := &cobra.Command{
+		Use:   "unsafe-all",
+		Short: "Removes all tendermint data including signing state",
+		Long: `Removes all tendermint data including signing state. 
+Only use in testing. This can cause the node to double sign`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return ResetAll(conf.DBDir(), conf.PrivValidator.KeyFile(),
 				conf.PrivValidator.StateFile(), logger, keyType)
 		},
 	}
-	cmd.Flags().StringVar(&keyType, "key", types.ABCIPubKeyTypeEd25519,
-		"Key type to generate privval file with. Options: ed25519, secp256k1")

-	return cmd
+	resetSignerCmd.Flags().StringVar(&keyType, "key", types.ABCIPubKeyTypeEd25519,
+		"Signer key type. Options: ed25519, secp256k1")
+
+	resetAllCmd.Flags().StringVar(&keyType, "key", types.ABCIPubKeyTypeEd25519,
+		"Signer key type. Options: ed25519, secp256k1")
+
+	resetCmd.AddCommand(resetBlocksCmd)
+	resetCmd.AddCommand(resetPeersCmd)
+	resetCmd.AddCommand(resetSignerCmd)
+	resetCmd.AddCommand(resetAllCmd)
+
+	return resetCmd
 }

-// MakeResetStateCommand constructs a command that removes the database of
-// the specified Tendermint core instance.
-func MakeResetStateCommand(conf *config.Config, logger log.Logger) *cobra.Command {
-	var keyType string
-
-	return &cobra.Command{
-		Use:   "reset-state",
-		Short: "Remove all the data and WAL",
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return resetState(conf.DBDir(), logger, keyType)
-		},
-	}
-}
-
-func MakeResetPrivateValidatorCommand(conf *config.Config, logger log.Logger) *cobra.Command {
-	var keyType string
-
-	cmd := &cobra.Command{
-		Use:   "unsafe-reset-priv-validator",
-		Short: "(unsafe) Reset this node's validator to genesis state",
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return resetFilePV(conf.PrivValidator.KeyFile(), conf.PrivValidator.StateFile(), logger, keyType)
-		},
-	}
-
-	cmd.Flags().StringVar(&keyType, "key", types.ABCIPubKeyTypeEd25519,
-		"Key type to generate privval file with. Options: ed25519, secp256k1")
-	return cmd
-
-}
-
-// XXX: this is totally unsafe.
-// it's only suitable for testnets.
-
-// XXX: this is totally unsafe.
-// it's only suitable for testnets.
-
-// resetAll removes address book files plus all data, and resets the privValdiator data.
-func resetAll(dbDir, privValKeyFile, privValStateFile string, logger log.Logger, keyType string) error {
+// ResetAll removes address book files plus all data, and resets the privValdiator data.
+// Exported for extenal CLI usage
+// XXX: this is unsafe and should only suitable for testnets.
+func ResetAll(dbDir, privValKeyFile, privValStateFile string, logger log.Logger, keyType string) error {
 	if err := os.RemoveAll(dbDir); err == nil {
 		logger.Info("Removed all blockchain history", "dir", dbDir)
 	} else {
 		logger.Error("error removing all blockchain history", "dir", dbDir, "err", err)
 	}

-	return resetFilePV(privValKeyFile, privValStateFile, logger, keyType)
+	if err := tmos.EnsureDir(dbDir, 0700); err != nil {
+		logger.Error("unable to recreate dbDir", "err", err)
+	}
+
+	// recreate the dbDir since the privVal state needs to live there
+	return ResetFilePV(privValKeyFile, privValStateFile, logger, keyType)
 }

-// resetState removes address book files plus all databases.
-func resetState(dbDir string, logger log.Logger, keyType string) error {
+// ResetState removes all blocks, tendermint state, indexed transactions and evidence.
+func ResetState(dbDir string, logger log.Logger) error {
 	blockdb := filepath.Join(dbDir, "blockstore.db")
 	state := filepath.Join(dbDir, "state.db")
 	wal := filepath.Join(dbDir, "cs.wal")
 	evidence := filepath.Join(dbDir, "evidence.db")
 	txIndex := filepath.Join(dbDir, "tx_index.db")
-	peerstore := filepath.Join(dbDir, "peerstore.db")

 	if tmos.FileExists(blockdb) {
 		if err := os.RemoveAll(blockdb); err == nil {
@@ -129,20 +140,13 @@ func resetState(dbDir string, logger log.Logger, keyType string) error {
 		}
 	}

-	if tmos.FileExists(peerstore) {
-		if err := os.RemoveAll(peerstore); err == nil {
-			logger.Info("Removed peerstore.db", "dir", peerstore)
-		} else {
-			logger.Error("error removing peerstore.db", "dir", peerstore, "err", err)
-		}
-	}
-	if err := tmos.EnsureDir(dbDir, 0700); err != nil {
-		logger.Error("unable to recreate dbDir", "err", err)
-	}
-	return nil
+	return tmos.EnsureDir(dbDir, 0700)
 }

-func resetFilePV(privValKeyFile, privValStateFile string, logger log.Logger, keyType string) error {
+// ResetFilePV loads the file private validator and resets the watermark to 0. If used on an existing network,
+// this can cause the node to double sign.
