From 19b3aab323447500d937bf8d0543630ec95c1eba Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Tue, 4 Oct 2022 08:49:14 +0200 Subject: [PATCH 01/28] Revert "fix: check for no serviceAccountFilePath and no email (#2679)" This reverts commit 49477729ce24448c2895ec8c98f2c61c646de884. Signed-off-by: Mark Sagi-Kazar --- connector/google/google.go | 11 ++++------- connector/google/google_test.go | 14 -------------- 2 files changed, 4 insertions(+), 21 deletions(-) diff --git a/connector/google/google.go b/connector/google/google.go index 313858f63f..72cc6a18a5 100644 --- a/connector/google/google.go +++ b/connector/google/google.go @@ -71,13 +71,10 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e scopes = append(scopes, "profile", "email") } - var srv *admin.Service - if len(c.Groups) > 0 { - srv, err = createDirectoryService(c.ServiceAccountFilePath, c.AdminEmail, logger) - if err != nil { - cancel() - return nil, fmt.Errorf("could not create directory service: %v", err) - } + srv, err := createDirectoryService(c.ServiceAccountFilePath, c.AdminEmail, logger) + if err != nil { + cancel() + return nil, fmt.Errorf("could not create directory service: %v", err) } clientID := c.ClientID diff --git a/connector/google/google_test.go b/connector/google/google_test.go index 26241ab696..5cecbec994 100644 --- a/connector/google/google_test.go +++ b/connector/google/google_test.go @@ -72,22 +72,12 @@ func TestOpen(t *testing.T) { assert.Nil(t, err) for name, reference := range map[string]testCase{ - "not_requesting_groups": { - config: &Config{ - ClientID: "testClient", - ClientSecret: "testSecret", - RedirectURI: ts.URL + "/callback", - Scopes: []string{"openid"}, - }, - expectedErr: "", - }, "missing_admin_email": { config: &Config{ ClientID: "testClient", ClientSecret: "testSecret", RedirectURI: ts.URL + "/callback", Scopes: []string{"openid", "groups"}, - Groups: []string{"someGroup"}, }, expectedErr: "requires adminEmail", }, @@ -99,7 +89,6 @@ func TestOpen(t *testing.T) { Scopes: []string{"openid", "groups"}, AdminEmail: "foo@bar.com", ServiceAccountFilePath: "not_found.json", - Groups: []string{"someGroup"}, }, expectedErr: "error reading credentials", }, @@ -111,7 +100,6 @@ func TestOpen(t *testing.T) { Scopes: []string{"openid", "groups"}, AdminEmail: "foo@bar.com", ServiceAccountFilePath: serviceAccountFilePath, - Groups: []string{"someGroup"}, }, expectedErr: "", }, @@ -122,7 +110,6 @@ func TestOpen(t *testing.T) { RedirectURI: ts.URL + "/callback", Scopes: []string{"openid", "groups"}, AdminEmail: "foo@bar.com", - Groups: []string{"someGroup"}, }, adc: serviceAccountFilePath, expectedErr: "", @@ -135,7 +122,6 @@ func TestOpen(t *testing.T) { Scopes: []string{"openid", "groups"}, AdminEmail: "foo@bar.com", ServiceAccountFilePath: serviceAccountFilePath, - Groups: []string{"someGroup"}, }, adc: "/dev/null", expectedErr: "", From 261adee26b5778f61bb2deb0d3c8ec5242f6ee80 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Tue, 4 Oct 2022 08:55:57 +0200 Subject: [PATCH 02/28] fix(connector/google): make admin email optional for default creds Signed-off-by: Mark Sagi-Kazar --- connector/google/google.go | 11 +++++++++-- connector/google/google_test.go | 9 +++++---- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/connector/google/google.go b/connector/google/google.go index 72cc6a18a5..eb9596cdc4 100644 --- a/connector/google/google.go +++ b/connector/google/google.go @@ -283,7 +283,9 @@ func (c *googleConnector) getGroups(email string, fetchTransitiveGroupMembership // the google admin api. If no serviceAccountFilePath is defined, the application default credential // is used. func createDirectoryService(serviceAccountFilePath, email string, logger log.Logger) (*admin.Service, error) { - if email == "" { + // We know impersonation is required when using a service account credential + // TODO: or is it? + if email == "" && serviceAccountFilePath != "" { return nil, fmt.Errorf("directory service requires adminEmail") } @@ -308,7 +310,12 @@ func createDirectoryService(serviceAccountFilePath, email string, logger log.Log if err != nil { return nil, fmt.Errorf("unable to parse credentials to config: %v", err) } - config.Subject = email + + // Only attempt impersonation when there is a user configured + if email != "" { + config.Subject = email + } + return admin.NewService(ctx, option.WithHTTPClient(config.Client(ctx))) } diff --git a/connector/google/google_test.go b/connector/google/google_test.go index 5cecbec994..b0c4f3a2f8 100644 --- a/connector/google/google_test.go +++ b/connector/google/google_test.go @@ -74,10 +74,11 @@ func TestOpen(t *testing.T) { for name, reference := range map[string]testCase{ "missing_admin_email": { config: &Config{ - ClientID: "testClient", - ClientSecret: "testSecret", - RedirectURI: ts.URL + "/callback", - Scopes: []string{"openid", "groups"}, + ClientID: "testClient", + ClientSecret: "testSecret", + RedirectURI: ts.URL + "/callback", + Scopes: []string{"openid", "groups"}, + ServiceAccountFilePath: serviceAccountFilePath, }, expectedErr: "requires adminEmail", }, From 24401fdf993826a5322736712d188cb16db7d39d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Oct 2022 04:54:24 +0000 Subject: [PATCH 03/28] build(deps): bump golang from 1.19.1-alpine3.16 to 1.19.2-alpine3.16 Bumps golang from 1.19.1-alpine3.16 to 1.19.2-alpine3.16. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 3462ae52ac..f031d1d940 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_IMAGE=alpine -FROM golang:1.19.1-alpine3.16 AS builder +FROM golang:1.19.2-alpine3.16 AS builder WORKDIR /usr/local/src/dex From 829444de5e91c8013b0d9adac8f4e254ff1b7ca1 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Wed, 5 Oct 2022 14:04:58 +0200 Subject: [PATCH 04/28] fix(connector/google): only initialize admin service if necessary Signed-off-by: Mark Sagi-Kazar --- connector/google/google.go | 18 +++++++++++++----- go.mod | 1 + go.sum | 2 ++ 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/connector/google/google.go b/connector/google/google.go index eb9596cdc4..3f79a8a227 100644 --- a/connector/google/google.go +++ b/connector/google/google.go @@ -10,6 +10,7 @@ import ( "time" "github.com/coreos/go-oidc/v3/oidc" + "golang.org/x/exp/slices" "golang.org/x/oauth2" "golang.org/x/oauth2/google" admin "google.golang.org/api/admin/directory/v1" @@ -71,10 +72,17 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e scopes = append(scopes, "profile", "email") } - srv, err := createDirectoryService(c.ServiceAccountFilePath, c.AdminEmail, logger) - if err != nil { - cancel() - return nil, fmt.Errorf("could not create directory service: %v", err) + var adminSrv *admin.Service + + // Fixing a regression caused by default config fallback: https://github.com/dexidp/dex/issues/2699 + if (c.ServiceAccountFilePath != "" && c.AdminEmail != "") || slices.Contains(scopes, "groups") { + srv, err := createDirectoryService(c.ServiceAccountFilePath, c.AdminEmail, logger) + if err != nil { + cancel() + return nil, fmt.Errorf("could not create directory service: %v", err) + } + + adminSrv = srv } clientID := c.ClientID @@ -97,7 +105,7 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e serviceAccountFilePath: c.ServiceAccountFilePath, adminEmail: c.AdminEmail, fetchTransitiveGroupMembership: c.FetchTransitiveGroupMembership, - adminSrv: srv, + adminSrv: adminSrv, }, nil } diff --git a/go.mod b/go.mod index 7df6421600..539435cba7 100644 --- a/go.mod +++ b/go.mod @@ -83,6 +83,7 @@ require ( go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.17.0 // indirect + golang.org/x/exp v0.0.0-20221004215720-b9f4876ce741 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect golang.org/x/text v0.3.7 // indirect diff --git a/go.sum b/go.sum index a3d41b73d6..a4c6d16e00 100644 --- a/go.sum +++ b/go.sum @@ -440,6 +440,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20221004215720-b9f4876ce741 h1:fGZugkZk2UgYBxtpKmvub51Yno1LJDeEsRp2xGD+0gY= +golang.org/x/exp v0.0.0-20221004215720-b9f4876ce741/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= From ccbc86e37313bff834f7d7f35b1153675004510e Mon Sep 17 00:00:00 2001 From: "m.nabokikh" Date: Mon, 10 Oct 2022 12:01:37 +0200 Subject: [PATCH 05/28] fix: Update gomplate version to 3.11.3 fix CVE-2022-27665 Signed-off-by: m.nabokikh --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f031d1d940..12b3a7a739 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,7 +34,7 @@ ARG TARGETOS ARG TARGETARCH ARG TARGETVARIANT -ENV GOMPLATE_VERSION=v3.11.2 +ENV GOMPLATE_VERSION=v3.11.3 RUN wget -O /usr/local/bin/gomplate \ "https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_${TARGETOS:-linux}-${TARGETARCH:-amd64}${TARGETVARIANT}" \ From 01a4c7e16b769fa91f91aabc48779cab387162cc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Oct 2022 07:51:01 +0200 Subject: [PATCH 06/28] build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (#2708) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 539435cba7..38055711bb 100644 --- a/go.mod +++ b/go.mod @@ -26,11 +26,12 @@ require ( github.com/prometheus/client_golang v1.13.0 github.com/russellhaering/goxmldsig v1.2.0 github.com/sirupsen/logrus v1.9.0 - github.com/spf13/cobra v1.5.0 + github.com/spf13/cobra v1.6.0 github.com/stretchr/testify v1.8.0 go.etcd.io/etcd/client/pkg/v3 v3.5.5 go.etcd.io/etcd/client/v3 v3.5.5 golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be + golang.org/x/exp v0.0.0-20221004215720-b9f4876ce741 golang.org/x/net v0.0.0-20220927171203-f486391704dc golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 google.golang.org/api v0.98.0 @@ -64,7 +65,7 @@ require ( github.com/hashicorp/hcl/v2 v2.13.0 // indirect github.com/huandu/xstrings v1.3.1 // indirect github.com/imdario/mergo v0.3.11 // indirect - github.com/inconshreveable/mousetrap v1.0.0 // indirect + github.com/inconshreveable/mousetrap v1.0.1 // indirect github.com/jonboulle/clockwork