diff --git a/go.mod b/go.mod index 532d5c777ca..d8fc7e2e0ee 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/opencontainers/image-spec v1.1.0-rc5 github.com/pkg/errors v0.9.1 github.com/sigstore/sigstore v1.8.1 - github.com/spiffe/go-spiffe/v2 v2.1.5 + github.com/spiffe/go-spiffe/v2 v2.1.7 github.com/spiffe/spire-api-sdk v1.8.7 github.com/tektoncd/plumbing v0.0.0-20220817140952-3da8ce01aeeb go.opencensus.io v0.24.0 diff --git a/go.sum b/go.sum index dbaa4c1aeda..90d16d4225f 100644 --- a/go.sum +++ b/go.sum @@ -1068,8 +1068,8 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns= -github.com/spiffe/go-spiffe/v2 v2.1.5 h1:nFzp6pllCxpso6A2CaokdjhmH3uHWMNL9DGYXeZrShs= -github.com/spiffe/go-spiffe/v2 v2.1.5/go.mod h1:eVDqm9xFvyqao6C+eQensb9ZPkyNEeaUbqbBpOhBnNk= +github.com/spiffe/go-spiffe/v2 v2.1.7 h1:VUkM1yIyg/x8X7u1uXqSRVRCdMdfRIEdFBzpqoeASGk= +github.com/spiffe/go-spiffe/v2 v2.1.7/go.mod h1:QJDGdhXllxjxvd5B+2XnhhXB/+rC8gr+lNrtOryiWeE= github.com/spiffe/spire-api-sdk v1.8.7 h1:LzKqts7VziON0/din8BV4gjtUSIZqMPgL7eljZm6cWk= github.com/spiffe/spire-api-sdk v1.8.7/go.mod h1:4uuhFlN6KBWjACRP3xXwrOTNnvaLp1zJs8Lribtr4fI= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= diff --git a/vendor/github.com/spiffe/go-spiffe/v2/bundle/jwtbundle/bundle.go b/vendor/github.com/spiffe/go-spiffe/v2/bundle/jwtbundle/bundle.go index 80d83ea243a..507c372dc3b 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/bundle/jwtbundle/bundle.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/bundle/jwtbundle/bundle.go @@ -4,7 +4,7 @@ import ( "crypto" "encoding/json" "io" - "io/ioutil" + "os" "sync" "github.com/go-jose/go-jose/v3" @@ -43,7 +43,7 @@ func FromJWTAuthorities(trustDomain spiffeid.TrustDomain, jwtAuthorities map[str // Load loads a bundle from a file on disk. The file must contain a standard RFC 7517 JWKS document. func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error) { - bundleBytes, err := ioutil.ReadFile(path) + bundleBytes, err := os.ReadFile(path) if err != nil { return nil, jwtbundleErr.New("unable to read JWT bundle: %w", err) } @@ -53,7 +53,7 @@ func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error) { // Read decodes a bundle from a reader. The contents must contain a standard RFC 7517 JWKS document. func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error) { - b, err := ioutil.ReadAll(r) + b, err := io.ReadAll(r) if err != nil { return nil, jwtbundleErr.New("unable to read: %v", err) } diff --git a/vendor/github.com/spiffe/go-spiffe/v2/bundle/spiffebundle/bundle.go b/vendor/github.com/spiffe/go-spiffe/v2/bundle/spiffebundle/bundle.go index 77b6a5a05a3..56856fdf960 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/bundle/spiffebundle/bundle.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/bundle/spiffebundle/bundle.go @@ -5,7 +5,7 @@ import ( "crypto/x509" "encoding/json" "io" - "io/ioutil" + "os" "sync" "time" @@ -58,7 +58,7 @@ func New(trustDomain spiffeid.TrustDomain) *Bundle { // Load loads a bundle from a file on disk. The file must contain a JWKS // document following the SPIFFE Trust Domain and Bundle specification. func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error) { - bundleBytes, err := ioutil.ReadFile(path) + bundleBytes, err := os.ReadFile(path) if err != nil { return nil, spiffebundleErr.New("unable to read SPIFFE bundle: %w", err) } @@ -69,7 +69,7 @@ func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error) { // Read decodes a bundle from a reader. The contents must contain a JWKS // document following the SPIFFE Trust Domain and Bundle specification. func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error) { - b, err := ioutil.ReadAll(r) + b, err := io.ReadAll(r) if err != nil { return nil, spiffebundleErr.New("unable to read: %v", err) } diff --git a/vendor/github.com/spiffe/go-spiffe/v2/bundle/x509bundle/bundle.go b/vendor/github.com/spiffe/go-spiffe/v2/bundle/x509bundle/bundle.go index 3ba05b25c07..ffe28561c0e 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/bundle/x509bundle/bundle.