+// XXX: this is unsafe and should only suitable for testnets.
+func ResetFilePV(privValKeyFile, privValStateFile string, logger log.Logger, keyType string) error {
 	if _, err := os.Stat(privValKeyFile); err == nil {
 		pv, err := privval.LoadFilePVEmptyState(privValKeyFile, privValStateFile)
 		if err != nil {
@@ -166,3 +170,13 @@ func resetFilePV(privValKeyFile, privValStateFile string, logger log.Logger, key
 	}
 	return nil
 }
+
+// ResetPeerStore removes the peer store containing all information used by the tendermint networking layer
+// In the case of a reset, new peers will need to be set either via the config or through the discovery mechanism
+func ResetPeerStore(dbDir string) error {
+	peerstore := filepath.Join(dbDir, "peerstore.db")
+	if tmos.FileExists(peerstore) {
+		return os.RemoveAll(peerstore)
+	}
+	return nil
+}
--- a/cmd/tendermint/commands/reset_test.go
+++ b/cmd/tendermint/commands/reset_test.go
@@ -0,0 +1,62 @@
+package commands
+
+import (
+	"context"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	cfg "github.com/tendermint/tendermint/config"
+	"github.com/tendermint/tendermint/libs/log"
+	"github.com/tendermint/tendermint/privval"
+	"github.com/tendermint/tendermint/types"
+)
+
+func Test_ResetAll(t *testing.T) {
+	config := cfg.TestConfig()
+	dir := t.TempDir()
+	config.SetRoot(dir)
+	logger := log.NewNopLogger()
+	cfg.EnsureRoot(dir)
+	require.NoError(t, initFilesWithConfig(context.Background(), config, logger, types.ABCIPubKeyTypeEd25519))
+	pv, err := privval.LoadFilePV(config.PrivValidator.KeyFile(), config.PrivValidator.StateFile())
+	require.NoError(t, err)
+	pv.LastSignState.Height = 10
+	require.NoError(t, pv.Save())
+	require.NoError(t, ResetAll(config.DBDir(), config.PrivValidator.KeyFile(),
+		config.PrivValidator.StateFile(), logger, types.ABCIPubKeyTypeEd25519))
+	require.DirExists(t, config.DBDir())
+	require.NoFileExists(t, filepath.Join(config.DBDir(), "block.db"))
+	require.NoFileExists(t, filepath.Join(config.DBDir(), "state.db"))
+	require.NoFileExists(t, filepath.Join(config.DBDir(), "evidence.db"))
+	require.NoFileExists(t, filepath.Join(config.DBDir(), "tx_index.db"))
+	require.FileExists(t, config.PrivValidator.StateFile())
+	pv, err = privval.LoadFilePV(config.PrivValidator.KeyFile(), config.PrivValidator.StateFile())
+	require.NoError(t, err)
+	require.Equal(t, int64(0), pv.LastSignState.Height)
+}
+
+func Test_ResetState(t *testing.T) {
+	config := cfg.TestConfig()
+	dir := t.TempDir()
+	config.SetRoot(dir)
+	logger := log.NewNopLogger()
+	cfg.EnsureRoot(dir)
+	require.NoError(t, initFilesWithConfig(context.Background(), config, logger, types.ABCIPubKeyTypeEd25519))
+	pv, err := privval.LoadFilePV(config.PrivValidator.KeyFile(), config.PrivValidator.StateFile())
+	require.NoError(t, err)
+	pv.LastSignState.Height = 10
+	require.NoError(t, pv.Save())
+	require.NoError(t, ResetState(config.DBDir(), logger))
+	require.DirExists(t, config.DBDir())
+	require.NoFileExists(t, filepath.Join(config.DBDir(), "block.db"))
+	require.NoFileExists(t, filepath.Join(config.DBDir(), "state.db"))
+	require.NoFileExists(t, filepath.Join(config.DBDir(), "evidence.db"))
+	require.NoFileExists(t, filepath.Join(config.DBDir(), "tx_index.db"))
+	require.FileExists(t, config.PrivValidator.StateFile())
+	pv, err = privval.LoadFilePV(config.PrivValidator.KeyFile(), config.PrivValidator.StateFile())
+	require.NoError(t, err)
+	// private validator state should still be in tact.