v0.2.2 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect github.com/mitchellh/copystructure v1.0.0 // indirect @@ -83,7 +84,6 @@ require ( go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.17.0 // indirect - golang.org/x/exp v0.0.0-20221004215720-b9f4876ce741 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect golang.org/x/text v0.3.7 // indirect diff --git a/go.sum b/go.sum index a4c6d16e00..f4bf0c06ab 100644 --- a/go.sum +++ b/go.sum @@ -267,8 +267,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= +github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ= github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= @@ -371,8 +371,8 @@ github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasO github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA= github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= -github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= +github.com/spf13/cobra v1.6.0 h1:42a0n6jwCot1pUmomAp4T7DeMD+20LFv4Q54pxLf2LI= +github.com/spf13/cobra v1.6.0/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= From 0666cbd25dea49bf13a9b97dc1d28642afe66c2e Mon Sep 17 00:00:00 2001 From: Joshua Winters Date: Tue, 10 Apr 2018 09:47:59 -0400 Subject: [PATCH 07/28] Add new connector for Cloudfoundry - Verifies user is part of orgs and spaces for group claims Signed-off-by: Joshua Winters Co-authored-by: Shash Reddy --- connector/cf/cf.go | 303 ++++++++++++++++++++++++++++++++++++++++ connector/cf/cf_test.go | 191 +++++++++++++++++++++++++ server/server.go | 2 + 3 files changed, 496 insertions(+) create mode 100644 connector/cf/cf.go create mode 100644 connector/cf/cf_test.go diff --git a/connector/cf/cf.go b/connector/cf/cf.go new file mode 100644 index 0000000000..2e4d2243e0 --- /dev/null +++ b/connector/cf/cf.go @@ -0,0 +1,303 @@ +package cf + +import ( + "context" + "crypto/tls" + "crypto/x509" + "encoding/json" + "errors" + "fmt" + "io/ioutil" + "net" + "net/http" + "strings" + "time" + + "github.com/dexidp/dex/connector" + "github.com/dexidp/dex/pkg/log" + "golang.org/x/oauth2" +) + +type cfConnector struct { + clientID string + clientSecret string + redirectURI string + apiURL string + tokenURL string + authorizationURL string + userInfoURL string + httpClient *http.Client + logger log.Logger +} + +type connectorData struct { + AccessToken string +} + +type Config struct { + ClientID string `json:"clientID"` + ClientSecret string `json:"clientSecret"` + RedirectURI string `json:"redirectURI"` + APIURL string `json:"apiURL"` + RootCAs []string `json:"rootCAs"` + InsecureSkipVerify bool `json:"insecureSkipVerify"` +} + +type CCResponse struct { + Resources []Resource `json:"resources"` + TotalResults int `json:"total_results"` +} + +type Resource struct { + Metadata Metadata `json:"metadata"` + Entity Entity `json:"entity"` +} + +type Metadata struct { + Guid string `json:"guid"` +} + +type Entity struct { + Name string `json:"name"` + OrganizationGuid string `json:"organization_guid"` +} + +func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) { + var err error + + cfConn := &cfConnector{ + clientID: c.ClientID, + clientSecret: c.ClientSecret, + apiURL: c.APIURL, + redirectURI: c.RedirectURI, + logger: logger, + } + + cfConn.httpClient, err = newHTTPClient(c.RootCAs, c.InsecureSkipVerify) + if err != nil { + return nil, err + } + + apiURL := strings.TrimRight(c.APIURL, "/") + apiResp, err := cfConn.httpClient.Get(fmt.Sprintf("%s/v2/info", apiURL)) + + if err != nil { + logger.Errorf("failed-to-send-request-to-cloud-controller-api", err) + return nil, err + } + + defer apiResp.Body.Close() + + if apiResp.StatusCode != http.StatusOK { + err = errors.New(fmt.Sprintf("request failed with status %d", apiResp.StatusCode)) + logger.Errorf("failed-get-info-response-from-api", err) + return nil, err + } + + var apiResult map[string]interface{} + json.NewDecoder(apiResp.Body).Decode(&apiResult) + + uaaURL := strings.TrimRight(apiResult["token_endpoint"].(string), "/") + uaaResp, err := cfConn.httpClient.Get(fmt.Sprintf("%s/.well-known/openid-configuration", uaaURL)) + + if err != nil { + logger.Errorf("failed-to-send-request-to-uaa-api", err) + return nil, err + } + + if apiResp.StatusCode != http.StatusOK { + err = errors.New(fmt.Sprintf("request failed with status %d", apiResp.StatusCode)) + logger.Errorf("failed-to-get-well-known-config-repsonse-from-api", err) + return nil, err + } + + defer uaaResp.Body.Close() + + var uaaResult map[string]interface{} + err = json.NewDecoder(uaaResp.Body).Decode(&uaaResult) + + if err != nil { + logger.Errorf("failed-to-decode-response-from-uaa-api", err) + return nil, err + } + + cfConn.tokenURL, _ = uaaResult["token_endpoint"].(string) + cfConn.authorizationURL, _ = uaaResult["authorization_endpoint"].(string) + cfConn.userInfoURL, _ = uaaResult["userinfo_endpoint"].(string) + + return cfConn, err +} + +func newHTTPClient(rootCAs []string, insecureSkipVerify bool) (*http.Client, error) { + pool, err := x509.SystemCertPool() + if err != nil { + return nil, err + } + + tlsConfig := tls.Config{RootCAs: pool, InsecureSkipVerify: insecureSkipVerify} + for _, rootCA := range rootCAs { + rootCABytes, err := ioutil.ReadFile(rootCA) + if err != nil { + return nil, fmt.Errorf("failed to read root-ca: %v", err) + } + if !tlsConfig.RootCAs.AppendCertsFromPEM(rootCABytes) { + return nil, fmt.Errorf("no certs found in root CA file %q", rootCA) + } + } + + return &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tlsConfig, + Proxy: http.ProxyFromEnvironment, + DialContext: (&net.Dialer{ + Timeout: 30 * time.Second, + KeepAlive: 30 * time.Second, + DualStack: true, + }).DialContext, + MaxIdleConns: 100, + IdleConnTimeout: 90 * time.Second, + TLSHandshakeTimeout: 10 * time.Second, + ExpectContinueTimeout: 1 * time.Second, + }, + }, nil +} + +func (c *cfConnector) LoginURL(scopes connector.Scopes, callbackURL, state string) (string, error) { + + if c.redirectURI != callbackURL { + return "", fmt.Errorf("expected callback URL %q did not match the URL in the config %q", callbackURL, c.redirectURI) + } + + oauth2Config := &oauth2.Config{ + ClientID: c.clientID, + ClientSecret: c.clientSecret, + Endpoint: oauth2.Endpoint{TokenURL: c.tokenURL, AuthURL: c.authorizationURL}, + RedirectURL: c.redirectURI, + Scopes: []string{"openid", "cloud_controller.read"}, + } + + return oauth2Config.AuthCodeURL(state), nil +} + +func (c *cfConnector) HandleCallback(s connector.Scopes, r *http.Request) (identity connector.Identity, err error) { + + q := r.URL.Query() + if errType := q.Get("error"); errType != "" { + return identity, errors.New(q.Get("error_description")) + } + + oauth2Config := &oauth2.Config{ + ClientID: c.clientID, + ClientSecret: c.clientSecret, + Endpoint: oauth2.Endpoint{TokenURL: c.tokenURL, AuthURL: c.authorizationURL}, + RedirectURL: c.redirectURI, + Scopes: []string{"openid", "cloud_controller.read"}, + } + + ctx := context.WithValue(r.Context(), oauth2.HTTPClient, c.httpClient) + + token, err := oauth2Config.Exchange(ctx, q.Get("code")) + if err != nil { + return identity, fmt.Errorf("CF connector: failed to get token: %v", err) + } + + client := oauth2.NewClient(ctx, oauth2.StaticTokenSource(token)) + + userInfoResp, err := client.Get(c.userInfoURL) + if err != nil { + return identity, fmt.Errorf("CF Connector: failed to execute request to userinfo: %v", err) + } + + if userInfoResp.StatusCode != http.StatusOK { + return identity, fmt.Errorf("CF Connector: failed to execute request to userinfo: status %d", userInfoResp.StatusCode) + } + + defer userInfoResp.Body.Close() + + var userInfoResult map[string]interface{} + err = json.NewDecoder(userInfoResp.Body).Decode(&userInfoResult) + + if err != nil { + return identity, fmt.Errorf("CF Connector: failed to parse userinfo: %v", err) + } + + identity.UserID, _ = userInfoResult["user_id"].(string) + identity.Username, _ = userInfoResult["user_name"].(string) + identity.PreferredUsername, _ = userInfoResult["user_name"].(string) + identity.Email, _ = userInfoResult["email"].(string) + identity.EmailVerified, _ = userInfoResult["email_verified"].(bool) + + if s.Groups { + // fetch orgs + orgsResp, err := client.Get(fmt.Sprintf("%s/v2/users/%s/organizations", c.apiURL, identity.UserID)) + if err != nil { + return identity, fmt.Errorf("CF Connector: failed to execute request for orgs: %v", err) + } + if orgsResp.StatusCode != http.StatusOK { + return identity, fmt.Errorf("CF Connector: failed to execute request for orgs: status %d", orgsResp.StatusCode) + } + + var orgs CCResponse + + err = json.NewDecoder(orgsResp.Body).Decode(&orgs) + if err != nil { + return identity, fmt.Errorf("CF Connector: failed to parse orgs: %v", err) + } + + var orgMap = make(map[string]string) + var orgSpaces = make(map[string][]string) + + for _, resource := range orgs.Resources { + orgMap[resource.Metadata.Guid] = resource.Entity.Name + orgSpaces[resource.Entity.Name] = []string{} + } + + // fetch spaces + spacesResp, err := client.Get(fmt.Sprintf("%s/v2/users/%s/spaces", c.apiURL, identity.UserID)) + if err != nil { + return identity, fmt.Errorf("CF Connector: failed to execute request for spaces: %v", err) + } + if spacesResp.StatusCode != http.StatusOK { + return identity, fmt.Errorf("CF Connector: failed to execute request for spaces: status %d", spacesResp.StatusCode) + } + + var spaces CCResponse + + err = json.NewDecoder(spacesResp.Body).Decode(&spaces) + if err != nil { + return identity, fmt.Errorf("CF Connector: failed to parse spaces: %v", err) + } + + var groupsClaims []string + + for _, resource := range spaces.Resources { + orgName := orgMap[resource.Entity.OrganizationGuid] + orgSpaces[orgName] = append(orgSpaces[orgName], resource.Entity.Name) + + groupsClaims = append(groupsClaims, resource.Metadata.Guid) + } + + for orgName, spaceNames := range orgSpaces { + if len(spaceNames) > 0 { + for _, spaceName := range