From 777eeafabc3467dc8398069e3695d26fe2fa4f89 Mon Sep 17 00:00:00 2001 From: Eric Chiang Date: Wed, 8 Mar 2017 10:33:19 -0800 Subject: [PATCH] *: update go-oidc and use standard library's context package --- cmd/dex/serve.go | 2 +- cmd/example-app/main.go | 4 ++-- connector/connector.go | 3 +-- connector/github/github.go | 2 +- connector/gitlab/gitlab.go | 2 +- connector/ldap/ldap.go | 2 +- connector/mock/connectortest.go | 3 +-- connector/oidc/oidc.go | 6 +++--- glide.yaml | 3 +-- server/api.go | 3 +++ server/handlers_test.go | 3 +-- server/rotation.go | 2 +- server/server.go | 2 +- server/server_test.go | 19 ++++++++++++------- storage/kubernetes/client.go | 2 +- storage/kubernetes/storage.go | 4 ++-- 16 files changed, 33 insertions(+), 29 deletions(-) diff --git a/cmd/dex/serve.go b/cmd/dex/serve.go index 6c708c4e..08d9fdb0 100644 --- a/cmd/dex/serve.go +++ b/cmd/dex/serve.go @@ -1,6 +1,7 @@ package main import ( + "context" "crypto/tls" "crypto/x509" "errors" @@ -15,7 +16,6 @@ import ( "github.com/Sirupsen/logrus" "github.com/ghodss/yaml" "github.com/spf13/cobra" - "golang.org/x/net/context" "google.golang.org/grpc" "google.golang.org/grpc/credentials" diff --git a/cmd/example-app/main.go b/cmd/example-app/main.go index 3ec34e38..4da34b9a 100644 --- a/cmd/example-app/main.go +++ b/cmd/example-app/main.go @@ -2,6 +2,7 @@ package main import ( "bytes" + "context" "crypto/tls" "crypto/x509" "encoding/json" @@ -19,7 +20,6 @@ import ( "github.com/coreos/go-oidc" "github.com/spf13/cobra" - "golang.org/x/net/context" "golang.org/x/oauth2" ) @@ -175,7 +175,7 @@ func cmd() *cobra.Command { } a.provider = provider - a.verifier = provider.Verifier(oidc.VerifyAudience(a.clientID)) + a.verifier = provider.Verifier(&oidc.Config{ClientID: a.clientID}) http.HandleFunc("/", a.handleIndex) http.HandleFunc("/login", a.handleLogin) diff --git a/connector/connector.go b/connector/connector.go index c92d7589..fde38a24 100644 --- a/connector/connector.go +++ b/connector/connector.go @@ -2,9 +2,8 @@ package connector import ( + "context" "net/http" - - "golang.org/x/net/context" ) // Connector is a mechanism for federating login to a remote identity service. diff --git a/connector/github/github.go b/connector/github/github.go index f6dbdfee..49dc3bb3 100644 --- a/connector/github/github.go +++ b/connector/github/github.go @@ -2,6 +2,7 @@ package github import ( + "context" "encoding/json" "errors" "fmt" @@ -10,7 +11,6 @@ import ( "regexp" "strconv" - "golang.org/x/net/context" "golang.org/x/oauth2" "golang.org/x/oauth2/github" diff --git a/connector/gitlab/gitlab.go b/connector/gitlab/gitlab.go index 0fcc3d26..b0f10cf1 100644 --- a/connector/gitlab/gitlab.go +++ b/connector/gitlab/gitlab.go @@ -2,6 +2,7 @@ package gitlab import ( + "context" "encoding/json" "errors" "fmt" @@ -12,7 +13,6 @@ import ( "github.com/Sirupsen/logrus" "github.com/coreos/dex/connector" - "golang.org/x/net/context" "golang.org/x/oauth2" ) diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go index c5e45d37..df3d4c9d 100644 --- a/connector/ldap/ldap.go +++ b/connector/ldap/ldap.go @@ -2,6 +2,7 @@ package ldap import ( + "context" "crypto/tls" "crypto/x509" "encoding/json" @@ -9,7 +10,6 @@ import ( "io/ioutil" "net" - "golang.org/x/net/context" "gopkg.in/ldap.v2" "github.com/Sirupsen/logrus" diff --git a/connector/mock/connectortest.go b/connector/mock/connectortest.go index b754705b..ef7749f7 100644 --- a/connector/mock/connectortest.go +++ b/connector/mock/connectortest.go @@ -2,13 +2,12 @@ package mock import ( + "context" "errors" "fmt" "net/http" "net/url" - "golang.org/x/net/context" - "github.com/Sirupsen/logrus" "github.com/coreos/dex/connector" ) diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go index 6a8b6f98..728bdf6a 100644 --- a/connector/oidc/oidc.go +++ b/connector/oidc/oidc.go @@ -2,13 +2,13 @@ package oidc import ( + "context" "errors" "fmt" "net/http" "github.com/Sirupsen/logrus" "github.com/coreos/go-oidc" - "golang.org/x/net/context" "golang.org/x/oauth2" "github.com/coreos/dex/connector" @@ -53,10 +53,10 @@ func (c *Config) Open(logger logrus.FieldLogger) (conn connector.Connector, err RedirectURL: c.RedirectURI, }, verifier: provider.Verifier( - oidc.VerifyExpiry(), - oidc.VerifyAudience(clientID), + &oidc.Config{ClientID: clientID}, ), logger: logger, + cancel: cancel, }, nil } diff --git a/glide.yaml b/glide.yaml index c6d1991f..07337a1d 100644 --- a/glide.yaml +++ b/glide.yaml @@ -35,7 +35,6 @@ import: version: 6a513affb38dc9788b449d59ffed099b8de18fa0 subpackages: - context - - context/ctxhttp - http2 - http2/hpack - internal/timeseries @@ -68,7 +67,7 @@ import: # Used for server integration tests and OpenID Connect connector. - package: github.com/coreos/go-oidc - version: 2b5d73091ea4b7ddb15e3ac00077f153120b5b61 + version: be73733bb8cc830d0205609b95d125215f8e9c70 - package: github.com/pquerna/cachecontrol version: c97913dcbd76de40b051a9b4cd827f7eaeb7a868 - package: golang.org/x/oauth2 diff --git a/server/api.go b/server/api.go index 25655d68..0e7c5b2f 100644 --- a/server/api.go +++ b/server/api.go @@ -5,6 +5,9 @@ import ( "fmt" "golang.org/x/crypto/bcrypt" + + // go-grpc doesn't use the standard library's context. + // https://github.com/grpc/grpc-go/issues/711 "golang.org/x/net/context" "github.com/Sirupsen/logrus" diff --git a/server/handlers_test.go b/server/handlers_test.go index 233af279..4c410b8e 100644 --- a/server/handlers_test.go +++ b/server/handlers_test.go @@ -1,11 +1,10 @@ package server import ( + "context" "net/http" "net/http/httptest" "testing" - - "golang.org/x/net/context" ) func TestHandleHealth(t *testing.T) { diff --git a/server/rotation.go b/server/rotation.go index fb790c62..5619b3a7 100644 --- a/server/rotation.go +++ b/server/rotation.go @@ -1,6 +1,7 @@ package server import ( + "context" "crypto/rand" "crypto/rsa" "encoding/hex" @@ -9,7 +10,6 @@ import ( "io" "time" - "golang.org/x/net/context" "gopkg.in/square/go-jose.v2" "github.com/Sirupsen/logrus" diff --git a/server/server.go b/server/server.go index 012802f2..68fe0915 100644 --- a/server/server.go +++ b/server/server.go @@ -1,6 +1,7 @@ package server import ( + "context" "errors" "fmt" "net/http" @@ -10,7 +11,6 @@ import ( "time" "golang.org/x/crypto/bcrypt" - "golang.org/x/net/context" "github.com/Sirupsen/logrus" "github.com/gorilla/handlers" diff --git a/server/server_test.go b/server/server_test.go index 688c606e..2fd0229b 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -1,6 +1,7 @@ package server import ( + "context" "crypto/rsa" "crypto/x509" "encoding/json" @@ -24,7 +25,6 @@ import ( oidc "github.com/coreos/go-oidc" "github.com/kylelemons/godebug/pretty" "golang.org/x/crypto/bcrypt" - "golang.org/x/net/context" "golang.org/x/oauth2" jose "gopkg.in/square/go-jose.v2" @@ -175,6 +175,8 @@ func TestOAuth2CodeFlow(t *testing.T) { // Connector used by the tests. var conn *mock.Callback + oidcConfig := &oidc.Config{SkipClientIDCheck: true} + tests := []struct { name string // If specified these set of scopes will be used during the test case. @@ -189,7 +191,7 @@ func TestOAuth2CodeFlow(t *testing.T) { if !ok { return fmt.Errorf("no id token found") } - if _, err := p.Verifier().Verify(ctx, idToken); err != nil { + if _, err := p.Verifier(oidcConfig).Verify(ctx, idToken); err != nil { return fmt.Errorf("failed to verify id token: %v", err) } return nil @@ -212,7 +214,7 @@ func TestOAuth2CodeFlow(t *testing.T) { if !ok { return fmt.Errorf("no id token found") } - idToken, err := p.Verifier().Verify(ctx, rawIDToken) + idToken, err := p.Verifier(oidcConfig).Verify(ctx, rawIDToken) if err != nil { return fmt.Errorf("failed to verify id token: %v", err) } @@ -229,7 +231,7 @@ func TestOAuth2CodeFlow(t *testing.T) { if !ok { return fmt.Errorf("no id token found") } - idToken, err := p.Verifier().Verify(ctx, rawIDToken) + idToken, err := p.Verifier(oidcConfig).Verify(ctx, rawIDToken) if err != nil { return fmt.Errorf("failed to verify id token: %v", err) } @@ -391,7 +393,7 @@ func TestOAuth2CodeFlow(t *testing.T) { if !ok { return fmt.Errorf("no id_token in refreshed token") } - idToken, err := p.Verifier().Verify(ctx, rawIDToken) + idToken, err := p.Verifier(oidcConfig).Verify(ctx, rawIDToken) if err != nil { return fmt.Errorf("failed to verify id token: %v", err) } @@ -632,7 +634,10 @@ func TestOAuth2ImplicitFlow(t *testing.T) { src := &nonceSource{nonce: nonce} - idTokenVerifier := p.Verifier(oidc.VerifyAudience(client.ID), oidc.VerifyNonce(src)) + idTokenVerifier := p.Verifier(&oidc.Config{ + ClientID: client.ID, + ClaimNonce: src.ClaimNonce, + }) oauth2Config = &oauth2.Config{ ClientID: client.ID, @@ -749,7 +754,7 @@ func TestCrossClientScopes(t *testing.T) { t.Errorf("no id token found: %v", err) return } - idToken, err := p.Verifier().Verify(ctx, rawIDToken) + idToken, err := p.Verifier(&oidc.Config{ClientID: testClientID}).Verify(ctx, rawIDToken) if err != nil { t.Errorf("failed to parse ID Token: %v", err) return diff --git a/storage/kubernetes/client.go b/storage/kubernetes/client.go index 1f562165..f61c37db 100644 --- a/storage/kubernetes/client.go +++ b/storage/kubernetes/client.go @@ -2,6 +2,7 @@ package kubernetes import ( "bytes" + "context" "crypto/tls" "crypto/x509" "encoding/base32" @@ -24,7 +25,6 @@ import ( "github.com/Sirupsen/logrus" "github.com/ghodss/yaml" "github.com/gtank/cryptopasta" - "golang.org/x/net/context" "golang.org/x/net/http2" "github.com/coreos/dex/storage" diff --git a/storage/kubernetes/storage.go b/storage/kubernetes/storage.go index 788d08b1..5b8721f3 100644 --- a/storage/kubernetes/storage.go +++ b/storage/kubernetes/storage.go @@ -1,13 +1,12 @@ package kubernetes import ( + "context" "errors" "fmt" "strings" "time" - "golang.org/x/net/context" - "github.com/Sirupsen/logrus" "github.com/coreos/dex/storage" "github.com/coreos/dex/storage/kubernetes/k8sapi" @@ -85,6 +84,7 @@ func (c *Config) open(logger logrus.FieldLogger, errOnTPRs bool) (*client, error if !cli.createThirdPartyResources() { if errOnTPRs { + cancel() return nil, fmt.Errorf("failed creating third party resources") }