+	require.Equal(t, int64(10), pv.LastSignState.Height)
+}
--- a/cmd/tendermint/main.go
+++ b/cmd/tendermint/main.go
@@ -33,9 +33,7 @@ func main() {
 		commands.MakeLightCommand(conf, logger),
 		commands.MakeReplayCommand(conf, logger),
 		commands.MakeReplayConsoleCommand(conf, logger),
-		commands.MakeResetAllCommand(conf, logger),
-		commands.MakeResetStateCommand(conf, logger),
-		commands.MakeResetPrivateValidatorCommand(conf, logger),
+		commands.MakeResetCommand(conf, logger),
 		commands.MakeShowValidatorCommand(conf, logger),
 		commands.MakeTestnetFilesCommand(conf, logger),
 		commands.MakeShowNodeIDCommand(conf),
--- a/docs/app-dev/getting-started.md
+++ b/docs/app-dev/getting-started.md
@@ -182,7 +182,7 @@ node example/counter.js
 In another window, reset and start `tendermint`:

 ```sh
-tendermint unsafe-reset-all
+tendermint reset unsafe-all
 tendermint start
 ```

--- a/go.mod
+++ b/go.mod
@@ -26,11 +26,11 @@ require (
 	github.com/rs/zerolog v1.26.1
 	github.com/snikch/goodman v0.0.0-20171125024755-10e37e294daa
 	github.com/spf13/cobra v1.4.0
-	github.com/spf13/viper v1.10.1
+	github.com/spf13/viper v1.11.0
 	github.com/stretchr/testify v1.7.1
 	github.com/tendermint/tm-db v0.6.6
-	golang.org/x/crypto v0.0.0-20220214200702-86341886e292
-	golang.org/x/net v0.0.0-20211208012354-db4efeb81f4b
+	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
+	golang.org/x/net v0.0.0-20220412020605-290c469a71a5
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
 	google.golang.org/grpc v1.45.0
 	gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b // indirect
@@ -42,10 +42,12 @@ require (
 	github.com/creachadair/taskgroup v0.3.2
 	github.com/golangci/golangci-lint v1.45.2
 	github.com/google/go-cmp v0.5.7
-	github.com/vektra/mockery/v2 v2.10.4
+	github.com/vektra/mockery/v2 v2.10.6
 	gotest.tools v2.2.0+incompatible
 )

+require github.com/pelletier/go-toml/v2 v2.0.0-beta.8 // indirect
+
 require (
 	4d63.com/gochecknoglobals v0.1.0 // indirect
 	github.com/Antonboom/errname v0.1.5 // indirect
@@ -138,7 +140,7 @@ require (
 	github.com/ldez/gomoddirectives v0.2.2 // indirect
 	github.com/ldez/tagliatelle v0.3.1 // indirect
 	github.com/leonklingele/grouper v1.1.0 // indirect
-	github.com/magiconair/properties v1.8.5 // indirect
+	github.com/magiconair/properties v1.8.6 // indirect
 	github.com/maratori/testpackage v1.0.1 // indirect
 	github.com/matoous/godox v0.0.0-20210227103229-6504466cf951 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
@@ -179,7 +181,7 @@ require (
 	github.com/sivchari/tenv v1.4.7 // indirect
 	github.com/sonatard/noctx v0.0.1 // indirect
 	github.com/sourcegraph/go-diff v0.6.1 // indirect
-	github.com/spf13/afero v1.8.0 // indirect
+	github.com/spf13/afero v1.8.2 // indirect
 	github.com/spf13/cast v1.4.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
@@ -202,14 +204,14 @@ require (
 	gitlab.com/bosi/decorder v0.2.1 // indirect
 	go.etcd.io/bbolt v1.3.6 // indirect
 	golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect
-	golang.org/x/sys v0.0.0-20220209214540-3681064d5158 // indirect
+	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/tools v0.1.10 // indirect
-	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
-	google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa // indirect
-	google.golang.org/protobuf v1.27.1 // indirect
-	gopkg.in/ini.v1 v1.66.3 // indirect
+	golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
+	google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac // indirect
+	google.golang.org/protobuf v1.28.0 // indirect
+	gopkg.in/ini.v1 v1.66.4 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 	honnef.co/go/tools v0.2.2 // indirect
--- a/go.sum
+++ b/go.sum
@@ -34,12 +34,16 @@ cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW
 cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
 cloud.google.com/go v0.98.0/go.mod h1:ua6Ush4NALrHk5QXDWnjvZHN93OuF0HfuEPq9I1X0cM=
 cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
+cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
+cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow=
+cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM=
+cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.6.0/go.mod h1:afJwI0vaXwAG54kI7A//lP/lSPDkQORQuMkv56TxEPU=
@@ -482,6 +486,8 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
 github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
+github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM=
+github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gookit/color v1.5.0/go.mod h1:43aQb+Zerm/BWh2GnrgOQm7ffz7tvQXEKV6BFMl7wAo=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -540,6 +546,7 @@ github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/S
 github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v1.0.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
@@ -568,6 +575,7 @@ github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOn
 github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
 github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk=
 github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4=