spaceNames { + groupsClaims = append(groupsClaims, fmt.Sprintf("%s:%s", orgName, spaceName)) + } + } else { + groupsClaims = append(groupsClaims, fmt.Sprintf("%s", orgName)) + } + } + + identity.Groups = groupsClaims + } + + if s.OfflineAccess { + data := connectorData{AccessToken: token.AccessToken} + connData, err := json.Marshal(data) + if err != nil { + return identity, fmt.Errorf("CF Connector: failed to parse connector data for offline access: %v", err) + } + identity.ConnectorData = connData + } + + return identity, nil +} diff --git a/connector/cf/cf_test.go b/connector/cf/cf_test.go new file mode 100644 index 0000000000..6680da0b16 --- /dev/null +++ b/connector/cf/cf_test.go @@ -0,0 +1,191 @@ +package cf + +import ( + "encoding/json" + "errors" + "fmt" + "net/http" + "net/http/httptest" + "reflect" + "sort" + "strings" + "testing" + + "github.com/dexidp/dex/connector" + "github.com/sirupsen/logrus" +) + +func TestOpen(t *testing.T) { + testServer := testSetup() + defer testServer.Close() + + conn := newConnector(t, testServer.URL) + + expectEqual(t, conn.clientID, "test-client") + expectEqual(t, conn.clientSecret, "secret") + expectEqual(t, conn.redirectURI, testServer.URL+"/callback") +} + +func TestHandleCallback(t *testing.T) { + + testServer := testSetup() + defer testServer.Close() + + cfConn := &cfConnector{ + tokenURL: fmt.Sprintf("%s/token", testServer.URL), + authorizationURL: fmt.Sprintf("%s/authorize", testServer.URL), + userInfoURL: fmt.Sprintf("%s/userinfo", testServer.URL), + apiURL: testServer.URL, + clientSecret: "secret", + clientID: "test-client", + redirectURI: "localhost:8080/sky/dex/callback", + httpClient: http.DefaultClient, + } + + req, err := http.NewRequest("GET", testServer.URL, nil) + expectEqual(t, err, nil) + + t.Run("CallbackWithGroupsScope", func(t *testing.T) { + identity, err := cfConn.HandleCallback(connector.Scopes{Groups: true}, req) + expectEqual(t, err, nil) + + sort.Strings(identity.Groups) + expectEqual(t, len(identity.Groups), 3) + expectEqual(t, identity.Groups[0], "some-org-name-1:some-space-name") + expectEqual(t, identity.Groups[1], "some-org-name-2") + expectEqual(t, identity.Groups[2], "some-space-guid") + }) + + t.Run("CallbackWithoutGroupsScope", func(t *testing.T) { + identity, err := cfConn.HandleCallback(connector.Scopes{}, req) + + expectEqual(t, err, nil) + expectEqual(t, identity.UserID, "12345") + expectEqual(t, identity.Username, "test-user") + }) + + t.Run("CallbackWithOfflineAccessScope", func(t *testing.T) { + identity, err := cfConn.HandleCallback(connector.Scopes{OfflineAccess: true}, req) + + expectEqual(t, err, nil) + expectNotEqual(t, len(identity.ConnectorData), 0) + + cData := connectorData{} + err = json.Unmarshal(identity.ConnectorData, &cData) + + expectEqual(t, err, nil) + expectNotEqual(t, cData.AccessToken, "") + }) +} + +func testSetup() *httptest.Server { + mux := http.NewServeMux() + mux.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) { + token := "eyJhbGciOiJSUzI1NiIsImtpZCI6ImtleS0xIiwidHlwIjoiSldUIn0.eyJqdGkiOiIxMjk4MTNhZjJiNGM0ZDNhYmYyNjljMzM4OTFkZjNiZCIsInN1YiI6ImNmMWFlODk4LWQ1ODctNDBhYS1hNWRiLTE5ZTY3MjI0N2I1NyIsInNjb3BlIjpbImNsb3VkX2NvbnRyb2xsZXIucmVhZCIsIm9wZW5pZCJdLCJjbGllbnRfaWQiOiJjb25jb3Vyc2UiLCJjaWQiOiJjb25jb3Vyc2UiLCJhenAiOiJjb25jb3Vyc2UiLCJncmFudF90eXBlIjoiYXV0aG9yaXphdGlvbl9jb2RlIiwidXNlcl9pZCI6ImNmMWFlODk4LWQ1ODctNDBhYS1hNWRiLTE5ZTY3MjI0N2I1NyIsIm9yaWdpbiI6InVhYSIsInVzZXJfbmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbiIsImF1dGhfdGltZSI6MTUyMzM3NDIwNCwicmV2X3NpZyI6IjYxNWJjMTk0IiwiaWF0IjoxNTIzMzc3MTUyLCJleHAiOjE1MjM0MjAzNTIsImlzcyI6Imh0dHBzOi8vdWFhLnN0eXgucHVzaC5nY3AuY2YtYXBwLmNvbS9vYXV0aC90b2tlbiIsInppZCI6InVhYSIsImF1ZCI6WyJjbG91ZF9jb250cm9sbGVyIiwiY29uY291cnNlIiwib3BlbmlkIl19.FslbnwvW0WScVRNK8IWghRX0buXfl6qaI1K7z_dzjPUVrdEyMtaYa3kJI8srA-2G1PjSSEWa_3Vzs_BEnTc3iG0JQWU0XlcjdCdAFTvnmKiHSzffy1O_oGYyH47KXtnZOxHf3rdV_Xgw4XTqPrfKXQxnPemUAJyKf2tjgs3XToGaqqBw-D_2BQVY79kF0_GgksQsViqq1GW0Dur6m2CgBhtc2h1AQGO16izXl3uNbpW6ClhaW43NQXlE4wqtr7kfmxyOigHJb2MSQ3wwPc6pqYdUT6ka_TMqavqbxEJ4QcS6SoEcVsDTmEQ4c8dmWUgXM0AZjd0CaEGTB6FDHxH5sw" + w.Header().Add("Content-Type", "application/json") + json.NewEncoder(w).Encode(map[string]string{ + "access_token": token, + }) + }) + + mux.HandleFunc("/v2/info", func(w http.ResponseWriter, r *http.Request) { + url := fmt.Sprintf("http://%s", r.Host) + + json.NewEncoder(w).Encode(map[string]string{ + "token_endpoint": url, + }) + }) + + mux.HandleFunc("/.well-known/openid-configuration", func(w http.ResponseWriter, r *http.Request) { + url := fmt.Sprintf("http://%s", r.Host) + + json.NewEncoder(w).Encode(map[string]string{ + "token_endpoint": url, + "authorization_endpoint": url, + "userinfo_endpoint": url, + }) + }) + + mux.HandleFunc("/callback", func(w http.ResponseWriter, r *http.Request) { + }) + + mux.HandleFunc("/userinfo", func(w http.ResponseWriter, r *http.Request) { + json.NewEncoder(w).Encode(map[string]string{ + "user_id": "12345", + "user_name": "test-user", + "email": "blah-email", + }) + }) + + mux.HandleFunc("/v2/users/", func(w http.ResponseWriter, r *http.Request) { + var result map[string]interface{} + + if strings.Contains(r.URL.String(), "spaces") { + result = map[string]interface{}{ + "resources": []map[string]interface{}{ + { + "metadata": map[string]string{"guid": "some-space-guid"}, + "entity": map[string]string{"name": "some-space-name", "organization_guid": "some-org-guid-1"}, + }, + }, + } + } + + if strings.Contains(r.URL.String(), "organizations") { + result = map[string]interface{}{ + "resources": []map[string]interface{}{ + { + "metadata": map[string]string{"guid": "some-org-guid-1"}, + "entity": map[string]string{"name": "some-org-name-1"}, + }, + { + "metadata": map[string]string{"guid": "some-org-guid-2"}, + "entity": map[string]string{"name": "some-org-name-2"}, + }, + }, + } + } + json.NewEncoder(w).Encode(result) + }) + + return httptest.NewServer(mux) +} + +func newConnector(t *testing.T, serverURL string) *cfConnector { + + callBackURL := fmt.Sprintf("%s/callback", serverURL) + + testConfig := Config{ + APIURL: serverURL, + ClientID: "test-client", + ClientSecret: "secret", + RedirectURI: callBackURL, + InsecureSkipVerify: true, + } + + log := logrus.New() + + conn, err := testConfig.Open("id", log) + if err != nil { + t.Fatal(err) + } + + cfConn, ok := conn.(*cfConnector) + if !ok { + t.Fatal(errors.New("it is not a cf conn")) + } + + return cfConn +} + +func expectEqual(t *testing.T, a interface{}, b interface{}) { + if !reflect.DeepEqual(a, b) { + t.Fatalf("Expected %+v to equal %+v", a, b) + } +} + +func expectNotEqual(t *testing.T, a interface{}, b interface{}) { + if reflect.DeepEqual(a, b) { + t.Fatalf("Expected %+v to NOT equal %+v", a, b) + } +} diff --git a/server/server.go b/server/server.go index df16e655cf..812bded99a 100755 --- a/server/server.go +++ b/server/server.go @@ -29,6 +29,7 @@ import ( "github.com/dexidp/dex/connector/atlassiancrowd" "github.com/dexidp/dex/connector/authproxy" "github.com/dexidp/dex/connector/bitbucketcloud" + "github.com/dexidp/dex/connector/cf" "github.com/dexidp/dex/connector/gitea" "github.com/dexidp/dex/connector/github" "github.com/dexidp/dex/connector/gitlab" @@ -554,6 +555,7 @@ var ConnectorsConfig = map[string]func() ConnectorConfig{ "bitbucket-cloud": func() ConnectorConfig { return new(bitbucketcloud.Config) }, "openshift": func() ConnectorConfig { return new(openshift.Config) }, "atlassian-crowd": func() ConnectorConfig { return new(atlassiancrowd.Config) }, + "cf": func() ConnectorConfig { return new(cf.Config) }, // Keep around for backwards compatibility. "samlExperimental": func() ConnectorConfig { return new(saml.Config) }, } From 61b0445e21c52c03de26bc7cb2b2d131b98a35be Mon Sep 17 00:00:00 2001 From: Josh Winters Date: Thu, 4 Oct 2018 15:07:26 -0400 Subject: [PATCH 08/28] update cf connector to use 'authorization_endpoint' from /v2/info Co-authored-by: Topher Bullock Signed-off-by: Josh Winters --- connector/cf/cf.go | 2 +- connector/cf/cf_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/connector/cf/cf.go b/connector/cf/cf.go index 2e4d2243e0..4452e2f99e 100644 --- a/connector/cf/cf.go +++ b/connector/cf/cf.go @@ -97,7 +97,7 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) var apiResult map[string]interface{} json.NewDecoder(apiResp.Body).Decode(&apiResult) - uaaURL := strings.TrimRight(apiResult["token_endpoint"].(string), "/") + uaaURL := strings.TrimRight(apiResult["authorization_endpoint"].(string), "/") uaaResp, err := cfConn.httpClient.Get(fmt.Sprintf("%s/.well-known/openid-configuration", uaaURL)) if err != nil { diff --git a/connector/cf/cf_test.go b/connector/cf/cf_test.go index 6680da0b16..bd1026bd6a 100644 --- a/connector/cf/cf_test.go +++ b/connector/cf/cf_test.go @@ -92,7 +92,7 @@ func testSetup() *httptest.Server { url := fmt.Sprintf("http://%s", r.Host) json.NewEncoder(w).Encode(map[string]string{ - "token_endpoint": url, + "authorization_endpoint": url, }) }) From faa9f4a84e9fed584bd3a3bab6e54c76aae8c38a Mon Sep 17 00:00:00 2001 From: Daniel Lavoie Date: Thu, 4 Apr 2019 18:26:59 -0400 Subject: [PATCH 09/28] Added support for CF resources pagination Signed-off-by: Daniel Lavoie --- connector/cf/cf.go | 81 ++++++++++++++++++++++++----------------- connector/cf/cf_test.go | 70 +++++++++++++++++++++++++---------- 2 files changed, 99 insertions(+), 52 deletions(-) diff --git a/connector/cf/cf.go b/connector/cf/cf.go index 4452e2f99e..db185307d7 100644 --- a/connector/cf/cf.go +++ b/connector/cf/cf.go @@ -44,6 +44,7 @@ type Config struct { } type CCResponse struct { + NextUrl string `json:"next_url"` Resources []Resource `json:"resources"` TotalResults int `json:"total_results"` } @@ -227,54 +228,68 @@ func (c *cfConnector) HandleCallback(s connector.Scopes, r *http.Request) (ident identity.Email, _ = userInfoResult["email"].(string) identity.EmailVerified, _ = userInfoResult["email_verified"].