Use x/exp/slices instead of home grown utilities (#18524)

We were inconsistent throughout the codebase and would sometimes use the slices package and other times use our own equivalents in api/. This removes our versions in favor of the golang.org/x package that does the same, which has the added benefit of reducing the surface area of the public API module. Note: despite existing uses of the slices package, for some reason it didn't show up in go.mod or go.sum. Fixed that too.
2024-10-19 16:53:57 +00:00 · 2022-11-17 08:25:46 -07:00 · 2022-11-17 08:25:46 -07:00 · da7680ad0b
parent 6c4722f18c
commit da7680ad0b
71 changed files with 193 additions and 258 deletions
--- a/api/go.mod
+++ b/api/go.mod
@ -20,6 +20,7 @@ require (
 	go.opentelemetry.io/otel/trace v1.11.1
 	go.opentelemetry.io/proto/otlp v0.19.0
 	golang.org/x/crypto v0.1.0
 	golang.org/x/exp v0.0.0-20221114191408-850992195362
 	golang.org/x/net v0.1.0
 	google.golang.org/genproto v0.0.0-20221107162902-2d387536bcdd
 	google.golang.org/grpc v1.50.1
--- a/api/go.sum
+++ b/api/go.sum
@ -242,6 +242,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
 golang.org/x/exp v0.0.0-20221114191408-850992195362 h1:NoHlPRbyl1VFI6FjwHtPQCN7wAMXI6cKcqrmXhOOfBQ=
 golang.org/x/exp v0.0.0-20221114191408-850992195362/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
--- a/api/types/authority.go
+++ b/api/types/authority.go
@ -22,9 +22,9 @@ import (
 	"github.com/gogo/protobuf/proto"
 	"github.com/gravitational/trace"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/constants"
 	"github.com/gravitational/teleport/api/utils"
 )
 // CertAuthority is a host or user certificate authority that
@ -558,8 +558,8 @@ type CertRoles struct {
 func (k *TLSKeyPair) Clone() *TLSKeyPair {
 	return &TLSKeyPair{
 		KeyType: k.KeyType,
-		Key:     utils.CopyByteSlice(k.Key),
+		Key:     slices.Clone(k.Key),
-		Cert:    utils.CopyByteSlice(k.Cert),
+		Cert:    slices.Clone(k.Cert),
 	}
 }
@ -568,8 +568,8 @@ func (k *TLSKeyPair) Clone() *TLSKeyPair {
 func (k *JWTKeyPair) Clone() *JWTKeyPair {
 	return &JWTKeyPair{
 		PrivateKeyType: k.PrivateKeyType,
-		PrivateKey:     utils.CopyByteSlice(k.PrivateKey),
+		PrivateKey:     slices.Clone(k.PrivateKey),
-		PublicKey:      utils.CopyByteSlice(k.PublicKey),
+		PublicKey:      slices.Clone(k.PublicKey),
 	}
 }
@ -578,8 +578,8 @@ func (k *JWTKeyPair) Clone() *JWTKeyPair {
 func (k *SSHKeyPair) Clone() *SSHKeyPair {
 	return &SSHKeyPair{
 		PrivateKeyType: k.PrivateKeyType,
-		PrivateKey:     utils.CopyByteSlice(k.PrivateKey),
+		PrivateKey:     slices.Clone(k.PrivateKey),
-		PublicKey:      utils.CopyByteSlice(k.PublicKey),
+		PublicKey:      slices.Clone(k.PublicKey),
 	}
 }
--- a/api/types/oidc.go
+++ b/api/types/oidc.go
@ -22,6 +22,7 @@ import (
 	"github.com/gravitational/trace"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/constants"
 	"github.com/gravitational/teleport/api/defaults"
@ -375,7 +376,7 @@ func (o *OIDCConnectorV3) CheckAndSetDefaults() error {
 		return trace.Wrap(err)
 	}
-	if name := o.Metadata.Name; utils.SliceContainsStr(constants.SystemConnectors, name) {
+	if name := o.Metadata.Name; slices.Contains(constants.SystemConnectors, name) {
 		return trace.BadParameter("ID: invalid connector name, %v is a reserved name", name)
 	}
--- a/api/types/provisioning.go
+++ b/api/types/provisioning.go
@ -21,6 +21,7 @@ import (
 	"time"
 	"github.com/gravitational/trace"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/defaults"
 	apiutils "github.com/gravitational/teleport/api/utils"
@ -57,7 +58,7 @@ var JoinMethods = []JoinMethod{
 }
 func ValidateJoinMethod(method JoinMethod) error {
-	hasJoinMethod := apiutils.SliceContainsStr(JoinMethods, method)
+	hasJoinMethod := slices.Contains(JoinMethods, method)
 	if !hasJoinMethod {
 		return trace.BadParameter("join method must be one of %s", apiutils.JoinStrings(JoinMethods, ", "))
 	}
--- a/api/types/resource.go
+++ b/api/types/resource.go
@ -22,6 +22,7 @@ import (
 	"time"
 	"github.com/gravitational/trace"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/defaults"
 	"github.com/gravitational/teleport/api/utils"
@ -352,7 +353,7 @@ func (m *Metadata) CheckAndSetDefaults() error {
 	// Check the origin value.
 	if m.Origin() != "" {
-		if !utils.SliceContainsStr(OriginValues, m.Origin()) {
+		if !slices.Contains(OriginValues, m.Origin()) {
 			return trace.BadParameter("invalid origin value %q, must be one of %v", m.Origin(), OriginValues)
 		}
 	}
--- a/api/types/resource_ids.go
+++ b/api/types/resource_ids.go
@ -22,8 +22,7 @@ import (
 	"strings"
 	"github.com/gravitational/trace"
-
+	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/utils"
 )
 func (id *ResourceID) CheckAndSetDefaults() error {
@ -33,7 +32,7 @@ func (id *ResourceID) CheckAndSetDefaults() error {
 	if len(id.Kind) == 0 {
 		return trace.BadParameter("ResourceID must include Kind")
 	}
-	if !utils.SliceContainsStr(RequestableResourceKinds, id.Kind) {
+	if !slices.Contains(RequestableResourceKinds, id.Kind) {
 		return trace.BadParameter("Resource kind %q is invalid or unsupported", id.Kind)
 	}
 	if len(id.Name) == 0 {
--- a/api/types/saml.go
+++ b/api/types/saml.go
@ -22,6 +22,7 @@ import (
 	"github.com/gravitational/trace"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/constants"
 	"github.com/gravitational/teleport/api/defaults"
@ -371,7 +372,7 @@ func (o *SAMLConnectorV2) CheckAndSetDefaults() error {
 		return trace.Wrap(err)
 	}
-	if name := o.Metadata.Name; utils.SliceContainsStr(constants.SystemConnectors, name) {
+	if name := o.Metadata.Name; slices.Contains(constants.SystemConnectors, name) {
 		return trace.BadParameter("ID: invalid connector name, %v is a reserved name", name)
 	}
 	if o.Spec.AssertionConsumerService == "" {
--- a/api/types/sessionrecording.go
+++ b/api/types/sessionrecording.go
@ -21,8 +21,7 @@ import (
 	"time"
 	"github.com/gravitational/trace"
-
+	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/utils"
 )
 // SessionRecordingConfig defines session recording configuration. This is
@ -186,7 +185,7 @@ func (c *SessionRecordingConfigV2) CheckAndSetDefaults() error {
 	}
 	// Check that the session recording mode is set to a valid value.
-	if !utils.SliceContainsStr(SessionRecordingModes, c.Spec.Mode) {
+	if !slices.Contains(SessionRecordingModes, c.Spec.Mode) {
 		return trace.BadParameter("session recording mode must be one of %v; got %q", strings.Join(SessionRecordingModes, ","), c.Spec.Mode)
 	}
--- a/api/types/trustedcluster.go
+++ b/api/types/trustedcluster.go
@ -22,8 +22,7 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/gravitational/trace"
-
+	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/utils"
 )
 // TrustedCluster holds information needed for a cluster that can not be directly
@ -247,7 +246,7 @@ func (c *TrustedClusterV2) CanChangeStateTo(t TrustedCluster) error {
 	if c.GetReverseTunnelAddress() != t.GetReverseTunnelAddress() {
 		return immutableFieldErr("tunnel_addr")
 	}
-	if !utils.StringSlicesEqual(c.GetRoles(), t.GetRoles()) {
+	if !slices.Equal(c.GetRoles(), t.GetRoles()) {
 		return immutableFieldErr("roles")
 	}
 	if !cmp.Equal(c.GetRoleMap(), t.GetRoleMap()) {
--- a/api/utils/slices.go
+++ b/api/utils/slices.go
@ -20,51 +20,6 @@ import (
 	"strings"
 )
 // CopyByteSlice returns a copy of the byte slice.
 func CopyByteSlice(in []byte) []byte {
 	if in == nil {
 		return nil
 	}
 	out := make([]byte, len(in))
 	copy(out, in)
 	return out
 }
 // CopyByteSlices returns a copy of the byte slices.
 func CopyByteSlices(in [][]byte) [][]byte {
 	if in == nil {
 		return nil
 	}
 	out := make([][]byte, len(in))
 	for i := range in {
 		out[i] = CopyByteSlice(in[i])
 	}
 	return out
 }
 // StringSlicesEqual returns true if string slices equal
 func StringSlicesEqual(a, b []string) bool {
 	if len(a) != len(b) {
 		return false
 	}
 	for i := range a {
 		if a[i] != b[i] {
 			return false
 		}
 	}
 	return true
 }
 // SliceContainsStr returns 'true' if the slice contains the given value
 func SliceContainsStr[T ~string](slice []T, value T) bool {
 	for i := range slice {
 		if slice[i] == value {
 			return true
 		}
 	}
 	return false
 }
 // JoinStrings returns a string that is all the elements in the slice `T[]` joined by `sep`
 // This being generic allows for the usage of custom string times, without having to convert
 // the elements to a string to be passed into `strings.Join`.