+github.com/hashicorp/serf v0.9.7/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
@@ -669,8 +677,9 @@ github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQ
 github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
 github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
+github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo=
+github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/maratori/testpackage v1.0.1 h1:QtJ5ZjqapShm0w5DosRjg0PRlSdAdlx+W6cCKoALdbQ=
 github.com/maratori/testpackage v1.0.1/go.mod h1:ddKdw+XG0Phzhx8BFDTKgpWP4i7MpApTE5fXSKAqwDU=
 github.com/matoous/godox v0.0.0-20210227103229-6504466cf951 h1:pWxk9e//NbPwfxat7RXkts09K+dEBJWakUWwICVqYbA=
@@ -821,6 +830,8 @@ github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144T
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.9.4 h1:tjENF6MfZAg8e4ZmZTeWaWiT2vXtsoO6+iuOjFhECwM=
 github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
+github.com/pelletier/go-toml/v2 v2.0.0-beta.8 h1:dy81yyLYJDwMTifq24Oi/IslOslRrDSb3jwDggjz3Z0=
+github.com/pelletier/go-toml/v2 v2.0.0-beta.8/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
 github.com/performancecopilot/speed/v4 v4.0.0/go.mod h1:qxrSyuDGrTOWfV+uKRFhfxw6h/4HXRGUiZiufxo49BM=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d h1:CdDQnGF8Nq9ocOS/xlSptM1N3BbrA6/kmaep5ggwaIA=
@@ -913,6 +924,7 @@ github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb
 github.com/sagikazarmark/crypt v0.1.0/go.mod h1:B/mN0msZuINBtQ1zZLEQcegFJJf9vnYIR88KRMEuODE=
 github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig=
 github.com/sagikazarmark/crypt v0.4.0/go.mod h1:ALv2SRj7GxYV4HO9elxH9nS6M9gW+xDNxqmyJ6RfDFM=
+github.com/sagikazarmark/crypt v0.5.0/go.mod h1:l+nzl7KWh51rpzp2h7t4MZWyiEWdhNpOAnclKvg+mdA=
 github.com/sanposhiho/wastedassign/v2 v2.0.6 h1:+6/hQIHKNJAUixEj6EmOngGIisyeI+T3335lYTyxRoA=
 github.com/sanposhiho/wastedassign/v2 v2.0.6/go.mod h1:KyZ0MWTwxxBmfwn33zh3k1dmsbF2ud9pAAGfoLfjhtI=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
@@ -952,8 +964,9 @@ github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
-github.com/spf13/afero v1.8.0 h1:5MmtuhAgYeU6qpa7w7bP0dv6MBYuup0vekhSpSkoq60=
 github.com/spf13/afero v1.8.0/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo=
+github.com/spf13/afero v1.8.2 h1:xehSyVa0YnHWsJ49JFljMpg1HX19V6NDZ1fkm1Xznbo=
+github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA=
 github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
@@ -974,8 +987,9 @@ github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DM
 github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/spf13/viper v1.9.0/go.mod h1:+i6ajR7OX2XaiBkrcZJFK21htRk7eDeLg7+O6bhUPP4=
 github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM=
-github.com/spf13/viper v1.10.1 h1:nuJZuYpG7gTj/XqiUwg8bA0cp1+M2mC3J4g5luUYBKk=
 github.com/spf13/viper v1.10.1/go.mod h1:IGlFPqhNAPKRxohIzWpI5QEy4kuI7tcl5WvR+8qy1rU=
+github.com/spf13/viper v1.11.0 h1:7OX/1FS6n7jHD1zGrZTM7WtY13ZELRyosK4k93oPr44=
+github.com/spf13/viper v1.11.0/go.mod h1:djo0X/bA5+tYVoCn+C7cAYJGcVn/qYLFTG8gdUsX7Zk=
 github.com/ssgreg/nlreturn/v2 v2.2.1 h1:X4XDI7jstt3ySqGU86YGAURbxw3oTDPK9sPEi6YEwQ0=
 github.com/ssgreg/nlreturn/v2 v2.2.1/go.mod h1:E/iiPB78hV7Szg2YfRgyIrk1AD6JVMTRkkxBiELzh2I=
 github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
@@ -1041,8 +1055,8 @@ github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyC
 github.com/valyala/fasthttp v1.30.0/go.mod h1:2rsYD01CKFrjjsvFxx75KlEUNpWNBY9JWD3K/7o2Cus=
 github.com/valyala/quicktemplate v1.7.0/go.mod h1:sqKJnoaOF88V07vkO+9FL8fb9uZg/VPSJnLYn+LmLk8=
 github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
-github.com/vektra/mockery/v2 v2.10.4 h1:nMdsCKIS7ZdNTRNS/77Bx6Q/UbasGcfc3Nx7JO7HGTg=
-github.com/vektra/mockery/v2 v2.10.4/go.mod h1:m/WO2UzWzqgVX3nvqpRQq70I4Z7jbSCRhdmkgtp+Ab4=
+github.com/vektra/mockery/v2 v2.10.6 h1:iLVqC9FozavYx27ZwfXipuizLBN8YzXlh9x5fufk48w=
+github.com/vektra/mockery/v2 v2.10.6/go.mod h1:8vf4KDDUptfkyypzdHLuE7OE2xA7Gdt60WgIS8PgD+U=
 github.com/viki-org/dnscache v0.0.0-20130720023526-c70c1f23c5d8/go.mod h1:dniwbG03GafCjFohMDmz6Zc6oCuiqgH6tGNyXTkHzXE=
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
@@ -1074,10 +1088,13 @@ go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
 go.etcd.io/etcd v0.0.0-20200513171258-e048e166ab9c/go.mod h1:xCI7ZzBfRuGgBXyXO6yfWfDmlWd35khcWpUa4L0xI/k=
 go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
 go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
+go.etcd.io/etcd/api/v3 v3.5.2/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A=
 go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
+go.etcd.io/etcd/client/pkg/v3 v3.5.2/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
 go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs=
+go.etcd.io/etcd/client/v2 v2.305.2/go.mod h1:2D7ZejHVMIfog1221iLSYlQRzrtECw3kz4I4VAQm3qI=
 go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0=
 go.mozilla.org/mozlog v0.0.0-20170222151521-4bb13139d403/go.mod h1:jHoPAGnDrCy6kaI2tAze5Prf0Nr0w/oNkROt2lw3n3o=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
