From ca5ad85bbdc740aedea1963b9f8413a974db74ba Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Mon, 4 Dec 2023 11:05:12 -0800 Subject: [PATCH] Switch from gopkg.in/square/go-jose.v2 to github.com/go-jose/go-jose/v3 Made the switch wherever possible, but since fosite still uses the old gopkg.in/square/go-jose.v2 there was one test where we still need to use it as a direct dependency. --- go.mod | 4 ++-- go.sum | 4 ++-- .../authenticator/jwtcachefiller/jwtcachefiller.go | 4 ++-- .../authenticator/jwtcachefiller/jwtcachefiller_test.go | 4 ++-- internal/controller/supervisorconfig/jwks_observer.go | 4 ++-- internal/controller/supervisorconfig/jwks_observer_test.go | 2 +- internal/controller/supervisorconfig/jwks_writer.go | 2 +- .../endpoints/jwks/dynamic_jwks_provider.go | 2 +- .../federationdomain/endpoints/jwks/jwks_handler_test.go | 2 +- .../federationdomain/endpoints/token/token_handler_test.go | 4 ++-- internal/federationdomain/endpointsmanager/manager_test.go | 2 +- .../strategy/dynamic_open_id_connect_ecdsa_strategy_test.go | 2 +- .../authorizationcode/authorizationcode_test.go | 4 ++-- internal/testutil/oidctestutil/oidctestutil.go | 2 +- internal/upstreamoidc/upstreamoidc_test.go | 2 +- test/integration/cli_test.go | 2 +- test/integration/concierge_credentialrequest_test.go | 6 +++--- test/integration/supervisor_secrets_test.go | 2 +- 18 files changed, 27 insertions(+), 27 deletions(-) diff --git a/go.mod b/go.mod index 29458a2a5..2b84a76d0 100644 --- a/go.mod +++ b/go.mod @@ -17,6 +17,7 @@ require ( github.com/creack/pty v1.1.21 github.com/davecgh/go-spew v1.1.1 github.com/felixge/httpsnoop v1.0.4 + github.com/go-jose/go-jose/v3 v3.0.1 github.com/go-ldap/ldap/v3 v3.4.6 github.com/go-logr/logr v1.3.0 github.com/go-logr/stdr v1.2.2 @@ -46,7 +47,7 @@ require ( golang.org/x/sync v0.5.0 golang.org/x/term v0.15.0 golang.org/x/text v0.14.0 - gopkg.in/square/go-jose.v2 v2.6.0 + gopkg.in/square/go-jose.v2 v2.6.0 // this deprecated pkg is still used by fosite - we need it as a direct dep for one test k8s.io/api v0.28.4 k8s.io/apiextensions-apiserver v0.28.4 k8s.io/apimachinery v0.28.4 @@ -83,7 +84,6 @@ require ( github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect - github.com/go-jose/go-jose/v3 v3.0.0 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect diff --git a/go.sum b/go.sum index 24a5550cc..0240c345c 100644 --- a/go.sum +++ b/go.sum @@ -157,8 +157,8 @@ github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkPro github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo= -github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= +github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA= +github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-ldap/ldap/v3 v3.4.6 h1:ert95MdbiG7aWo/oPYp9btL3KJlMPKnP58r09rI8T+A= github.com/go-ldap/ldap/v3 v3.4.6/go.mod h1:IGMQANNtxpsOzj7uUAMjpGBaOVTC4DYyIy8VsTdxmtc= diff --git a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller.go b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller.go index ad71a100c..0000c86b1 100644 --- a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller.go +++ b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 // Package jwtcachefiller implements a controller for filling an authncache.Cache with each @@ -13,8 +13,8 @@ import ( "time" coreosoidc "github.com/coreos/go-oidc/v3/oidc" + "github.com/go-jose/go-jose/v3" "github.com/go-logr/logr" - "gopkg.in/square/go-jose.v2" "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apiserver/plugin/pkg/authenticator/token/oidc" diff --git a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go index 6cc2bc766..cd95bfdb4 100644 --- a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go +++ b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go @@ -19,10 +19,10 @@ import ( "testing" "time" + "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v3/jwt" "github.com/golang/mock/gomock" "github.com/stretchr/testify/require" - "gopkg.in/square/go-jose.v2" - "gopkg.in/square/go-jose.v2/jwt" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/wait" diff --git a/internal/controller/supervisorconfig/jwks_observer.go b/internal/controller/supervisorconfig/jwks_observer.go index 588d8b5fe..4eef5bf9f 100644 --- a/internal/controller/supervisorconfig/jwks_observer.go +++ b/internal/controller/supervisorconfig/jwks_observer.go @@ -1,4 +1,4 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package supervisorconfig @@ -7,7 +7,7 @@ import ( "encoding/json" "fmt" - "gopkg.in/square/go-jose.v2" + "github.com/go-jose/go-jose/v3" "k8s.io/apimachinery/pkg/labels" corev1informers "k8s.io/client-go/informers/core/v1" diff --git a/internal/controller/supervisorconfig/jwks_observer_test.go b/internal/controller/supervisorconfig/jwks_observer_test.go index 223192476..c56e03fad 100644 --- a/internal/controller/supervisorconfig/jwks_observer_test.go +++ b/internal/controller/supervisorconfig/jwks_observer_test.go @@ -8,10 +8,10 @@ import ( "encoding/json" "testing" + "github.com/go-jose/go-jose/v3" "github.com/sclevine/spec" "github.com/sclevine/spec/report" "github.com/stretchr/testify/require" - "gopkg.in/square/go-jose.v2" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" k8sinformers "k8s.io/client-go/informers" diff --git a/internal/controller/supervisorconfig/jwks_writer.go b/internal/controller/supervisorconfig/jwks_writer.go index 58bd48569..965f586d3 100644 --- a/internal/controller/supervisorconfig/jwks_writer.go +++ b/internal/controller/supervisorconfig/jwks_writer.go @@ -12,7 +12,7 @@ import ( "fmt" "io" - "gopkg.in/square/go-jose.v2" + "github.com/go-jose/go-jose/v3" corev1 "k8s.io/api/core/v1" k8serrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/internal/federationdomain/endpoints/jwks/dynamic_jwks_provider.go b/internal/federationdomain/endpoints/jwks/dynamic_jwks_provider.go index cb8f8e41b..a2f08897f 100644 --- a/internal/federationdomain/endpoints/jwks/dynamic_jwks_provider.go +++ b/internal/federationdomain/endpoints/jwks/dynamic_jwks_provider.go @@ -6,7 +6,7 @@ package jwks import ( "sync" - "gopkg.in/square/go-jose.v2" + "github.com/go-jose/go-jose/v3" ) type DynamicJWKSProvider interface { diff --git a/internal/federationdomain/endpoints/jwks/jwks_handler_test.go b/internal/federationdomain/endpoints/jwks/jwks_handler_test.go index 69d624ce5..1c630e5d7 100644 --- a/internal/federationdomain/endpoints/jwks/jwks_handler_test.go +++ b/internal/federationdomain/endpoints/jwks/jwks_handler_test.go @@ -9,8 +9,8 @@ import ( "net/http/httptest" "testing" + "github.com/go-jose/go-jose/v3" "github.com/stretchr/testify/require" - "gopkg.in/square/go-jose.v2" "go.pinniped.dev/internal/here" ) diff --git a/internal/federationdomain/endpoints/token/token_handler_test.go b/internal/federationdomain/endpoints/token/token_handler_test.go index c444b7b0e..260d16b9e 100644 --- a/internal/federationdomain/endpoints/token/token_handler_test.go +++ b/internal/federationdomain/endpoints/token/token_handler_test.go @@ -21,6 +21,8 @@ import ( "testing" "time" + "github.com/go-jose/go-jose/v3" + josejwt "github.com/go-jose/go-jose/v3/jwt" "github.com/ory/fosite" fositeoauth2 "github.com/ory/fosite/handler/oauth2" "github.com/ory/fosite/handler/openid" @@ -30,8 +32,6 @@ import ( "github.com/stretchr/testify/require" "golang.org/x/crypto/bcrypt" "golang.org/x/oauth2" - "gopkg.in/square/go-jose.v2" - josejwt "gopkg.in/square/go-jose.v2/jwt" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/types" diff --git a/internal/federationdomain/endpointsmanager/manager_test.go b/internal/federationdomain/endpointsmanager/manager_test.go index d87f47695..639160205 100644 --- a/internal/federationdomain/endpointsmanager/manager_test.go +++ b/internal/federationdomain/endpointsmanager/manager_test.go @@ -14,9 +14,9 @@ import ( "strings" "testing" + "github.com/go-jose/go-jose/v3" "github.com/sclevine/spec" "github.com/stretchr/testify/require" - "gopkg.in/square/go-jose.v2" "k8s.io/client-go/kubernetes/fake" supervisorfake "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/fake" diff --git a/internal/federationdomain/strategy/dynamic_open_id_connect_ecdsa_strategy_test.go b/internal/federationdomain/strategy/dynamic_open_id_connect_ecdsa_strategy_test.go index 94bf676a7..e2e15cba5 100644 --- a/internal/federationdomain/strategy/dynamic_open_id_connect_ecdsa_strategy_test.go +++ b/internal/federationdomain/strategy/dynamic_open_id_connect_ecdsa_strategy_test.go @@ -14,11 +14,11 @@ import ( "testing" "time" + "github.com/go-jose/go-jose/v3" "github.com/ory/fosite" "github.com/ory/fosite/handler/openid" "github.com/ory/fosite/token/jwt" "github.com/stretchr/testify/require" - "gopkg.in/square/go-jose.v2" "go.pinniped.dev/internal/federationdomain/endpoints/jwks" "go.pinniped.dev/internal/testutil/oidctestutil" diff --git a/internal/fositestorage/authorizationcode/authorizationcode_test.go b/internal/fositestorage/authorizationcode/authorizationcode_test.go index 69912765f..94c19a087 100644 --- a/internal/fositestorage/authorizationcode/authorizationcode_test.go +++ b/internal/fositestorage/authorizationcode/authorizationcode_test.go @@ -22,7 +22,7 @@ import ( "github.com/ory/fosite/token/jwt" "github.com/pkg/errors" "github.com/stretchr/testify/require" - "gopkg.in/square/go-jose.v2" + deprecatedjose "gopkg.in/square/go-jose.v2" // fosite still uses the deprecated jose library (replaced by github.com/go-jose/go-jose/v3), but since this test wants to fuzz values of fosite objects, it needs to use the same package that fosite uses corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -321,7 +321,7 @@ func TestFuzzAndJSONNewValidEmptyAuthorizeCodeSession(t *testing.T) { }, // JWK contains an interface{} Key that we need to handle // this is safe because JWK explicitly implements JSON marshalling and unmarshalling - func(jwk *jose.JSONWebKey, c fuzz.Continue) { + func(jwk *deprecatedjose.JSONWebKey, c fuzz.Continue) { key, _, err := ed25519.GenerateKey(c) require.NoError(t, err) jwk.Key = key diff --git a/internal/testutil/oidctestutil/oidctestutil.go b/internal/testutil/oidctestutil/oidctestutil.go index 33eae1691..a9c09f12d 100644 --- a/internal/testutil/oidctestutil/oidctestutil.go +++ b/internal/testutil/oidctestutil/oidctestutil.go @@ -15,11 +15,11 @@ import ( "time" coreosoidc "github.com/coreos/go-oidc/v3/oidc" + "github.com/go-jose/go-jose/v3" "github.com/gorilla/securecookie" "github.com/ory/fosite" "github.com/stretchr/testify/require" "golang.org/x/oauth2" - "gopkg.in/square/go-jose.v2" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/types" diff --git a/internal/upstreamoidc/upstreamoidc_test.go b/internal/upstreamoidc/upstreamoidc_test.go index cc4f06a23..c792b988b 100644 --- a/internal/upstreamoidc/upstreamoidc_test.go +++ b/internal/upstreamoidc/upstreamoidc_test.go @@ -17,10 +17,10 @@ import ( "unsafe" "github.com/coreos/go-oidc/v3/oidc" + "github.com/go-jose/go-jose/v3" "github.com/golang/mock/gomock" "github.com/stretchr/testify/require" "golang.org/x/oauth2" - "gopkg.in/square/go-jose.v2" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "go.pinniped.dev/internal/federationdomain/dynamicupstreamprovider" diff --git a/test/integration/cli_test.go b/test/integration/cli_test.go index 910bd3628..968b7d065 100644 --- a/test/integration/cli_test.go +++ b/test/integration/cli_test.go @@ -18,10 +18,10 @@ import ( "testing" "time" + "github.com/go-jose/go-jose/v3" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "golang.org/x/sync/errgroup" - "gopkg.in/square/go-jose.v2" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" clientauthenticationv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1" diff --git a/test/integration/concierge_credentialrequest_test.go b/test/integration/concierge_credentialrequest_test.go index d0eca9a91..fcab59a6a 100644 --- a/test/integration/concierge_credentialrequest_test.go +++ b/test/integration/concierge_credentialrequest_test.go @@ -10,8 +10,8 @@ import ( "testing" "time" + "github.com/go-jose/go-jose/v3/jwt" "github.com/stretchr/testify/require" - jwtpkg "gopkg.in/square/go-jose.v2/jwt" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -209,10 +209,10 @@ func safeDerefStringPtr(s *string) string { return *s } -func getJWTSubAndGroupsClaims(t *testing.T, jwt string) (string, []string) { +func getJWTSubAndGroupsClaims(t *testing.T, jwtToken string) (string, []string) { t.Helper() - token, err := jwtpkg.ParseSigned(jwt) + token, err := jwt.ParseSigned(jwtToken) require.NoError(t, err) var claims struct { diff --git a/test/integration/supervisor_secrets_test.go b/test/integration/supervisor_secrets_test.go index 66321f590..2ee1643c8 100644 --- a/test/integration/supervisor_secrets_test.go +++ b/test/integration/supervisor_secrets_test.go @@ -10,8 +10,8 @@ import ( "testing" "time" + "github.com/go-jose/go-jose/v3" "github.com/stretchr/testify/require" - "gopkg.in/square/go-jose.v2" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"