--- a/api/utils/slices_test.go
+++ b/api/utils/slices_test.go
@ -22,24 +22,6 @@ import (
 	"github.com/stretchr/testify/require"
 )
 func TestSliceContainsStr(t *testing.T) {
 	tests := []struct {
 		name         string
 		slice        []string
 		target       string
 		wantContains bool
 	}{
 		{name: "does contain", slice: []string{"two", "one"}, target: "one", wantContains: true},
 		{name: "does not contain", slice: []string{"two", "one"}, target: "five", wantContains: false},
 		{name: "empty slice", slice: nil, target: "one", wantContains: false},
 	}
 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {
 			require.Equal(t, tc.wantContains, SliceContainsStr(tc.slice, tc.target))
 		})
 	}
 }
 func TestDeduplicate(t *testing.T) {
 	tests := []struct {
 		name         string
--- a/build.assets/tooling/go.mod
+++ b/build.assets/tooling/go.mod
@ -12,8 +12,8 @@ require (
 	github.com/seqsense/s3sync v1.8.2
 	github.com/sirupsen/logrus v1.8.1
 	github.com/stretchr/testify v1.2.2
-	golang.org/x/exp v0.0.0-20220518171630-0b5c67f07fdf
+	golang.org/x/exp v0.0.0-20221114191408-850992195362
-	golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3
+	golang.org/x/mod v0.6.0
 	golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f
 )
@ -23,9 +23,9 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jonboulle/clockwork v0.2.2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect
+	golang.org/x/crypto v0.1.0 // indirect
-	golang.org/x/net v0.0.0-20220630215102-69896b714898 // indirect
+	golang.org/x/net v0.1.0 // indirect
-	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
+	golang.org/x/sys v0.1.0 // indirect
-	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
+	golang.org/x/term v0.1.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 )
--- a/build.assets/tooling/go.sum
+++ b/build.assets/tooling/go.sum
@ -11,8 +11,8 @@ github.com/gabriel-vasile/mimetype v1.4.0/go.mod h1:fA8fi6KUiG7MgQQ+mEWotXoEOvmx
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-github/v41 v41.0.0 h1:HseJrM2JFf2vfiZJ8anY2hqBjdfY1Vlj/K27ueww4gg=
 github.com/google/go-github/v41 v41.0.0/go.mod h1:XgmCA5H323A9rtgExdTcnDkcqp6S30AVACCBDOonIxg=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
@ -44,18 +44,18 @@ github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
+golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
-golang.org/x/exp v0.0.0-20220518171630-0b5c67f07fdf h1:oXVg4h2qJDd9htKxb5SCpFBHLipW6hXmL3qpUixS2jw=
+golang.org/x/exp v0.0.0-20221114191408-850992195362 h1:NoHlPRbyl1VFI6FjwHtPQCN7wAMXI6cKcqrmXhOOfBQ=
-golang.org/x/exp v0.0.0-20220518171630-0b5c67f07fdf/go.mod h1:yh0Ynu2b5ZUe3MQfp2nM0ecK7wsgouWTDN0FNeJuIys=
+golang.org/x/exp v0.0.0-20221114191408-850992195362/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
-golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o=
+golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I=
-golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
+golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210505024714-0287a6fb4125/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220630215102-69896b714898 h1:K7wO6V1IrczY9QOQ2WkVpw4JQSwCd52UsxVEirZUfiw=
+golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
-golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f h1:Ax0t5p6N38Ga0dThY21weqDEyz2oklo4IvDkpigvkD8=
 golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -65,17 +65,18 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
+golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 79bc9eaa8c5055207a003023623b4e04bb2f8c09
+Subproject commit 57ab2e31329117822bb744600974dcb6212ddbb1
--- a/go.mod
+++ b/go.mod
@ -121,7 +121,7 @@ require (
 	go.opentelemetry.io/otel/trace v1.11.1
 	go.opentelemetry.io/proto/otlp v0.19.0
 	golang.org/x/crypto v0.1.0
-	golang.org/x/exp v0.0.0-20221106115401-f9659909a136
+	golang.org/x/exp v0.0.0-20221114191408-850992195362
 	golang.org/x/mod v0.6.0
 	golang.org/x/net v0.1.0
 	golang.org/x/oauth2 v0.1.0
--- a/go.sum
+++ b/go.sum
@ -1549,8 +1549,8 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
 golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw=
-golang.org/x/exp v0.0.0-20221106115401-f9659909a136 h1:Fq7F/w7MAa1KJ5bt2aJ62ihqp9HDcRuyILskkpIAurw=
+golang.org/x/exp v0.0.0-20221114191408-850992195362 h1:NoHlPRbyl1VFI6FjwHtPQCN7wAMXI6cKcqrmXhOOfBQ=
-golang.org/x/exp v0.0.0-20221106115401-f9659909a136/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/exp v0.0.0-20221114191408-850992195362/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@ -46,6 +46,7 @@ import (
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/breaker"
@ -4779,7 +4780,7 @@ func testList(t *testing.T, suite *integrationTestSuite) {
 			nodes, err := userClt.ListNodesWithFilters(context.Background())
 			require.NoError(t, err)
 			for _, node := range nodes {
-				ok := apiutils.SliceContainsStr(tt.outNodes, node.GetHostname())
+				ok := slices.Contains(tt.outNodes, node.GetHostname())
 				if !ok {
 					t.Fatalf("Got nodes: %v, want: %v.", nodes, tt.outNodes)
 				}
--- a/lib/auth/auth.go
+++ b/lib/auth/auth.go
@ -51,6 +51,7 @@ import (
 	"github.com/sirupsen/logrus"
 	"go.opentelemetry.io/otel/exporters/otlp/otlptrace"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/client"
@ -2365,7 +2366,7 @@ func (a *Server) GenerateHostCerts(ctx context.Context, req *proto.HostCertsRequ
 	// If the request contains 0.0.0.0, this implies an advertise IP was not
 	// specified on the node. Try and guess what the address by replacing 0.0.0.0
 	// with the RemoteAddr as known to the Auth Server.
-	if apiutils.SliceContainsStr(req.AdditionalPrincipals, defaults.AnyAddress) {
+	if slices.Contains(req.AdditionalPrincipals, defaults.AnyAddress) {
 		remoteHost, err := utils.Host(req.RemoteAddr)
 		if err != nil {
 			return nil, trace.Wrap(err)
--- a/lib/auth/auth_with_roles.go
+++ b/lib/auth/auth_with_roles.go
@ -28,6 +28,7 @@ import (
 	"github.com/sirupsen/logrus"
 	collectortracev1 "go.opentelemetry.io/proto/otlp/collector/trace/v1"
 	otlpcommonv1 "go.opentelemetry.io/proto/otlp/common/v1"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/client"
@ -2322,7 +2323,7 @@ func (a *ServerWithRoles) desiredAccessInfoForUser(ctx context.Context, req *pro
 	var finalRequestIDs []string
 	for _, requestList := range [][]string{currentIdentity.ActiveRequests, req.AccessRequests} {
 		for _, reqID := range requestList {
-			if !apiutils.SliceContainsStr(req.DropAccessRequests, reqID) {
+			if !slices.Contains(req.DropAccessRequests, reqID) {
 				finalRequestIDs = append(finalRequestIDs, reqID)
 			}
 		}
@ -3292,7 +3293,7 @@ func (a *ServerWithRoles) GetRole(ctx context.Context, name string) (types.Role,
 	// Current-user exception: we always allow users to read roles
 	// that they hold.  This requirement is checked first to avoid
 	// misleading denial messages in the logs.
-	if !apiutils.SliceContainsStr(a.context.User.GetRoles(), name) {
+	if !slices.Contains(a.context.User.GetRoles(), name) {
 		if err := a.action(apidefaults.Namespace, types.KindRole, types.VerbRead); err != nil {
 			return nil, trace.Wrap(err)
 		}
--- a/lib/auth/init_test.go
+++ b/lib/auth/init_test.go
@ -29,12 +29,12 @@ import (
 	"github.com/jonboulle/clockwork"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/exp/slices"
 	kyaml "k8s.io/apimachinery/pkg/util/yaml"
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/constants"
 	"github.com/gravitational/teleport/api/types"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	apisshutils "github.com/gravitational/teleport/api/utils/sshutils"
 	"github.com/gravitational/teleport/lib/auth/keystore"
 	"github.com/gravitational/teleport/lib/auth/native"
@ -507,7 +507,7 @@ func TestPresets(t *testing.T) {
 		// ConnectionDiagnostic is part of the default allow rules
 		outdatedRules := []types.Rule{}
 		for _, r := range rules {
-			if apiutils.SliceContainsStr(r.Resources, types.KindConnectionDiagnostic) {
+			if slices.Contains(r.Resources, types.KindConnectionDiagnostic) {
 				continue
 			}
 			outdatedRules = append(outdatedRules, r)
@ -526,7 +526,7 @@ func TestPresets(t *testing.T) {
 		allowRules := out.GetRules(types.Allow)
 		require.Condition(t, func() (success bool) {
 			for _, r := range allowRules {
-				if apiutils.SliceContainsStr(r.Resources, types.KindConnectionDiagnostic) {
+				if slices.Contains(r.Resources, types.KindConnectionDiagnostic) {
 					return true
 				}
 			}
@ -548,7 +548,7 @@ func TestPresets(t *testing.T) {
 		// setting a deny rule for a default allow rule
 		outdateAllowRules := []types.Rule{}
 		for _, r := range allowRules {
-			if apiutils.SliceContainsStr(r.Resources, types.KindConnectionDiagnostic) {
+			if slices.Contains(r.Resources, types.KindConnectionDiagnostic) {
 				continue
 			}
 			outdateAllowRules = append(outdateAllowRules, r)
@ -573,7 +573,7 @@ func TestPresets(t *testing.T) {
 		allowRules = out.GetRules(types.Allow)
 		require.Condition(t, func() (success bool) {
 			for _, r := range allowRules {
-				if apiutils.SliceContainsStr(r.Resources, types.KindConnectionDiagnostic) {
+				if slices.Contains(r.Resources, types.KindConnectionDiagnostic) {
 					return false
 				}
 			}
--- a/lib/auth/join_circleci.go
+++ b/lib/auth/join_circleci.go
@ -20,9 +20,9 @@ import (
 	"context"
 	"github.com/gravitational/trace"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/types"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/lib/circleci"
 )
@ -60,7 +60,7 @@ func checkCircleCIAllowRules(token *types.ProvisionTokenV2, claims *circleci.IDT
 		// If ContextID is specified in rule, it must be contained in the slice
 		// of ContextIDs within the claims.
-		if rule.ContextID != "" && !apiutils.SliceContainsStr(claims.ContextIDs, rule.ContextID) {
+		if rule.ContextID != "" && !slices.Contains(claims.ContextIDs, rule.ContextID) {
 			continue
 		}
--- a/lib/auth/join_ec2.go
+++ b/lib/auth/join_ec2.go
@ -34,9 +34,9 @@ import (
 	"github.com/gravitational/trace"
 	"github.com/jonboulle/clockwork"
 	"go.mozilla.org/pkcs7"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/types"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/lib/services"
 	"github.com/gravitational/teleport/lib/utils"
 )
@ -75,7 +75,7 @@ func checkEC2AllowRules(ctx context.Context, iid *imds.InstanceIdentityDocument,
 		}
 		// if this rule specifies any AWS regions, the IID must match one of them
 		if len(rule.AWSRegions) > 0 {
-			if !apiutils.SliceContainsStr(rule.AWSRegions, iid.Region) {
+			if !slices.Contains(rule.AWSRegions, iid.Region) {
 				continue
 			}
 		}
--- a/lib/auth/join_iam.go
+++ b/lib/auth/join_iam.go
@ -36,12 +36,12 @@ import (
 	"github.com/aws/aws-sdk-go/service/sts"
 	"github.com/coreos/go-semver/semver"
 	"github.com/gravitational/trace"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/client"
 	"github.com/gravitational/teleport/api/client/proto"
 	"github.com/gravitational/teleport/api/types"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	cloudaws "github.com/gravitational/teleport/lib/cloud/aws"
 	"github.com/gravitational/teleport/lib/utils/aws"
 )
@ -76,7 +76,7 @@ var (
 // against a static list of known valid endpoints. We will need to update this
 // list as AWS adds new regions.
 func validateSTSHost(stsHost string, cfg *iamRegisterConfig) error {
-	valid := apiutils.SliceContainsStr(validSTSEndpoints, stsHost)
+	valid := slices.Contains(validSTSEndpoints, stsHost)
 	if !valid {
 		return trace.AccessDenied("IAM join request uses unknown STS host %q. "+
 			"This could mean that the Teleport Node attempting to join the cluster is "+
@ -89,7 +89,7 @@ func validateSTSHost(stsHost string, cfg *iamRegisterConfig) error {
 			stsHost, validSTSEndpoints)
 	}
-	if cfg.fips && !apiutils.SliceContainsStr(fipsSTSEndpoints, stsHost) {
+	if cfg.fips && !slices.Contains(fipsSTSEndpoints, stsHost) {
 		if cfg.authVersion.LessThan(semver.Version{Major: 12}) {
 			log.Warnf("Non-FIPS STS endpoint (%s) was used by a node joining "+
 				"the cluster with the IAM join method. "+
@ -149,7 +149,7 @@ func validateSTSIdentityRequest(req *http.Request, challenge string, cfg *iamReg
 	if err != nil {
 		return trace.Wrap(err)
 	}
-	if !apiutils.SliceContainsStr(sigV4.SignedHeaders, challengeHeaderKey) {
+	if !slices.Contains(sigV4.SignedHeaders, challengeHeaderKey) {
 		return trace.AccessDenied("sts identity request auth header %q does not include "+
 			challengeHeaderKey+" as a signed header", authHeader)
 	}
@ -490,7 +490,7 @@ func newSTSClient(ctx context.Context, cfg *stsIdentityRequestConfig) (*sts.STS,
 	stsClient := sts.New(sess)
-	if apiutils.SliceContainsStr(globalSTSEndpoints, strings.TrimPrefix(stsClient.Endpoint, "https://")) {
+	if slices.Contains(globalSTSEndpoints, strings.TrimPrefix(stsClient.Endpoint, "https://")) {
 		// If the caller wants to use the regional endpoint but it was not resolved
 		// from the environment, attempt to find the region from the EC2 IMDS
 		if cfg.regionalEndpointOption == endpoints.RegionalSTSEndpoint {
@ -507,7 +507,7 @@ func newSTSClient(ctx context.Context, cfg *stsIdentityRequestConfig) (*sts.STS,
 	}
 	if cfg.fipsEndpointOption == endpoints.FIPSEndpointStateEnabled &&
-		!apiutils.SliceContainsStr(validSTSEndpoints, strings.TrimPrefix(stsClient.Endpoint, "https://")) {
+		!slices.Contains(validSTSEndpoints, strings.TrimPrefix(stsClient.Endpoint, "https://")) {
 		// The AWS SDK will generate invalid endpoints when attempting to
 		// resolve the FIPS endpoint for a region which does not have one.
 		// In this case, try to use the FIPS endpoint in us-east-1. This should
--- a/lib/auth/middleware.go
+++ b/lib/auth/middleware.go
@ -30,6 +30,7 @@ import (
 	om "github.com/grpc-ecosystem/go-grpc-middleware/providers/openmetrics/v2"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/exp/slices"
 	"golang.org/x/net/http2"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
@ -502,7 +503,7 @@ func (a *Middleware) GetUser(connState tls.ConnectionState) (IdentityGetter, err
 	// of certificates issued for kubernetes usage by proxy, can not be used
 	// against auth server. Later on we can extend more
 	// advanced cert usage, but for now this is the safest option.
-	if len(identity.Usage) != 0 && !apiutils.StringSlicesEqual(a.AcceptedUsage, identity.Usage) {
+	if len(identity.Usage) != 0 && !slices.Equal(a.AcceptedUsage, identity.Usage) {
 		log.Warningf("Restricted certificate of user %q with usage %v rejected while accessing the auth endpoint with acceptable usage %v.",
 			identity.Username, identity.Usage, a.AcceptedUsage)
 		return nil, trace.AccessDenied("access denied: invalid client certificate")
--- a/lib/auth/webauthn/attestation.go
+++ b/lib/auth/webauthn/attestation.go
@ -21,9 +21,9 @@ import (
 	"github.com/duo-labs/webauthn/protocol"
 	"github.com/gravitational/trace"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/utils"
 )
 // x5cFormats enumerates all attestation formats that supply an attestation
@ -94,7 +94,7 @@ func x509PEMsToCertPool(certPEMs []string) (*x509.CertPool, error) {
 }
 func getChainFromObj(obj protocol.AttestationObject) ([]*x509.Certificate, error) {
-	if utils.SliceContainsStr(x5cFormats, obj.Format) {
+	if slices.Contains(x5cFormats, obj.Format) {
 		return getChainFromX5C(obj)
 	}
 	if obj.Format == "none" {
--- a/lib/backend/report.go
+++ b/lib/backend/report.go
@ -28,10 +28,10 @@ import (
 	log "github.com/sirupsen/logrus"
 	"go.opentelemetry.io/otel/attribute"
 	oteltrace "go.opentelemetry.io/otel/trace"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/types"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/lib/observability/metrics"
 	"github.com/gravitational/teleport/lib/observability/tracing"
 )
@ -397,7 +397,7 @@ func buildKeyLabel(key string, sensitivePrefixes []string) string {
 	}
 	// If the key matches "/sensitiveprefix/keyname", mask the key.
-	if len(parts) == 3 && len(parts[0]) == 0 && apiutils.SliceContainsStr(sensitivePrefixes, parts[1]) {
+	if len(parts) == 3 && len(parts[0]) == 0 && slices.Contains(sensitivePrefixes, parts[1]) {
 		parts[2] = string(MaskKeyName(parts[2]))
 	}
--- a/lib/cache/cache_test.go
+++ b/lib/cache/cache_test.go
@ -31,12 +31,12 @@ import (
 	"github.com/jonboulle/clockwork"
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/client"
 	"github.com/gravitational/teleport/api/client/proto"
 	apidefaults "github.com/gravitational/teleport/api/defaults"
 	"github.com/gravitational/teleport/api/types"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/lib/backend"
 	"github.com/gravitational/teleport/lib/backend/lite"
 	"github.com/gravitational/teleport/lib/backend/memory"
@ -543,7 +543,7 @@ func expectNextEvent(t *testing.T, eventsC <-chan Event, expectedEvent string, s
 		// wait for watcher to restart
 		select {
 		case event := <-eventsC:
-			if apiutils.SliceContainsStr(skipEvents, event.Type) {
+			if slices.Contains(skipEvents, event.Type) {
 				continue
 			}
 			require.Equal(t, expectedEvent, event.Type)
--- a/lib/config/configuration.go
+++ b/lib/config/configuration.go
@ -39,6 +39,7 @@ import (
 	"github.com/gravitational/trace"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/exp/slices"
 	kyaml "k8s.io/apimachinery/pkg/util/yaml"
 	"github.com/gravitational/teleport"
@ -1909,7 +1910,7 @@ func Configure(clf *CommandLineFlags, cfg *service.Config) error {
 	// If this process is trying to join a cluster as an application service,
 	// make sure application name and URI are provided.
-	if apiutils.SliceContainsStr(splitRoles(clf.Roles), defaults.RoleApp) &&
+	if slices.Contains(splitRoles(clf.Roles), defaults.RoleApp) &&
 		(clf.AppName == "" || clf.AppURI == "") {
 		return trace.BadParameter("application name (--app-name) and URI (--app-uri) flags are both required to join application proxy to the cluster")
 	}
--- a/lib/config/fileconf.go
+++ b/lib/config/fileconf.go
@ -34,6 +34,7 @@ import (
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/crypto/acme"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/exp/slices"
 	"gopkg.in/yaml.v2"
 	"github.com/gravitational/teleport"
@ -442,17 +443,17 @@ func (conf *FileConfig) CheckAndSetDefaults() error {
 	sc.SetDefaults()
 	for _, c := range conf.Ciphers {
-		if !apiutils.SliceContainsStr(sc.Ciphers, c) {
+		if !slices.Contains(sc.Ciphers, c) {
 			return trace.BadParameter("cipher algorithm %q is not supported; supported algorithms: %q", c, sc.Ciphers)
 		}
 	}
 	for _, k := range conf.KEXAlgorithms {
-		if !apiutils.SliceContainsStr(sc.KeyExchanges, k) {
+		if !slices.Contains(sc.KeyExchanges, k) {
 			return trace.BadParameter("KEX algorithm %q is not supported; supported algorithms: %q", k, sc.KeyExchanges)
 		}
 	}
 	for _, m := range conf.MACAlgorithms {
-		if !apiutils.SliceContainsStr(sc.MACs, m) {
+		if !slices.Contains(sc.MACs, m) {
 			return trace.BadParameter("MAC algorithm %q is not supported; supported algorithms: %q", m, sc.MACs)
 		}
 	}
@ -476,7 +477,7 @@ func checkAndSetDefaultsForAWSMatchers(matcherInput []AWSMatcher) error {
 	for i := range matcherInput {
 		matcher := &matcherInput[i]
 		for _, serviceType := range matcher.Types {
-			if !apiutils.SliceContainsStr(constants.SupportedAWSDiscoveryServices, serviceType) {
+			if !slices.Contains(constants.SupportedAWSDiscoveryServices, serviceType) {
 				return trace.BadParameter("discovery service type does not support %q, supported resource types are: %v",
 					serviceType, constants.SupportedAWSDiscoveryServices)
 			}
@ -527,21 +528,21 @@ func checkAndSetDefaultsForAzureMatchers(matcherInput []AzureMatcher) error {
 		}
 		for _, serviceType := range matcher.Types {
-			if !apiutils.SliceContainsStr(constants.SupportedAzureDiscoveryServices, serviceType) {
+			if !slices.Contains(constants.SupportedAzureDiscoveryServices, serviceType) {
 				return trace.BadParameter("Azure discovery service type does not support %q resource type; supported resource types are: %v",
 					serviceType, constants.SupportedAzureDiscoveryServices)
 			}
 		}
-		if apiutils.SliceContainsStr(matcher.Regions, types.Wildcard) || len(matcher.Regions) == 0 {
+		if slices.Contains(matcher.Regions, types.Wildcard) || len(matcher.Regions) == 0 {
 			matcher.Regions = []string{types.Wildcard}
 		}
-		if apiutils.SliceContainsStr(matcher.Subscriptions, types.Wildcard) || len(matcher.Subscriptions) == 0 {
+		if slices.Contains(matcher.Subscriptions, types.Wildcard) || len(matcher.Subscriptions) == 0 {
 			matcher.Subscriptions = []string{types.Wildcard}
 		}
-		if apiutils.SliceContainsStr(matcher.ResourceGroups, types.Wildcard) || len(matcher.ResourceGroups) == 0 {
+		if slices.Contains(matcher.ResourceGroups, types.Wildcard) || len(matcher.ResourceGroups) == 0 {
 			matcher.ResourceGroups = []string{types.Wildcard}
 		}
@ -567,17 +568,17 @@ func checkAndSetDefaultsForGCPMatchers(matcherInput []GCPMatcher) error {
 		}
 		for _, serviceType := range matcher.Types {
-			if !apiutils.SliceContainsStr(constants.SupportedGCPDiscoveryServices, serviceType) {
+			if !slices.Contains(constants.SupportedGCPDiscoveryServices, serviceType) {
 				return trace.BadParameter("GCP discovery service type does not support %q resource type; supported resource types are: %v",
 					serviceType, constants.SupportedGCPDiscoveryServices)
 			}
 		}
-		if apiutils.SliceContainsStr(matcher.Locations, types.Wildcard) || len(matcher.Locations) == 0 {
+		if slices.Contains(matcher.Locations, types.Wildcard) || len(matcher.Locations) == 0 {
 			matcher.Locations = []string{types.Wildcard}
 		}
-		if apiutils.SliceContainsStr(matcher.ProjectIDs, types.Wildcard) {
+		if slices.Contains(matcher.ProjectIDs, types.Wildcard) {
 			return trace.BadParameter("GCP discovery service project_ids does not support wildcards; please specify at least one value in project_ids.")
 		}
 		if len(matcher.ProjectIDs) == 0 {
--- a/lib/configurators/aws/aws.go
+++ b/lib/configurators/aws/aws.go
@ -32,9 +32,9 @@ import (
 	"github.com/aws/aws-sdk-go/service/sts"
 	"github.com/aws/aws-sdk-go/service/sts/stsiface"
 	"github.com/gravitational/trace"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/constants"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	awsutils "github.com/gravitational/teleport/api/utils/aws"
 	awslib "github.com/gravitational/teleport/lib/cloud/aws"
 	"github.com/gravitational/teleport/lib/config"
@ -521,7 +521,7 @@ func buildSSMDocuments(ssm ssmiface.SSMAPI, flags configurators.BootstrapFlags,
 		return nil, err
 	}
 	for _, matcher := range fileConfig.Discovery.AWSMatchers {
-		if !apiutils.SliceContainsStr(matcher.Types, constants.AWSServiceTypeEC2) {
+		if !slices.Contains(matcher.Types, constants.AWSServiceTypeEC2) {
 			continue
 		}
 		ssmCreator := awsSSMDocumentCreator{
--- a/lib/defaults/defaults.go
+++ b/lib/defaults/defaults.go
@ -27,11 +27,11 @@ import (
 	"github.com/gravitational/trace"
 	"github.com/jonboulle/clockwork"
 	"golang.org/x/exp/slices"
 	"gopkg.in/square/go-jose.v2"
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/defaults"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/lib/limiter"
 	"github.com/gravitational/teleport/lib/utils"
 )
@ -829,7 +829,7 @@ var TeleportConfigVersions = []string{
 }
 func ValidateConfigVersion(version string) error {
-	hasVersion := apiutils.SliceContainsStr(TeleportConfigVersions, version)
+	hasVersion := slices.Contains(TeleportConfigVersions, version)
 	if !hasVersion {
 		return trace.BadParameter("version must be one of %s", strings.Join(TeleportConfigVersions, ", "))
 	}
--- a/lib/events/s3sessions/s3handler_test.go
+++ b/lib/events/s3sessions/s3handler_test.go
@ -22,6 +22,7 @@ package s3sessions
 import (
 	"fmt"
 	"net/url"
 	"os"
 	"testing"
--- a/lib/events/test/suite.go
+++ b/lib/events/test/suite.go
@ -28,11 +28,11 @@ import (
 	"github.com/google/uuid"
 	"github.com/jonboulle/clockwork"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/exp/slices"
 	apidefaults "github.com/gravitational/teleport/api/defaults"
 	"github.com/gravitational/teleport/api/types"
 	apievents "github.com/gravitational/teleport/api/types/events"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/api/utils/retryutils"
 	"github.com/gravitational/teleport/lib/events"
 	"github.com/gravitational/teleport/lib/fixtures"
@ -189,7 +189,7 @@ Outer:
 		event, ok := arr[0].(*apievents.UserLogin)
 		require.True(t, ok)
 		require.Equal(t, event.GetTime(), baseTime2)
-		require.True(t, apiutils.SliceContainsStr(names, event.User))
+		require.True(t, slices.Contains(names, event.User))
 		for i, name := range names {
 			if name == event.User {
--- a/lib/kube/proxy/forwarder.go
+++ b/lib/kube/proxy/forwarder.go
@ -46,6 +46,7 @@ import (
 	"github.com/sirupsen/logrus"
 	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/exp/slices"
 	"golang.org/x/net/http2"
 	kubeerrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -598,7 +599,7 @@ func (f *Forwarder) setupContext(ctx auth.Context, req *http.Request, isRemoteUs
 	// any user to access common API methods, e.g. discovery methods
 	// required for initial client usage, without it, restricted user's
 	// kubectl clients will not work
-	if !apiutils.SliceContainsStr(kubeGroups, teleport.KubeSystemAuthenticated) {
+	if !slices.Contains(kubeGroups, teleport.KubeSystemAuthenticated) {
 		kubeGroups = append(kubeGroups, teleport.KubeSystemAuthenticated)
 	}
--- a/lib/kube/utils/utils.go
+++ b/lib/kube/utils/utils.go
@ -21,6 +21,7 @@ import (
 	"encoding/hex"
 	"github.com/gravitational/trace"
 	"golang.org/x/exp/slices"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
@ -28,7 +29,6 @@ import (
 	"github.com/gravitational/teleport/api/client"
 	"github.com/gravitational/teleport/api/client/proto"
 	"github.com/gravitational/teleport/api/types"
 	apiutils "github.com/gravitational/teleport/api/utils"
 )
 // GetKubeClient returns instance of client to the kubernetes cluster
@ -269,7 +269,7 @@ func CheckOrSetKubeCluster(ctx context.Context, p KubeServicesPresence, kubeClus
 		return "", trace.Wrap(err)
 	}
 	if kubeClusterName != "" {
-		if !apiutils.SliceContainsStr(kubeClusterNames, kubeClusterName) {
+		if !slices.Contains(kubeClusterNames, kubeClusterName) {
 			return "", trace.BadParameter("kubernetes cluster %q is not registered in this teleport cluster; you can list registered kubernetes clusters using 'tsh kube ls'", kubeClusterName)
 		}
 		return kubeClusterName, nil
@ -280,7 +280,7 @@ func CheckOrSetKubeCluster(ctx context.Context, p KubeServicesPresence, kubeClus
 	if len(kubeClusterNames) == 0 {
 		return "", trace.NotFound("no kubernetes clusters registered")
 	}
-	if apiutils.SliceContainsStr(kubeClusterNames, teleportClusterName) {
+	if slices.Contains(kubeClusterNames, teleportClusterName) {
 		return teleportClusterName, nil
 	}
 	return kubeClusterNames[0], nil
--- a/lib/service/acme.go
+++ b/lib/service/acme.go
@ -22,8 +22,8 @@ import (
 	"strings"
 	"github.com/gravitational/trace"
 	"golang.org/x/exp/slices"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/lib/reversetunnel"
 	"github.com/gravitational/teleport/lib/utils"
 	"github.com/gravitational/teleport/lib/web/app"
@ -54,7 +54,7 @@ func (h *hostPolicyChecker) checkHost(ctx context.Context, host string) error {
 			host, strings.Join(h.dnsNames, ","))
 	}
-	if apiutils.SliceContainsStr(h.dnsNames, host) {
+	if slices.Contains(h.dnsNames, host) {
 		return nil
 	}
--- a/lib/service/cfg.go
+++ b/lib/service/cfg.go
@ -38,13 +38,13 @@ import (
 	"go.mongodb.org/mongo-driver/x/mongo/driver/connstring"
 	"go.opentelemetry.io/otel/attribute"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/exp/slices"
 	"golang.org/x/net/http/httpguts"
 	"k8s.io/apimachinery/pkg/util/validation"
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/breaker"
 	"github.com/gravitational/teleport/api/types"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	azureutils "github.com/gravitational/teleport/api/utils/azure"
 	"github.com/gravitational/teleport/lib/auth"
 	"github.com/gravitational/teleport/lib/auth/keystore"
@ -956,7 +956,7 @@ func (d *Database) CheckAndSetDefaults() error {
 	if errs := validation.IsDNS1035Label(d.Name); len(errs) > 0 {
 		return trace.BadParameter("invalid database %q name: %v", d.Name, errs)
 	}
-	if !apiutils.SliceContainsStr(defaults.DatabaseProtocols, d.Protocol) {
+	if !slices.Contains(defaults.DatabaseProtocols, d.Protocol) {
 		return trace.BadParameter("unsupported database %q protocol %q, supported are: %v",
 			d.Name, d.Protocol, defaults.DatabaseProtocols)
 	}
--- a/lib/services/access_request.go
+++ b/lib/services/access_request.go
@ -27,6 +27,7 @@ import (
 	"github.com/google/uuid"
 	"github.com/gravitational/trace"
 	"github.com/vulcand/predicate"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/client/proto"
 	apidefaults "github.com/gravitational/teleport/api/defaults"
@ -1036,7 +1037,7 @@ func (m *RequestValidator) GetRequestableRoles() ([]string, error) {
 	var expanded []string
 	for _, role := range allRoles {
-		if n := role.GetName(); !apiutils.SliceContainsStr(m.user.GetRoles(), n) && m.CanRequestRole(n) {
+		if n := role.GetName(); !slices.Contains(m.user.GetRoles(), n) && m.CanRequestRole(n) {
 			// user does not currently hold this role, and is allowed to request it.
 			expanded = append(expanded, n)
 		}
@ -1205,7 +1206,7 @@ func (m *RequestValidator) CanRequestRole(name string) bool {
 // CanSearchAsRole check if a given role can be requested through a search-based
 // access request
 func (m *RequestValidator) CanSearchAsRole(name string) bool {
-	if apiutils.SliceContainsStr(m.Roles.DenySearch, name) {
+	if slices.Contains(m.Roles.DenySearch, name) {
 		return false
 	}
 	for _, deny := range m.Roles.DenyRequest {
@ -1213,7 +1214,7 @@ func (m *RequestValidator) CanSearchAsRole(name string) bool {
 			return false
 		}
 	}
-	return apiutils.SliceContainsStr(m.Roles.AllowSearch, name)
+	return slices.Contains(m.Roles.AllowSearch, name)
 }
 // collectSetsForRole collects the threshold index sets which describe the various groups of
@ -1254,7 +1255,7 @@ func (m *RequestValidator) SystemAnnotations() map[string][]string {
 	for k, va := range m.Annotations.Allow {
 		var filtered []string
 		for _, v := range va {
-			if !apiutils.SliceContainsStr(m.Annotations.Deny[k], v) {
+			if !slices.Contains(m.Annotations.Deny[k], v) {
 				filtered = append(filtered, v)
 			}
 		}
--- a/lib/services/database.go
+++ b/lib/services/database.go
@ -33,9 +33,9 @@ import (
 	"github.com/coreos/go-semver/semver"
 	"github.com/gravitational/trace"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/types"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	awsutils "github.com/gravitational/teleport/api/utils/aws"
 	"github.com/gravitational/teleport/lib/cloud/azure"
 	"github.com/gravitational/teleport/lib/defaults"
@ -935,7 +935,7 @@ func IsRDSClusterSupported(cluster *rds.DBCluster) bool {
 	// Aurora MySQL 1.22.2, 1.20.1, 1.19.6, and 5.6.10a only: Parallel query doesn't support AWS Identity and Access Management (IAM) database authentication.
 	// https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-mysql-parallel-query.html#aurora-mysql-parallel-query-limitations
 	case RDSEngineModeParallelQuery:
-		if apiutils.SliceContainsStr([]string{"1.22.2", "1.20.1", "1.19.6", "5.6.10a"}, auroraMySQLVersion(cluster)) {
+		if slices.Contains([]string{"1.22.2", "1.20.1", "1.19.6", "5.6.10a"}, auroraMySQLVersion(cluster)) {
 			return false
 		}
 	}
--- a/lib/services/local/dynamic_access.go
+++ b/lib/services/local/dynamic_access.go
@ -22,10 +22,10 @@ import (
 	"time"
 	"github.com/gravitational/trace"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/types"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/api/utils/retryutils"
 	"github.com/gravitational/teleport/lib/backend"
 	"github.com/gravitational/teleport/lib/services"
@ -95,7 +95,7 @@ func (s *DynamicAccessService) SetAccessRequestState(ctx context.Context, params
 		req.SetResolveAnnotations(params.Annotations)
 		if len(params.Roles) > 0 {
 			for _, role := range params.Roles {
-				if !apiutils.SliceContainsStr(req.GetRoles(), role) {
+				if !slices.Contains(req.GetRoles(), role) {
 					return nil, trace.BadParameter("role %q not in original request, overrides must be a subset of original role list", role)
 				}
 			}
--- a/lib/services/presets.go
+++ b/lib/services/presets.go
@ -19,12 +19,12 @@ package services
 import (
 	"github.com/google/uuid"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/constants"
 	apidefaults "github.com/gravitational/teleport/api/defaults"
 	"github.com/gravitational/teleport/api/types"
 	utils "github.com/gravitational/teleport/api/utils"
 )
 // NewPresetEditorRole returns a new pre-defined role for cluster
@ -205,7 +205,7 @@ func AddDefaultAllowRules(role types.Role) types.Role {
 func resourceBelongsToRules(rules []types.Rule, resources []string) bool {
 	for _, rule := range rules {
 		for _, ruleResource := range rule.Resources {
-			if utils.SliceContainsStr(resources, ruleResource) {
+			if slices.Contains(resources, ruleResource) {
 				return true
 			}
 		}
--- a/lib/services/role.go
+++ b/lib/services/role.go
@ -30,6 +30,7 @@ import (
 	log "github.com/sirupsen/logrus"
 	"github.com/vulcand/predicate"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/constants"
@ -492,7 +493,7 @@ func ApplyValueTraits(val string, traits map[string][]string) ([]string, error)
 func ruleScore(r *types.Rule) int {
 	score := 0
 	// wildcard rules are less specific
-	if apiutils.SliceContainsStr(r.Resources, types.Wildcard) {
+	if slices.Contains(r.Resources, types.Wildcard) {
 		score -= 4
 	} else if len(r.Resources) == 1 {
 		// rules that match specific resource are more specific than
@ -500,7 +501,7 @@ func ruleScore(r *types.Rule) int {
 		score += 2
 	}
 	// rules that have wildcard verbs are less specific
-	if apiutils.SliceContainsStr(r.Verbs, types.Wildcard) {
+	if slices.Contains(r.Verbs, types.Wildcard) {
 		score -= 2
 	}
 	// rules that supply 'where' or 'actions' are more specific
@ -1034,7 +1035,7 @@ func MatchLabels(selector types.Labels, target map[string]string) (bool, string,
 			return false, fmt.Sprintf("no key match: '%v'", key), nil
 		}
-		if !apiutils.SliceContainsStr(selectorValues, types.Wildcard) {
+		if !slices.Contains(selectorValues, types.Wildcard) {
 			result, err := utils.SliceMatchesRegex(targetVal, selectorValues)
 			if err != nil {
 				return false, "", trace.Wrap(err)
--- a/lib/srv/app/transport.go
+++ b/lib/srv/app/transport.go
@ -27,11 +27,11 @@ import (
 	"github.com/gravitational/oxy/forward"
 	"github.com/gravitational/trace"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/types/wrappers"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/lib"
 	"github.com/gravitational/teleport/lib/defaults"
 	"github.com/gravitational/teleport/lib/services"
@ -267,7 +267,7 @@ func (t *transport) rewriteRedirect(resp *http.Response) error {
 		// If the redirect location is one of the hosts specified in the list of
 		// redirects, rewrite the header.
-		if apiutils.SliceContainsStr(t.c.app.GetRewrite().Redirect, host(u.Host)) {
+		if slices.Contains(t.c.app.GetRewrite().Redirect, host(u.Host)) {
 			u.Scheme = "https"
 			u.Host = net.JoinHostPort(t.c.app.GetPublicAddr(), t.c.publicPort)
 		}
--- a/lib/srv/db/cloud/users/elasticache.go
+++ b/lib/srv/db/cloud/users/elasticache.go
@ -23,9 +23,9 @@ import (
 	"github.com/aws/aws-sdk-go/service/elasticache"
 	"github.com/aws/aws-sdk-go/service/elasticache/elasticacheiface"
 	"github.com/gravitational/trace"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/utils"
 	libaws "github.com/gravitational/teleport/lib/cloud/aws"
 	libsecrets "github.com/gravitational/teleport/lib/srv/db/secrets"
 	libutils "github.com/gravitational/teleport/lib/utils"
@ -109,7 +109,7 @@ func (f *elastiCacheFetcher) getManagedUsersForGroup(ctx context.Context, region
 	managedUsers := []*elasticache.User{}
 	for _, user := range allUsers {
 		// Match user group ID.
-		if !utils.SliceContainsStr(aws.StringValueSlice(user.UserGroupIds), userGroupID) {
+		if !slices.Contains(aws.StringValueSlice(user.UserGroupIds), userGroupID) {
 			continue
 		}
--- a/lib/srv/db/cloud/users/helpers_test.go
+++ b/lib/srv/db/cloud/users/helpers_test.go
@ -22,9 +22,9 @@ import (
 	"github.com/gravitational/trace"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/utils"
 )
 func TestLookupMap(t *testing.T) {
@ -51,7 +51,7 @@ func TestLookupMap(t *testing.T) {
 			for _, user := range []User{user1, user2, user3} {
 				userGet, found := lookup.getDatabaseUser(db, user.GetDatabaseUsername())
-				if utils.SliceContainsStr(db.GetManagedUsers(), user.GetDatabaseUsername()) {
+				if slices.Contains(db.GetManagedUsers(), user.GetDatabaseUsername()) {
 					require.True(t, found)
 					require.Equal(t, user, userGet)
 				} else {
--- a/lib/srv/db/cloud/users/memorydb.go
+++ b/lib/srv/db/cloud/users/memorydb.go
@ -23,9 +23,9 @@ import (
 	"github.com/aws/aws-sdk-go/service/memorydb"
 	"github.com/aws/aws-sdk-go/service/memorydb/memorydbiface"
 	"github.com/gravitational/trace"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/utils"
 	libaws "github.com/gravitational/teleport/lib/cloud/aws"
 	"github.com/gravitational/teleport/lib/srv/db/common"
 	libsecrets "github.com/gravitational/teleport/lib/srv/db/secrets"
@ -108,7 +108,7 @@ func (f *memoryDBFetcher) getManagedUsersForACL(ctx context.Context, region, acl
 	managedUsers := []*memorydb.User{}
 	for _, user := range allUsers {
 		// Match ACL.
-		if !utils.SliceContainsStr(aws.StringValueSlice(user.ACLNames), aclName) {
+		if !slices.Contains(aws.StringValueSlice(user.ACLNames), aclName) {
 			continue
 		}
--- a/lib/srv/db/cloud/watchers/azure.go
+++ b/lib/srv/db/cloud/watchers/azure.go
@ -22,6 +22,7 @@ import (
 	"github.com/gravitational/trace"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/types"
 	apiutils "github.com/gravitational/teleport/api/utils"
@ -235,13 +236,13 @@ func simplifyMatchers(matchers []services.AzureMatcher) []services.AzureMatcher
 		groups := apiutils.Deduplicate(m.ResourceGroups)
 		regions := apiutils.Deduplicate(m.Regions)
 		ts := apiutils.Deduplicate(m.Types)
-		if len(subs) == 0 || apiutils.SliceContainsStr(subs, types.Wildcard) {
+		if len(subs) == 0 || slices.Contains(subs, types.Wildcard) {
 			subs = []string{types.Wildcard}
 		}
-		if len(groups) == 0 || apiutils.SliceContainsStr(groups, types.Wildcard) {
+		if len(groups) == 0 || slices.Contains(groups, types.Wildcard) {
 			groups = []string{types.Wildcard}
 		}
-		if len(regions) == 0 || apiutils.SliceContainsStr(regions, types.Wildcard) {
+		if len(regions) == 0 || slices.Contains(regions, types.Wildcard) {
 			regions = []string{types.Wildcard}
 		} else {
 			for i, region := range regions {
--- a/lib/srv/db/cloud/watchers/watcher.go
+++ b/lib/srv/db/cloud/watchers/watcher.go
@ -22,9 +22,9 @@ import (
 	"github.com/gravitational/trace"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/lib/cloud"
 	"github.com/gravitational/teleport/lib/services"
 )
@ -177,7 +177,7 @@ func makeAWSFetchers(clients cloud.Clients, matchers []services.AWSMatcher) (res
 	for _, matcher := range matchers {
 		for _, region := range matcher.Regions {
 			for matcherType, makeFetchers := range makeFetcherFuncs {
-				if !utils.SliceContainsStr(matcher.Types, matcherType) {
+				if !slices.Contains(matcher.Types, matcherType) {
 					continue
 				}
--- a/lib/srv/db/redis/cmds.go
+++ b/lib/srv/db/redis/cmds.go
@ -26,8 +26,8 @@ import (
 	"github.com/go-redis/redis/v9"
 	"github.com/gravitational/trace"
 	"golang.org/x/exp/slices"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/lib/defaults"
 	"github.com/gravitational/teleport/lib/services"
 	"github.com/gravitational/teleport/lib/srv/db/common"
@ -205,7 +205,7 @@ func (e *Engine) processAuth(ctx context.Context, cmd *redis.Cmd) error {
 		}
 		// For Teleport managed users, bypass the passwords sent here.
-		if apiutils.SliceContainsStr(e.sessionCtx.Database.GetManagedUsers(), e.sessionCtx.DatabaseUser) {
+		if slices.Contains(e.sessionCtx.Database.GetManagedUsers(), e.sessionCtx.DatabaseUser) {
 			return trace.Wrap(e.sendToClient([]string{
 				"OK",
 				fmt.Sprintf("Please note that AUTH commands are ignored for Teleport managed user '%s'.", e.sessionCtx.DatabaseUser),
--- a/lib/srv/db/redis/engine.go
+++ b/lib/srv/db/redis/engine.go
@ -24,9 +24,9 @@ import (
 	"github.com/go-redis/redis/v9"
 	"github.com/gravitational/trace"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/types"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	apiawsutils "github.com/gravitational/teleport/api/utils/aws"
 	"github.com/gravitational/teleport/lib/cloud/azure"
 	"github.com/gravitational/teleport/lib/defaults"
@ -258,7 +258,7 @@ func (e *Engine) createOnClientConnectFunc(sessionCtx *common.Session, username,
 	// database session. Fetching an user's password on each new connection
 	// ensures the correct password is used for each shard connection when
 	// Redis is in cluster mode.
-	case apiutils.SliceContainsStr(sessionCtx.Database.GetManagedUsers(), sessionCtx.DatabaseUser):
+	case slices.Contains(sessionCtx.Database.GetManagedUsers(), sessionCtx.DatabaseUser):
 		return fetchUserPasswordOnConnect(sessionCtx, e.Users, e.Audit)
 	default:
--- a/lib/srv/discovery/discovery.go
+++ b/lib/srv/discovery/discovery.go
@ -26,12 +26,12 @@ import (
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/gravitational/trace"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/constants"
 	"github.com/gravitational/teleport/api/types"
 	apievents "github.com/gravitational/teleport/api/types/events"
 	"github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/lib/auth"
 	"github.com/gravitational/teleport/lib/cloud"
 	"github.com/gravitational/teleport/lib/services"
@ -421,7 +421,7 @@ func (s *Server) Wait() error {
 func (s *Server) getAzureSubscriptions(ctx context.Context, subs []string) ([]string, error) {
 	subscriptionIds := subs
-	if utils.SliceContainsStr(subs, types.Wildcard) {
+	if slices.Contains(subs, types.Wildcard) {
 		subsClient, err := s.Clients.GetAzureSubscriptionClient()
 		if err != nil {
 			return nil, trace.Wrap(err)
@ -448,7 +448,7 @@ func (s *Server) initTeleportNodeWatcher() (err error) {
 // splitAWSMatchers splits the matchers between EC2 matchers and others.
 func splitAWSMatchers(matchers []services.AWSMatcher) (ec2 []services.AWSMatcher, other []services.AWSMatcher) {
 	for _, matcher := range matchers {
-		if utils.SliceContainsStr(matcher.Types, constants.AWSServiceTypeEC2) {
+		if slices.Contains(matcher.Types, constants.AWSServiceTypeEC2) {
 			ec2 = append(ec2,
 				copyAWSMatcherWithNewTypes(matcher, []string{constants.AWSServiceTypeEC2}),
 			)
@ -465,7 +465,7 @@ func splitAWSMatchers(matchers []services.AWSMatcher) (ec2 []services.AWSMatcher
 // splitAzureMatchers splits the matchers between Azure VM matchers and others.
 func splitAzureMatchers(matchers []services.AzureMatcher) (vm []services.AzureMatcher, other []services.AzureMatcher) {
 	for _, matcher := range matchers {
-		if utils.SliceContainsStr(matcher.Types, constants.AzureServiceTypeVM) {
+		if slices.Contains(matcher.Types, constants.AzureServiceTypeVM) {
 			vm = append(vm,
 				copyAzureMatcherWithNewTypes(matcher, []string{constants.AzureServiceTypeVM}),
 			)
--- a/lib/srv/discovery/fetchers/aks.go
+++ b/lib/srv/discovery/fetchers/aks.go
@ -21,9 +21,9 @@ import (
 	"github.com/gravitational/trace"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/lib/cloud/azure"
 	"github.com/gravitational/teleport/lib/services"
 )
@ -127,7 +127,7 @@ func (a *aksFetcher) getAKSClusters(ctx context.Context) ([]*azure.AKSCluster, e
 }
 func (a *aksFetcher) isRegionSupported(region string) bool {
-	return utils.SliceContainsStr(a.Regions, types.Wildcard) || utils.SliceContainsStr(a.Regions, region)
+	return slices.Contains(a.Regions, types.Wildcard) || slices.Contains(a.Regions, region)
 }
 func (a *aksFetcher) ResourceType() string {
--- a/lib/srv/exec.go
+++ b/lib/srv/exec.go
@ -32,11 +32,11 @@ import (
 	"github.com/gravitational/trace"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport"
 	tracessh "github.com/gravitational/teleport/api/observability/tracing/ssh"
 	apievents "github.com/gravitational/teleport/api/types/events"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/lib/events"
 	"github.com/gravitational/teleport/lib/services"
 )
@ -531,7 +531,7 @@ func parseSecureCopy(path string) (string, string, bool, error) {
 	// Look for the -t flag, it indicates that an upload occurred. The other
 	// flags do no matter for now.
