Merge branch 'main' into dynamic_clients

2026-01-06 13:36:54 +00:00 · 2022-08-26 11:35:35 -07:00
parent 91cf439b31 a5ac710831
commit 8d8f980e86
329 changed files with 15446 additions and 1044 deletions
--- a/pkg/conciergeclient/conciergeclient_test.go
+++ b/pkg/conciergeclient/conciergeclient_test.go
@@ -1,4 +1,4 @@
-// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0

 package conciergeclient
@@ -8,7 +8,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"testing"
@@ -224,7 +224,7 @@ func TestExchangeToken(t *testing.T) {
 			require.Equal(t, "/apis/login.concierge.pinniped.dev/v1alpha1/tokencredentialrequests", r.URL.Path)
 			require.Equal(t, "application/json", r.Header.Get("content-type"))

-			body, err := ioutil.ReadAll(r.Body)
+			body, err := io.ReadAll(r.Body)
 			require.NoError(t, err)
 			require.JSONEq(t,
 				`{
--- a/pkg/oidcclient/filesession/cachefile.go
+++ b/pkg/oidcclient/filesession/cachefile.go
@@ -1,13 +1,12 @@
-// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0

-// Package cachefile implements the file format for session caches.
+// Package filesession implements the file format for session caches.
 package filesession

 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"reflect"
 	"sort"
@@ -55,7 +54,7 @@ type (

 // readSessionCache loads a sessionCache from a path on disk. If the requested path does not exist, it returns an empty cache.
 func readSessionCache(path string) (*sessionCache, error) {
-	cacheYAML, err := ioutil.ReadFile(path)
+	cacheYAML, err := os.ReadFile(path)
 	if err != nil {
 		if errors.Is(err, os.ErrNotExist) {
 			// If the file was not found, generate a freshly initialized empty cache.
@@ -91,7 +90,7 @@ func (c *sessionCache) writeTo(path string) error {
 	// Marshal the session back to YAML and save it to the file.
 	cacheYAML, err := yaml.Marshal(c)
 	if err == nil {
-		err = ioutil.WriteFile(path, cacheYAML, 0600)
+		err = os.WriteFile(path, cacheYAML, 0600)
 	}
 	return err
 }
--- a/pkg/oidcclient/filesession/filesession_test.go
+++ b/pkg/oidcclient/filesession/filesession_test.go
@@ -1,11 +1,10 @@
-// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0

 package filesession

 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@@ -49,7 +48,7 @@ func TestGetToken(t *testing.T) {
 		},
 		{
 			name:         "file lock error",
-			makeTestFile: func(t *testing.T, tmp string) { require.NoError(t, ioutil.WriteFile(tmp, []byte(""), 0600)) },
+			makeTestFile: func(t *testing.T, tmp string) { require.NoError(t, os.WriteFile(tmp, []byte(""), 0600)) },
 			trylockFunc:  func(t *testing.T) error { return fmt.Errorf("some lock error") },
 			unlockFunc:   func(t *testing.T) error { require.Fail(t, "should not be called"); return nil },
 			key:          oidcclient.SessionCacheKey{},
@@ -58,7 +57,7 @@ func TestGetToken(t *testing.T) {
 		{
 			name: "invalid file",
 			makeTestFile: func(t *testing.T, tmp string) {
-				require.NoError(t, ioutil.WriteFile(tmp, []byte("invalid yaml"), 0600))
+				require.NoError(t, os.WriteFile(tmp, []byte("invalid yaml"), 0600))
 			},
 			key: oidcclient.SessionCacheKey{},
 			wantErrors: []string{
@@ -67,7 +66,7 @@ func TestGetToken(t *testing.T) {
 		},
 		{
 			name:         "invalid file, fail to unlock",
-			makeTestFile: func(t *testing.T, tmp string) { require.NoError(t, ioutil.WriteFile(tmp, []byte("invalid"), 0600)) },
+			makeTestFile: func(t *testing.T, tmp string) { require.NoError(t, os.WriteFile(tmp, []byte("invalid"), 0600)) },
 			trylockFunc:  func(t *testing.T) error { return nil },
 			unlockFunc:   func(t *testing.T) error { return fmt.Errorf("some unlock error") },
 			key:          oidcclient.SessionCacheKey{},
@@ -262,7 +261,7 @@ func TestPutToken(t *testing.T) {
 		{
 			name: "fail to create directory",
 			makeTestFile: func(t *testing.T, tmp string) {
-				require.NoError(t, ioutil.WriteFile(filepath.Dir(tmp), []byte{}, 0600))
+				require.NoError(t, os.WriteFile(filepath.Dir(tmp), []byte{}, 0600))
 			},
 			wantErrors: []string{
 				"could not create session cache directory: mkdir TEMPDIR: not a directory",
--- a/pkg/oidcclient/login.go
+++ b/pkg/oidcclient/login.go
@@ -861,7 +861,7 @@ func (h *handlerState) handleAuthCodeCallback(w http.ResponseWriter, r *http.Req
 	}()

 	var params url.Values
-	if h.useFormPost { // nolint:nestif
+	if h.useFormPost { //nolint:nestif
 		// Return HTTP 405 for anything that's not a POST or an OPTIONS request.
 		if r.Method != http.MethodPost && r.Method != http.MethodOptions {
 			h.logger.V(plog.KlogLevelDebug).Info("Pinniped: Got unexpected request on callback listener", "method", r.Method)
@@ -969,8 +969,9 @@ func (h *handlerState) serve(listener net.Listener) func() {
 	mux := http.NewServeMux()
 	mux.Handle(h.callbackPath, httperr.HandlerFunc(h.handleAuthCodeCallback))
 	srv := http.Server{
-		Handler:     securityheader.Wrap(mux),
-		BaseContext: func(_ net.Listener) context.Context { return h.ctx },
+		Handler:           securityheader.Wrap(mux),
+		BaseContext:       func(_ net.Listener) context.Context { return h.ctx },
+		ReadHeaderTimeout: 10 * time.Second,
 	}
 	go func() { _ = srv.Serve(listener) }()
 	return func() {
--- a/pkg/oidcclient/login_test.go
+++ b/pkg/oidcclient/login_test.go
@@ -10,7 +10,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net"
 	"net/http"
 	"net/http/httptest"
@@ -72,7 +72,7 @@ func newClientForServer(server *httptest.Server) *http.Client {
 	return phttp.Default(pool)
 }

-func TestLogin(t *testing.T) { // nolint:gocyclo
+func TestLogin(t *testing.T) { //nolint:gocyclo
 	time1 := time.Date(2035, 10, 12, 13, 14, 15, 16, time.UTC)
 	time1Unix := int64(2075807775)
 	require.Equal(t, time1Unix, time1.Add(2*time.Minute).Unix())
@@ -1040,7 +1040,7 @@ func TestLogin(t *testing.T) { // nolint:gocyclo
 							return &http.Response{
 								StatusCode: http.StatusOK,
 								Header:     http.Header{"content-type": []string{"application/json"}},
-								Body:       ioutil.NopCloser(strings.NewReader(string(jsonResponseBody))),
+								Body:       io.NopCloser(strings.NewReader(string(jsonResponseBody))),
 							}, nil
 						default:
 							require.FailNow(t, fmt.Sprintf("saw unexpected http call from the CLI: %s", req.URL.String()))
@@ -1890,7 +1890,7 @@ func TestLogin(t *testing.T) { // nolint:gocyclo
 	for _, tt := range tests {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
-			testLogger := testlogger.NewLegacy(t) // nolint: staticcheck  // old test with lots of log statements
+			testLogger := testlogger.NewLegacy(t) //nolint:staticcheck  // old test with lots of log statements
 			klog.SetLogger(testLogger.Logger)

 			tok, err := Login(tt.issuer, tt.clientID,
@@ -2333,7 +2333,7 @@ func TestHandleAuthCodeCallback(t *testing.T) {
 				state:     state.State("test-state"),
 				pkce:      pkce.Code("test-pkce"),
 				nonce:     nonce.Nonce("test-nonce"),
-				logger:    plog.Logr(), // nolint: staticcheck  // old test with no log assertions
+				logger:    plog.Logr(), //nolint:staticcheck  // old test with no log assertions
 				issuer:    "https://valid-issuer.com/with/some/path",
 			}
 			if tt.opt != nil {