Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 6107ed11f3d8a3da38a5461bde69341ccec9353b / . / third_party / go / patches / k8s-adopt-to-go-jose-2.3.patch
blob: 9efd08a67b2f4257a87b1a422b0e65a316d37d18 [file] [log] [blame]
From a1411288423dfc4062844b9f699a30fd7cbe090d Mon Sep 17 00:00:00 2001
From: Lorenz Brun <lorenz@monogon.tech>
Date: Mon, 21 Mar 2022 15:20:19 +0100
Subject: [PATCH 1/2] Adopt to API breakage in go-jose 2.3.0
---
pkg/serviceaccount/claims_test.go | 40 +++++++++++-----------
test/integration/auth/svcaccttoken_test.go | 6 ++--
2 files changed, 23 insertions(+), 23 deletions(-)
diff --git a/pkg/serviceaccount/claims_test.go b/pkg/serviceaccount/claims_test.go
index 2e968f60335..a0b5a595c2f 100644
--- a/pkg/serviceaccount/claims_test.go
+++ b/pkg/serviceaccount/claims_test.go
@@ -85,9 +85,9 @@ func TestClaims(t *testing.T) {
sc: &jwt.Claims{
Subject: "system:serviceaccount:myns:mysvcacct",
- IssuedAt: jwt.NumericDate(1514764800),
- NotBefore: jwt.NumericDate(1514764800),
- Expiry: jwt.NumericDate(1514764800),
+ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
+ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
+ Expiry: jwt.NewNumericDate(time.Unix(1514764800, 0)),
},
pc: &privateClaims{
Kubernetes: kubernetes{
@@ -107,9 +107,9 @@ func TestClaims(t *testing.T) {
sc: &jwt.Claims{
Subject: "system:serviceaccount:myns:mysvcacct",
- IssuedAt: jwt.NumericDate(1514764800),
- NotBefore: jwt.NumericDate(1514764800),
- Expiry: jwt.NumericDate(1514764800 + 100),
+ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
+ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
+ Expiry: jwt.NewNumericDate(time.Unix(1514764800+100, 0)),
},
pc: &privateClaims{
Kubernetes: kubernetes{
@@ -130,9 +130,9 @@ func TestClaims(t *testing.T) {
sc: &jwt.Claims{
Subject: "system:serviceaccount:myns:mysvcacct",
Audience: []string{"1"},
- IssuedAt: jwt.NumericDate(1514764800),
- NotBefore: jwt.NumericDate(1514764800),
- Expiry: jwt.NumericDate(1514764800 + 100),
+ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
+ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
+ Expiry: jwt.NewNumericDate(time.Unix(1514764800+100, 0)),
},
pc: &privateClaims{
Kubernetes: kubernetes{
@@ -152,9 +152,9 @@ func TestClaims(t *testing.T) {
sc: &jwt.Claims{
Subject: "system:serviceaccount:myns:mysvcacct",
Audience: []string{"1", "2"},
- IssuedAt: jwt.NumericDate(1514764800),
- NotBefore: jwt.NumericDate(1514764800),
- Expiry: jwt.NumericDate(1514764800 + 100),
+ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
+ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
+ Expiry: jwt.NewNumericDate(time.Unix(1514764800+100, 0)),
},
pc: &privateClaims{
Kubernetes: kubernetes{
@@ -175,16 +175,16 @@ func TestClaims(t *testing.T) {
sc: &jwt.Claims{
Subject: "system:serviceaccount:myns:mysvcacct",
- IssuedAt: jwt.NumericDate(1514764800),
- NotBefore: jwt.NumericDate(1514764800),
- Expiry: jwt.NumericDate(1514764800 + 60*60*24),
+ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
+ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
+ Expiry: jwt.NewNumericDate(time.Unix(1514764800+60*60*24, 0)),
},
pc: &privateClaims{
Kubernetes: kubernetes{
Namespace: "myns",
Svcacct: ref{Name: "mysvcacct", UID: "mysvcacct-uid"},
Pod: &ref{Name: "mypod", UID: "mypod-uid"},
- WarnAfter: jwt.NumericDate(1514764800 + 60*60),
+ WarnAfter: jwt.NewNumericDate(time.Unix(1514764800+60*60, 0)),
},
},
},
@@ -223,8 +223,8 @@ type claimTestCase struct {
name string
getter ServiceAccountTokenGetter
private *privateClaims
- expiry jwt.NumericDate
- notBefore jwt.NumericDate
+ expiry *jwt.NumericDate
+ notBefore *jwt.NumericDate
expectErr string
}
@@ -365,8 +365,8 @@ func TestValidatePrivateClaims(t *testing.T) {
for _, tc := range testcases {
t.Run(tc.name, func(t *testing.T) {
v := &validator{tc.getter}
- expiry := jwt.NumericDate(nowUnix)
- if tc.expiry != 0 {
+ expiry := jwt.NewNumericDate(time.Unix(nowUnix, 0))
+ if tc.expiry != nil {
expiry = tc.expiry
}
_, err := v.Validate(context.Background(), "", &jwt.Claims{Expiry: expiry, NotBefore: tc.notBefore}, tc.private)
diff --git a/test/integration/auth/svcaccttoken_test.go b/test/integration/auth/svcaccttoken_test.go
index da50bf4736e..5311b6c90c3 100644
--- a/test/integration/auth/svcaccttoken_test.go
+++ b/test/integration/auth/svcaccttoken_test.go
@@ -421,16 +421,16 @@ func TestServiceAccountTokenCreate(t *testing.T) {
t.Fatalf("error parsing warnafter: %v", err)
}
- if exp < int64(actualExpiry)-leeway || exp > int64(actualExpiry)+leeway {
+ if exp < int64(*actualExpiry)-leeway || exp > int64(*actualExpiry)+leeway {
t.Errorf("unexpected token exp %d, should within range of %d +- %d seconds", exp, actualExpiry, leeway)
}
- if warnafter < int64(assumedExpiry)-leeway || warnafter > int64(assumedExpiry)+leeway {
+ if warnafter < int64(*assumedExpiry)-leeway || warnafter > int64(*assumedExpiry)+leeway {
t.Errorf("unexpected token warnafter %d, should within range of %d +- %d seconds", warnafter, assumedExpiry, leeway)
}
checkExpiration(t, treq, requestExp)
expStatus := treq.Status.ExpirationTimestamp.Time.Unix()
- if expStatus < int64(assumedExpiry)-leeway || warnafter > int64(assumedExpiry)+leeway {
+ if expStatus < int64(*assumedExpiry)-leeway || warnafter > int64(*assumedExpiry)+leeway {
t.Errorf("unexpected expiration returned in tokenrequest status %d, should within range of %d +- %d seconds", expStatus, assumedExpiry, leeway)
}
})
--
2.25.1