 	action := events.SCPActionDownload
-	if apiutils.SliceContainsStr(parts, "-t") {
+	if slices.Contains(parts, "-t") {
 		action = events.SCPActionUpload
 	}
--- a/lib/srv/regular/proxy.go
+++ b/lib/srv/regular/proxy.go
@ -32,12 +32,12 @@ import (
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport"
 	apidefaults "github.com/gravitational/teleport/api/defaults"
 	"github.com/gravitational/teleport/api/observability/tracing"
 	"github.com/gravitational/teleport/api/types"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	apisshutils "github.com/gravitational/teleport/api/utils/sshutils"
 	"github.com/gravitational/teleport/lib/defaults"
 	"github.com/gravitational/teleport/lib/observability/metrics"
@ -509,7 +509,7 @@ func (t *proxySubsys) getMatchingServer(watcher NodesGetter, strategy types.Rout
 			t.log.Errorf("Failed to parse address %q: %v.", server.GetAddr(), err)
 			return false
 		}
-		if t.host == ip || t.host == server.GetHostname() || apiutils.SliceContainsStr(ips, ip) {
+		if t.host == ip || t.host == server.GetHostname() || slices.Contains(ips, ip) {
 			if !t.SpecifiedPort() || t.port == port {
 				return true
 			}
--- a/lib/srv/usermgmt_test.go
+++ b/lib/srv/usermgmt_test.go
@ -25,9 +25,9 @@ import (
 	"github.com/gravitational/trace"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/lib/backend/memory"
 	"github.com/gravitational/teleport/lib/services"
 	"github.com/gravitational/teleport/lib/services/local"
@ -251,7 +251,7 @@ func TestUserMgmt_DeleteAllTeleportSystemUsers(t *testing.T) {
 		for _, group := range user.groups {
 			mgmt.CreateGroup(group)
 		}
-		if utils.SliceContainsStr(user.groups, types.TeleportServiceGroup) {
+		if slices.Contains(user.groups, types.TeleportServiceGroup) {
 			users.CreateUser(user.user, &services.HostUsersInfo{Groups: user.groups})
 		} else {
 			mgmt.CreateUser(user.user, user.groups)
--- a/lib/tbot/ca_rotation.go
+++ b/lib/tbot/ca_rotation.go
@ -24,9 +24,9 @@ import (
 	"github.com/gravitational/trace"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/api/utils/retryutils"
 )
@ -191,7 +191,7 @@ func filterCAEvent(log logrus.FieldLogger, event types.Event, clusterName string
 	// We want to update for all phases but init and update_servers
 	phase := ca.GetRotation().Phase
-	if utils.SliceContainsStr([]string{
+	if slices.Contains([]string{
 		"", types.RotationPhaseInit, types.RotationPhaseUpdateServers,
 	}, phase) {
 		return fmt.Sprintf("skipping due to phase '%s'", phase)
@ -207,7 +207,7 @@ func filterCAEvent(log logrus.FieldLogger, event types.Event, clusterName string
 	}
 	// We want to skip anything that is not host, user, db
-	if !utils.SliceContainsStr([]string{
+	if !slices.Contains([]string{
 		string(types.HostCA),
 		string(types.UserCA),
 		string(types.DatabaseCA),
--- a/lib/teleterm/clusters/cluster_access_requests.go
+++ b/lib/teleterm/clusters/cluster_access_requests.go
@ -19,9 +19,9 @@ import (
 	"time"
 	"github.com/gravitational/trace"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/types"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/lib/auth"
 	"github.com/gravitational/teleport/lib/client"
 	"github.com/gravitational/teleport/lib/services"
@ -194,7 +194,7 @@ func (c *Cluster) AssumeRole(ctx context.Context, req *api.AssumeRoleRequest) er
 		// keep existing access requests that aren't included in the droprequests
 		for _, reqID := range c.status.ActiveRequests.AccessRequests {
-			if !apiutils.SliceContainsStr(req.DropRequestIds, reqID) {
+			if !slices.Contains(req.DropRequestIds, reqID) {
 				params.AccessRequests = append(params.AccessRequests, reqID)
 			}
 		}
--- a/lib/teleterm/gatewaytest/helpers.go
+++ b/lib/teleterm/gatewaytest/helpers.go
@ -22,8 +22,7 @@ import (
 	"github.com/gravitational/trace"
 	"github.com/stretchr/testify/require"
-
+	"golang.org/x/exp/slices"
 	apiutils "github.com/gravitational/teleport/api/utils"
 )
 const timeout = time.Second * 5
@ -66,7 +65,7 @@ type MockTCPPortAllocator struct {
 func (m *MockTCPPortAllocator) Listen(localAddress, localPort string) (net.Listener, error) {
 	m.CallCount++
-	if apiutils.SliceContainsStr(m.PortsInUse, localPort) {
+	if slices.Contains(m.PortsInUse, localPort) {
 		return nil, trace.BadParameter("address already in use")
 	}
--- a/lib/utils/fields.go
+++ b/lib/utils/fields.go
@ -20,9 +20,9 @@ import (
 	"time"
 	"github.com/gravitational/trace"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/utils"
 )
 // Fields represents a generic string-keyed map.
@ -139,14 +139,14 @@ func ToFieldsCondition(expr *types.WhereExpr) (FieldsCondition, error) {
 		left, right := expr.Contains.L, expr.Contains.R
 		switch {
 		case left.Field != "" && right.Field != "":
-			return func(f Fields) bool { return utils.SliceContainsStr(f.GetStrings(left.Field), f.GetString(right.Field)) }, nil
+			return func(f Fields) bool { return slices.Contains(f.GetStrings(left.Field), f.GetString(right.Field)) }, nil
 		case left.Literal != nil && right.Field != "":
 			if ss, ok := left.Literal.([]string); ok {
-				return func(f Fields) bool { return utils.SliceContainsStr(ss, f.GetString(right.Field)) }, nil
+				return func(f Fields) bool { return slices.Contains(ss, f.GetString(right.Field)) }, nil
 			}
 		case left.Field != "" && right.Literal != nil:
 			if s, ok := right.Literal.(string); ok {
-				return func(f Fields) bool { return utils.SliceContainsStr(f.GetStrings(left.Field), s) }, nil
+				return func(f Fields) bool { return slices.Contains(f.GetStrings(left.Field), s) }, nil
 			}
 		}
 	}
--- a/lib/utils/formatter.go
+++ b/lib/utils/formatter.go
@ -31,8 +31,7 @@ import (
 	"github.com/gravitational/trace"
 	log "github.com/sirupsen/logrus"
-
+	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/utils"
 )
 type TextFormatter struct {
@ -102,11 +101,11 @@ func (tf *TextFormatter) CheckAndSetDefaults() error {
 		return trace.Wrap(err)
 	}
-	if utils.SliceContainsStr(res, timestampField) {
+	if slices.Contains(res, timestampField) {
 		tf.timestampEnabled = true
 	}
-	if utils.SliceContainsStr(res, callerField) {
+	if slices.Contains(res, callerField) {
 		tf.callerEnabled = true
 	}
@ -210,15 +209,15 @@ func (j *JSONFormatter) CheckAndSetDefaults() error {
 		return trace.Wrap(err)
 	}
-	if utils.SliceContainsStr(res, timestampField) {
+	if slices.Contains(res, timestampField) {
 		j.JSONFormatter.DisableTimestamp = true
 	}
-	if utils.SliceContainsStr(res, callerField) {
+	if slices.Contains(res, callerField) {
 		j.callerEnabled = true
 	}
-	if utils.SliceContainsStr(res, componentField) {
+	if slices.Contains(res, componentField) {
 		j.componentEnabled = true
 	}
--- a/lib/utils/socks/socks.go
+++ b/lib/utils/socks/socks.go
@ -25,6 +25,7 @@ import (
 	"github.com/gravitational/trace"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport"
 )
@ -63,7 +64,7 @@ func Handshake(conn net.Conn) (string, error) {
 	if err != nil {
 		return "", trace.Wrap(err)
 	}
-	if !byteSliceContains(authMethods, socks5AuthNotRequired) {
+	if !slices.Contains(authMethods, socks5AuthNotRequired) {
 		return "", trace.BadParameter("only 'no authentication required' is supported")
 	}
 	err = writeMethodSelection(conn)
@ -254,14 +255,3 @@ func readByte(conn net.Conn) (byte, error) {
 	return b[0], nil
 }
 // byteSliceContains checks if the slice a contains the byte b.
