Merge pull request #715 from ericchiang/update-go-oidc
*: update vendored go-oidc
This commit is contained in:
commit
936816af55
6
glide.lock
generated
6
glide.lock
generated
@ -1,12 +1,12 @@
|
|||||||
hash: c3530f2a60a64c2efc4c3ac499fcd15f79de2a532715ba2b9841c1d404942b2e
|
hash: 773c45cb2136423f907496cc1ba67e0c58b35e237b15b0d5f212dce598265442
|
||||||
updated: 2016-11-17T15:18:56.701287533-08:00
|
updated: 2016-12-01T13:12:54.401738528-08:00
|
||||||
imports:
|
imports:
|
||||||
- name: github.com/cockroachdb/cockroach-go
|
- name: github.com/cockroachdb/cockroach-go
|
||||||
version: 31611c0501c812f437d4861d87d117053967c955
|
version: 31611c0501c812f437d4861d87d117053967c955
|
||||||
subpackages:
|
subpackages:
|
||||||
- crdb
|
- crdb
|
||||||
- name: github.com/coreos/go-oidc
|
- name: github.com/coreos/go-oidc
|
||||||
version: 5a7f09ab5787e846efa7f56f4a08b6d6926d08c4
|
version: dedb650fb29c39c2f21aa88c1e4cec66da8754d1
|
||||||
- name: github.com/ghodss/yaml
|
- name: github.com/ghodss/yaml
|
||||||
version: bea76d6a4713e18b7f5321a2b020738552def3ea
|
version: bea76d6a4713e18b7f5321a2b020738552def3ea
|
||||||
- name: github.com/go-sql-driver/mysql
|
- name: github.com/go-sql-driver/mysql
|
||||||
|
@ -51,7 +51,7 @@ import:
|
|||||||
- bcrypt
|
- bcrypt
|
||||||
|
|
||||||
- package: github.com/coreos/go-oidc
|
- package: github.com/coreos/go-oidc
|
||||||
version: 5a7f09ab5787e846efa7f56f4a08b6d6926d08c4
|
version: dedb650fb29c39c2f21aa88c1e4cec66da8754d1
|
||||||
- package: github.com/pquerna/cachecontrol
|
- package: github.com/pquerna/cachecontrol
|
||||||
version: c97913dcbd76de40b051a9b4cd827f7eaeb7a868
|
version: c97913dcbd76de40b051a9b4cd827f7eaeb7a868
|
||||||
- package: golang.org/x/oauth2
|
- package: golang.org/x/oauth2
|
||||||
|
2
vendor/github.com/coreos/go-oidc/.travis.yml
generated
vendored
2
vendor/github.com/coreos/go-oidc/.travis.yml
generated
vendored
@ -5,7 +5,7 @@ go:
|
|||||||
- 1.6.3
|
- 1.6.3
|
||||||
|
|
||||||
install:
|
install:
|
||||||
- go get -v -t github.com/coreos/go-oidc
|
- go get -v -t github.com/coreos/go-oidc/...
|
||||||
- go get golang.org/x/tools/cmd/cover
|
- go get golang.org/x/tools/cmd/cover
|
||||||
- go get github.com/golang/lint/golint
|
- go get github.com/golang/lint/golint
|
||||||
|
|
||||||
|
4
vendor/github.com/coreos/go-oidc/jose/jwk.go
generated
vendored
4
vendor/github.com/coreos/go-oidc/jose/jwk.go
generated
vendored
@ -104,7 +104,7 @@ func encodeExponent(e int) string {
|
|||||||
break
|
break
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return base64.URLEncoding.EncodeToString(b[idx:])
|
return base64.RawURLEncoding.EncodeToString(b[idx:])
|
||||||
}
|
}
|
||||||
|
|
||||||
// Turns a URL encoded modulus of a key into a big int.
|
// Turns a URL encoded modulus of a key into a big int.
|
||||||
@ -119,7 +119,7 @@ func decodeModulus(n string) (*big.Int, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func encodeModulus(n *big.Int) string {
|
func encodeModulus(n *big.Int) string {
|
||||||
return base64.URLEncoding.EncodeToString(n.Bytes())
|
return base64.RawURLEncoding.EncodeToString(n.Bytes())
|
||||||
}
|
}
|
||||||
|
|
||||||
// decodeBase64URLPaddingOptional decodes Base64 whether there is padding or not.
|
// decodeBase64URLPaddingOptional decodes Base64 whether there is padding or not.
|
||||||
|
51
vendor/github.com/coreos/go-oidc/jwks.go
generated
vendored
51
vendor/github.com/coreos/go-oidc/jwks.go
generated
vendored
@ -39,38 +39,39 @@ type remoteKeySet struct {
|
|||||||
// guard all other fields
|
// guard all other fields
|
||||||
mu sync.Mutex
|
mu sync.Mutex
|
||||||
|
|
||||||
// inflightCtx is the context of the current HTTP request to update the keys.
|
// inflightCtx suppresses parallel execution of updateKeys and allows
|
||||||
// Its Err() method returns any errors encountered during that attempt.
|
// multiple goroutines to wait for its result.
