Commit 936816af authored by rithu leena john's avatar rithu leena john Committed by GitHub

Merge pull request #715 from ericchiang/update-go-oidc

*: update vendored go-oidc
parents 614fbdfb 7a3658ac
hash: c3530f2a60a64c2efc4c3ac499fcd15f79de2a532715ba2b9841c1d404942b2e hash: 773c45cb2136423f907496cc1ba67e0c58b35e237b15b0d5f212dce598265442
updated: 2016-11-17T15:18:56.701287533-08:00 updated: 2016-12-01T13:12:54.401738528-08:00
imports: imports:
- name: github.com/cockroachdb/cockroach-go - name: github.com/cockroachdb/cockroach-go
version: 31611c0501c812f437d4861d87d117053967c955 version: 31611c0501c812f437d4861d87d117053967c955
subpackages: subpackages:
- crdb - crdb
- name: github.com/coreos/go-oidc - name: github.com/coreos/go-oidc
version: 5a7f09ab5787e846efa7f56f4a08b6d6926d08c4 version: dedb650fb29c39c2f21aa88c1e4cec66da8754d1
- name: github.com/ghodss/yaml - name: github.com/ghodss/yaml
version: bea76d6a4713e18b7f5321a2b020738552def3ea version: bea76d6a4713e18b7f5321a2b020738552def3ea
- name: github.com/go-sql-driver/mysql - name: github.com/go-sql-driver/mysql
......
...@@ -51,7 +51,7 @@ import: ...@@ -51,7 +51,7 @@ import:
- bcrypt - bcrypt
- package: github.com/coreos/go-oidc - package: github.com/coreos/go-oidc
version: 5a7f09ab5787e846efa7f56f4a08b6d6926d08c4 version: dedb650fb29c39c2f21aa88c1e4cec66da8754d1
- package: github.com/pquerna/cachecontrol - package: github.com/pquerna/cachecontrol
version: c97913dcbd76de40b051a9b4cd827f7eaeb7a868 version: c97913dcbd76de40b051a9b4cd827f7eaeb7a868
- package: golang.org/x/oauth2 - package: golang.org/x/oauth2
......
...@@ -5,7 +5,7 @@ go: ...@@ -5,7 +5,7 @@ go:
- 1.6.3 - 1.6.3
install: install:
- go get -v -t github.com/coreos/go-oidc - go get -v -t github.com/coreos/go-oidc/...
- go get golang.org/x/tools/cmd/cover - go get golang.org/x/tools/cmd/cover
- go get github.com/golang/lint/golint - go get github.com/golang/lint/golint
......
...@@ -104,7 +104,7 @@ func encodeExponent(e int) string { ...@@ -104,7 +104,7 @@ func encodeExponent(e int) string {
break break
} }
} }
return base64.URLEncoding.EncodeToString(b[idx:]) return base64.RawURLEncoding.EncodeToString(b[idx:])
} }
// Turns a URL encoded modulus of a key into a big int. // Turns a URL encoded modulus of a key into a big int.
...@@ -119,7 +119,7 @@ func decodeModulus(n string) (*big.Int, error) { ...@@ -119,7 +119,7 @@ func decodeModulus(n string) (*big.Int, error) {
} }
func encodeModulus(n *big.Int) string { func encodeModulus(n *big.Int) string {
return base64.URLEncoding.EncodeToString(n.Bytes()) return base64.RawURLEncoding.EncodeToString(n.Bytes())
} }
// decodeBase64URLPaddingOptional decodes Base64 whether there is padding or not. // decodeBase64URLPaddingOptional decodes Base64 whether there is padding or not.
......
...@@ -39,38 +39,39 @@ type remoteKeySet struct { ...@@ -39,38 +39,39 @@ type remoteKeySet struct {
// guard all other fields // guard all other fields
mu sync.Mutex mu sync.Mutex
// inflightCtx is the context of the current HTTP request to update the keys. // inflightCtx suppresses parallel execution of updateKeys and allows
// Its Err() method returns any errors encountered during that attempt. // multiple goroutines to wait for its result.
// Its Err() method returns any errors encountered during updateKeys.
