From 777eeafabc3467dc8398069e3695d26fe2fa4f89 Mon Sep 17 00:00:00 2001
From: Eric Chiang <eric.chiang@coreos.com>
Date: Wed, 8 Mar 2017 10:33:19 -0800
Subject: [PATCH] *: update go-oidc and use standard library's context package
---
cmd/dex/serve.go | 2 +-
cmd/example-app/main.go | 4 ++--
connector/connector.go | 3 +--
connector/github/github.go | 2 +-
connector/gitlab/gitlab.go | 2 +-
connector/ldap/ldap.go | 2 +-
connector/mock/connectortest.go | 3 +--
connector/oidc/oidc.go | 6 +++---
glide.yaml | 3 +--
server/api.go | 3 +++
server/handlers_test.go | 3 +--
server/rotation.go | 2 +-
server/server.go | 2 +-
server/server_test.go | 19 ++++++++++++-------
storage/kubernetes/client.go | 2 +-
storage/kubernetes/storage.go | 4 ++--
16 files changed, 33 insertions(+), 29 deletions(-)
diff --git a/cmd/dex/serve.go b/cmd/dex/serve.go
index 6c708c4e..08d9fdb0 100644
--- a/cmd/dex/serve.go
+++ b/cmd/dex/serve.go
@@ -1,6 +1,7 @@
package main
import (
+ "context"
"crypto/tls"
"crypto/x509"
"errors"
@@ -15,7 +16,6 @@ import (
"github.com/Sirupsen/logrus"
"github.com/ghodss/yaml"
"github.com/spf13/cobra"
- "golang.org/x/net/context"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
diff --git a/cmd/example-app/main.go b/cmd/example-app/main.go
index 3ec34e38..4da34b9a 100644
--- a/cmd/example-app/main.go
+++ b/cmd/example-app/main.go
@@ -2,6 +2,7 @@ package main
import (
"bytes"
+ "context"
"crypto/tls"
"crypto/x509"
"encoding/json"
@@ -19,7 +20,6 @@ import (
"github.com/coreos/go-oidc"
"github.com/spf13/cobra"
- "golang.org/x/net/context"
"golang.org/x/oauth2"
)
@@ -175,7 +175,7 @@ func cmd() *cobra.Command {
}
a.provider = provider
- a.verifier = provider.Verifier(oidc.VerifyAudience(a.clientID))
+ a.verifier = provider.Verifier(&oidc.Config{ClientID: a.clientID})
http.HandleFunc("/", a.handleIndex)
http.HandleFunc("/login", a.handleLogin)
diff --git a/connector/connector.go b/connector/connector.go
index c92d7589..fde38a24 100644
--- a/connector/connector.go
+++ b/connector/connector.go
@@ -2,9 +2,8 @@
package connector
import (
+ "context"
"net/http"
-
- "golang.org/x/net/context"
)
// Connector is a mechanism for federating login to a remote identity service.
diff --git a/connector/github/github.go b/connector/github/github.go
index f6dbdfee..49dc3bb3 100644
--- a/connector/github/github.go
+++ b/connector/github/github.go
@@ -2,6 +2,7 @@
package github
import (
+ "context"
"encoding/json"
"errors"
"fmt"
@@ -10,7 +11,6 @@ import (
"regexp"
"strconv"
- "golang.org/x/net/context"
"golang.org/x/oauth2"
"golang.org/x/oauth2/github"
diff --git a/connector/gitlab/gitlab.go b/connector/gitlab/gitlab.go
index 0fcc3d26..b0f10cf1 100644
--- a/connector/gitlab/gitlab.go
+++ b/connector/gitlab/gitlab.go
@@ -2,6 +2,7 @@
package gitlab
import (
+ "context"
"encoding/json"
"errors"
"fmt"
@@ -12,7 +13,6 @@ import (
"github.com/Sirupsen/logrus"
"github.com/coreos/dex/connector"
- "golang.org/x/net/context"
"golang.org/x/oauth2"
)
diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go
index c5e45d37..df3d4c9d 100644
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@@ -2,6 +2,7 @@
package ldap
import (
+ "context"
"crypto/tls"
"crypto/x509"
"encoding/json"
@@ -9,7 +10,6 @@ import (
"io/ioutil"
"net"
- "golang.org/x/net/context"
"gopkg.in/ldap.v2"
"github.com/Sirupsen/logrus"
diff --git a/connector/mock/connectortest.go b/connector/mock/connectortest.go
index b754705b..ef7749f7 100644
--- a/connector/mock/connectortest.go
+++ b/connector/mock/connectortest.go
@@ -2,13 +2,12 @@
package mock
import (
+ "context"
"errors"
"fmt"
"net/http"
"net/url"
- "golang.org/x/net/context"
-
"github.com/Sirupsen/logrus"
"github.com/coreos/dex/connector"
)
diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go
index 6a8b6f98..728bdf6a 100644
--- a/connector/oidc/oidc.go
+++ b/connector/oidc/oidc.go
@@ -2,13 +2,13 @@
package oidc
import (
+ "context"
"errors"
"fmt"
"net/http"
"github.com/Sirupsen/logrus"
"github.com/coreos/go-oidc"
- "golang.org/x/net/context"
"golang.org/x/oauth2"
"github.com/coreos/dex/connector"
@@ -53,10 +53,10 @@ func (c *Config) Open(logger logrus.FieldLogger) (conn connector.Connector, err
RedirectURL: c.RedirectURI,
},
verifier: provider.Verifier(
- oidc.VerifyExpiry(),
- oidc.VerifyAudience(clientID),
+ &oidc.Config{ClientID: clientID},
),
logger: logger,
+ cancel: cancel,
}, nil
}
diff --git a/glide.yaml b/glide.yaml
index c6d1991f..07337a1d 100644
--- a/glide.yaml
+++ b/glide.yaml
@@ -35,7 +35,6 @@ import:
version: 6a513affb38dc9788b449d59ffed099b8de18fa0
subpackages:
- context
- - context/ctxhttp
- http2
- http2/hpack
- internal/timeseries
@@ -68,7 +67,7 @@ import:
# Used for server integration tests and OpenID Connect connector.
- package: github.com/coreos/go-oidc
- version: 2b5d73091ea4b7ddb15e3ac00077f153120b5b61
+ version: be73733bb8cc830d0205609b95d125215f8e9c70
- package: github.com/pquerna/cachecontrol
version: c97913dcbd76de40b051a9b4cd827f7eaeb7a868
- package: golang.org/x/oauth2
diff --git a/server/api.go b/server/api.go
index 25655d68..0e7c5b2f 100644
--- a/server/api.go
+++ b/server/api.go
@@ -5,6 +5,9 @@ import (
"fmt"
"golang.org/x/crypto/bcrypt"
+
+ // go-grpc doesn't use the standard library's context.
+ // https://github.com/grpc/grpc-go/issues/711
"golang.org/x/net/context"
"github.com/Sirupsen/logrus"
diff --git a/server/handlers_test.go b/server/handlers_test.go
index 233af279..4c410b8e 100644
--- a/server/handlers_test.go
+++ b/server/handlers_test.go
@@ -1,11 +1,10 @@
package server
import (
+ "context"
"net/http"
"net/http/httptest"
"testing"
-
- "golang.org/x/net/context"
)
func TestHandleHealth(t *testing.T) {
diff --git a/server/rotation.go b/server/rotation.go
index fb790c62..5619b3a7 100644
--- a/server/rotation.go
+++ b/server/rotation.go
@@ -1,6 +1,7 @@
package server
import (
+ "context"
"crypto/rand"
"crypto/rsa"
"encoding/hex"
@@ -9,7 +10,6 @@ import (
"io"
"time"
- "golang.org/x/net/context"
"gopkg.in/square/go-jose.v2"
"github.com/Sirupsen/logrus"
diff --git a/server/server.go b/server/server.go
index 012802f2..68fe0915 100644
--- a/server/server.go
+++ b/server/server.go
@@ -1,6 +1,7 @@
package server
import (
+ "context"
"errors"
"fmt"
"net/http"
@@ -10,7 +11,6 @@ import (
"time"
"golang.org/x/crypto/bcrypt"
- "golang.org/x/net/context"
"github.com/Sirupsen/logrus"
"github.com/gorilla/handlers"
diff --git a/server/server_test.go b/server/server_test.go
index 688c606e..2fd0229b 100644
--- a/server/server_test.go
+++ b/server/server_test.go
@@ -1,6 +1,7 @@
package server
import (
+ "context"
"crypto/rsa"
"crypto/x509"
"encoding/json"
@@ -24,7 +25,6 @@ import (
oidc "github.com/coreos/go-oidc"
"github.com/kylelemons/godebug/pretty"
"golang.org/x/crypto/bcrypt"
- "golang.org/x/net/context"
"golang.org/x/oauth2"
jose "gopkg.in/square/go-jose.v2"
@@ -175,6 +175,8 @@ func TestOAuth2CodeFlow(t *testing.T) {
// Connector used by the tests.
var conn *mock.Callback
+ oidcConfig := &oidc.Config{SkipClientIDCheck: true}
+
tests := []struct {
name string
// If specified these set of scopes will be used during the test case.