(bool) + var orgMap = make(map[string]string) + var orgSpaces = make(map[string][]string) + var groupsClaims []string + if s.Groups { // fetch orgs - orgsResp, err := client.Get(fmt.Sprintf("%s/v2/users/%s/organizations", c.apiURL, identity.UserID)) - if err != nil { - return identity, fmt.Errorf("CF Connector: failed to execute request for orgs: %v", err) - } - if orgsResp.StatusCode != http.StatusOK { - return identity, fmt.Errorf("CF Connector: failed to execute request for orgs: status %d", orgsResp.StatusCode) - } var orgs CCResponse + var nextUrl = fmt.Sprintf("%s/v2/users/%s/organizations", c.apiURL, identity.UserID) + for moreResults := true; moreResults; moreResults = orgs.NextUrl != "" { + orgsResp, err := client.Get(nextUrl) + if err != nil { + return identity, fmt.Errorf("CF Connector: failed to execute request for orgs: %v", err) + } + if orgsResp.StatusCode != http.StatusOK { + return identity, fmt.Errorf("CF Connector: failed to execute request for orgs: status %d", orgsResp.StatusCode) + } - err = json.NewDecoder(orgsResp.Body).Decode(&orgs) - if err != nil { - return identity, fmt.Errorf("CF Connector: failed to parse orgs: %v", err) - } + orgs = CCResponse{} + err = json.NewDecoder(orgsResp.Body).Decode(&orgs) + if err != nil { + return identity, fmt.Errorf("CF Connector: failed to parse orgs: %v", err) + } - var orgMap = make(map[string]string) - var orgSpaces = make(map[string][]string) + for _, resource := range orgs.Resources { + orgMap[resource.Metadata.Guid] = resource.Entity.Name + orgSpaces[resource.Entity.Name] = []string{} + } - for _, resource := range orgs.Resources { - orgMap[resource.Metadata.Guid] = resource.Entity.Name - orgSpaces[resource.Entity.Name] = []string{} + if orgs.NextUrl != "" { + nextUrl = fmt.Sprintf("%s%s", c.apiURL, orgs.NextUrl) + } } // fetch spaces - spacesResp, err := client.Get(fmt.Sprintf("%s/v2/users/%s/spaces", c.apiURL, identity.UserID)) - if err != nil { - return identity, fmt.Errorf("CF Connector: failed to execute request for spaces: %v", err) - } - if spacesResp.StatusCode != http.StatusOK { - return identity, fmt.Errorf("CF Connector: failed to execute request for spaces: status %d", spacesResp.StatusCode) - } - var spaces CCResponse + nextUrl = fmt.Sprintf("%s/v2/users/%s/spaces", c.apiURL, identity.UserID) + for moreResults := true; moreResults; moreResults = spaces.NextUrl != "" { + spacesResp, err := client.Get(nextUrl) + if err != nil { + return identity, fmt.Errorf("CF Connector: failed to execute request for spaces: %v", err) + } + if spacesResp.StatusCode != http.StatusOK { + return identity, fmt.Errorf("CF Connector: failed to execute request for spaces: status %d", spacesResp.StatusCode) + } - err = json.NewDecoder(spacesResp.Body).Decode(&spaces) - if err != nil { - return identity, fmt.Errorf("CF Connector: failed to parse spaces: %v", err) - } + spaces = CCResponse{} + err = json.NewDecoder(spacesResp.Body).Decode(&spaces) + if err != nil { + return identity, fmt.Errorf("CF Connector: failed to parse spaces: %v", err) + } - var groupsClaims []string + for _, resource := range spaces.Resources { + orgName := orgMap[resource.Entity.OrganizationGuid] + orgSpaces[orgName] = append(orgSpaces[orgName], resource.Entity.Name) - for _, resource := range spaces.Resources { - orgName := orgMap[resource.Entity.OrganizationGuid] - orgSpaces[orgName] = append(orgSpaces[orgName], resource.Entity.Name) + groupsClaims = append(groupsClaims, resource.Metadata.Guid) + } - groupsClaims = append(groupsClaims, resource.Metadata.Guid) + if spaces.NextUrl != "" { + nextUrl = fmt.Sprintf("%s%s", c.apiURL, spaces.NextUrl) + } } for orgName, spaceNames := range orgSpaces { diff --git a/connector/cf/cf_test.go b/connector/cf/cf_test.go index bd1026bd6a..138dff22db 100644 --- a/connector/cf/cf_test.go +++ b/connector/cf/cf_test.go @@ -50,10 +50,13 @@ func TestHandleCallback(t *testing.T) { expectEqual(t, err, nil) sort.Strings(identity.Groups) - expectEqual(t, len(identity.Groups), 3) - expectEqual(t, identity.Groups[0], "some-org-name-1:some-space-name") - expectEqual(t, identity.Groups[1], "some-org-name-2") - expectEqual(t, identity.Groups[2], "some-space-guid") + expectEqual(t, len(identity.Groups), 6) + expectEqual(t, identity.Groups[0], "some-org-name-1:some-space-name-1") + expectEqual(t, identity.Groups[1], "some-org-name-2:some-space-name-2") + expectEqual(t, identity.Groups[2], "some-org-name-3") + expectEqual(t, identity.Groups[3], "some-org-name-4") + expectEqual(t, identity.Groups[4], "some-space-guid-1") + expectEqual(t, identity.Groups[5], "some-space-guid-2") }) t.Run("CallbackWithoutGroupsScope", func(t *testing.T) { @@ -121,30 +124,59 @@ func testSetup() *httptest.Server { var result map[string]interface{} if strings.Contains(r.URL.String(), "spaces") { - result = map[string]interface{}{ - "resources": []map[string]interface{}{ - { - "metadata": map[string]string{"guid": "some-space-guid"}, - "entity": map[string]string{"name": "some-space-name", "organization_guid": "some-org-guid-1"}, + if strings.Contains(r.URL.String(), "spaces?order-direction=asc&page=2&results-per-page=50") { + result = map[string]interface{}{ + "resources": []map[string]interface{}{ + { + "metadata": map[string]string{"guid": "some-space-guid-2"}, + "entity": map[string]string{"name": "some-space-name-2", "organization_guid": "some-org-guid-2"}, + }, }, - }, + } + } else { + result = map[string]interface{}{ + "next_url": "/v2/users/12345/spaces?order-direction=asc&page=2&results-per-page=50", + "resources": []map[string]interface{}{ + { + "metadata": map[string]string{"guid": "some-space-guid-1"}, + "entity": map[string]string{"name": "some-space-name-1", "organization_guid": "some-org-guid-1"}, + }, + }, + } } } if strings.Contains(r.URL.String(), "organizations") { - result = map[string]interface{}{ - "resources": []map[string]interface{}{ - { - "metadata": map[string]string{"guid": "some-org-guid-1"}, - "entity": map[string]string{"name": "some-org-name-1"}, + if strings.Contains(r.URL.String(), "organizations?order-direction=asc&page=2&results-per-page=50") { + result = map[string]interface{}{ + "resources": []map[string]interface{}{ + { + "metadata": map[string]string{"guid": "some-org-guid-3"}, + "entity": map[string]string{"name": "some-org-name-3"}, + }, + { + "metadata": map[string]string{"guid": "some-org-guid-4"}, + "entity": map[string]string{"name": "some-org-name-4"}, + }, }, - { - "metadata": map[string]string{"guid": "some-org-guid-2"}, - "entity": map[string]string{"name": "some-org-name-2"}, + } + } else { + result = map[string]interface{}{ + "next_url": "/v2/users/12345/organizations?order-direction=asc&page=2&results-per-page=50", + "resources": []map[string]interface{}{ + { + "metadata": map[string]string{"guid": "some-org-guid-1"}, + "entity": map[string]string{"name": "some-org-name-1"}, + }, + { + "metadata": map[string]string{"guid": "some-org-guid-2"}, + "entity": map[string]string{"name": "some-org-name-2"}, + }, }, - }, + } } } + json.NewEncoder(w).Encode(result) }) From d31ae3fce6281fe388241c605a034a4ace6c10cb Mon Sep 17 00:00:00 2001 From: Joshua Winters Date: Thu, 7 Nov 2019 12:36:10 -0500 Subject: [PATCH 10/28] cf: add org to groups claims Signed-off-by: Joshua Winters Co-authored-by: Rui Yang --- connector/cf/cf.go | 9 +++------ connector/cf/cf_test.go | 16 +++++++++------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/connector/cf/cf.go b/connector/cf/cf.go index db185307d7..0dd76fb821 100644 --- a/connector/cf/cf.go +++ b/connector/cf/cf.go @@ -293,12 +293,9 @@ func (c *cfConnector) HandleCallback(s connector.Scopes, r *http.Request) (ident } for orgName, spaceNames := range orgSpaces { - if len(spaceNames) > 0 { - for _, spaceName := range spaceNames { - groupsClaims = append(groupsClaims, fmt.Sprintf("%s:%s", orgName, spaceName)) - } - } else { - groupsClaims = append(groupsClaims, fmt.Sprintf("%s", orgName)) + groupsClaims = append(groupsClaims, fmt.Sprintf("%s", orgName)) + for _, spaceName := range spaceNames { + groupsClaims = append(groupsClaims, fmt.Sprintf("%s:%s", orgName, spaceName)) } } diff --git a/connector/cf/cf_test.go b/connector/cf/cf_test.go index 138dff22db..b5b581954e 100644 --- a/connector/cf/cf_test.go +++ b/connector/cf/cf_test.go @@ -50,13 +50,15 @@ func TestHandleCallback(t *testing.T) { expectEqual(t, err, nil) sort.Strings(identity.Groups) - expectEqual(t, len(identity.Groups), 6) - expectEqual(t, identity.Groups[0], "some-org-name-1:some-space-name-1") - expectEqual(t, identity.Groups[1], "some-org-name-2:some-space-name-2") - expectEqual(t, identity.Groups[2], "some-org-name-3") - expectEqual(t, identity.Groups[3], "some-org-name-4") - expectEqual(t, identity.Groups[4], "some-space-guid-1") - expectEqual(t, identity.Groups[5], "some-space-guid-2") + expectEqual(t, len(identity.Groups), 8) + expectEqual(t, identity.Groups[0], "some-org-name-1") + expectEqual(t, identity.Groups[1], "some-org-name-1:some-space-name-1") + expectEqual(t, identity.Groups[2], "some-org-name-2") + expectEqual(t, identity.Groups[3], "some-org-name-2:some-space-name-2") + expectEqual(t, identity.Groups[4], "some-org-name-3") + expectEqual(t, identity.Groups[5], "some-org-name-4") + expectEqual(t, identity.Groups[6], "some-space-guid-1") + expectEqual(t, identity.Groups[7], "some-space-guid-2") }) t.Run("CallbackWithoutGroupsScope", func(t *testing.T) { From 8bce7569d0fa1c9f92ec368f74209f82b36323ee Mon Sep 17 00:00:00 2001 From: Joshua Winters Date: Mon, 18 Nov 2019 16:38:33 -0500 Subject: [PATCH 11/28] cf: add org guid to groups claims Co-authored-by: Rui Yang Signed-off-by: Joshua Winters --- connector/cf/cf.go | 12 +++++++++--- connector/cf/cf_test.go | 24 +++++++++++++----------- 2 files changed, 22 insertions(+), 14 deletions(-) diff --git a/connector/cf/cf.go b/connector/cf/cf.go index 0dd76fb821..d677a33fb3 100644 --- a/connector/cf/cf.go +++ b/connector/cf/cf.go @@ -10,6 +10,7 @@ import ( "io/ioutil" "net" "net/http" + "sort" "strings" "time" @@ -255,6 +256,9 @@ func (c *cfConnector) HandleCallback(s connector.Scopes, r *http.Request) (ident for _, resource := range orgs.Resources { orgMap[resource.Metadata.Guid] = resource.Entity.Name orgSpaces[resource.Entity.Name] = []string{} + + groupsClaims = append(groupsClaims, resource.Metadata.Guid) + groupsClaims = append(groupsClaims, resource.Entity.Name) } if orgs.NextUrl != "" { @@ -292,14 +296,16 @@ func (c *cfConnector) HandleCallback(s connector.Scopes, r *http.Request) (ident } } + var orgSpaceClaims []string for orgName, spaceNames := range orgSpaces { - groupsClaims = append(groupsClaims, fmt.Sprintf("%s", orgName)) for _, spaceName := range spaceNames { - groupsClaims = append(groupsClaims, fmt.Sprintf("%s:%s", orgName, spaceName)) + orgSpaceClaims = append(orgSpaceClaims, fmt.Sprintf("%s:%s", orgName, spaceName)) } } - identity.Groups = groupsClaims + sort.Strings(orgSpaceClaims) + + identity.Groups = append(groupsClaims, orgSpaceClaims...) } if s.OfflineAccess { diff --git a/connector/cf/cf_test.go b/connector/cf/cf_test.go index b5b581954e..67850d2eb2 100644 --- a/connector/cf/cf_test.go +++ b/connector/cf/cf_test.go @@ -7,7 +7,6 @@ import ( "net/http" "net/http/httptest" "reflect" - "sort" "strings" "testing" @@ -49,16 +48,19 @@ func TestHandleCallback(t *testing.T) { identity, err := cfConn.HandleCallback(connector.Scopes{Groups: true}, req) expectEqual(t, err, nil) - sort.Strings(identity.Groups) - expectEqual(t, len(identity.Groups), 8) - expectEqual(t, identity.Groups[0], "some-org-name-1") - expectEqual(t, identity.Groups[1], "some-org-name-1:some-space-name-1") - expectEqual(t, identity.Groups[2], "some-org-name-2") - expectEqual(t, identity.Groups[3], "some-org-name-2:some-space-name-2") - expectEqual(t, identity.Groups[4], "some-org-name-3") - expectEqual(t, identity.Groups[5], "some-org-name-4") - expectEqual(t, identity.Groups[6], "some-space-guid-1") - expectEqual(t, identity.Groups[7], "some-space-guid-2") + expectEqual(t, len(identity.Groups), 12) + expectEqual(t, identity.Groups[0], "some-org-guid-1") + expectEqual(t, identity.Groups[1], "some-org-name-1") + expectEqual(t, identity.Groups[2], "some-org-guid-2") + expectEqual(t, identity.Groups[3], "some-org-name-2") + expectEqual(t, identity.Groups[4], "some-org-guid-3") + expectEqual(t, identity.Groups[5], "some-org-name-3") + expectEqual(t, identity.Groups[6], "some-org-guid-4") + expectEqual(t, identity.Groups[7], "some-org-name-4") + expectEqual(t, identity.Groups[8], "some-space-guid-1") + expectEqual(t, identity.Groups[9], "some-space-guid-2") + expectEqual(t, identity.Groups[10], "some-org-name-1:some-space-name-1") + expectEqual(t, identity.Groups[11], "some-org-name-2:some-space-name-2") }) t.Run("CallbackWithoutGroupsScope", func(t *testing.T) { From e5780cd84777ee2553811531d995272ac211260d Mon Sep 17 00:00:00 2001 From: Zoe Tian Date: Mon, 7 Oct 2019 17:16:00 -0400 Subject: [PATCH 12/28] add unit test and api call to `audited_spaces` and `managed_spaces` Signed-off-by: Zoe Tian Co-authored-by: Ciro S. Costa Signed-off-by: w3tian --- connector/cf/cf.go | 210 +++++++++++++++++++++++++++------------- connector/cf/cf_test.go | 143 +++++++++++++++------------ 2 files changed, 224 insertions(+), 129 deletions(-) diff --git a/connector/cf/cf.go b/connector/cf/cf.go index d677a33fb3..6b33ebe1ba 100644 --- a/connector/cf/cf.go +++ b/connector/cf/cf.go @@ -64,6 +64,17 @@ type Entity struct { OrganizationGuid string `json:"organization_guid"` } +type Space struct { + Name string + Guid string + OrgGuid string +} + +type Org struct { + Name string + Guid string +} + func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) { var err error @@ -181,6 +192,115 @@ func (c *cfConnector) LoginURL(scopes connector.Scopes, callbackURL, state strin return oauth2Config.AuthCodeURL(state), nil } +func fetchRoleSpaces(baseUrl, path string, client *http.Client) ([]Space, error) { + var spaces []Space + + resources, err := fetchResources(baseUrl, path, client) + if err != nil { + return nil, fmt.Errorf("failed to fetch resources: %v", err) + } + + for _, resource := range resources { + spaces = append(spaces, Space{ + Name: resource.Entity.Name, + Guid: resource.Metadata.Guid, + OrgGuid: resource.Entity.OrganizationGuid, + }) + } + + return spaces, nil +} + +func fetchOrgs(baseUrl, path string, client *http.Client) ([]Org, error) { + var orgs []Org + + resources, err := fetchResources(baseUrl, path, client) + if err != nil { + return nil, fmt.Errorf("failed to fetch resources: %v", err) + } + + for _, resource := range resources { + orgs = append(orgs, Org{ + Name: resource.Entity.Name, + Guid: resource.Metadata.Guid, + }) + } + + return orgs, nil +} + +func fetchResources(baseUrl, path string, client *http.Client) ([]Resource, error) { + var ( + resources []Resource + url string + ) + + for { + url = fmt.Sprintf("%s%s", baseUrl, path) + + resp, err := client.Get(url) + if err != nil { + return nil, fmt.Errorf("failed to execute request: %v", err) + } + + if resp.StatusCode != http.StatusOK { + return nil, fmt.Errorf("unsuccessful status code %d", resp.StatusCode) + } + + response := CCResponse{} + err = json.NewDecoder(resp.Body).Decode(&response) + if err != nil { + return nil, fmt.Errorf("failed to parse spaces: %v", err) + } + + resources = append(resources, response.Resources...) + + path = response.NextUrl + if path == "" { + break + } + } + + return resources, nil +} + +func getGroupsClaims(orgs []Org, spaces []Space) []string { + + var ( + orgMap = map[string]string{} + orgSpaces = map[string][]string{} + groupsClaims = map[string]bool{} + ) + + for _, org := range orgs { + orgMap[org.Guid] = org.Name + orgSpaces[org.Name] = []string{} + groupsClaims[org.Guid] = true + groupsClaims[org.Name] = true + } + + for _, space := range spaces { + orgName := orgMap[space.OrgGuid] + orgSpaces[orgName] = append(orgSpaces[orgName], space.Name) + groupsClaims[space.Guid] = true + } + + for orgName, spaceNames := range orgSpaces { + for _, spaceName := range spaceNames { + groupsClaims[fmt.Sprintf("%s:%s", orgName, spaceName)] = true + } + } + + var groups []string + for k, _ := range groupsClaims { + groups = append(groups, k) + } + + sort.Strings(groups) + + return groups +} + func (c *cfConnector) HandleCallback(s connector.Scopes, r *http.Request) (identity connector.Identity, err error) { q := r.URL.Query() @@ -229,83 +349,37 @@ func (c *cfConnector) HandleCallback(s connector.Scopes, r *http.Request) (ident identity.Email, _ = userInfoResult["email"].(string) identity.EmailVerified, _ = userInfoResult["email_verified"].(bool) - var orgMap = make(map[string]string) - var orgSpaces = make(map[string][]string) - var groupsClaims []string + var ( + devPath = fmt.Sprintf("/v2/users/%s/spaces", identity.UserID) + auditorPath = fmt.Sprintf("/v2/users/%s/audited_spaces", identity.UserID) + managerPath = fmt.Sprintf("/v2/users/%s/managed_spaces", identity.UserID) + orgsPath = fmt.Sprintf("/v2/users/%s/organizations", identity.UserID) + ) if s.Groups { - // fetch orgs - - var orgs CCResponse - var nextUrl = fmt.Sprintf("%s/v2/users/%s/organizations", c.apiURL, identity.UserID) - for moreResults := true; moreResults; moreResults = orgs.NextUrl != "" { - orgsResp, err := client.Get(nextUrl) - if err != nil { - return identity, fmt.Errorf("CF Connector: failed to execute request for orgs: %v", err) - } - if orgsResp.StatusCode != http.StatusOK { - return identity, fmt.Errorf("CF Connector: failed to execute request for orgs: status %d", orgsResp.StatusCode) - } - - orgs = CCResponse{} - err = json.NewDecoder(orgsResp.Body).Decode(&orgs) - if err != nil { - return identity, fmt.Errorf("CF Connector: failed to parse orgs: %v", err) - } - - for _, resource := range orgs.Resources { - orgMap[resource.Metadata.Guid] = resource.Entity.Name - orgSpaces[resource.Entity.Name] = []string{} - - groupsClaims = append(groupsClaims, resource.Metadata.Guid) - groupsClaims = append(groupsClaims, resource.Entity.Name) - } - - if orgs.NextUrl != "" { - nextUrl = fmt.Sprintf("%s%s", c.apiURL, orgs.NextUrl) - } + orgs, err := fetchOrgs(c.apiURL, orgsPath, client) + if err != nil { + return identity, fmt.Errorf("failed to fetch organizaitons: %v", err) } - // fetch spaces - var spaces CCResponse - nextUrl = fmt.Sprintf("%s/v2/users/%s/spaces", c.apiURL, identity.UserID) - for moreResults := true; moreResults; moreResults = spaces.NextUrl != "" { - spacesResp, err := client.Get(nextUrl) - if err != nil { - return identity, fmt.Errorf("CF Connector: failed to execute request for spaces: %v", err) - } - if spacesResp.StatusCode != http.StatusOK { - return identity, fmt.Errorf("CF Connector: failed to execute request for spaces: status %d", spacesResp.StatusCode) - } - - spaces = CCResponse{} - err = json.NewDecoder(spacesResp.Body).Decode(&spaces) - if err != nil { - return identity, fmt.Errorf("CF Connector: failed to parse spaces: %v", err) - } - - for _, resource := range spaces.Resources { - orgName := orgMap[resource.Entity.OrganizationGuid] - orgSpaces[orgName] = append(orgSpaces[orgName], resource.Entity.Name) - - groupsClaims = append(groupsClaims, resource.Metadata.Guid) - } - - if spaces.NextUrl != "" { - nextUrl = fmt.Sprintf("%s%s", c.apiURL, spaces.NextUrl) - } + developerSpaces, err := fetchRoleSpaces(c.apiURL, devPath, client) + if err != nil { + return identity, fmt.Errorf("failed to fetch spaces for developer roles: %v", err) } - var orgSpaceClaims []string - for orgName, spaceNames := range orgSpaces { - for _, spaceName := range spaceNames { - orgSpaceClaims = append(orgSpaceClaims, fmt.Sprintf("%s:%s", orgName, spaceName)) - } + auditorSpaces, err := fetchRoleSpaces(c.apiURL, auditorPath, client) + if err != nil { + return identity, fmt.Errorf("failed to fetch spaces for developer roles: %v", err) + } + + managerSpaces, err := fetchRoleSpaces(c.apiURL, managerPath, client) + if err != nil { + return identity, fmt.Errorf("failed to fetch spaces for developer roles: %v", err) } - sort.Strings(orgSpaceClaims) + spaces := append(developerSpaces, append(auditorSpaces, managerSpaces...)