// //
// If nil, there is no inflight request. // If nil, there is no inflight updateKeys request.
inflightCtx context.Context inflightCtx *inflight
// A set of cached keys and their expiry. // A set of cached keys and their expiry.
cachedKeys []jose.JSONWebKey cachedKeys []jose.JSONWebKey
expiry time.Time expiry time.Time
} }
// errContext is a context with a customizable Err() return value. // inflight is used to wait on some in-flight request from multiple goroutines
type errContext struct { type inflight struct {
context.Context done chan struct{}
cf context.CancelFunc
err error err error
} }
func newErrContext(parent context.Context) *errContext { // Done returns a channel that is closed when the inflight request finishes.
ctx, cancel := context.WithCancel(parent) func (i *inflight) Done() <-chan struct{} {
return &errContext{ctx, cancel, nil} return i.done
} }
func (e errContext) Err() error { // Err returns any error encountered during request execution. May be nil.
return e.err func (i *inflight) Err() error {
return i.err
} }
// cancel cancels the errContext causing listeners on Done() to return. // Cancel signals completion of the inflight request with error err.
func (e errContext) cancel(err error) { // Must be called only once for particular inflight instance.
e.err = err func (i *inflight) Cancel(err error) {
e.cf() i.err = err
close(i.done)
} }
func (r *remoteKeySet) keysWithIDFromCache(keyIDs []string) ([]jose.JSONWebKey, bool) { func (r *remoteKeySet) keysWithIDFromCache(keyIDs []string) ([]jose.JSONWebKey, bool) {
...@@ -105,18 +106,15 @@ func (r *remoteKeySet) keysWithID(ctx context.Context, keyIDs []string) ([]jose. ...@@ -105,18 +106,15 @@ func (r *remoteKeySet) keysWithID(ctx context.Context, keyIDs []string) ([]jose.
return keys, nil return keys, nil
} }
var inflightCtx context.Context var inflightCtx *inflight
func() { func() {
r.mu.Lock() r.mu.Lock()
defer r.mu.Unlock() defer r.mu.Unlock()
// If there's not a current inflight request, create one. // If there's not a current inflight request, create one.
if r.inflightCtx == nil { if r.inflightCtx == nil {
// Use the remoteKeySet's context instead of the requests context inflightCtx := &inflight{make(chan struct{}), nil}
// because a re-sync is unique to the keys set and will span multiple r.inflightCtx = inflightCtx
// requests.
errCtx := newErrContext(r.ctx)
r.inflightCtx = errCtx
go func() { go func() {
// TODO(ericchiang): Upstream Kubernetes request that we recover every time // TODO(ericchiang): Upstream Kubernetes request that we recover every time
...@@ -131,7 +129,10 @@ func (r *remoteKeySet) keysWithID(ctx context.Context, keyIDs []string) ([]jose. ...@@ -131,7 +129,10 @@ func (r *remoteKeySet) keysWithID(ctx context.Context, keyIDs []string) ([]jose.
// See: https://github.com/coreos/go-oidc/issues/89 // See: https://github.com/coreos/go-oidc/issues/89
// Sync keys and close inflightCtx when that's done. // Sync keys and close inflightCtx when that's done.
errCtx.cancel(r.updateKeys(r.inflightCtx)) // Use the remoteKeySet's context instead of the requests context
// because a re-sync is unique to the keys set and will span multiple
// requests.
inflightCtx.Cancel(r.updateKeys(r.ctx))
r.mu.Lock() r.mu.Lock()
defer r.mu.Unlock() defer r.mu.Unlock()
......
...@@ -76,7 +76,7 @@ func TestPublicKeyMarshalJSON(t *testing.T) { ...@@ -76,7 +76,7 @@ func TestPublicKeyMarshalJSON(t *testing.T) {
Modulus: big.NewInt(int64(17)), Modulus: big.NewInt(int64(17)),
Exponent: 65537, Exponent: 65537,
} }
want := `{"kid":"foo","kty":"RSA","alg":"RS256","use":"sig","e":"AQAB","n":"EQ=="}` want := `{"kid":"foo","kty":"RSA","alg":"RS256","use":"sig","e":"AQAB","n":"EQ"}`
pubKey := NewPublicKey(k) pubKey := NewPublicKey(k)
gotBytes, err := pubKey.MarshalJSON() gotBytes, err := pubKey.MarshalJSON()
if err != nil { if err != nil {
......