|
||||||
|
// Its Err() method returns any errors encountered during updateKeys.
|
||||||
//
|
//
|
||||||
// If nil, there is no inflight request.
|
// If nil, there is no inflight updateKeys request.
|
||||||
inflightCtx context.Context
|
inflightCtx *inflight
|
||||||
|
|
||||||
// A set of cached keys and their expiry.
|
// A set of cached keys and their expiry.
|
||||||
cachedKeys []jose.JSONWebKey
|
cachedKeys []jose.JSONWebKey
|
||||||
expiry time.Time
|
expiry time.Time
|
||||||
}
|
}
|
||||||
|
|
||||||
// errContext is a context with a customizable Err() return value.
|
// inflight is used to wait on some in-flight request from multiple goroutines
|
||||||
type errContext struct {
|
type inflight struct {
|
||||||
context.Context
|
done chan struct{}
|
||||||
|
|
||||||
cf context.CancelFunc
|
|
||||||
err error
|
err error
|
||||||
}
|
}
|
||||||
|
|
||||||
func newErrContext(parent context.Context) *errContext {
|
// Done returns a channel that is closed when the inflight request finishes.
|
||||||
ctx, cancel := context.WithCancel(parent)
|
func (i *inflight) Done() <-chan struct{} {
|
||||||
return &errContext{ctx, cancel, nil}
|
return i.done
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e errContext) Err() error {
|
// Err returns any error encountered during request execution. May be nil.
|
||||||
return e.err
|
func (i *inflight) Err() error {
|
||||||
|
return i.err
|
||||||
}
|
}
|
||||||
|
|
||||||
// cancel cancels the errContext causing listeners on Done() to return.
|
// Cancel signals completion of the inflight request with error err.
|
||||||
func (e errContext) cancel(err error) {
|
// Must be called only once for particular inflight instance.
|
||||||
e.err = err
|
func (i *inflight) Cancel(err error) {
|
||||||
e.cf()
|
i.err = err
|
||||||
|
close(i.done)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *remoteKeySet) keysWithIDFromCache(keyIDs []string) ([]jose.JSONWebKey, bool) {
|
func (r *remoteKeySet) keysWithIDFromCache(keyIDs []string) ([]jose.JSONWebKey, bool) {
|
||||||
@ -105,18 +106,15 @@ func (r *remoteKeySet) keysWithID(ctx context.Context, keyIDs []string) ([]jose.
|
|||||||
return keys, nil
|
return keys, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
var inflightCtx context.Context
|
var inflightCtx *inflight
|
||||||
func() {
|
func() {
|
||||||
r.mu.Lock()
|
r.mu.Lock()
|
||||||
defer r.mu.Unlock()
|
defer r.mu.Unlock()
|
||||||
|
|
||||||
// If there's not a current inflight request, create one.
|
// If there's not a current inflight request, create one.
|
||||||
if r.inflightCtx == nil {
|
if r.inflightCtx == nil {
|
||||||
// Use the remoteKeySet's context instead of the requests context
|
inflightCtx := &inflight{make(chan struct{}), nil}
|
||||||
// because a re-sync is unique to the keys set and will span multiple
|
r.inflightCtx = inflightCtx
|
||||||
// requests.
|
|
||||||
errCtx := newErrContext(r.ctx)
|
|
||||||
r.inflightCtx = errCtx
|
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
// TODO(ericchiang): Upstream Kubernetes request that we recover every time
|
// TODO(ericchiang): Upstream Kubernetes request that we recover every time
|
||||||
@ -131,7 +129,10 @@ func (r *remoteKeySet) keysWithID(ctx context.Context, keyIDs []string) ([]jose.
|
|||||||
// See: https://github.com/coreos/go-oidc/issues/89
|
// See: https://github.com/coreos/go-oidc/issues/89
|
||||||
|
|
||||||
// Sync keys and close inflightCtx when that's done.
|
// Sync keys and close inflightCtx when that's done.
|
||||||
errCtx.cancel(r.updateKeys(r.inflightCtx))
|
// Use the remoteKeySet's context instead of the requests context
|
||||||
|
// because a re-sync is unique to the keys set and will span multiple
|
||||||
|
// requests.
|
||||||
|
inflightCtx.Cancel(r.updateKeys(r.ctx))
|
||||||
|
|
||||||
r.mu.Lock()
|
r.mu.Lock()
|
||||||
defer r.mu.Unlock()
|
defer r.mu.Unlock()
|
||||||
|
2
vendor/github.com/coreos/go-oidc/key/key_test.go
generated
vendored
2
vendor/github.com/coreos/go-oidc/key/key_test.go
generated
vendored
@ -76,7 +76,7 @@ func TestPublicKeyMarshalJSON(t *testing.T) {
|
|||||||
Modulus: big.NewInt(int64(17)),
|
Modulus: big.NewInt(int64(17)),
|
||||||
Exponent: 65537,
|
Exponent: 65537,
|
||||||
}
|
}
|
||||||
want := `{"kid":"foo","kty":"RSA","alg":"RS256","use":"sig","e":"AQAB","n":"EQ=="}`
|
want := `{"kid":"foo","kty":"RSA","alg":"RS256","use":"sig","e":"AQAB","n":"EQ"}`
|
||||||
pubKey := NewPublicKey(k)
|
pubKey := NewPublicKey(k)
|
||||||
gotBytes, err := pubKey.MarshalJSON()
|
gotBytes, err := pubKey.MarshalJSON()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
17
vendor/github.com/coreos/go-oidc/oidc.go
generated
vendored
17
vendor/github.com/coreos/go-oidc/oidc.go
generated
vendored
@ -11,6 +11,7 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
"golang.org/x/net/context"
|
"golang.org/x/net/context"
|
||||||
|
"golang.org/x/net/context/ctxhttp"
|
||||||
"golang.org/x/oauth2"
|
"golang.org/x/oauth2"
|
||||||
jose "gopkg.in/square/go-jose.v2"
|
jose "gopkg.in/square/go-jose.v2"
|
||||||
)
|
)
|
||||||
@ -84,7 +85,7 @@ type providerJSON struct {
|
|||||||
// or "https://login.salesforce.com".
|
// or "https://login.salesforce.com".
|
||||||
func NewProvider(ctx context.Context, issuer string) (*Provider, error) {
|
func NewProvider(ctx context.Context, issuer string) (*Provider, error) {
|
||||||
wellKnown := strings.TrimSuffix(issuer, "/") + "/.well-known/openid-configuration"
|
wellKnown := strings.TrimSuffix(issuer, "/") + "/.well-known/openid-configuration"
|
||||||
resp, err := clientFromContext(ctx).Get(wellKnown)
|
resp, err := ctxhttp.Get(ctx, clientFromContext(ctx), wellKnown)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -161,7 +162,19 @@ func (p *Provider) UserInfo(ctx context.Context, tokenSource oauth2.TokenSource)
|
|||||||
if p.userInfoURL == "" {
|
if p.userInfoURL == "" {
|
||||||
return nil, errors.New("oidc: user info endpoint is not supported by this provider")
|
return nil, errors.New("oidc: user info endpoint is not supported by this provider")
|
||||||
}
|
}
|
||||||
resp, err := clientFromContext(ctx).Get(p.userInfoURL)
|
|
||||||
|
req, err := http.NewRequest("GET", p.userInfoURL, nil)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("oidc: create GET request: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
token, err := tokenSource.Token()
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("oidc: get access token: %v", err)
|
||||||
|
}
|
||||||
|
token.SetAuthHeader(req)
|
||||||
|
|
||||||
|
resp, err := ctxhttp.Do(ctx, clientFromContext(ctx), req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
4
vendor/github.com/coreos/go-oidc/oidc/provider.go
generated
vendored
4
vendor/github.com/coreos/go-oidc/oidc/provider.go
generated
vendored
@ -567,7 +567,7 @@ func (n *pcsStepNext) step(fn pcsStepFunc) (next pcsStepper) {
|
|||||||
next = &pcsStepNext{aft: ttl}
|
next = &pcsStepNext{aft: ttl}
|
||||||
} else {
|
} else {
|
||||||
next = &pcsStepRetry{aft: time.Second}
|
next = &pcsStepRetry{aft: time.Second}
|
||||||
log.Printf("go-oidc: provider config sync falied, retyring in %v: %v", next.after(), err)
|
log.Printf("go-oidc: provider config sync failed, retrying in %v: %v", next.after(), err)
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -586,7 +586,7 @@ func (r *pcsStepRetry) step(fn pcsStepFunc) (next pcsStepper) {
|
|||||||
next = &pcsStepNext{aft: ttl}
|
next = &pcsStepNext{aft: ttl}
|
||||||
} else {
|
} else {
|
||||||
next = &pcsStepRetry{aft: timeutil.ExpBackoff(r.aft, time.Minute)}
|
next = &pcsStepRetry{aft: timeutil.ExpBackoff(r.aft, time.Minute)}
|
||||||
log.Printf("go-oidc: provider config sync falied, retyring in %v: %v", next.after(), err)
|
log.Printf("go-oidc: provider config sync failed, retrying in %v: %v", next.after(), err)
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
6
vendor/github.com/coreos/go-oidc/test
generated
vendored
6
vendor/github.com/coreos/go-oidc/test
generated
vendored
@ -9,7 +9,7 @@ LINTABLE=$( go list -tags=golint -f '
|
|||||||
{{ range $i, $file := .TestGoFiles -}}
|
{{ range $i, $file := .TestGoFiles -}}
|
||||||
{{ $file }} {{ end }}' github.com/coreos/go-oidc )
|
{{ $file }} {{ end }}' github.com/coreos/go-oidc )
|
||||||
|
|
||||||
go test -v -i -race github.com/coreos/go-oidc
|
go test -v -i -race github.com/coreos/go-oidc/...
|
||||||
go test -v -race github.com/coreos/go-oidc
|
go test -v -race github.com/coreos/go-oidc/...
|
||||||
golint $LINTABLE
|
golint $LINTABLE
|
||||||
go vet github.com/coreos/go-oidc
|
go vet github.com/coreos/go-oidc/...
|
||||||
|
Reference in New Issue
Block a user