 func byteSliceContains(a []byte, b byte) bool {
 	for _, v := range a {
 		if v == b {
 			return true
 		}
 	}
 	return false
 }
--- a/lib/web/apiserver.go
+++ b/lib/web/apiserver.go
@ -43,6 +43,7 @@ import (
 	lemma_secret "github.com/mailgun/lemma/secret"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/exp/slices"
 	"golang.org/x/mod/semver"
 	"github.com/gravitational/teleport"
@ -53,7 +54,6 @@ import (
 	"github.com/gravitational/teleport/api/types"
 	apievents "github.com/gravitational/teleport/api/types/events"
 	"github.com/gravitational/teleport/api/types/installers"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/api/utils/keys"
 	apisshutils "github.com/gravitational/teleport/api/utils/sshutils"
 	"github.com/gravitational/teleport/lib/auth"
@ -977,7 +977,7 @@ func (h *Handler) pingWithConnector(w http.ResponseWriter, r *http.Request, p ht
 	}
 	hasMessageOfTheDay := cap.GetMessageOfTheDay() != ""
-	if apiutils.SliceContainsStr(constants.SystemConnectors, connectorName) {
+	if slices.Contains(constants.SystemConnectors, connectorName) {
 		response.Auth, err = localSettings(cap)
 		if err != nil {
 			return nil, trace.Wrap(err)
--- a/lib/web/app/match.go
+++ b/lib/web/app/match.go
@ -22,10 +22,10 @@ import (
 	"strings"
 	"github.com/gravitational/trace"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/defaults"
 	"github.com/gravitational/teleport/api/types"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/lib/reversetunnel"
 	"github.com/gravitational/teleport/lib/services"
 	"github.com/gravitational/teleport/lib/tlsca"
@ -134,7 +134,7 @@ func ResolveFQDN(ctx context.Context, clt Getter, tunnel reversetunnel.Tunnel, p
 	if len(fqdnParts) != 2 {
 		return nil, "", trace.BadParameter("invalid FQDN: %v", fqdn)
 	}
-	if !apiutils.SliceContainsStr(proxyDNSNames, fqdnParts[1]) {
+	if !slices.Contains(proxyDNSNames, fqdnParts[1]) {
 		return nil, "", trace.BadParameter("FQDN %q is not a subdomain of the proxy", fqdn)
 	}
 	appName := fqdnParts[0]
--- a/lib/web/ui/usercontext.go
+++ b/lib/web/ui/usercontext.go
@ -17,6 +17,8 @@ limitations under the License.
 package ui
 import (
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/client/proto"
 	apidefaults "github.com/gravitational/teleport/api/defaults"
 	"github.com/gravitational/teleport/api/types"
@ -130,7 +132,7 @@ func getWindowsDesktopLogins(roleSet services.RoleSet) []string {
 	denied = apiutils.Deduplicate(denied)
 	desktopLogins := []string{}
 	for _, login := range allowed {
-		if isDenied := apiutils.SliceContainsStr(denied, login); !isDenied {
+		if isDenied := slices.Contains(denied, login); !isDenied {
 			desktopLogins = append(desktopLogins, login)
 		}
 	}
--- a/tool/tbot/init_test.go
+++ b/tool/tbot/init_test.go
@ -27,6 +27,7 @@ import (
 	"github.com/gravitational/trace"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/constants"
 	"github.com/gravitational/teleport/lib/tbot/botfs"
@ -38,23 +39,13 @@ import (
 // testing.
 var usernamesToTry = []string{"nobody", "ci", "root"}
 func contains(entries []string, entry string) bool {
 	for _, e := range entries {
 		if e == entry {
 			return true
 		}
 	}
 	return false
 }
 // filterUsers returns the input list of usernames except for those in the
 // exclude list.
 func filterUsers(usernames, exclude []string) []string {
 	ret := []string{}
 	for _, username := range usernames {
-		if !contains(exclude, username) {
+		if !slices.Contains(exclude, username) {
 			ret = append(ret, username)
 		}
 	}
--- a/tool/tctl/common/resource_command.go
+++ b/tool/tctl/common/resource_command.go
@ -26,13 +26,13 @@ import (
 	"github.com/gravitational/kingpin"
 	"github.com/gravitational/trace"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/exp/slices"
 	kyaml "k8s.io/apimachinery/pkg/util/yaml"
 	"github.com/gravitational/teleport"
 	apidefaults "github.com/gravitational/teleport/api/defaults"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/types/installers"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/lib/auth"
 	"github.com/gravitational/teleport/lib/client"
 	"github.com/gravitational/teleport/lib/defaults"
@ -650,7 +650,7 @@ func (rc *ResourceCommand) Delete(ctx context.Context, client auth.ClientI) (err
 		types.KindSessionRecordingConfig,
 		types.KindInstaller,
 	}
-	if !apiutils.SliceContainsStr(singletonResources, rc.ref.Kind) && (rc.ref.Kind == "" || rc.ref.Name == "") {
+	if !slices.Contains(singletonResources, rc.ref.Kind) && (rc.ref.Kind == "" || rc.ref.Name == "") {
 		return trace.BadParameter("provide a full resource name to delete, for example:\n$ tctl rm cluster/east\n")
 	}
--- a/tool/teleport/common/configurator.go
+++ b/tool/teleport/common/configurator.go
@ -22,9 +22,9 @@ import (
 	"strings"
 	"github.com/gravitational/trace"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport/api/types"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/lib/config"
 	"github.com/gravitational/teleport/lib/configurators"
 	awsconfigurators "github.com/gravitational/teleport/lib/configurators/aws"
@ -181,7 +181,7 @@ func (f *configureDatabaseAWSFlags) CheckAndSetDefaults() error {
 	f.typesList = strings.Split(f.types, ",")
 	for _, dbType := range f.typesList {
-		if !apiutils.SliceContainsStr(awsDatabaseTypes, dbType) {
+		if !slices.Contains(awsDatabaseTypes, dbType) {
 			return trace.BadParameter("--types %q not supported. supported types are: %s", dbType, strings.Join(awsDatabaseTypes, ", "))
 		}
 	}
--- a/tool/tsh/kube.go
+++ b/tool/tsh/kube.go
@ -31,6 +31,7 @@ import (
 	"github.com/gravitational/kingpin"
 	"github.com/gravitational/trace"
 	dockerterm "github.com/moby/term"
 	"golang.org/x/exp/slices"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@ -53,7 +54,6 @@ import (
 	"github.com/gravitational/teleport/api/client/proto"
 	"github.com/gravitational/teleport/api/profile"
 	"github.com/gravitational/teleport/api/types"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/api/utils/keypaths"
 	"github.com/gravitational/teleport/lib/asciitable"
 	"github.com/gravitational/teleport/lib/client"
@ -925,7 +925,7 @@ func (c *kubeLoginCommand) run(cf *CLIConf) error {
 		return trace.Wrap(err)
 	}
 	clusterNames := kubeClustersToStrings(kubeClusters)
-	if !apiutils.SliceContainsStr(clusterNames, c.kubeCluster) {
+	if !slices.Contains(clusterNames, c.kubeCluster) {
 		return trace.NotFound("kubernetes cluster %q not found, check 'tsh kube ls' for a list of known clusters", c.kubeCluster)
 	}
@ -1050,7 +1050,7 @@ func buildKubeConfigUpdate(cf *CLIConf, kubeStatus *kubernetesStatus) (*kubeconf
 	clusterNames := kubeClustersToStrings(kubeStatus.kubeClusters)
 	// Validate if cf.KubernetesCluster is part of the returned list of clusters
-	if cf.KubernetesCluster != "" && !apiutils.SliceContainsStr(clusterNames, cf.KubernetesCluster) {
+	if cf.KubernetesCluster != "" && !slices.Contains(clusterNames, cf.KubernetesCluster) {
 		return nil, trace.NotFound("Kubernetes cluster %q is not registered in this Teleport cluster; you can list registered Kubernetes clusters using 'tsh kube ls'.", cf.KubernetesCluster)
 	}
 	// If ListAll is not enabled, update only cf.KubernetesCluster cluster.
--- a/tool/tsh/tsh.go
+++ b/tool/tsh/tsh.go
@ -45,6 +45,7 @@ import (
 	"github.com/sirupsen/logrus"
 	oteltrace "go.opentelemetry.io/otel/trace"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/exp/slices"
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/client/proto"
@ -3838,7 +3839,7 @@ func reissueWithRequests(cf *CLIConf, tc *client.TeleportClient, newRequests []s
 	}
 	// If the certificate already had active requests, add them to our inputs parameters.
 	for _, reqID := range profile.ActiveRequests.AccessRequests {
-		if !apiutils.SliceContainsStr(dropRequests, reqID) {
+		if !slices.Contains(dropRequests, reqID) {
 			params.AccessRequests = append(params.AccessRequests, reqID)
 		}
 	}
--- a/tool/tsh/tsh_test.go
+++ b/tool/tsh/tsh_test.go
@ -40,6 +40,7 @@ import (
 	"github.com/stretchr/testify/require"
 	otlp "go.opentelemetry.io/proto/otlp/trace/v1"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/exp/slices"
 	yamlv2 "gopkg.in/yaml.v2"
 	"github.com/gravitational/teleport"
@ -51,7 +52,6 @@ import (
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/types/events"
 	"github.com/gravitational/teleport/api/types/wrappers"
 	apiutils "github.com/gravitational/teleport/api/utils"
 	"github.com/gravitational/teleport/api/utils/keys"
 	"github.com/gravitational/teleport/lib"
 	"github.com/gravitational/teleport/lib/auth"
@ -880,7 +880,7 @@ func TestSSHOnMultipleNodes(t *testing.T) {
 			require.NoError(t, err)
 			foundCount := 0
 			for _, node := range nodes {
-				if apiutils.SliceContainsStr(hostIDs, node.GetName()) {
+				if slices.Contains(hostIDs, node.GetName()) {
 					foundCount++
 				}
 			}
@ -1257,7 +1257,7 @@ func TestSSHAccessRequest(t *testing.T) {
 			require.NoError(t, err)
 			foundCount := 0
 			for _, node := range nodes {
-				if apiutils.SliceContainsStr(hostIDs, node.GetName()) {
+				if slices.Contains(hostIDs, node.GetName()) {
 					foundCount++
 				}
 			}
		`@ -1 +1 @@`
			`Subproject commit 79bc9eaa8c5055207a003023623b4e04bb2f8c09`				`Subproject commit 57ab2e31329117822bb744600974dcb6212ddbb1`