@@ -189,7 +191,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
if !ok {
return fmt.Errorf("no id token found")
}
- if _, err := p.Verifier().Verify(ctx, idToken); err != nil {
+ if _, err := p.Verifier(oidcConfig).Verify(ctx, idToken); err != nil {
return fmt.Errorf("failed to verify id token: %v", err)
}
return nil
@@ -212,7 +214,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
if !ok {
return fmt.Errorf("no id token found")
}
- idToken, err := p.Verifier().Verify(ctx, rawIDToken)
+ idToken, err := p.Verifier(oidcConfig).Verify(ctx, rawIDToken)
if err != nil {
return fmt.Errorf("failed to verify id token: %v", err)
}
@@ -229,7 +231,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
if !ok {
return fmt.Errorf("no id token found")
}
- idToken, err := p.Verifier().Verify(ctx, rawIDToken)
+ idToken, err := p.Verifier(oidcConfig).Verify(ctx, rawIDToken)
if err != nil {
return fmt.Errorf("failed to verify id token: %v", err)
}
@@ -391,7 +393,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
if !ok {
return fmt.Errorf("no id_token in refreshed token")
}
- idToken, err := p.Verifier().Verify(ctx, rawIDToken)
+ idToken, err := p.Verifier(oidcConfig).Verify(ctx, rawIDToken)
if err != nil {
return fmt.Errorf("failed to verify id token: %v", err)
}
@@ -632,7 +634,10 @@ func TestOAuth2ImplicitFlow(t *testing.T) {
src := &nonceSource{nonce: nonce}
- idTokenVerifier := p.Verifier(oidc.VerifyAudience(client.ID), oidc.VerifyNonce(src))
+ idTokenVerifier := p.Verifier(&oidc.Config{
+ ClientID: client.ID,
+ ClaimNonce: src.ClaimNonce,
+ })
oauth2Config = &oauth2.Config{
ClientID: client.ID,
@@ -749,7 +754,7 @@ func TestCrossClientScopes(t *testing.T) {
t.Errorf("no id token found: %v", err)
return
}
- idToken, err := p.Verifier().Verify(ctx, rawIDToken)
+ idToken, err := p.Verifier(&oidc.Config{ClientID: testClientID}).Verify(ctx, rawIDToken)
if err != nil {
t.Errorf("failed to parse ID Token: %v", err)
return
diff --git a/storage/kubernetes/client.go b/storage/kubernetes/client.go
index 1f562165..f61c37db 100644
--- a/storage/kubernetes/client.go
+++ b/storage/kubernetes/client.go
@@ -2,6 +2,7 @@ package kubernetes
import (
"bytes"
+ "context"
"crypto/tls"
"crypto/x509"
"encoding/base32"
@@ -24,7 +25,6 @@ import (
"github.com/Sirupsen/logrus"
"github.com/ghodss/yaml"
"github.com/gtank/cryptopasta"
- "golang.org/x/net/context"
"golang.org/x/net/http2"
"github.com/coreos/dex/storage"
diff --git a/storage/kubernetes/storage.go b/storage/kubernetes/storage.go
index 788d08b1..5b8721f3 100644
--- a/storage/kubernetes/storage.go
+++ b/storage/kubernetes/storage.go
@@ -1,13 +1,12 @@
package kubernetes
import (
+ "context"
"errors"
"fmt"
"strings"
"time"
- "golang.org/x/net/context"
-
"github.com/Sirupsen/logrus"
"github.com/coreos/dex/storage"
"github.com/coreos/dex/storage/kubernetes/k8sapi"
@@ -85,6 +84,7 @@ func (c *Config) open(logger logrus.FieldLogger, errOnTPRs bool) (*client, error
if !cli.createThirdPartyResources() {
if errOnTPRs {
+ cancel()
return nil, fmt.Errorf("failed creating third party resources")
}
--
GitLab