Merge pull request #715 from ericchiang/update-go-oidc

*: update vendored go-oidc

glide.lock

-hash: c3530f2a60a64c2efc4c3ac499fcd15f79de2a532715ba2b9841c1d404942b2e
-updated: 2016-11-17T15:18:56.701287533-08:00
+hash: 773c45cb2136423f907496cc1ba67e0c58b35e237b15b0d5f212dce598265442
+updated: 2016-12-01T13:12:54.401738528-08:00
 imports:
 - name: github.com/cockroachdb/cockroach-go
   version: 31611c0501c812f437d4861d87d117053967c955
   subpackages:
   - crdb
 - name: github.com/coreos/go-oidc
-  version: 5a7f09ab5787e846efa7f56f4a08b6d6926d08c4
+  version: dedb650fb29c39c2f21aa88c1e4cec66da8754d1
 - name: github.com/ghodss/yaml
   version: bea76d6a4713e18b7f5321a2b020738552def3ea
 - name: github.com/go-sql-driver/mysql

glide.yaml

@@ -51,7 +51,7 @@ import:
   - bcrypt
 
 - package: github.com/coreos/go-oidc
-  version: 5a7f09ab5787e846efa7f56f4a08b6d6926d08c4
+  version: dedb650fb29c39c2f21aa88c1e4cec66da8754d1
 - package: github.com/pquerna/cachecontrol
   version: c97913dcbd76de40b051a9b4cd827f7eaeb7a868
 - package: golang.org/x/oauth2

vendor/github.com/coreos/go-oidc/.travis.yml

@@ -5,7 +5,7 @@ go:
   - 1.6.3
 
 install:
- - go get -v -t github.com/coreos/go-oidc
+ - go get -v -t github.com/coreos/go-oidc/...
  - go get golang.org/x/tools/cmd/cover
  - go get github.com/golang/lint/golint
 

vendor/github.com/coreos/go-oidc/jose/jwk.go

@@ -104,7 +104,7 @@ func encodeExponent(e int) string {
 			break
 		}
 	}
-	return base64.URLEncoding.EncodeToString(b[idx:])
+	return base64.RawURLEncoding.EncodeToString(b[idx:])
 }
 
 // Turns a URL encoded modulus of a key into a big int.
@@ -119,7 +119,7 @@ func decodeModulus(n string) (*big.Int, error) {
 }
 
 func encodeModulus(n *big.Int) string {
-	return base64.URLEncoding.EncodeToString(n.Bytes())
+	return base64.RawURLEncoding.EncodeToString(n.Bytes())
 }
 
 // decodeBase64URLPaddingOptional decodes Base64 whether there is padding or not.

vendor/github.com/coreos/go-oidc/jwks.go

@@ -39,38 +39,39 @@ type remoteKeySet struct {
 	// guard all other fields
 	mu sync.Mutex
 
-	// inflightCtx is the context of the current HTTP request to update the keys.
-	// Its Err() method returns any errors encountered during that attempt.
+	// inflightCtx suppresses parallel execution of updateKeys and allows
+	// multiple goroutines to wait for its result.
+	// Its Err() method returns any errors encountered during updateKeys.
 	//
-	// If nil, there is no inflight request.
-	inflightCtx context.Context
+	// If nil, there is no inflight updateKeys request.
+	inflightCtx *inflight
 
 	// A set of cached keys and their expiry.
 	cachedKeys []jose.JSONWebKey
 	expiry     time.Time
 }
 
-// errContext is a context with a customizable Err() return value.
-type errContext struct {
-	context.Context
-
-	cf  context.CancelFunc
-	err error
+// inflight is used to wait on some in-flight request from multiple goroutines
+type inflight struct {
+	done chan struct{}
+	err  error
 }
 
-func newErrContext(parent context.Context) *errContext {
-	ctx, cancel := context.WithCancel(parent)
-	return &errContext{ctx, cancel, nil}
+// Done returns a channel that is closed when the inflight request finishes.
+func (i *inflight) Done() <-chan struct{} {
+	return i.done
 }
 
-func (e errContext) Err() error {
-	return e.err
+// Err returns any error encountered during request execution. May be nil.
+func (i *inflight) Err() error {
+	return i.err
 }
 
-// cancel cancels the errContext causing listeners on Done() to return.
-func (e errContext) cancel(err error) {
-	e.err = err
-	e.cf()
+// Cancel signals completion of the inflight request with error err.
+// Must be called only once for particular inflight instance.
+func (i *inflight) Cancel(err error) {
+	i.err = err
+	close(i.done)
 }
 
 func (r *remoteKeySet) keysWithIDFromCache(keyIDs []string) ([]jose.JSONWebKey, bool) {
@@ -105,18 +106,15 @@ func (r *remoteKeySet) keysWithID(ctx context.Context, keyIDs []string) ([]jose.
 		return keys, nil
 	}
 
-	var inflightCtx context.Context
+	var inflightCtx *inflight
 	func() {
 		r.mu.Lock()
 		defer r.mu.Unlock()
 
 		// If there's not a current inflight request, create one.
 		if r.inflightCtx == nil {
-			// Use the remoteKeySet's context instead of the requests context
-			// because a re-sync is unique to the keys set and will span multiple
-			// requests.
-			errCtx := newErrContext(r.ctx)
-			r.inflightCtx = errCtx
+			inflightCtx := &inflight{make(chan struct{}), nil}
+			r.inflightCtx = inflightCtx
 
 			go func() {
 				// TODO(ericchiang): Upstream Kubernetes request that we recover every time
@@ -131,7 +129,10 @@ func (r *remoteKeySet) keysWithID(ctx context.Context, keyIDs []string) ([]jose.
 				// See: https://github.com/coreos/go-oidc/issues/89
 
 				// Sync keys and close inflightCtx when that's done.
-				errCtx.cancel(r.updateKeys(r.inflightCtx))
+				// Use the remoteKeySet's context instead of the requests context
+				// because a re-sync is unique to the keys set and will span multiple
+				// requests.
+				inflightCtx.Cancel(r.updateKeys(r.ctx))
 
 				r.mu.Lock()
 				defer r.mu.Unlock()

vendor/github.com/coreos/go-oidc/key/key_test.go

@@ -76,7 +76,7 @@ func TestPublicKeyMarshalJSON(t *testing.T) {
 		Modulus:  big.NewInt(int64(17)),
 		Exponent: 65537,
 	}
-	want := `{"kid":"foo","kty":"RSA","alg":"RS256","use":"sig","e":"AQAB","n":"EQ=="}`
+	want := `{"kid":"foo","kty":"RSA","alg":"RS256","use":"sig","e":"AQAB","n":"EQ"}`
 	pubKey := NewPublicKey(k)
 	gotBytes, err := pubKey.MarshalJSON()
 	if err != nil {

vendor/github.com/coreos/go-oidc/oidc.go

@@ -11,6 +11,7 @@ import (
 	"time"
 
 	"golang.org/x/net/context"
+	"golang.org/x/net/context/ctxhttp"
 	"golang.org/x/oauth2"
 	jose "gopkg.in/square/go-jose.v2"
 )
@@ -84,7 +85,7 @@ type providerJSON struct {
 // or "https://login.salesforce.com".
 func NewProvider(ctx context.Context, issuer string) (*Provider, error) {
 	wellKnown := strings.TrimSuffix(issuer, "/") + "/.well-known/openid-configuration"
-	resp, err := clientFromContext(ctx).Get(wellKnown)
+	resp, err := ctxhttp.Get(ctx, clientFromContext(ctx), wellKnown)
 	if err != nil {
 		return nil, err
 	}
@@ -161,7 +162,19 @@ func (p *Provider) UserInfo(ctx context.Context, tokenSource oauth2.TokenSource)
 	if p.userInfoURL == "" {
 		return nil, errors.New("oidc: user info endpoint is not supported by this provider")
 	}
-	resp, err := clientFromContext(ctx).Get(p.userInfoURL)
+
+	req, err := http.NewRequest("GET", p.userInfoURL, nil)
+	if err != nil {
+		return nil, fmt.Errorf("oidc: create GET request: %v", err)
+	}
+
+	token, err := tokenSource.Token()
+	if err != nil {
+		return nil, fmt.Errorf("oidc: get access token: %v", err)
+	}
+	token.SetAuthHeader(req)
+
+	resp, err := ctxhttp.Do(ctx, clientFromContext(ctx), req)
 	if err != nil {
 		return nil, err
 	}

vendor/github.com/coreos/go-oidc/oidc/provider.go

@@ -567,7 +567,7 @@ func (n *pcsStepNext) step(fn pcsStepFunc) (next pcsStepper) {
 		next = &pcsStepNext{aft: ttl}
 	} else {
 		next = &pcsStepRetry{aft: time.Second}
-		log.Printf("go-oidc: provider config sync falied, retyring in %v: %v", next.after(), err)
+		log.Printf("go-oidc: provider config sync failed, retrying in %v: %v", next.after(), err)
 	}
 	return
 }
@@ -586,7 +586,7 @@ func (r *pcsStepRetry) step(fn pcsStepFunc) (next pcsStepper) {
 		next = &pcsStepNext{aft: ttl}
 	} else {
 		next = &pcsStepRetry{aft: timeutil.ExpBackoff(r.aft, time.Minute)}
-		log.Printf("go-oidc: provider config sync falied, retyring in %v: %v", next.after(), err)
+		log.Printf("go-oidc: provider config sync failed, retrying in %v: %v", next.after(), err)
 	}
 	return
 }

vendor/github.com/coreos/go-oidc/test

@@ -9,7 +9,7 @@ LINTABLE=$( go list -tags=golint -f '
   {{ range $i, $file := .TestGoFiles -}}
     {{ $file }} {{ end }}' github.com/coreos/go-oidc )
 
-go test -v -i -race github.com/coreos/go-oidc
-go test -v -race github.com/coreos/go-oidc
+go test -v -i -race github.com/coreos/go-oidc/...
+go test -v -race github.com/coreos/go-oidc/...
 golint $LINTABLE
-go vet github.com/coreos/go-oidc
+go vet github.com/coreos/go-oidc/...