...) - identity.Groups = append(groupsClaims, orgSpaceClaims...) + identity.Groups = getGroupsClaims(orgs, spaces) } if s.OfflineAccess { diff --git a/connector/cf/cf_test.go b/connector/cf/cf_test.go index 67850d2eb2..40daa7c758 100644 --- a/connector/cf/cf_test.go +++ b/connector/cf/cf_test.go @@ -50,17 +50,17 @@ func TestHandleCallback(t *testing.T) { expectEqual(t, len(identity.Groups), 12) expectEqual(t, identity.Groups[0], "some-org-guid-1") - expectEqual(t, identity.Groups[1], "some-org-name-1") - expectEqual(t, identity.Groups[2], "some-org-guid-2") - expectEqual(t, identity.Groups[3], "some-org-name-2") - expectEqual(t, identity.Groups[4], "some-org-guid-3") - expectEqual(t, identity.Groups[5], "some-org-name-3") - expectEqual(t, identity.Groups[6], "some-org-guid-4") - expectEqual(t, identity.Groups[7], "some-org-name-4") - expectEqual(t, identity.Groups[8], "some-space-guid-1") - expectEqual(t, identity.Groups[9], "some-space-guid-2") - expectEqual(t, identity.Groups[10], "some-org-name-1:some-space-name-1") - expectEqual(t, identity.Groups[11], "some-org-name-2:some-space-name-2") + expectEqual(t, identity.Groups[1], "some-org-guid-2") + expectEqual(t, identity.Groups[2], "some-org-guid-3") + expectEqual(t, identity.Groups[3], "some-org-guid-4") + expectEqual(t, identity.Groups[4], "some-org-name-1") + expectEqual(t, identity.Groups[5], "some-org-name-1:some-space-name-1") + expectEqual(t, identity.Groups[6], "some-org-name-2") + expectEqual(t, identity.Groups[7], "some-org-name-2:some-space-name-2") + expectEqual(t, identity.Groups[8], "some-org-name-3") + expectEqual(t, identity.Groups[9], "some-org-name-4") + expectEqual(t, identity.Groups[10], "some-space-guid-1") + expectEqual(t, identity.Groups[11], "some-space-guid-2") }) t.Run("CallbackWithoutGroupsScope", func(t *testing.T) { @@ -85,6 +85,64 @@ func TestHandleCallback(t *testing.T) { }) } +func testSpaceHandler(reqUrl, spaceApiEndpoint string) (result map[string]interface{}) { + fullUrl := fmt.Sprintf("%s?order-direction=asc&page=2&results-per-page=50", spaceApiEndpoint) + if strings.Contains(reqUrl, fullUrl) { + result = map[string]interface{}{ + "resources": []map[string]interface{}{ + { + "metadata": map[string]string{"guid": "some-space-guid-2"}, + "entity": map[string]string{"name": "some-space-name-2", "organization_guid": "some-org-guid-2"}, + }, + }, + } + } else { + nextUrl := fmt.Sprintf("/v2/users/12345/%s?order-direction=asc&page=2&results-per-page=50", spaceApiEndpoint) + result = map[string]interface{}{ + "next_url": nextUrl, + "resources": []map[string]interface{}{ + { + "metadata": map[string]string{"guid": "some-space-guid-1"}, + "entity": map[string]string{"name": "some-space-name-1", "organization_guid": "some-org-guid-1"}, + }, + }, + } + } + return result +} + +func testOrgHandler(reqUrl string) (result map[string]interface{}) { + if strings.Contains(reqUrl, "organizations?order-direction=asc&page=2&results-per-page=50") { + result = map[string]interface{}{ + "resources": []map[string]interface{}{ + { + "metadata": map[string]string{"guid": "some-org-guid-3"}, + "entity": map[string]string{"name": "some-org-name-3"}, + }, + { + "metadata": map[string]string{"guid": "some-org-guid-4"}, + "entity": map[string]string{"name": "some-org-name-4"}, + }, + }, + } + } else { + result = map[string]interface{}{ + "next_url": "/v2/users/12345/organizations?order-direction=asc&page=2&results-per-page=50", + "resources": []map[string]interface{}{ + { + "metadata": map[string]string{"guid": "some-org-guid-1"}, + "entity": map[string]string{"name": "some-org-name-1"}, + }, + { + "metadata": map[string]string{"guid": "some-org-guid-2"}, + "entity": map[string]string{"name": "some-org-name-2"}, + }, + }, + } + } + return result +} + func testSetup() *httptest.Server { mux := http.NewServeMux() mux.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) { @@ -127,58 +185,21 @@ func testSetup() *httptest.Server { mux.HandleFunc("/v2/users/", func(w http.ResponseWriter, r *http.Request) { var result map[string]interface{} - if strings.Contains(r.URL.String(), "spaces") { - if strings.Contains(r.URL.String(), "spaces?order-direction=asc&page=2&results-per-page=50") { - result = map[string]interface{}{ - "resources": []map[string]interface{}{ - { - "metadata": map[string]string{"guid": "some-space-guid-2"}, - "entity": map[string]string{"name": "some-space-name-2", "organization_guid": "some-org-guid-2"}, - }, - }, - } - } else { - result = map[string]interface{}{ - "next_url": "/v2/users/12345/spaces?order-direction=asc&page=2&results-per-page=50", - "resources": []map[string]interface{}{ - { - "metadata": map[string]string{"guid": "some-space-guid-1"}, - "entity": map[string]string{"name": "some-space-name-1", "organization_guid": "some-org-guid-1"}, - }, - }, - } - } + reqUrl := r.URL.String() + if strings.Contains(reqUrl, "/spaces") { + result = testSpaceHandler(reqUrl, "spaces") + } + + if strings.Contains(reqUrl, "/audited_spaces") { + result = testSpaceHandler(reqUrl, "audited_spaces") + } + + if strings.Contains(reqUrl, "/managed_spaces") { + result = testSpaceHandler(reqUrl, "managed_spaces") } - if strings.Contains(r.URL.String(), "organizations") { - if strings.Contains(r.URL.String(), "organizations?order-direction=asc&page=2&results-per-page=50") { - result = map[string]interface{}{ - "resources": []map[string]interface{}{ - { - "metadata": map[string]string{"guid": "some-org-guid-3"}, - "entity": map[string]string{"name": "some-org-name-3"}, - }, - { - "metadata": map[string]string{"guid": "some-org-guid-4"}, - "entity": map[string]string{"name": "some-org-name-4"}, - }, - }, - } - } else { - result = map[string]interface{}{ - "next_url": "/v2/users/12345/organizations?order-direction=asc&page=2&results-per-page=50", - "resources": []map[string]interface{}{ - { - "metadata": map[string]string{"guid": "some-org-guid-1"}, - "entity": map[string]string{"name": "some-org-name-1"}, - }, - { - "metadata": map[string]string{"guid": "some-org-guid-2"}, - "entity": map[string]string{"name": "some-org-name-2"}, - }, - }, - } - } + if strings.Contains(reqUrl, "organizations") { + result = testOrgHandler(reqUrl) } json.NewEncoder(w).Encode(result) From 6d6c640b44a9c5315c770a93a56174fc6004d342 Mon Sep 17 00:00:00 2001 From: Rui Yang Date: Mon, 4 Nov 2019 17:06:23 -0500 Subject: [PATCH 13/28] append role to space guids Signed-off-by: Rui Yang Co-authored-by: Joshua Winters --- connector/cf/cf.go | 27 +++++++++++++++------------ connector/cf/cf_test.go | 10 ++++++++-- 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/connector/cf/cf.go b/connector/cf/cf.go index 6b33ebe1ba..67c3d56702 100644 --- a/connector/cf/cf.go +++ b/connector/cf/cf.go @@ -68,6 +68,7 @@ type Space struct { Name string Guid string OrgGuid string + Role string } type Org struct { @@ -192,7 +193,7 @@ func (c *cfConnector) LoginURL(scopes connector.Scopes, callbackURL, state strin return oauth2Config.AuthCodeURL(state), nil } -func fetchRoleSpaces(baseUrl, path string, client *http.Client) ([]Space, error) { +func fetchRoleSpaces(baseUrl, path, role string, client *http.Client) ([]Space, error) { var spaces []Space resources, err := fetchResources(baseUrl, path, client) @@ -205,6 +206,7 @@ func fetchRoleSpaces(baseUrl, path string, client *http.Client) ([]Space, error) Name: resource.Entity.Name, Guid: resource.Metadata.Guid, OrgGuid: resource.Entity.OrganizationGuid, + Role: role, }) } @@ -268,32 +270,33 @@ func getGroupsClaims(orgs []Org, spaces []Space) []string { var ( orgMap = map[string]string{} - orgSpaces = map[string][]string{} + orgSpaces = map[string][]Space{} groupsClaims = map[string]bool{} ) for _, org := range orgs { orgMap[org.Guid] = org.Name - orgSpaces[org.Name] = []string{} + orgSpaces[org.Name] = []Space{} groupsClaims[org.Guid] = true groupsClaims[org.Name] = true } for _, space := range spaces { orgName := orgMap[space.OrgGuid] - orgSpaces[orgName] = append(orgSpaces[orgName], space.Name) + orgSpaces[orgName] = append(orgSpaces[orgName], space) groupsClaims[space.Guid] = true + groupsClaims[fmt.Sprintf("%s:%s", space.Guid, space.Role)] = true } - for orgName, spaceNames := range orgSpaces { - for _, spaceName := range spaceNames { - groupsClaims[fmt.Sprintf("%s:%s", orgName, spaceName)] = true + for orgName, spaces := range orgSpaces { + for _, space := range spaces { + groupsClaims[fmt.Sprintf("%s:%s", orgName, space.Name)] = true } } var groups []string - for k, _ := range groupsClaims { - groups = append(groups, k) + for group, _ := range groupsClaims { + groups = append(groups, group) } sort.Strings(groups) @@ -362,17 +365,17 @@ func (c *cfConnector) HandleCallback(s connector.Scopes, r *http.Request) (ident return identity, fmt.Errorf("failed to fetch organizaitons: %v", err) } - developerSpaces, err := fetchRoleSpaces(c.apiURL, devPath, client) + developerSpaces, err := fetchRoleSpaces(c.apiURL, devPath, "developer", client) if err != nil { return identity, fmt.Errorf("failed to fetch spaces for developer roles: %v", err) } - auditorSpaces, err := fetchRoleSpaces(c.apiURL, auditorPath, client) + auditorSpaces, err := fetchRoleSpaces(c.apiURL, auditorPath, "auditor", client) if err != nil { return identity, fmt.Errorf("failed to fetch spaces for developer roles: %v", err) } - managerSpaces, err := fetchRoleSpaces(c.apiURL, managerPath, client) + managerSpaces, err := fetchRoleSpaces(c.apiURL, managerPath, "manager", client) if err != nil { return identity, fmt.Errorf("failed to fetch spaces for developer roles: %v", err) } diff --git a/connector/cf/cf_test.go