Bump go-oidc to 3.6.0 #114772
Bump go-oidc to 3.6.0 #114772
Conversation
k8s-ci-robot
added
do-not-merge/release-note-label-needed
|
Hi @skitt. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
k8s-ci-robot
added
release-note-none
|
/kind cleanup |
k8s-ci-robot
added
the
needs-rebase
k8s-ci-robot
removed
the
needs-rebase
| @@ -17,4 +13,5 @@ const ( | |||
| PS256 = "PS256" // RSASSA-PSS using SHA256 and MGF1-SHA256 | |||
| PS384 = "PS384" // RSASSA-PSS using SHA384 and MGF1-SHA384 | |||
| PS512 = "PS512" // RSASSA-PSS using SHA512 and MGF1-SHA512 | |||
| EdDSA = "EdDSA" // Ed25519 using SHA-512 | |||
There was a problem hiding this comment.
hmm... not a great sign that the one addition here isn't defined in the linked RFC
| @@ -205,7 +205,7 @@ func TestServiceAccountTokenCreate(t *testing.T) { | |||
| } | |||
|
|
|||
| checkPayload(t, treq.Status.Token, `"system:serviceaccount:myns:test-svcacct"`, "sub") | |||
| checkPayload(t, treq.Status.Token, `["api"]`, "aud") | |||
| checkPayload(t, treq.Status.Token, `"api"`, "aud") | |||
There was a problem hiding this comment.
this change is surprising... does the serialization actually modify the shape of the service account tokens we emit? (string aud field instead of array of strings)?
There was a problem hiding this comment.
This was introduced by square/go-jose#247 — tokens with a single audience are emitted with a string field rather than an array of strings.
|
/uncc liggitt /assign aramase |
|
/remove-sig instrumentation |
k8s-ci-robot
removed
the
sig/instrumentation
Yes, but I won’t have time to revisit it for another two weeks or so. |
k8s-ci-robot
added
the
needs-rebase
bump on this! The PR requires rebase. |
This replaces gopkg.in/square/go-jose.v2 with github.com/go-jose/go-jose/v3 which is the currently-maintained stable version of go-jose. This adds to vendor, but once go-oidc is bumped to a version including its go-jose bump, go-jose.v2 will be removed entirely. Signed-off-by: Stephen Kitt <skitt@redhat.com>
k8s-ci-robot
removed
the
needs-rebase
|
@skitt: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
This is now a proper semantically-versioned Go module. Notably for Kubernetes, it pulls in gopkg.in/go-jose/go-jose/v3, which means gopkg.in/square/go-jose.v2 is dropped from vendor. go-oidc re-introduces a dependency on appengine through oauth2, add it to the unwanted references. Signed-off-by: Stephen Kitt <skitt@redhat.com>
k8s-ci-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
dims
added
the
lifecycle/rotten
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
|
@k8s-triage-robot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What type of PR is this?
/kind cleanup
What this PR does / why we need it:
This updates go-oidc to v3.5.0, which is now a proper semantically-versioned Go module. Most importantly for Kubernetes, it pulls in newer versions of various Go dependencies, which help with the cloud.google.com/go / genproto untangling (#113366).
The transitive upgrade of cloud.google.com/go/compute/metadata requires a bump of cloud.google.com/go/compute to a version where metadata is split out; this patch upgrades to the version matching metadata v0.2.1, compute v1.12.1. (Later versions pull in newer genproto versions which re-introduce a firestore module dependency.)
go-jose is bumped too; this involves handling the change in jwt.NewNumericDate(), which now returns a pointer.
Which issue(s) this PR fixes:
None.
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: