Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / d13c1c64387ca9a83bb832a3faa5c4b07268d265^! / . / third_party / go / patches / k8s-jose-semver-fix.patch
commitd13c1c64387ca9a83bb832a3faa5c4b07268d265[log] [tgz]
authorLorenz Brun <lorenz@monogon.tech>Wed Mar 30 19:58:58 2022 +0200
committerLorenz Brun <lorenz@monogon.tech>Tue Apr 05 10:35:29 2022 +0000
tree0c0f534db4726e4400486aad25235e8c573d455e
parent79a1a8f9dd49afe8e0a2364c4586b8f39525b204 [diff] [blame]
treewide: switch to gomod and bump everything

This switches version resolution from fietsje to gomod and updates
all Go dependencies. It also bumps rules_go (required by gVisor) and
switches the Gazelle naming convention from go_default_xxx to the
standard Bazel convention of the default target having the package
name.

Since Kubernetes dropped upstream Bazel support and doesn't check in
all generated files I manually pregenerated the OpenAPI spec. This
should be fixed, but because of the already-huge scope of this CL
and the rebase complexity this is not in here.

Change-Id: Iec8ea613d06946882426c2f9fad5bda7e8aaf833
Reviewed-on: https://review.monogon.dev/c/monogon/+/639
Reviewed-by: Sergiusz Bazanski <serge@monogon.tech>
Reviewed-by: Leopold Schabel <leo@nexantic.com>

diff --git a/third_party/go/patches/k8s-jose-semver-fix.patch b/third_party/go/patches/k8s-jose-semver-fix.patch
new file mode 100644
index 0000000..423485a
--- /dev/null
+++ b/third_party/go/patches/k8s-jose-semver-fix.patch

@@ -0,0 +1,34 @@
+From b0b42e86e834a1d02fe83f7be3663d19f6a1ee80 Mon Sep 17 00:00:00 2001
+From: Lorenz Brun <lorenz@monogon.tech>
+Date: Thu, 17 Mar 2022 16:56:29 +0100
+Subject: [PATCH] Fix for semver breakage in go-jose
+
+---
+ pkg/serviceaccount/claims.go | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pkg/serviceaccount/claims.go b/pkg/serviceaccount/claims.go
+index 1e1475c779f..06620f7a420 100644
+--- a/pkg/serviceaccount/claims.go
++++ b/pkg/serviceaccount/claims.go
+@@ -50,7 +50,7 @@ type kubernetes struct {
+ 	Svcacct   ref             `json:"serviceaccount,omitempty"`
+ 	Pod       *ref            `json:"pod,omitempty"`
+ 	Secret    *ref            `json:"secret,omitempty"`
+-	WarnAfter jwt.NumericDate `json:"warnafter,omitempty"`
++	WarnAfter *jwt.NumericDate `json:"warnafter,omitempty"`
+ }
+ 
+ type ref struct {
+@@ -198,7 +198,7 @@ func (v *validator) Validate(ctx context.Context, _ string, public *jwt.Claims,
+ 
+ 	// Check special 'warnafter' field for projected service account token transition.
+ 	warnafter := private.Kubernetes.WarnAfter
+-	if warnafter != 0 {
++	if warnafter != nil {
+ 		if nowTime.After(warnafter.Time()) {
+ 			secondsAfterWarn := nowTime.Unix() - warnafter.Time().Unix()
+ 			auditInfo := fmt.Sprintf("subject: %s, seconds after warning threshold: %d", public.Subject, secondsAfterWarn)
+-- 
+2.25.1
+