...@@ -11,6 +11,7 @@ import ( ...@@ -11,6 +11,7 @@ import (
"time" "time"
"golang.org/x/net/context" "golang.org/x/net/context"
"golang.org/x/net/context/ctxhttp"
"golang.org/x/oauth2" "golang.org/x/oauth2"
jose "gopkg.in/square/go-jose.v2" jose "gopkg.in/square/go-jose.v2"
) )
...@@ -84,7 +85,7 @@ type providerJSON struct { ...@@ -84,7 +85,7 @@ type providerJSON struct {
// or "https://login.salesforce.com". // or "https://login.salesforce.com".
func NewProvider(ctx context.Context, issuer string) (*Provider, error) { func NewProvider(ctx context.Context, issuer string) (*Provider, error) {
wellKnown := strings.TrimSuffix(issuer, "/") + "/.well-known/openid-configuration" wellKnown := strings.TrimSuffix(issuer, "/") + "/.well-known/openid-configuration"
resp, err := clientFromContext(ctx).Get(wellKnown) resp, err := ctxhttp.Get(ctx, clientFromContext(ctx), wellKnown)
if err != nil { if err != nil {
return nil, err return nil, err
} }
...@@ -161,7 +162,19 @@ func (p *Provider) UserInfo(ctx context.Context, tokenSource oauth2.TokenSource) ...@@ -161,7 +162,19 @@ func (p *Provider) UserInfo(ctx context.Context, tokenSource oauth2.TokenSource)
if p.userInfoURL == "" { if p.userInfoURL == "" {
return nil, errors.New("oidc: user info endpoint is not supported by this provider") return nil, errors.New("oidc: user info endpoint is not supported by this provider")
} }
resp, err := clientFromContext(ctx).Get(p.userInfoURL)
req, err := http.NewRequest("GET", p.userInfoURL, nil)
if err != nil {
return nil, fmt.Errorf("oidc: create GET request: %v", err)
}
token, err := tokenSource.Token()
if err != nil {
return nil, fmt.Errorf("oidc: get access token: %v", err)
}
token.SetAuthHeader(req)
resp, err := ctxhttp.Do(ctx, clientFromContext(ctx), req)
if err != nil { if err != nil {
return nil, err return nil, err
} }
......
...@@ -567,7 +567,7 @@ func (n *pcsStepNext) step(fn pcsStepFunc) (next pcsStepper) { ...@@ -567,7 +567,7 @@ func (n *pcsStepNext) step(fn pcsStepFunc) (next pcsStepper) {
next = &pcsStepNext{aft: ttl} next = &pcsStepNext{aft: ttl}
} else { } else {
next = &pcsStepRetry{aft: time.Second} next = &pcsStepRetry{aft: time.Second}
log.Printf("go-oidc: provider config sync falied, retyring in %v: %v", next.after(), err) log.Printf("go-oidc: provider config sync failed, retrying in %v: %v", next.after(), err)
} }
return return
} }
...@@ -586,7 +586,7 @@ func (r *pcsStepRetry) step(fn pcsStepFunc) (next pcsStepper) { ...@@ -586,7 +586,7 @@ func (r *pcsStepRetry) step(fn pcsStepFunc) (next pcsStepper) {
next = &pcsStepNext{aft: ttl} next = &pcsStepNext{aft: ttl}
} else { } else {
next = &pcsStepRetry{aft: timeutil.ExpBackoff(r.aft, time.Minute)} next = &pcsStepRetry{aft: timeutil.ExpBackoff(r.aft, time.Minute)}
log.Printf("go-oidc: provider config sync falied, retyring in %v: %v", next.after(), err) log.Printf("go-oidc: provider config sync failed, retrying in %v: %v", next.after(), err)
} }
return return
} }
......
...@@ -9,7 +9,7 @@ LINTABLE=$( go list -tags=golint -f ' ...@@ -9,7 +9,7 @@ LINTABLE=$( go list -tags=golint -f '
{{ range $i, $file := .TestGoFiles -}} {{ range $i, $file := .TestGoFiles -}}
{{ $file }} {{ end }}' github.com/coreos/go-oidc ) {{ $file }} {{ end }}' github.com/coreos/go-oidc )
go test -v -i -race github.com/coreos/go-oidc go test -v -i -race github.com/coreos/go-oidc/...
go test -v -race github.com/coreos/go-oidc go test -v -race github.com/coreos/go-oidc/...
golint $LINTABLE golint $LINTABLE
go vet github.com/coreos/go-oidc go vet github.com/coreos/go-oidc/...
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment