Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 506b88652ae57ca4f85a51b9f51641bb50d875af / . / third_party / go / patches / k8s-adopt-to-go-jose-2.3.patch
blob: 9efd08a67b2f4257a87b1a422b0e65a316d37d18 [file] [log] [blame]
Lorenz Brund13c1c62022-03-30 19:58:58 +0200[diff] [blame]1From a1411288423dfc4062844b9f699a30fd7cbe090d Mon Sep 17 00:00:00 2001
2From: Lorenz Brun <lorenz@monogon.tech>
3Date: Mon, 21 Mar 2022 15:20:19 +0100
4Subject: [PATCH 1/2] Adopt to API breakage in go-jose 2.3.0
5
6---
7 pkg/serviceaccount/claims_test.go | 40 +++++++++++-----------
8 test/integration/auth/svcaccttoken_test.go | 6 ++--
9 2 files changed, 23 insertions(+), 23 deletions(-)
10
11diff --git a/pkg/serviceaccount/claims_test.go b/pkg/serviceaccount/claims_test.go
12index 2e968f60335..a0b5a595c2f 100644
13--- a/pkg/serviceaccount/claims_test.go
14+++ b/pkg/serviceaccount/claims_test.go
15@@ -85,9 +85,9 @@ func TestClaims(t *testing.T) {
16
17 sc: &jwt.Claims{
18 Subject: "system:serviceaccount:myns:mysvcacct",
19- IssuedAt: jwt.NumericDate(1514764800),
20- NotBefore: jwt.NumericDate(1514764800),
21- Expiry: jwt.NumericDate(1514764800),
22+ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
23+ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
24+ Expiry: jwt.NewNumericDate(time.Unix(1514764800, 0)),
25 },
26 pc: &privateClaims{
27 Kubernetes: kubernetes{
28@@ -107,9 +107,9 @@ func TestClaims(t *testing.T) {
29
30 sc: &jwt.Claims{
31 Subject: "system:serviceaccount:myns:mysvcacct",
32- IssuedAt: jwt.NumericDate(1514764800),
33- NotBefore: jwt.NumericDate(1514764800),
34- Expiry: jwt.NumericDate(1514764800 + 100),
35+ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
36+ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
37+ Expiry: jwt.NewNumericDate(time.Unix(1514764800+100, 0)),
38 },
39 pc: &privateClaims{
40 Kubernetes: kubernetes{
41@@ -130,9 +130,9 @@ func TestClaims(t *testing.T) {
42 sc: &jwt.Claims{
43 Subject: "system:serviceaccount:myns:mysvcacct",
44 Audience: []string{"1"},
45- IssuedAt: jwt.NumericDate(1514764800),
46- NotBefore: jwt.NumericDate(1514764800),
47- Expiry: jwt.NumericDate(1514764800 + 100),
48+ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
49+ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
50+ Expiry: jwt.NewNumericDate(time.Unix(1514764800+100, 0)),
51 },
52 pc: &privateClaims{
53 Kubernetes: kubernetes{
54@@ -152,9 +152,9 @@ func TestClaims(t *testing.T) {
55 sc: &jwt.Claims{
56 Subject: "system:serviceaccount:myns:mysvcacct",
57 Audience: []string{"1", "2"},
58- IssuedAt: jwt.NumericDate(1514764800),
59- NotBefore: jwt.NumericDate(1514764800),
60- Expiry: jwt.NumericDate(1514764800 + 100),
61+ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
62+ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
63+ Expiry: jwt.NewNumericDate(time.Unix(1514764800+100, 0)),
64 },
65 pc: &privateClaims{
66 Kubernetes: kubernetes{
67@@ -175,16 +175,16 @@ func TestClaims(t *testing.T) {
68
69 sc: &jwt.Claims{
70 Subject: "system:serviceaccount:myns:mysvcacct",
71- IssuedAt: jwt.NumericDate(1514764800),
72- NotBefore: jwt.NumericDate(1514764800),
73- Expiry: jwt.NumericDate(1514764800 + 60*60*24),
74+ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
75+ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
76+ Expiry: jwt.NewNumericDate(time.Unix(1514764800+60*60*24, 0)),
77 },
78 pc: &privateClaims{
79 Kubernetes: kubernetes{
80 Namespace: "myns",
81 Svcacct: ref{Name: "mysvcacct", UID: "mysvcacct-uid"},
82 Pod: &ref{Name: "mypod", UID: "mypod-uid"},
83- WarnAfter: jwt.NumericDate(1514764800 + 60*60),
84+ WarnAfter: jwt.NewNumericDate(time.Unix(1514764800+60*60, 0)),
85 },
86 },
87 },
88@@ -223,8 +223,8 @@ type claimTestCase struct {
89 name string
90 getter ServiceAccountTokenGetter
91 private *privateClaims
92- expiry jwt.NumericDate
93- notBefore jwt.NumericDate
94+ expiry *jwt.NumericDate
95+ notBefore *jwt.NumericDate
96 expectErr string
97 }
98
99@@ -365,8 +365,8 @@ func TestValidatePrivateClaims(t *testing.T) {
100 for _, tc := range testcases {
101 t.Run(tc.name, func(t *testing.T) {
102 v := &validator{tc.getter}
103- expiry := jwt.NumericDate(nowUnix)
104- if tc.expiry != 0 {
105+ expiry := jwt.NewNumericDate(time.Unix(nowUnix, 0))
106+ if tc.expiry != nil {
107 expiry = tc.expiry
108 }
109 _, err := v.Validate(context.Background(), "", &jwt.Claims{Expiry: expiry, NotBefore: tc.notBefore}, tc.private)
110diff --git a/test/integration/auth/svcaccttoken_test.go b/test/integration/auth/svcaccttoken_test.go
111index da50bf4736e..5311b6c90c3 100644
112--- a/test/integration/auth/svcaccttoken_test.go
113+++ b/test/integration/auth/svcaccttoken_test.go
114@@ -421,16 +421,16 @@ func TestServiceAccountTokenCreate(t *testing.T) {
115 t.Fatalf("error parsing warnafter: %v", err)
116 }
117
118- if exp < int64(actualExpiry)-leeway || exp > int64(actualExpiry)+leeway {
119+ if exp < int64(*actualExpiry)-leeway || exp > int64(*actualExpiry)+leeway {
120 t.Errorf("unexpected token exp %d, should within range of %d +- %d seconds", exp, actualExpiry, leeway)
121 }
122- if warnafter < int64(assumedExpiry)-leeway || warnafter > int64(assumedExpiry)+leeway {
123+ if warnafter < int64(*assumedExpiry)-leeway || warnafter > int64(*assumedExpiry)+leeway {
124 t.Errorf("unexpected token warnafter %d, should within range of %d +- %d seconds", warnafter, assumedExpiry, leeway)
125 }
126
127 checkExpiration(t, treq, requestExp)
128 expStatus := treq.Status.ExpirationTimestamp.Time.Unix()
129- if expStatus < int64(assumedExpiry)-leeway || warnafter > int64(assumedExpiry)+leeway {
130+ if expStatus < int64(*assumedExpiry)-leeway || warnafter > int64(*assumedExpiry)+leeway {
131 t.Errorf("unexpected expiration returned in tokenrequest status %d, should within range of %d +- %d seconds", expStatus, assumedExpiry, leeway)
132 }
133 })
134--
1352.25.1
136