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/bundle/x509bundle/bundle.go @@ -3,7 +3,7 @@ package x509bundle import ( "crypto/x509" "io" - "io/ioutil" + "os" "sync" "github.com/spiffe/go-spiffe/v2/internal/pemutil" @@ -40,7 +40,7 @@ func FromX509Authorities(trustDomain spiffeid.TrustDomain, authorities []*x509.C // Load loads a bundle from a file on disk. The file must contain PEM-encoded // certificate blocks. func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error) { - fileBytes, err := ioutil.ReadFile(path) + fileBytes, err := os.ReadFile(path) if err != nil { return nil, x509bundleErr.New("unable to load X.509 bundle file: %w", err) } @@ -51,7 +51,7 @@ func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error) { // Read decodes a bundle from a reader. The contents must be PEM-encoded // certificate blocks. func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error) { - b, err := ioutil.ReadAll(r) + b, err := io.ReadAll(r) if err != nil { return nil, x509bundleErr.New("unable to read X.509 bundle: %v", err) } diff --git a/vendor/github.com/spiffe/go-spiffe/v2/spiffeid/trustdomain.go b/vendor/github.com/spiffe/go-spiffe/v2/spiffeid/trustdomain.go index 4e3157a6931..467ed5e6c9b 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/spiffeid/trustdomain.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/spiffeid/trustdomain.go @@ -50,7 +50,12 @@ func TrustDomainFromURI(uri *url.URL) (TrustDomain, error) { return id.TrustDomain(), nil } -// String returns the trust domain as a string, e.g. example.org. +// Name returns the trust domain name as a string, e.g. example.org. +func (td TrustDomain) Name() string { + return td.name +} + +// String returns the trust domain name as a string, e.g. example.org. func (td TrustDomain) String() string { return td.name } diff --git a/vendor/github.com/spiffe/go-spiffe/v2/svid/x509svid/svid.go b/vendor/github.com/spiffe/go-spiffe/v2/svid/x509svid/svid.go index 4ac51dae68e..eba43f568e1 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/svid/x509svid/svid.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/svid/x509svid/svid.go @@ -5,7 +5,7 @@ import ( "crypto/ecdsa" "crypto/rsa" "crypto/x509" - "io/ioutil" + "os" "github.com/spiffe/go-spiffe/v2/internal/pemutil" "github.com/spiffe/go-spiffe/v2/internal/x509util" @@ -35,12 +35,12 @@ type SVID struct { // Load loads the X509-SVID from PEM encoded files on disk. certFile and // keyFile may be the same file. func Load(certFile, keyFile string) (*SVID, error) { - certBytes, err := ioutil.ReadFile(certFile) + certBytes, err := os.ReadFile(certFile) if err != nil { return nil, x509svidErr.New("cannot read certificate file: %w", err) } - keyBytes, err := ioutil.ReadFile(keyFile) + keyBytes, err := os.ReadFile(keyFile) if err != nil { return nil, x509svidErr.New("cannot read key file: %w", err) } diff --git a/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/client.go b/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/client.go index ed65cb47543..b357468fad9 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/client.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/client.go @@ -538,10 +538,10 @@ func parseJWTSVIDs(resp *workload.JWTSVIDResponse, audience []string, firstOnly hints[svid.Hint] = struct{}{} s, err := jwtsvid.ParseInsecure(svid.Svid, audience) - s.Hint = svid.Hint if err != nil { return nil, err } + s.Hint = svid.Hint svids = append(svids, s) } diff --git a/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/watcher.go b/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/watcher.go index f110e07386b..a105a60d762 100644 --- a/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/watcher.go +++ b/vendor/github.com/spiffe/go-spiffe/v2/workloadapi/watcher.go @@ -129,7 +129,7 @@ func (w *watcher) Close() error { w.cancel() w.wg.Wait() - // Close() can be called by New() to close a partially intialized source. + // Close() can be called by New() to close a partially initialized source. // Only close the client if it has been set and the source owns it. if w.client != nil && w.ownsClient { w.closeErr = w.client.Close() @@ -141,10 +141,10 @@ func (w *watcher) Close() error { func (w *watcher) OnX509ContextUpdate(x509Context *X509Context) { w.x509ContextFn(x509Context) + w.triggerUpdated() w.x509ContextSetOnce.Do(func() { close(w.x509ContextSet) }) - w.triggerUpdated() } func (w *watcher) OnX509ContextWatchError(err error) { @@ -154,10 +154,10 @@ func (w *watcher) OnX509ContextWatchError(err error) { func (w *watcher) OnJWTBundlesUpdate(jwtBundles *jwtbundle.Set) { w.jwtBundlesFn(jwtBundles) + w.triggerUpdated() w.jwtBundlesSetOnce.Do(func() { close(w.jwtBundlesSet) }) - w.triggerUpdated() } func (w *watcher) OnJWTBundlesWatchError(error) { diff --git a/vendor/modules.txt b/vendor/modules.txt index f1064dbafc2..5cc699c8ba3 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -869,8 +869,8 @@ github.com/skeema/knownhosts # github.com/spf13/pflag v1.0.5 ## explicit; go 1.12 github.com/spf13/pflag -# github.com/spiffe/go-spiffe/v2 v2.1.5 -## explicit; go 1.17 +# github.com/spiffe/go-spiffe/v2 v2.1.7 +## explicit; go 1.19 github.com/spiffe/go-spiffe/v2/bundle/jwtbundle github.com/spiffe/go-spiffe/v2/bundle/spiffebundle github.com/spiffe/go-spiffe/v2/bundle/x509bundle