b/connector/cf/cf_test.go index 40daa7c758..f6014230b4 100644 --- a/connector/cf/cf_test.go +++ b/connector/cf/cf_test.go @@ -48,7 +48,7 @@ func TestHandleCallback(t *testing.T) { identity, err := cfConn.HandleCallback(connector.Scopes{Groups: true}, req) expectEqual(t, err, nil) - expectEqual(t, len(identity.Groups), 12) + expectEqual(t, len(identity.Groups), 18) expectEqual(t, identity.Groups[0], "some-org-guid-1") expectEqual(t, identity.Groups[1], "some-org-guid-2") expectEqual(t, identity.Groups[2], "some-org-guid-3") @@ -60,7 +60,13 @@ func TestHandleCallback(t *testing.T) { expectEqual(t, identity.Groups[8], "some-org-name-3") expectEqual(t, identity.Groups[9], "some-org-name-4") expectEqual(t, identity.Groups[10], "some-space-guid-1") - expectEqual(t, identity.Groups[11], "some-space-guid-2") + expectEqual(t, identity.Groups[11], "some-space-guid-1:auditor") + expectEqual(t, identity.Groups[12], "some-space-guid-1:developer") + expectEqual(t, identity.Groups[13], "some-space-guid-1:manager") + expectEqual(t, identity.Groups[14], "some-space-guid-2") + expectEqual(t, identity.Groups[15], "some-space-guid-2:auditor") + expectEqual(t, identity.Groups[16], "some-space-guid-2:developer") + expectEqual(t, identity.Groups[17], "some-space-guid-2:manager") }) t.Run("CallbackWithoutGroupsScope", func(t *testing.T) { From fad2e8dc6cb28989744e1a2dadfb7e88624d34bd Mon Sep 17 00:00:00 2001 From: Joshua Winters Date: Mon, 25 Nov 2019 15:15:30 -0500 Subject: [PATCH 14/28] add cf org:space:role group claim to token Signed-off-by: Joshua Winters Co-authored-by: Rui Yang --- connector/cf/cf.go | 1 + connector/cf/cf_test.go | 32 +++++++++++++++++++------------- 2 files changed, 20 insertions(+), 13 deletions(-) diff --git a/connector/cf/cf.go b/connector/cf/cf.go index 67c3d56702..0dcbb3a86f 100644 --- a/connector/cf/cf.go +++ b/connector/cf/cf.go @@ -291,6 +291,7 @@ func getGroupsClaims(orgs []Org, spaces []Space) []string { for orgName, spaces := range orgSpaces { for _, space := range spaces { groupsClaims[fmt.Sprintf("%s:%s", orgName, space.Name)] = true + groupsClaims[fmt.Sprintf("%s:%s:%s", orgName, space.Name, space.Role)] = true } } diff --git a/connector/cf/cf_test.go b/connector/cf/cf_test.go index f6014230b4..afc273daa1 100644 --- a/connector/cf/cf_test.go +++ b/connector/cf/cf_test.go @@ -48,25 +48,31 @@ func TestHandleCallback(t *testing.T) { identity, err := cfConn.HandleCallback(connector.Scopes{Groups: true}, req) expectEqual(t, err, nil) - expectEqual(t, len(identity.Groups), 18) + expectEqual(t, len(identity.Groups), 24) expectEqual(t, identity.Groups[0], "some-org-guid-1") expectEqual(t, identity.Groups[1], "some-org-guid-2") expectEqual(t, identity.Groups[2], "some-org-guid-3") expectEqual(t, identity.Groups[3], "some-org-guid-4") expectEqual(t, identity.Groups[4], "some-org-name-1") expectEqual(t, identity.Groups[5], "some-org-name-1:some-space-name-1") - expectEqual(t, identity.Groups[6], "some-org-name-2") - expectEqual(t, identity.Groups[7], "some-org-name-2:some-space-name-2") - expectEqual(t, identity.Groups[8], "some-org-name-3") - expectEqual(t, identity.Groups[9], "some-org-name-4") - expectEqual(t, identity.Groups[10], "some-space-guid-1") - expectEqual(t, identity.Groups[11], "some-space-guid-1:auditor") - expectEqual(t, identity.Groups[12], "some-space-guid-1:developer") - expectEqual(t, identity.Groups[13], "some-space-guid-1:manager") - expectEqual(t, identity.Groups[14], "some-space-guid-2") - expectEqual(t, identity.Groups[15], "some-space-guid-2:auditor") - expectEqual(t, identity.Groups[16], "some-space-guid-2:developer") - expectEqual(t, identity.Groups[17], "some-space-guid-2:manager") + expectEqual(t, identity.Groups[6], "some-org-name-1:some-space-name-1:auditor") + expectEqual(t, identity.Groups[7], "some-org-name-1:some-space-name-1:developer") + expectEqual(t, identity.Groups[8], "some-org-name-1:some-space-name-1:manager") + expectEqual(t, identity.Groups[9], "some-org-name-2") + expectEqual(t, identity.Groups[10], "some-org-name-2:some-space-name-2") + expectEqual(t, identity.Groups[11], "some-org-name-2:some-space-name-2:auditor") + expectEqual(t, identity.Groups[12], "some-org-name-2:some-space-name-2:developer") + expectEqual(t, identity.Groups[13], "some-org-name-2:some-space-name-2:manager") + expectEqual(t, identity.Groups[14], "some-org-name-3") + expectEqual(t, identity.Groups[15], "some-org-name-4") + expectEqual(t, identity.Groups[16], "some-space-guid-1") + expectEqual(t, identity.Groups[17], "some-space-guid-1:auditor") + expectEqual(t, identity.Groups[18], "some-space-guid-1:developer") + expectEqual(t, identity.Groups[19], "some-space-guid-1:manager") + expectEqual(t, identity.Groups[20], "some-space-guid-2") + expectEqual(t, identity.Groups[21], "some-space-guid-2:auditor") + expectEqual(t, identity.Groups[22], "some-space-guid-2:developer") + expectEqual(t, identity.Groups[23], "some-space-guid-2:manager") }) t.Run("CallbackWithoutGroupsScope", func(t *testing.T) { From addb884dbda3406a0ef4b34de57f9a143203ccdb Mon Sep 17 00:00:00 2001 From: Rui Yang Date: Mon, 13 Jan 2020 13:19:53 -0500 Subject: [PATCH 15/28] fix lint errors gofumpt-ed Signed-off-by: Rui Yang --- connector/cf/cf.go | 59 +++++++++++++++++++---------------------- connector/cf/cf_test.go | 37 +++++++++++++------------- 2 files changed, 46 insertions(+), 50 deletions(-) diff --git a/connector/cf/cf.go b/connector/cf/cf.go index 0dcbb3a86f..ba0b09d1fb 100644 --- a/connector/cf/cf.go +++ b/connector/cf/cf.go @@ -14,9 +14,10 @@ import ( "strings" "time" + "golang.org/x/oauth2" + "github.com/dexidp/dex/connector" "github.com/dexidp/dex/pkg/log" - "golang.org/x/oauth2" ) type cfConnector struct { @@ -45,7 +46,7 @@ type Config struct { } type CCResponse struct { - NextUrl string `json:"next_url"` + NextURL string `json:"next_url"` Resources []Resource `json:"resources"` TotalResults int `json:"total_results"` } @@ -56,24 +57,24 @@ type Resource struct { } type Metadata struct { - Guid string `json:"guid"` + GUID string `json:"guid"` } type Entity struct { Name string `json:"name"` - OrganizationGuid string `json:"organization_guid"` + OrganizationGUID string `json:"organization_guid"` } type Space struct { Name string - Guid string - OrgGuid string + GUID string + OrgGUID string Role string } type Org struct { Name string - Guid string + GUID string } func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) { @@ -94,7 +95,6 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) apiURL := strings.TrimRight(c.APIURL, "/") apiResp, err := cfConn.httpClient.Get(fmt.Sprintf("%s/v2/info", apiURL)) - if err != nil { logger.Errorf("failed-to-send-request-to-cloud-controller-api", err) return nil, err @@ -103,7 +103,7 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) defer apiResp.Body.Close() if apiResp.StatusCode != http.StatusOK { - err = errors.New(fmt.Sprintf("request failed with status %d", apiResp.StatusCode)) + err = fmt.Errorf("request failed with status %d", apiResp.StatusCode) logger.Errorf("failed-get-info-response-from-api", err) return nil, err } @@ -113,15 +113,14 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) uaaURL := strings.TrimRight(apiResult["authorization_endpoint"].(string), "/") uaaResp, err := cfConn.httpClient.Get(fmt.Sprintf("%s/.well-known/openid-configuration", uaaURL)) - if err != nil { logger.Errorf("failed-to-send-request-to-uaa-api", err) return nil, err } if apiResp.StatusCode != http.StatusOK { - err = errors.New(fmt.Sprintf("request failed with status %d", apiResp.StatusCode)) - logger.Errorf("failed-to-get-well-known-config-repsonse-from-api", err) + err = fmt.Errorf("request failed with status %d", apiResp.StatusCode) + logger.Errorf("failed-to-get-well-known-config-response-from-api", err) return nil, err } @@ -177,7 +176,6 @@ func newHTTPClient(rootCAs []string, insecureSkipVerify bool) (*http.Client, err } func (c *cfConnector) LoginURL(scopes connector.Scopes, callbackURL, state string) (string, error) { - if c.redirectURI != callbackURL { return "", fmt.Errorf("expected callback URL %q did not match the URL in the config %q", callbackURL, c.redirectURI) } @@ -193,10 +191,10 @@ func (c *cfConnector) LoginURL(scopes connector.Scopes, callbackURL, state strin return oauth2Config.AuthCodeURL(state), nil } -func fetchRoleSpaces(baseUrl, path, role string, client *http.Client) ([]Space, error) { +func fetchRoleSpaces(baseURL, path, role string, client *http.Client) ([]Space, error) { var spaces []Space - resources, err := fetchResources(baseUrl, path, client) + resources, err := fetchResources(baseURL, path, client) if err != nil { return nil, fmt.Errorf("failed to fetch resources: %v", err) } @@ -204,8 +202,8 @@ func fetchRoleSpaces(baseUrl, path, role string, client *http.Client) ([]Space, for _, resource := range resources { spaces = append(spaces, Space{ Name: resource.Entity.Name, - Guid: resource.Metadata.Guid, - OrgGuid: resource.Entity.OrganizationGuid, + GUID: resource.Metadata.GUID, + OrgGUID: resource.Entity.OrganizationGUID, Role: role, }) } @@ -213,10 +211,10 @@ func fetchRoleSpaces(baseUrl, path, role string, client *http.Client) ([]Space, return spaces, nil } -func fetchOrgs(baseUrl, path string, client *http.Client) ([]Org, error) { +func fetchOrgs(baseURL, path string, client *http.Client) ([]Org, error) { var orgs []Org - resources, err := fetchResources(baseUrl, path, client) + resources, err := fetchResources(baseURL, path, client) if err != nil { return nil, fmt.Errorf("failed to fetch resources: %v", err) } @@ -224,26 +222,27 @@ func fetchOrgs(baseUrl, path string, client *http.Client) ([]Org, error) { for _, resource := range resources { orgs = append(orgs, Org{ Name: resource.Entity.Name, - Guid: resource.Metadata.Guid, + GUID: resource.Metadata.GUID, }) } return orgs, nil } -func fetchResources(baseUrl, path string, client *http.Client) ([]Resource, error) { +func