@@ -1131,8 +1148,9 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215165025-cf75a172585e/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
 golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220214200702-86341886e292 h1:f+lwQ+GtmgoY+A2YaQxlSOnDjXcQ7ZRLWOHbC6HtRqE=
 golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 h1:kUhD7nTDoI3fVd9G4ORWrbV5NY0liEs/Jg2pv5f+bBA=
+golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1237,8 +1255,12 @@ golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20210917221730-978cfadd31cf/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211208012354-db4efeb81f4b h1:MWaHNqZy3KTpuTMAGvv+Kw+ylsEpmyJZizz1dqxnu28=
 golang.org/x/net v0.0.0-20211208012354-db4efeb81f4b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220412020605-290c469a71a5 h1:bRb386wvrE+oBNdF1d/Xh9mQrfQ4ecYhW5qJ5GvTGT4=
+golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1256,6 +1278,9 @@ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
+golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
+golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1373,8 +1398,12 @@ golang.org/x/sys v0.0.0-20211213223007-03aa0b5f6827/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220111092808-5a964db01320/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c=
+golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
@@ -1500,8 +1529,9 @@ golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f h1:GGU+dLjvlC3qDwqYgL6UgRmHXhOOgns0bZu2Ty5mm6U=
+golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo=
 gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0=
 gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
@@ -1540,6 +1570,10 @@ google.golang.org/api v0.59.0/go.mod h1:sT2boj7M9YJxZzgeZqXogmhfmRWDtPzT31xkieUb
 google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I=
 google.golang.org/api v0.62.0/go.mod h1:dKmwPCydfsad4qCH08MSdgWjfHOyfpd4VtDGgRFdavw=
 google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo=
+google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g=
+google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA=
+google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8=
+google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1619,8 +1653,17 @@ google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ6
 google.golang.org/genproto v0.0.0-20211129164237-f09f9a12af12/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211203200212-54befc351ae9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa h1:I0YcKz0I7OAhddo7ya8kMnvprhcWM045PmkBdMO9zN0=
 google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E=
+google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac h1:qSNTkEN+L2mvWcLgJOR+8bdHX9rN/IdU3A1Ghpfb1Rg=
+google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
 google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@@ -1654,6 +1697,7 @@ google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9K
 google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
+google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.45.0 h1:NEpgUqV3Z+ZjkqMsxMg11IaDrXY4RY6CQukSGK0uI1M=
 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
@@ -1669,8 +1713,9 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1685,8 +1730,9 @@ gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMy
 gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
 gopkg.in/ini.v1 v1.63.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.66.3 h1:jRskFVxYaMGAMUbN0UZ7niA9gzL9B49DOqE78vg0k3w=
 gopkg.in/ini.v1 v1.66.3/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.66.4 h1:SsAcf+mM7mRZo2nJNGt8mZCjG8ZRaNGMURJw7BsIST4=
+gopkg.in/ini.v1 v1.66.4/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
--- a/scripts/confix/confix.go
+++ b/scripts/confix/confix.go
@@ -12,11 +12,9 @@ import (
 	"log"
 	"os"
 	"path/filepath"
-	"strings"

 	"github.com/creachadair/atomicfile"
 	"github.com/creachadair/tomledit"
-	"github.com/creachadair/tomledit/parser"
 	"github.com/creachadair/tomledit/transform"
 	"github.com/spf13/viper"
 	"github.com/tendermint/tendermint/config"
@@ -78,186 +76,6 @@ func main() {
 	}
 }

-var plan = transform.Plan{
-	{
-		// Since https://github.com/tendermint/tendermint/pull/5777.
-		Desc: "Rename everything from snake_case to kebab-case",
-		T:    transform.SnakeToKebab(),
-	},
-	{
-		// [fastsync]  renamed in https://github.com/tendermint/tendermint/pull/6896.
-		// [blocksync] removed in https://github.com/tendermint/tendermint/pull/7159.
-		Desc: "Remove [fastsync] and [blocksync] sections",
-		T: transform.Func(func(_ context.Context, doc *tomledit.Document) error {
-			doc.First("fast-sync").Remove()
-			transform.FindTable(doc, "fastsync").Remove()
-			transform.FindTable(doc, "blocksync").Remove()
-			return nil
-		}),
-		ErrorOK: true,
-	},
-	{
-		// Since https://github.com/tendermint/tendermint/pull/6241.
-		Desc: `Add top-level mode setting (default "full")`,
-		T: transform.EnsureKey(nil, &parser.KeyValue{
-			Block: parser.Comments{"Mode of Node: full | validator | seed"},
-			Name:  parser.Key{"mode"},
-			Value: parser.MustValue(`"full"`),
-		}),
-		ErrorOK: true,
-	},
-	{
-		// Since https://github.com/tendermint/tendermint/pull/7121.
-		Desc: "Remove gRPC settings from the [rpc] section",
-		T: transform.Func(func(_ context.Context, doc *tomledit.Document) error {
-			doc.First("rpc", "grpc-laddr").Remove()
-			doc.First("rpc", "grpc-max-open-connections").Remove()
-			return nil
-		}),
-	},
-	{
-		// Since https://github.com/tendermint/tendermint/pull/8217.
-		Desc: "Remove per-node consensus timeouts (converted to consensus parameters)",
-		T: transform.Remove(
-			parser.Key{"consensus", "skip-timeout-commit"},
-			parser.Key{"consensus", "timeout-commit"},
-			parser.Key{"consensus", "timeout-precommit"},
-			parser.Key{"consensus", "timeout-precommit-delta"},
-			parser.Key{"consensus", "timeout-prevote"},
-			parser.Key{"consensus", "timeout-prevote-delta"},
-			parser.Key{"consensus", "timeout-propose"},
-			parser.Key{"consensus", "timeout-propose-delta"},
-		),
-		ErrorOK: true,
-	},
-	{
-		// Removed wal-dir: https://github.com/tendermint/tendermint/pull/6396.
-		// Removed version: https://github.com/tendermint/tendermint/pull/7171.
-		Desc: "Remove vestigial mempool.wal-dir settings",
-		T: transform.Remove(
-			parser.Key{"mempool", "wal-dir"},
-			parser.Key{"mempool", "version"},
-		),
-		ErrorOK: true,
-	},
-	{
-		// Since https://github.com/tendermint/tendermint/pull/6323.
-		Desc: "Add new [p2p] queue-type setting",
-		T: transform.EnsureKey(parser.Key{"p2p"}, &parser.KeyValue{
-			Block: parser.Comments{"Select the p2p internal queue"},
-			Name:  parser.Key{"queue-type"},
-			Value: parser.MustValue(`"priority"`),
-		}),
-		ErrorOK: true,
-	},
-	{
-		// Since https://github.com/tendermint/tendermint/pull/6353.
-		Desc: "Add [p2p] connection count and rate limit settings",
-		T: transform.Func(func(_ context.Context, doc *tomledit.Document) error {
-			tab := transform.FindTable(doc, "p2p")
-			if tab == nil {
-				return errors.New("p2p table not found")
-			}
-			transform.InsertMapping(tab.Section, &parser.KeyValue{
-				Block: parser.Comments{"Maximum number of connections (inbound and outbound)."},
-				Name:  parser.Key{"max-connections"},
-				Value: parser.MustValue("64"),
-			}, false)
-			transform.InsertMapping(tab.Section, &parser.KeyValue{
-				Block: parser.Comments{
-					"Rate limits the number of incoming connection attempts per IP address.",
-				},
-				Name:  parser.Key{"max-incoming-connection-attempts"},
-				Value: parser.MustValue("100"),
-			}, false)
-			return nil
-		}),
-	},
-	{
-		// Added "chunk-fetchers" https://github.com/tendermint/tendermint/pull/6566.
-		// This value was backported into v0.34.11 (modulo casing).
-		// Renamed to "fetchers"  https://github.com/tendermint/tendermint/pull/6587.
-		Desc: "Rename statesync.chunk-fetchers to statesync.fetchers",
-		T: transform.Func(func(ctx context.Context, doc *tomledit.Document) error {
-			// If the key already exists, rename it preserving its value.
-			if found := doc.First("statesync", "chunk-fetchers"); found != nil {
-				found.KeyValue.Name = parser.Key{"fetchers"}
-				return nil
-			}
-
-			// Otherwise, add it.
-			return transform.EnsureKey(parser.Key{"statesync"}, &parser.KeyValue{
-				Block: parser.Comments{
-					"The number of concurrent chunk and block fetchers to run (default: 4).",
-				},
-				Name:  parser.Key{"fetchers"},
-				Value: parser.MustValue("4"),
-			})(ctx, doc)
-		}),
-	},
-	{
-		// Since https://github.com/tendermint/tendermint/pull/6807.
-		// Backported into v0.34.13 (modulo casing).
-		Desc: "Add statesync.use-p2p setting",
-		T: transform.EnsureKey(parser.Key{"statesync"}, &parser.KeyValue{
-			Block: parser.Comments{
-				"# State sync uses light client verification to verify state. This can be done either through the",
-				"# P2P layer or RPC layer. Set this to true to use the P2P layer. If false (default), RPC layer",
-				"# will be used.",
-			},
-			Name:  parser.Key{"use-p2p"},
-			Value: parser.MustValue("false"),
-		}),
-	},
-	{
-		// Since https://github.com/tendermint/tendermint/pull/6462.
-		Desc: "Move priv-validator settings under [priv-validator]",
-		T: transform.Func(func(_ context.Context, doc *tomledit.Document) error {
-			const pvPrefix = "priv-validator-"
-
-			var found []*tomledit.Entry
-			doc.Scan(func(key parser.Key, e *tomledit.Entry) bool {
-				if e.IsSection() && !e.IsGlobal() {
-					return false // no more candidates
-				} else if len(key) == 1 && strings.HasPrefix(key[0], pvPrefix) {
-					found = append(found, e)
-				}
-				return true
-			})
-			if len(found) == 0 {
-				return nil // nothing to do
-			}
-
-			// Now that we know we have work to do, find the target table.
-			var sec *tomledit.Section
-			if dst := transform.FindTable(doc, "priv-validator"); dst == nil {
-				// If the table doesn't exist, create it. Old config files
-				// probably will not have it, so plug in the comment too.
-				sec = &tomledit.Section{
-					Heading: &parser.Heading{
-						Block: parser.Comments{
-							"#######################################################",
-							"###       Priv Validator Configuration              ###",
-							"#######################################################",
-						},
-						Name: parser.Key{"priv-validator"},
-					},
-				}
-				doc.Sections = append(doc.Sections, sec)
-			} else {
-				sec = dst.Section
-			}
-
-			for _, e := range found {
-				e.Remove()
-				e.Name = parser.Key{strings.TrimPrefix(e.Name[0], pvPrefix)}
-				sec.Items = append(sec.Items, e.KeyValue)
-			}
-			return nil
-		}),
-	},
-}
-
 // ApplyFixes transforms doc and reports whether it succeeded.
 func ApplyFixes(ctx context.Context, doc *tomledit.Document) error {
 	// Check what version of Tendermint might have created this config file, as
--- a/scripts/confix/plan.go
+++ b/scripts/confix/plan.go
@@ -0,0 +1,225 @@
+package main
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/creachadair/tomledit"
+	"github.com/creachadair/tomledit/parser"
+	"github.com/creachadair/tomledit/transform"
+)
+
+// The plan is the sequence of transformation steps that should be applied, in
+// the given order, to convert a configuration file to be compatible with the
+// current version of the config grammar.
+//
+// Transformation steps are specific to the target config version.  For this
+// reason, you must exercise caution when backporting changes to this script
+// into older releases.
+var plan = transform.Plan{
+	{
+		// Since https://github.com/tendermint/tendermint/pull/5777.
+		Desc: "Rename everything from snake_case to kebab-case",
+		T:    transform.SnakeToKebab(),
+	},
+	{
+		// [fastsync]  renamed in https://github.com/tendermint/tendermint/pull/6896.
+		// [blocksync] removed in https://github.com/tendermint/tendermint/pull/7159.
+		Desc: "Remove [fastsync] and [blocksync] sections",
+		T: transform.Func(func(_ context.Context, doc *tomledit.Document) error {
+			doc.First("fast-sync").Remove()
+			transform.FindTable(doc, "fastsync").Remove()
+			transform.FindTable(doc, "blocksync").Remove()
+			return nil
+		}),
+		ErrorOK: true,
+	},
+	{
+		// Since https://github.com/tendermint/tendermint/pull/6241.
+		Desc: `Add top-level mode setting (default "full")`,
+		T: transform.EnsureKey(nil, &parser.KeyValue{
+			Block: parser.Comments{"Mode of Node: full | validator | seed"},
+			Name:  parser.Key{"mode"},
+			Value: parser.MustValue(`"full"`),
+		}),
+		ErrorOK: true,
+	},
+	{
+		// Since https://github.com/tendermint/tendermint/pull/7121.
+		Desc: "Remove gRPC settings from the [rpc] section",
+		T: transform.Func(func(_ context.Context, doc *tomledit.Document) error {
+			doc.First("rpc", "grpc-laddr").Remove()
+			doc.First("rpc", "grpc-max-open-connections").Remove()
+			return nil
+		}),
+	},
+	{
+		// Since https://github.com/tendermint/tendermint/pull/8217.
+		Desc: "Remove per-node consensus timeouts (converted to consensus parameters)",
+		T: transform.Remove(
+			parser.Key{"consensus", "skip-timeout-commit"},
+			parser.Key{"consensus", "timeout-commit"},
+			parser.Key{"consensus", "timeout-precommit"},
+			parser.Key{"consensus", "timeout-precommit-delta"},
+			parser.Key{"consensus", "timeout-prevote"},
+			parser.Key{"consensus", "timeout-prevote-delta"},
+			parser.Key{"consensus", "timeout-propose"},
+			parser.Key{"consensus", "timeout-propose-delta"},
+		),
+		ErrorOK: true,
+	},
+	{
+		// Removed wal-dir: https://github.com/tendermint/tendermint/pull/6396.
+		// Removed version: https://github.com/tendermint/tendermint/pull/7171.
+		Desc: "Remove vestigial mempool.wal-dir settings",
+		T: transform.Remove(
+			parser.Key{"mempool", "wal-dir"},
+			parser.Key{"mempool", "version"},
+		),
+		ErrorOK: true,
+	},
+	{
+		// Since https://github.com/tendermint/tendermint/pull/6323.
+		Desc: "Add new [p2p] queue-type setting",
+		T: transform.EnsureKey(parser.Key{"p2p"}, &parser.KeyValue{
+			Block: parser.Comments{"Select the p2p internal queue"},
+			Name:  parser.Key{"queue-type"},
+			Value: parser.MustValue(`"priority"`),
+		}),
+		ErrorOK: true,
+	},
+	{
+		// Since https://github.com/tendermint/tendermint/pull/6353.
+		Desc: "Add [p2p] connection count and rate limit settings",
+		T: transform.Func(func(_ context.Context, doc *tomledit.Document) error {
+			tab := transform.FindTable(doc, "p2p")
+			if tab == nil {
+				return errors.New("p2p table not found")
+			}
+			transform.InsertMapping(tab.Section, &parser.KeyValue{
+				Block: parser.Comments{"Maximum number of connections (inbound and outbound)."},
+				Name:  parser.Key{"max-connections"},
+				Value: parser.MustValue("64"),
+			}, false)
+			transform.InsertMapping(tab.Section, &parser.KeyValue{
+				Block: parser.Comments{
+					"Rate limits the number of incoming connection attempts per IP address.",
+				},
+				Name:  parser.Key{"max-incoming-connection-attempts"},
+				Value: parser.MustValue("100"),
+			}, false)
+			return nil
+		}),
+	},
+	{
+		// Added "chunk-fetchers" https://github.com/tendermint/tendermint/pull/6566.
+		// This value was backported into v0.34.11 (modulo casing).
+		// Renamed to "fetchers"  https://github.com/tendermint/tendermint/pull/6587.
+		Desc: "Rename statesync.chunk-fetchers to statesync.fetchers",
+		T: transform.Func(func(ctx context.Context, doc *tomledit.Document) error {
+			// If the key already exists, rename it preserving its value.
+			if found := doc.First("statesync", "chunk-fetchers"); found != nil {
+				found.KeyValue.Name = parser.Key{"fetchers"}
+				return nil
+			}
+
+			// Otherwise, add it.
+			return transform.EnsureKey(parser.Key{"statesync"}, &parser.KeyValue{
+				Block: parser.Comments{
+					"The number of concurrent chunk and block fetchers to run (default: 4).",
+				},
+				Name:  parser.Key{"fetchers"},
+				Value: parser.MustValue("4"),
+			})(ctx, doc)
+		}),
+	},
+	{
+		// Since https://github.com/tendermint/tendermint/pull/6807.
+		// Backported into v0.34.13 (modulo casing).
+		Desc: "Add statesync.use-p2p setting",
+		T: transform.EnsureKey(parser.Key{"statesync"}, &parser.KeyValue{
+			Block: parser.Comments{
+				"# State sync uses light client verification to verify state. This can be done either through the",
+				"# P2P layer or RPC layer. Set this to true to use the P2P layer. If false (default), RPC layer",
+				"# will be used.",
+			},
+			Name:  parser.Key{"use-p2p"},
+			Value: parser.MustValue("false"),
+		}),
+	},
+	{
+		// Since https://github.com/tendermint/tendermint/pull/6462.
+		Desc: "Move priv-validator settings under [priv-validator]",
+		T: transform.Func(func(_ context.Context, doc *tomledit.Document) error {
+			const pvPrefix = "priv-validator-"
+
+			var found []*tomledit.Entry
+			doc.Global.Scan(func(key parser.Key, e *tomledit.Entry) bool {
+				if len(key) == 1 && strings.HasPrefix(key[0], pvPrefix) {
+					found = append(found, e)
+				}
+				return true
+			})
+			if len(found) == 0 {
+				return nil // nothing to do
+			}
+
+			// Now that we know we have work to do, find the target table.
+			var sec *tomledit.Section
+			if dst := transform.FindTable(doc, "priv-validator"); dst == nil {
+				// If the table doesn't exist, create it. Old config files
+				// probably will not have it, so plug in the comment too.
+				sec = &tomledit.Section{
+					Heading: &parser.Heading{
+						Block: parser.Comments{
+							"#######################################################",
+							"###       Priv Validator Configuration              ###",
+							"#######################################################",
+						},
+						Name: parser.Key{"priv-validator"},
+					},
+				}
+				doc.Sections = append(doc.Sections, sec)
+			} else {
+				sec = dst.Section
+			}
+
+			for _, e := range found {
+				e.Remove()
+				e.Name = parser.Key{strings.TrimPrefix(e.Name[0], pvPrefix)}
+				sec.Items = append(sec.Items, e.KeyValue)
+			}
+			return nil
+		}),
+	},
+	{
+		// Since https://github.com/tendermint/tendermint/pull/6411.
+		Desc: "Convert tx-index.indexer from a string to a list of strings",
+		T: transform.Func(func(ctx context.Context, doc *tomledit.Document) error {
+			idx := doc.First("tx-index", "indexer")
+			if idx == nil {
+				// No previous indexer setting: Default to ["null"] per #8222.
+				return transform.EnsureKey(parser.Key{"tx-index"}, &parser.KeyValue{
+					Block: parser.Comments{"The backend database list to back the indexer."},
+					Name:  parser.Key{"indexer"},
+					Value: parser.MustValue(`["null"]`),
+				})(ctx, doc)
+			}
+
+			// Versions prior to v0.35 had a string value here, v0.35 and onward
+			// use an array of strings.
+			switch idx.KeyValue.Value.X.(type) {
+			case parser.Array:
+				// OK, this is already up-to-date.
+				return nil
+			case parser.Token:
+				// Wrap the value in a single-element array.
+				idx.KeyValue.Value.X = parser.Array{idx.KeyValue.Value}
+				return nil
+			}
+			return fmt.Errorf("unrecognized value: %v", idx.KeyValue)
+		}),
+	},
+}