diff --git a/Makefile b/Makefile index aa3606e6..3972dc3f 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ TARGET := kubelogin TARGET_PLUGIN := kubectl-kubelogin -CIRCLE_TAG ?= v1.15.5-pipedrive +CIRCLE_TAG ?= v1.16.0-pipedrive LDFLAGS := -X main.version=$(CIRCLE_TAG) all: $(TARGET) diff --git a/e2e_test/standalone_test.go b/e2e_test/standalone_test.go index 39adbe11..e7446609 100644 --- a/e2e_test/standalone_test.go +++ b/e2e_test/standalone_test.go @@ -8,7 +8,7 @@ import ( "testing" "time" - "github.com/dgrijalva/jwt-go" + "github.com/golang-jwt/jwt/v4" "github.com/golang/mock/gomock" "github.com/pipedrive/kubelogin/e2e_test/idp" "github.com/pipedrive/kubelogin/e2e_test/idp/mock_idp" @@ -279,6 +279,7 @@ func newIDToken(t *testing.T, issuer, nonce string, expiry time.Time) string { Nonce string `json:"nonce"` Groups []string `json:"groups"` } + //nolint claims.StandardClaims = jwt.StandardClaims{ Issuer: issuer, Audience: "kubernetes", diff --git a/go.mod b/go.mod index 3da11e7b..1e3407b8 100644 --- a/go.mod +++ b/go.mod @@ -4,8 +4,8 @@ go 1.15 require ( github.com/coreos/go-oidc v2.1.0+incompatible - github.com/dgrijalva/jwt-go v0.0.0-20160705203006-01aeca54ebda github.com/go-test/deep v1.0.4 + github.com/golang-jwt/jwt/v4 v4.4.1 github.com/golang/mock v1.4.4 github.com/google/wire v0.3.0 github.com/pipedrive/oauth2cli v1.8.2-pipedrive.0.20211027140131-4b9ebd5614fa @@ -18,7 +18,7 @@ require ( golang.org/x/sync v0.0.0-20210220032951-036812b2e83c golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 gopkg.in/square/go-jose.v2 v2.4.0 // indirect - gopkg.in/yaml.v2 v2.2.5 + gopkg.in/yaml.v2 v2.2.8 k8s.io/apimachinery v0.0.0-20190612205821-1799e75a0719 k8s.io/client-go v0.0.0-20190620085101-78d2af792bab k8s.io/klog v0.4.0 diff --git a/go.sum b/go.sum index b534ca1d..39c0bdb5 100644 --- a/go.sum +++ b/go.sum @@ -50,7 +50,6 @@ github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwc github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v0.0.0-20160705203006-01aeca54ebda h1:NyywMz59neOoVRFDz+ccfKWxn784fiHMDnZSy6T+JXY= github.com/dgrijalva/jwt-go v0.0.0-20160705203006-01aeca54ebda/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= @@ -69,6 +68,8 @@ github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/gogo/protobuf v0.0.0-20171007142547-342cbe0a0415 h1:WSBJMqJbLxsn+bTCPyPYZfqHdJmc8MK4wrBjMft6BAM= github.com/gogo/protobuf v0.0.0-20171007142547-342cbe0a0415/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/golang-jwt/jwt/v4 v4.4.1 h1:pC5DB52sCeK48Wlb9oPcdhnjkz1TKt1D/P7WKJ0kUcQ= +github.com/golang-jwt/jwt/v4 v4.4.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -165,8 +166,6 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/pipedrive/oauth2cli v1.8.2-pipedrive.0.20211027125806-fab3a0490fc6 h1:GIuQFKklp88mVnjxhLQ7EtVGS+jNptMS/HIl+WxTY6A= -github.com/pipedrive/oauth2cli v1.8.2-pipedrive.0.20211027125806-fab3a0490fc6/go.mod h1:wBSn3fih/Jyyv0VQ/9jNTz71XokiX1FtJafi6ASXw58= github.com/pipedrive/oauth2cli v1.8.2-pipedrive.0.20211027140131-4b9ebd5614fa h1:IpdBCU+WUqgbpJR9QPIk/tJd9B57x65C+SaWa0MGGHw= github.com/pipedrive/oauth2cli v1.8.2-pipedrive.0.20211027140131-4b9ebd5614fa/go.mod h1:wBSn3fih/Jyyv0VQ/9jNTz71XokiX1FtJafi6ASXw58= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU= @@ -462,8 +461,8 @@ gopkg.in/square/go-jose.v2 v2.4.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.5 h1:ymVxjfMaHvXD8RqPRmzHHsB3VvucivSkIAvJFDI5O3c= -gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/pkg/adaptors/jwtdecoder/decoder.go b/pkg/adaptors/jwtdecoder/decoder.go index 4f1bebd0..83f18522 100644 --- a/pkg/adaptors/jwtdecoder/decoder.go +++ b/pkg/adaptors/jwtdecoder/decoder.go @@ -8,7 +8,7 @@ import ( "strings" "time" - "github.com/dgrijalva/jwt-go" + "github.com/golang-jwt/jwt/v4" "github.com/google/wire" "golang.org/x/xerrors" ) @@ -41,10 +41,12 @@ func (d *Decoder) Decode(s string) (*Claims, error) { if len(parts) != 3 { return nil, xerrors.Errorf("token contains an invalid number of segments") } + //nolint b, err := jwt.DecodeSegment(parts[1]) if err != nil { return nil, xerrors.Errorf("could not decode the token: %w", err) } + //nolint var claims jwt.StandardClaims if err := json.NewDecoder(bytes.NewBuffer(b)).Decode(&claims); err != nil { return nil, xerrors.Errorf("could not decode the json of token: %w", err) diff --git a/pkg/adaptors/jwtdecoder/decoder_test.go b/pkg/adaptors/jwtdecoder/decoder_test.go index a76a45dd..8d649a0e 100644 --- a/pkg/adaptors/jwtdecoder/decoder_test.go +++ b/pkg/adaptors/jwtdecoder/decoder_test.go @@ -8,7 +8,7 @@ import ( "testing" "time" - "github.com/dgrijalva/jwt-go" + "github.com/golang-jwt/jwt/v4" ) func TestDecoder_Decode(t *testing.T) { @@ -47,6 +47,7 @@ func newIDToken(t *testing.T, issuer string, expiry time.Time) string { Groups []string `json:"groups"` EmailVerified bool `json:"email_verified"` }{ + //nolint StandardClaims: jwt.StandardClaims{ Issuer: issuer, Audience: "kubernetes",