Blame - third_party/go/patches/k8s-jose-semver-fix.patch - monogon

blob: 5219c0c1ff435cf70555a52d51ce3e03efc0e6e3 [file] [log] [blame]

Lorenz Brun	f2b7ab6	2022-05-04 19:06:00 +0200	[diff] [blame]	1	From 322bdb419f24764af677762536064b1944bf67df Mon Sep 17 00:00:00 2001
Lorenz Brun	d13c1c6	2022-03-30 19:58:58 +0200	[diff] [blame]	2	From: Lorenz Brun <lorenz@monogon.tech>
				3	Date: Thu, 17 Mar 2022 16:56:29 +0100
Lorenz Brun	f2b7ab6	2022-05-04 19:06:00 +0200	[diff] [blame]	4	Subject: [PATCH 4/4] Fix for semver breakage in go-jose
Lorenz Brun	d13c1c6	2022-03-30 19:58:58 +0200	[diff] [blame]	5
				6	---
Lorenz Brun	f2b7ab6	2022-05-04 19:06:00 +0200	[diff] [blame]	7	pkg/serviceaccount/claims.go \| 4 +--
				8	pkg/serviceaccount/claims_test.go \| 40 +++++++++++-----------
				9	test/integration/auth/svcaccttoken_test.go \| 6 ++--
				10	3 files changed, 25 insertions(+), 25 deletions(-)
Lorenz Brun	d13c1c6	2022-03-30 19:58:58 +0200	[diff] [blame]	11
				12	diff --git a/pkg/serviceaccount/claims.go b/pkg/serviceaccount/claims.go
				13	index 1e1475c779f..06620f7a420 100644
				14	--- a/pkg/serviceaccount/claims.go
				15	+++ b/pkg/serviceaccount/claims.go
				16	@@ -50,7 +50,7 @@ type kubernetes struct {
				17	Svcacct ref `json:"serviceaccount,omitempty"`
				18	Pod *ref `json:"pod,omitempty"`
				19	Secret *ref `json:"secret,omitempty"`
				20	- WarnAfter jwt.NumericDate `json:"warnafter,omitempty"`
				21	+ WarnAfter *jwt.NumericDate `json:"warnafter,omitempty"`
				22	}
				23
				24	type ref struct {
				25	@@ -198,7 +198,7 @@ func (v validator) Validate(ctx context.Context, _ string, public jwt.Claims,
				26
				27	// Check special 'warnafter' field for projected service account token transition.
				28	warnafter := private.Kubernetes.WarnAfter
				29	- if warnafter != 0 {
				30	+ if warnafter != nil {
				31	if nowTime.After(warnafter.Time()) {
				32	secondsAfterWarn := nowTime.Unix() - warnafter.Time().Unix()
				33	auditInfo := fmt.Sprintf("subject: %s, seconds after warning threshold: %d", public.Subject, secondsAfterWarn)
Lorenz Brun	f2b7ab6	2022-05-04 19:06:00 +0200	[diff] [blame]	34	diff --git a/pkg/serviceaccount/claims_test.go b/pkg/serviceaccount/claims_test.go
				35	index 2e968f60335..a0b5a595c2f 100644
				36	--- a/pkg/serviceaccount/claims_test.go
				37	+++ b/pkg/serviceaccount/claims_test.go
				38	@@ -85,9 +85,9 @@ func TestClaims(t *testing.T) {
				39
				40	sc: &jwt.Claims{
				41	Subject: "system:serviceaccount:myns:mysvcacct",
				42	- IssuedAt: jwt.NumericDate(1514764800),
				43	- NotBefore: jwt.NumericDate(1514764800),
				44	- Expiry: jwt.NumericDate(1514764800),
				45	+ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
				46	+ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
				47	+ Expiry: jwt.NewNumericDate(time.Unix(1514764800, 0)),
				48	},
				49	pc: &privateClaims{
				50	Kubernetes: kubernetes{
				51	@@ -107,9 +107,9 @@ func TestClaims(t *testing.T) {
				52
				53	sc: &jwt.Claims{
				54	Subject: "system:serviceaccount:myns:mysvcacct",
				55	- IssuedAt: jwt.NumericDate(1514764800),
				56	- NotBefore: jwt.NumericDate(1514764800),
				57	- Expiry: jwt.NumericDate(1514764800 + 100),
				58	+ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
				59	+ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
				60	+ Expiry: jwt.NewNumericDate(time.Unix(1514764800+100, 0)),
				61	},
				62	pc: &privateClaims{
				63	Kubernetes: kubernetes{
				64	@@ -130,9 +130,9 @@ func TestClaims(t *testing.T) {
				65	sc: &jwt.Claims{
				66	Subject: "system:serviceaccount:myns:mysvcacct",
				67	Audience: []string{"1"},
				68	- IssuedAt: jwt.NumericDate(1514764800),
				69	- NotBefore: jwt.NumericDate(1514764800),
				70	- Expiry: jwt.NumericDate(1514764800 + 100),
				71	+ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
				72	+ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
				73	+ Expiry: jwt.NewNumericDate(time.Unix(1514764800+100, 0)),
				74	},
				75	pc: &privateClaims{
				76	Kubernetes: kubernetes{
				77	@@ -152,9 +152,9 @@ func TestClaims(t *testing.T) {
				78	sc: &jwt.Claims{
				79	Subject: "system:serviceaccount:myns:mysvcacct",
				80	Audience: []string{"1", "2"},
				81	- IssuedAt: jwt.NumericDate(1514764800),
				82	- NotBefore: jwt.NumericDate(1514764800),
				83	- Expiry: jwt.NumericDate(1514764800 + 100),
				84	+ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
				85	+ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
				86	+ Expiry: jwt.NewNumericDate(time.Unix(1514764800+100, 0)),
				87	},
				88	pc: &privateClaims{
				89	Kubernetes: kubernetes{
				90	@@ -175,16 +175,16 @@ func TestClaims(t *testing.T) {
				91
				92	sc: &jwt.Claims{
				93	Subject: "system:serviceaccount:myns:mysvcacct",
				94	- IssuedAt: jwt.NumericDate(1514764800),
				95	- NotBefore: jwt.NumericDate(1514764800),
				96	- Expiry: jwt.NumericDate(1514764800 + 606024),
				97	+ IssuedAt: jwt.NewNumericDate(time.Unix(1514764800, 0)),
				98	+ NotBefore: jwt.NewNumericDate(time.Unix(1514764800, 0)),
				99	+ Expiry: jwt.NewNumericDate(time.Unix(1514764800+606024, 0)),
				100	},
				101	pc: &privateClaims{
				102	Kubernetes: kubernetes{
				103	Namespace: "myns",
				104	Svcacct: ref{Name: "mysvcacct", UID: "mysvcacct-uid"},
				105	Pod: &ref{Name: "mypod", UID: "mypod-uid"},
				106	- WarnAfter: jwt.NumericDate(1514764800 + 60*60),
				107	+ WarnAfter: jwt.NewNumericDate(time.Unix(1514764800+60*60, 0)),
				108	},
				109	},
				110	},
				111	@@ -223,8 +223,8 @@ type claimTestCase struct {
				112	name string
				113	getter ServiceAccountTokenGetter
				114	private *privateClaims
				115	- expiry jwt.NumericDate
				116	- notBefore jwt.NumericDate
				117	+ expiry *jwt.NumericDate
				118	+ notBefore *jwt.NumericDate
				119	expectErr string
				120	}
				121
				122	@@ -365,8 +365,8 @@ func TestValidatePrivateClaims(t *testing.T) {
				123	for _, tc := range testcases {
				124	t.Run(tc.name, func(t *testing.T) {
				125	v := &validator{tc.getter}
				126	- expiry := jwt.NumericDate(nowUnix)
				127	- if tc.expiry != 0 {
				128	+ expiry := jwt.NewNumericDate(time.Unix(nowUnix, 0))
				129	+ if tc.expiry != nil {
				130	expiry = tc.expiry
				131	}
				132	_, err := v.Validate(context.Background(), "", &jwt.Claims{Expiry: expiry, NotBefore: tc.notBefore}, tc.private)
				133	diff --git a/test/integration/auth/svcaccttoken_test.go b/test/integration/auth/svcaccttoken_test.go
				134	index c02511b43b2..89fb66ee44e 100644
				135	--- a/test/integration/auth/svcaccttoken_test.go
				136	+++ b/test/integration/auth/svcaccttoken_test.go
				137	@@ -482,16 +482,16 @@ func TestServiceAccountTokenCreate(t *testing.T) {
				138	t.Fatalf("error parsing warnafter: %v", err)
				139	}
				140
				141	- if exp < int64(actualExpiry)-leeway \|\| exp > int64(actualExpiry)+leeway {
				142	+ if exp < int64(actualExpiry)-leeway \|\| exp > int64(actualExpiry)+leeway {
				143	t.Errorf("unexpected token exp %d, should within range of %d +- %d seconds", exp, actualExpiry, leeway)
				144	}
				145	- if warnafter < int64(assumedExpiry)-leeway \|\| warnafter > int64(assumedExpiry)+leeway {
				146	+ if warnafter < int64(assumedExpiry)-leeway \|\| warnafter > int64(assumedExpiry)+leeway {
				147	t.Errorf("unexpected token warnafter %d, should within range of %d +- %d seconds", warnafter, assumedExpiry, leeway)
				148	}
				149
				150	checkExpiration(t, treq, requestExp)
				151	expStatus := treq.Status.ExpirationTimestamp.Time.Unix()
				152	- if expStatus < int64(assumedExpiry)-leeway \|\| warnafter > int64(assumedExpiry)+leeway {
				153	+ if expStatus < int64(assumedExpiry)-leeway \|\| warnafter > int64(assumedExpiry)+leeway {
				154	t.Errorf("unexpected expiration returned in tokenrequest status %d, should within range of %d +- %d seconds", expStatus, assumedExpiry, leeway)
				155	}
				156	})
Lorenz Brun	d13c1c6	2022-03-30 19:58:58 +0200	[diff] [blame]	157	--
				158	2.25.1
				159