Merge pull request #42669 from curtisallen/update_dep_go-oidc

Automatic merge from submit-queue (batch tested with PRs 42802, 42927, 42669, 42988, 43012)

update to latest version of coreos/go-oidc

Includes updates that enable OIDC with OKTA as a IDP



**What this PR does / why we need it**:
Updates to the latest version of coreos/go-oidc

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # TBD

**Special notes for your reviewer**:
Updates coreos/go-oidc module to include fixes for https://github.com/coreos/go-oidc/issues/137 which prevent OKTA being used as an IDP
**Release note**:

```release-note
NONE
```

cc:/ @ericchiang
This commit is contained in:
Kubernetes Submit Queue 2017-03-14 07:31:34 -07:00 committed by GitHub
commit f5114ffa5a
12 changed files with 34 additions and 90 deletions

10
Godeps/Godeps.json generated
View File

@ -691,23 +691,23 @@
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/http", "ImportPath": "github.com/coreos/go-oidc/http",
"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d" "Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/jose", "ImportPath": "github.com/coreos/go-oidc/jose",
"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d" "Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/key", "ImportPath": "github.com/coreos/go-oidc/key",
"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d" "Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/oauth2", "ImportPath": "github.com/coreos/go-oidc/oauth2",
"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d" "Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/oidc", "ImportPath": "github.com/coreos/go-oidc/oidc",
"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d" "Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
}, },
{ {
"ImportPath": "github.com/coreos/go-semver/semver", "ImportPath": "github.com/coreos/go-semver/semver",

View File

@ -236,23 +236,23 @@
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/http", "ImportPath": "github.com/coreos/go-oidc/http",
"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d" "Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/jose", "ImportPath": "github.com/coreos/go-oidc/jose",
"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d" "Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/key", "ImportPath": "github.com/coreos/go-oidc/key",
"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d" "Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/oauth2", "ImportPath": "github.com/coreos/go-oidc/oauth2",
"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d" "Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/oidc", "ImportPath": "github.com/coreos/go-oidc/oidc",
"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d" "Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
}, },
{ {
"ImportPath": "github.com/coreos/go-semver/semver", "ImportPath": "github.com/coreos/go-semver/semver",

View File

@ -24,23 +24,23 @@
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/http", "ImportPath": "github.com/coreos/go-oidc/http",
"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d" "Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/jose", "ImportPath": "github.com/coreos/go-oidc/jose",
"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d" "Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/key", "ImportPath": "github.com/coreos/go-oidc/key",
"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d" "Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/oauth2", "ImportPath": "github.com/coreos/go-oidc/oauth2",
"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d" "Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/oidc", "ImportPath": "github.com/coreos/go-oidc/oidc",
"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d" "Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
}, },
{ {
"ImportPath": "github.com/coreos/pkg/health", "ImportPath": "github.com/coreos/pkg/health",

6
vendor/BUILD vendored
View File

@ -2055,6 +2055,7 @@ go_library(
name = "github.com/coreos/go-oidc/http", name = "github.com/coreos/go-oidc/http",
srcs = [ srcs = [
"github.com/coreos/go-oidc/http/client.go", "github.com/coreos/go-oidc/http/client.go",
"github.com/coreos/go-oidc/http/doc.go",
"github.com/coreos/go-oidc/http/http.go", "github.com/coreos/go-oidc/http/http.go",
"github.com/coreos/go-oidc/http/url.go", "github.com/coreos/go-oidc/http/url.go",
], ],
@ -2065,12 +2066,12 @@ go_library(
name = "github.com/coreos/go-oidc/jose", name = "github.com/coreos/go-oidc/jose",
srcs = [ srcs = [
"github.com/coreos/go-oidc/jose/claims.go", "github.com/coreos/go-oidc/jose/claims.go",
"github.com/coreos/go-oidc/jose/doc.go",
"github.com/coreos/go-oidc/jose/jose.go", "github.com/coreos/go-oidc/jose/jose.go",
"github.com/coreos/go-oidc/jose/jwk.go", "github.com/coreos/go-oidc/jose/jwk.go",
"github.com/coreos/go-oidc/jose/jws.go", "github.com/coreos/go-oidc/jose/jws.go",
"github.com/coreos/go-oidc/jose/jwt.go", "github.com/coreos/go-oidc/jose/jwt.go",
"github.com/coreos/go-oidc/jose/sig.go", "github.com/coreos/go-oidc/jose/sig.go",
"github.com/coreos/go-oidc/jose/sig_hmac.go",
"github.com/coreos/go-oidc/jose/sig_rsa.go", "github.com/coreos/go-oidc/jose/sig_rsa.go",
], ],
tags = ["automanaged"], tags = ["automanaged"],
@ -2079,6 +2080,7 @@ go_library(
go_library( go_library(
name = "github.com/coreos/go-oidc/key", name = "github.com/coreos/go-oidc/key",
srcs = [ srcs = [
"github.com/coreos/go-oidc/key/doc.go",
"github.com/coreos/go-oidc/key/key.go", "github.com/coreos/go-oidc/key/key.go",
"github.com/coreos/go-oidc/key/manager.go", "github.com/coreos/go-oidc/key/manager.go",
"github.com/coreos/go-oidc/key/repo.go", "github.com/coreos/go-oidc/key/repo.go",
@ -2097,6 +2099,7 @@ go_library(
go_library( go_library(
name = "github.com/coreos/go-oidc/oauth2", name = "github.com/coreos/go-oidc/oauth2",
srcs = [ srcs = [
"github.com/coreos/go-oidc/oauth2/doc.go",
"github.com/coreos/go-oidc/oauth2/error.go", "github.com/coreos/go-oidc/oauth2/error.go",
"github.com/coreos/go-oidc/oauth2/oauth2.go", "github.com/coreos/go-oidc/oauth2/oauth2.go",
], ],
@ -2108,6 +2111,7 @@ go_library(
name = "github.com/coreos/go-oidc/oidc", name = "github.com/coreos/go-oidc/oidc",
srcs = [ srcs = [
"github.com/coreos/go-oidc/oidc/client.go", "github.com/coreos/go-oidc/oidc/client.go",
"github.com/coreos/go-oidc/oidc/doc.go",
"github.com/coreos/go-oidc/oidc/identity.go", "github.com/coreos/go-oidc/oidc/identity.go",
"github.com/coreos/go-oidc/oidc/interface.go", "github.com/coreos/go-oidc/oidc/interface.go",
"github.com/coreos/go-oidc/oidc/key.go", "github.com/coreos/go-oidc/oidc/key.go",

2
vendor/github.com/coreos/go-oidc/http/doc.go generated vendored Normal file
View File

@ -0,0 +1,2 @@
// Package http is DEPRECATED. Use net/http instead.
package http

2
vendor/github.com/coreos/go-oidc/jose/doc.go generated vendored Normal file
View File

@ -0,0 +1,2 @@
// Package jose is DEPRECATED. Use gopkg.in/square/go-jose.v2 instead.
package jose

View File

@ -104,7 +104,7 @@ func encodeExponent(e int) string {
break break
} }
} }
return base64.URLEncoding.EncodeToString(b[idx:]) return base64.RawURLEncoding.EncodeToString(b[idx:])
} }
// Turns a URL encoded modulus of a key into a big int. // Turns a URL encoded modulus of a key into a big int.
@ -119,7 +119,7 @@ func decodeModulus(n string) (*big.Int, error) {
} }
func encodeModulus(n *big.Int) string { func encodeModulus(n *big.Int) string {
return base64.URLEncoding.EncodeToString(n.Bytes()) return base64.RawURLEncoding.EncodeToString(n.Bytes())
} }
// decodeBase64URLPaddingOptional decodes Base64 whether there is padding or not. // decodeBase64URLPaddingOptional decodes Base64 whether there is padding or not.

View File

@ -1,67 +0,0 @@
package jose
import (
"bytes"
"crypto"
"crypto/hmac"
_ "crypto/sha256"
"errors"
"fmt"
)
type VerifierHMAC struct {
KeyID string
Hash crypto.Hash
Secret []byte
}
type SignerHMAC struct {
VerifierHMAC
}
func NewVerifierHMAC(jwk JWK) (*VerifierHMAC, error) {
if jwk.Alg != "" && jwk.Alg != "HS256" {
return nil, fmt.Errorf("unsupported key algorithm %q", jwk.Alg)
}
v := VerifierHMAC{
KeyID: jwk.ID,
Secret: jwk.Secret,
Hash: crypto.SHA256,
}
return &v, nil
}
func (v *VerifierHMAC) ID() string {
return v.KeyID
}
func (v *VerifierHMAC) Alg() string {
return "HS256"
}
func (v *VerifierHMAC) Verify(sig []byte, data []byte) error {
h := hmac.New(v.Hash.New, v.Secret)
h.Write(data)
if !bytes.Equal(sig, h.Sum(nil)) {
return errors.New("invalid hmac signature")
}
return nil
}
func NewSignerHMAC(kid string, secret []byte) *SignerHMAC {
return &SignerHMAC{
VerifierHMAC: VerifierHMAC{
KeyID: kid,
Secret: secret,
Hash: crypto.SHA256,
},
}
}
func (s *SignerHMAC) Sign(data []byte) ([]byte, error) {
h := hmac.New(s.Hash.New, s.Secret)
h.Write(data)
return h.Sum(nil), nil
}

2
vendor/github.com/coreos/go-oidc/key/doc.go generated vendored Normal file
View File

@ -0,0 +1,2 @@
// Package key is DEPRECATED. Use github.com/coreos/go-oidc instead.
package key

2
vendor/github.com/coreos/go-oidc/oauth2/doc.go generated vendored Normal file
View File

@ -0,0 +1,2 @@
// Package oauth2 is DEPRECATED. Use golang.org/x/oauth instead.
package oauth2

2
vendor/github.com/coreos/go-oidc/oidc/doc.go generated vendored Normal file
View File

@ -0,0 +1,2 @@
// Package oidc is DEPRECATED. Use github.com/coreos/go-oidc instead.
package oidc

View File

@ -353,9 +353,6 @@ func (p ProviderConfig) Valid() error {
if !contains(p.IDTokenSigningAlgValues, "RS256") { if !contains(p.IDTokenSigningAlgValues, "RS256") {
return errors.New("id_token_signing_alg_values_supported must include 'RS256'") return errors.New("id_token_signing_alg_values_supported must include 'RS256'")
} }
if contains(p.TokenEndpointAuthMethodsSupported, "none") {
return errors.New("token_endpoint_auth_signing_alg_values_supported cannot include 'none'")
}
uris := []struct { uris := []struct {
val *url.URL val *url.URL
@ -567,7 +564,7 @@ func (n *pcsStepNext) step(fn pcsStepFunc) (next pcsStepper) {
next = &pcsStepNext{aft: ttl} next = &pcsStepNext{aft: ttl}
} else { } else {
next = &pcsStepRetry{aft: time.Second} next = &pcsStepRetry{aft: time.Second}
log.Printf("go-oidc: provider config sync falied, retyring in %v: %v", next.after(), err) log.Printf("go-oidc: provider config sync failed, retrying in %v: %v", next.after(), err)
} }
return return
} }
@ -586,7 +583,7 @@ func (r *pcsStepRetry) step(fn pcsStepFunc) (next pcsStepper) {
next = &pcsStepNext{aft: ttl} next = &pcsStepNext{aft: ttl}
} else { } else {
next = &pcsStepRetry{aft: timeutil.ExpBackoff(r.aft, time.Minute)} next = &pcsStepRetry{aft: timeutil.ExpBackoff(r.aft, time.Minute)}
log.Printf("go-oidc: provider config sync falied, retyring in %v: %v", next.after(), err) log.Printf("go-oidc: provider config sync failed, retrying in %v: %v", next.after(), err)
} }
return return
} }