github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-12 21:36:24 +00:00
Code Issues Projects Releases Wiki Activity

dependencies: update go-oidc to v2.2.1

Browse Source 
Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
This commit is contained in:
Akhil Mohan 2023-04-13 23:25:57 -07:00
parent 1595d7f52d
commit d7270f4ba7
No known key found for this signature in database
GPG Key ID: 6025CC36B3981249
8 changed files with 49 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -22,7 +22,7 @@ require (
github.com/blang/semver/v4 v4.0.0 github.com/blang/semver/v4 v4.0.0
github.com/container-storage-interface/spec v1.8.0 github.com/container-storage-interface/spec v1.8.0
github.com/coredns/corefile-migration v1.0.20 github.com/coredns/corefile-migration v1.0.20
github.com/coreos/go-oidc v2.1.0+incompatible github.com/coreos/go-oidc v2.2.1+incompatible
github.com/coreos/go-systemd/v22 v22.5.0 github.com/coreos/go-systemd/v22 v22.5.0
github.com/cpuguy83/go-md2man/v2 v2.0.2 github.com/cpuguy83/go-md2man/v2 v2.0.2
github.com/cyphar/filepath-securejoin v0.2.3 github.com/cyphar/filepath-securejoin v0.2.3

4
go.sum
View File

@ -174,8 +174,8 @@ github.com/coredns/corefile-migration v1.0.20/go.mod h1:XnhgULOEouimnzgn0t4WPuFD
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/go-oidc v2.1.0+incompatible h1:sdJrfw8akMnCuUlaZU3tE/uYXFgfqom8DBE9so9EBsM= github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk=
github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM= github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=

2
staging/src/k8s.io/apiserver/go.mod
View File

@ -5,7 +5,7 @@ module k8s.io/apiserver
go 1.20 go 1.20
require ( require (
github.com/coreos/go-oidc v2.1.0+incompatible github.com/coreos/go-oidc v2.2.1+incompatible
github.com/coreos/go-systemd/v22 v22.5.0 github.com/coreos/go-systemd/v22 v22.5.0
github.com/emicklei/go-restful/v3 v3.9.0 github.com/emicklei/go-restful/v3 v3.9.0
github.com/evanphx/json-patch v4.12.0+incompatible github.com/evanphx/json-patch v4.12.0+incompatible

4
staging/src/k8s.io/apiserver/go.sum generated
View File

@ -92,8 +92,8 @@ github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWH
github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5 h1:xD/lrqdvwsc+O2bjSSi3YqY73Ke3LAiSCx49aCesA0E= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5 h1:xD/lrqdvwsc+O2bjSSi3YqY73Ke3LAiSCx49aCesA0E=
github.com/cockroachdb/errors v1.2.4 h1:Lap807SXTH5tri2TivECb/4abUkMZC9zRoLarvcKDqs= github.com/cockroachdb/errors v1.2.4 h1:Lap807SXTH5tri2TivECb/4abUkMZC9zRoLarvcKDqs=
github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f h1:o/kfcElHqOiXqcou5a3rIlMc7oJbMQkeLk0VQJ7zgqY= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f h1:o/kfcElHqOiXqcou5a3rIlMc7oJbMQkeLk0VQJ7zgqY=
github.com/coreos/go-oidc v2.1.0+incompatible h1:sdJrfw8akMnCuUlaZU3tE/uYXFgfqom8DBE9so9EBsM= github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk=
github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM= github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=

6
vendor/github.com/coreos/go-oidc/.travis.yml generated vendored
View File

@ -1,13 +1,13 @@
language: go language: go
go: go:
- "1.9" - "1.12"
- "1.10" - "1.13"
install: install:
- go get -v -t github.com/coreos/go-oidc/... - go get -v -t github.com/coreos/go-oidc/...
- go get golang.org/x/tools/cmd/cover - go get golang.org/x/tools/cmd/cover
- go get github.com/golang/lint/golint - go get golang.org/x/lint/golint
script: script:
- ./test - ./test

34
vendor/github.com/coreos/go-oidc/oidc.go generated vendored
View File

@ -69,6 +69,7 @@ type Provider struct {
authURL string authURL string
tokenURL string tokenURL string
userInfoURL string userInfoURL string
algorithms []string
// Raw claims returned by the server. // Raw claims returned by the server.
rawClaims []byte rawClaims []byte
@ -82,11 +83,27 @@ type cachedKeys struct {
} }
type providerJSON struct { type providerJSON struct {
Issuer string `json:"issuer"` Issuer string `json:"issuer"`
AuthURL string `json:"authorization_endpoint"` AuthURL string `json:"authorization_endpoint"`
TokenURL string `json:"token_endpoint"` TokenURL string `json:"token_endpoint"`
JWKSURL string `json:"jwks_uri"` JWKSURL string `json:"jwks_uri"`
UserInfoURL string `json:"userinfo_endpoint"` UserInfoURL string `json:"userinfo_endpoint"`
Algorithms []string `json:"id_token_signing_alg_values_supported"`
}
// supportedAlgorithms is a list of algorithms explicitly supported by this
// package. If a provider supports other algorithms, such as HS256 or none,
// those values won't be passed to the IDTokenVerifier.
var supportedAlgorithms = map[string]bool{
RS256: true,
RS384: true,
RS512: true,
ES256: true,
ES384: true,
ES512: true,
PS256: true,
PS384: true,
PS512: true,
} }
// NewProvider uses the OpenID Connect discovery mechanism to construct a Provider. // NewProvider uses the OpenID Connect discovery mechanism to construct a Provider.
@ -123,11 +140,18 @@ func NewProvider(ctx context.Context, issuer string) (*Provider, error) {
if p.Issuer != issuer { if p.Issuer != issuer {
return nil, fmt.Errorf("oidc: issuer did not match the issuer returned by provider, expected %q got %q", issuer, p.Issuer) return nil, fmt.Errorf("oidc: issuer did not match the issuer returned by provider, expected %q got %q", issuer, p.Issuer)
} }
var algs []string
for _, a := range p.Algorithms {
if supportedAlgorithms[a] {
algs = append(algs, a)
}
}
return &Provider{ return &Provider{
issuer: p.Issuer, issuer: p.Issuer,
authURL: p.AuthURL, authURL: p.AuthURL,
tokenURL: p.TokenURL, tokenURL: p.TokenURL,
userInfoURL: p.UserInfoURL, userInfoURL: p.UserInfoURL,
algorithms: algs,
rawClaims: body, rawClaims: body,
remoteKeySet: NewRemoteKeySet(ctx, p.JWKSURL), remoteKeySet: NewRemoteKeySet(ctx, p.JWKSURL),
}, nil }, nil

11
vendor/github.com/coreos/go-oidc/verify.go generated vendored
View File

@ -79,7 +79,9 @@ type Config struct {
ClientID string ClientID string
// If specified, only this set of algorithms may be used to sign the JWT. // If specified, only this set of algorithms may be used to sign the JWT.
// //
// Since many providers only support RS256, SupportedSigningAlgs defaults to this value. // If the IDTokenVerifier is created from a provider with (*Provider).Verifier, this
// defaults to the set of algorithms the provider supports. Otherwise this values
// defaults to RS256.
SupportedSigningAlgs []string SupportedSigningAlgs []string
// If true, no ClientID check performed. Must be true if ClientID field is empty. // If true, no ClientID check performed. Must be true if ClientID field is empty.
@ -105,6 +107,13 @@ type Config struct {
// The returned IDTokenVerifier is tied to the Provider's context and its behavior is // The returned IDTokenVerifier is tied to the Provider's context and its behavior is
// undefined once the Provider's context is canceled. // undefined once the Provider's context is canceled.
func (p *Provider) Verifier(config *Config) *IDTokenVerifier { func (p *Provider) Verifier(config *Config) *IDTokenVerifier {
if len(config.SupportedSigningAlgs) == 0 && len(p.algorithms) > 0 {
// Make a copy so we don't modify the config values.
cp := &Config{}
*cp = *config
cp.SupportedSigningAlgs = p.algorithms
config = cp
}
return NewVerifier(p.issuer, p.remoteKeySet, config) return NewVerifier(p.issuer, p.remoteKeySet, config)
} }

2
vendor/modules.txt vendored
View File

@ -154,7 +154,7 @@ github.com/coredns/caddy/caddyfile
## explicit; go 1.14 ## explicit; go 1.14
github.com/coredns/corefile-migration/migration github.com/coredns/corefile-migration/migration
github.com/coredns/corefile-migration/migration/corefile github.com/coredns/corefile-migration/migration/corefile
# github.com/coreos/go-oidc v2.1.0+incompatible # github.com/coreos/go-oidc v2.2.1+incompatible
## explicit ## explicit
github.com/coreos/go-oidc github.com/coreos/go-oidc
# github.com/coreos/go-semver v0.3.0 # github.com/coreos/go-semver v0.3.0