fetchResources(baseURL, path string, client *http.Client) ([]Resource, error) { var ( resources []Resource url string ) for { - url = fmt.Sprintf("%s%s", baseUrl, path) + url = fmt.Sprintf("%s%s", baseURL, path) resp, err := client.Get(url) if err != nil { return nil, fmt.Errorf("failed to execute request: %v", err) } + defer resp.Body.Close() if resp.StatusCode != http.StatusOK { return nil, fmt.Errorf("unsuccessful status code %d", resp.StatusCode) @@ -257,7 +256,7 @@ func fetchResources(baseUrl, path string, client *http.Client) ([]Resource, erro resources = append(resources, response.Resources...) - path = response.NextUrl + path = response.NextURL if path == "" { break } @@ -267,7 +266,6 @@ func fetchResources(baseUrl, path string, client *http.Client) ([]Resource, erro } func getGroupsClaims(orgs []Org, spaces []Space) []string { - var ( orgMap = map[string]string{} orgSpaces = map[string][]Space{} @@ -275,17 +273,17 @@ func getGroupsClaims(orgs []Org, spaces []Space) []string { ) for _, org := range orgs { - orgMap[org.Guid] = org.Name + orgMap[org.GUID] = org.Name orgSpaces[org.Name] = []Space{} - groupsClaims[org.Guid] = true + groupsClaims[org.GUID] = true groupsClaims[org.Name] = true } for _, space := range spaces { - orgName := orgMap[space.OrgGuid] + orgName := orgMap[space.OrgGUID] orgSpaces[orgName] = append(orgSpaces[orgName], space) - groupsClaims[space.Guid] = true - groupsClaims[fmt.Sprintf("%s:%s", space.Guid, space.Role)] = true + groupsClaims[space.GUID] = true + groupsClaims[fmt.Sprintf("%s:%s", space.GUID, space.Role)] = true } for orgName, spaces := range orgSpaces { @@ -296,7 +294,7 @@ func getGroupsClaims(orgs []Org, spaces []Space) []string { } var groups []string - for group, _ := range groupsClaims { + for group := range groupsClaims { groups = append(groups, group) } @@ -306,7 +304,6 @@ func getGroupsClaims(orgs []Org, spaces []Space) []string { } func (c *cfConnector) HandleCallback(s connector.Scopes, r *http.Request) (identity connector.Identity, err error) { - q := r.URL.Query() if errType := q.Get("error"); errType != "" { return identity, errors.New(q.Get("error_description")) diff --git a/connector/cf/cf_test.go b/connector/cf/cf_test.go index afc273daa1..b9bf68dbeb 100644 --- a/connector/cf/cf_test.go +++ b/connector/cf/cf_test.go @@ -10,8 +10,9 @@ import ( "strings" "testing" - "github.com/dexidp/dex/connector" "github.com/sirupsen/logrus" + + "github.com/dexidp/dex/connector" ) func TestOpen(t *testing.T) { @@ -26,7 +27,6 @@ func TestOpen(t *testing.T) { } func TestHandleCallback(t *testing.T) { - testServer := testSetup() defer testServer.Close() @@ -97,9 +97,9 @@ func TestHandleCallback(t *testing.T) { }) } -func testSpaceHandler(reqUrl, spaceApiEndpoint string) (result map[string]interface{}) { - fullUrl := fmt.Sprintf("%s?order-direction=asc&page=2&results-per-page=50", spaceApiEndpoint) - if strings.Contains(reqUrl, fullUrl) { +func testSpaceHandler(reqURL, spaceAPIEndpoint string) (result map[string]interface{}) { + fullURL := fmt.Sprintf("%s?order-direction=asc&page=2&results-per-page=50", spaceAPIEndpoint) + if strings.Contains(reqURL, fullURL) { result = map[string]interface{}{ "resources": []map[string]interface{}{ { @@ -109,9 +109,9 @@ func testSpaceHandler(reqUrl, spaceApiEndpoint string) (result map[string]interf }, } } else { - nextUrl := fmt.Sprintf("/v2/users/12345/%s?order-direction=asc&page=2&results-per-page=50", spaceApiEndpoint) + nextURL := fmt.Sprintf("/v2/users/12345/%s?order-direction=asc&page=2&results-per-page=50", spaceAPIEndpoint) result = map[string]interface{}{ - "next_url": nextUrl, + "next_url": nextURL, "resources": []map[string]interface{}{ { "metadata": map[string]string{"guid": "some-space-guid-1"}, @@ -123,8 +123,8 @@ func testSpaceHandler(reqUrl, spaceApiEndpoint string) (result map[string]interf return result } -func testOrgHandler(reqUrl string) (result map[string]interface{}) { - if strings.Contains(reqUrl, "organizations?order-direction=asc&page=2&results-per-page=50") { +func testOrgHandler(reqURL string) (result map[string]interface{}) { + if strings.Contains(reqURL, "organizations?order-direction=asc&page=2&results-per-page=50") { result = map[string]interface{}{ "resources": []map[string]interface{}{ { @@ -197,21 +197,21 @@ func testSetup() *httptest.Server { mux.HandleFunc("/v2/users/", func(w http.ResponseWriter, r *http.Request) { var result map[string]interface{} - reqUrl := r.URL.String() - if strings.Contains(reqUrl, "/spaces") { - result = testSpaceHandler(reqUrl, "spaces") + reqURL := r.URL.String() + if strings.Contains(reqURL, "/spaces") { + result = testSpaceHandler(reqURL, "spaces") } - if strings.Contains(reqUrl, "/audited_spaces") { - result = testSpaceHandler(reqUrl, "audited_spaces") + if strings.Contains(reqURL, "/audited_spaces") { + result = testSpaceHandler(reqURL, "audited_spaces") } - if strings.Contains(reqUrl, "/managed_spaces") { - result = testSpaceHandler(reqUrl, "managed_spaces") + if strings.Contains(reqURL, "/managed_spaces") { + result = testSpaceHandler(reqURL, "managed_spaces") } - if strings.Contains(reqUrl, "organizations") { - result = testOrgHandler(reqUrl) + if strings.Contains(reqURL, "organizations") { + result = testOrgHandler(reqURL) } json.NewEncoder(w).Encode(result) @@ -221,7 +221,6 @@ func testSetup() *httptest.Server { } func newConnector(t *testing.T, serverURL string) *cfConnector { - callBackURL := fmt.Sprintf("%s/callback", serverURL) testConfig := Config{ From c0fea311a8f95b1940df8c893961460640b98c22 Mon Sep 17 00:00:00 2001 From: Rui Yang Date: Fri, 5 Mar 2021 12:40:56 -0500 Subject: [PATCH 16/28] run golangcli-lint Signed-off-by: Rui Yang --- connector/cf/cf.go | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/connector/cf/cf.go b/connector/cf/cf.go index ba0b09d1fb..4d839ff63a 100644 --- a/connector/cf/cf.go +++ b/connector/cf/cf.go @@ -192,38 +192,36 @@ func (c *cfConnector) LoginURL(scopes connector.Scopes, callbackURL, state strin } func fetchRoleSpaces(baseURL, path, role string, client *http.Client) ([]Space, error) { - var spaces []Space - resources, err := fetchResources(baseURL, path, client) if err != nil { return nil, fmt.Errorf("failed to fetch resources: %v", err) } - for _, resource := range resources { - spaces = append(spaces, Space{ + spaces := make([]Space, len(resources)) + for i, resource := range resources { + spaces[i] = Space{ Name: resource.Entity.Name, GUID: resource.Metadata.GUID, OrgGUID: resource.Entity.OrganizationGUID, Role: role, - }) + } } return spaces, nil } func fetchOrgs(baseURL, path string, client *http.Client) ([]Org, error) { - var orgs []Org - resources, err := fetchResources(baseURL, path, client) if err != nil { return nil, fmt.Errorf("failed to fetch resources: %v", err) } - for _, resource := range resources { - orgs = append(orgs, Org{ + orgs := make([]Org, len(resources)) + for i, resource := range resources { + orgs[i] = Org{ Name: resource.Entity.Name, GUID: resource.Metadata.GUID, - }) + } } return orgs, nil @@ -293,7 +291,7 @@ func getGroupsClaims(orgs []Org, spaces []Space) []string { } } - var groups []string + groups := make([]string, 0, len(groupsClaims)) for group := range groupsClaims { groups = append(groups, group) } From 3cef9dc3dfa24af4a44446b3833dfa9242b61326 Mon Sep 17 00:00:00 2001 From: Rui Yang Date: Wed, 1 Dec 2021 10:37:56 -0500 Subject: [PATCH 17/28] fix sanity check errors Signed-off-by: Rui Yang --- connector/cf/cf.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/connector/cf/cf.go b/connector/cf/cf.go index 4d839ff63a..4cd04275ca 100644 --- a/connector/cf/cf.go +++ b/connector/cf/cf.go @@ -7,9 +7,9 @@ import ( "encoding/json" "errors" "fmt" - "io/ioutil" "net" "net/http" + "os" "sort" "strings" "time" @@ -149,7 +149,7 @@ func newHTTPClient(rootCAs []string, insecureSkipVerify bool) (*http.Client, err tlsConfig := tls.Config{RootCAs: pool, InsecureSkipVerify: insecureSkipVerify} for _, rootCA := range rootCAs { - rootCABytes, err := ioutil.ReadFile(rootCA) + rootCABytes, err := os.ReadFile(rootCA) if err != nil { return nil, fmt.Errorf("failed to read root-ca: %v", err) } @@ -376,9 +376,9 @@ func (c *cfConnector) HandleCallback(s connector.Scopes, r *http.Request) (ident return identity, fmt.Errorf("failed to fetch spaces for developer roles: %v", err) } - spaces := append(developerSpaces, append(auditorSpaces, managerSpaces...)...) + developerSpaces = append(developerSpaces, append(auditorSpaces, managerSpaces...)...) - identity.Groups = getGroupsClaims(orgs, spaces) + identity.Groups = getGroupsClaims(orgs, developerSpaces) } if s.OfflineAccess { From 9ffe6d76467bf229434c43a499a64056ae8e4181 Mon Sep 17 00:00:00 2001 From: Rui Yang Date: Tue, 4 Oct 2022 22:53:06 -0400 Subject: [PATCH 18/28] rename connector;make types private; Signed-off-by: Rui Yang --- .../cf.go => cloudfoundry/cloudfoundry.go} | 66 +++++++++---------- .../cloudfoundry_test.go} | 18 ++--- server/server.go | 4 +- 3 files changed, 44 insertions(+), 44 deletions(-) rename connector/{cf/cf.go => cloudfoundry/cloudfoundry.go} (85%) rename connector/{cf/cf_test.go => cloudfoundry/cloudfoundry_test.go} (94%) diff --git a/connector/cf/cf.go b/connector/cloudfoundry/cloudfoundry.go similarity index 85% rename from connector/cf/cf.go rename to connector/cloudfoundry/cloudfoundry.go index 4cd04275ca..8d3ab7f0ae 100644 --- a/connector/cf/cf.go +++ b/connector/cloudfoundry/cloudfoundry.go @@ -1,4 +1,4 @@ -package cf +package cloudfoundry import ( "context" @@ -20,7 +20,7 @@ import ( "github.com/dexidp/dex/pkg/log" ) -type cfConnector struct { +type cloudfoundryConnector struct { clientID string clientSecret string redirectURI string @@ -45,34 +45,34 @@ type Config struct { InsecureSkipVerify bool `json:"insecureSkipVerify"` } -type CCResponse struct { +type ccResponse struct { NextURL string `json:"next_url"` - Resources []Resource `json:"resources"` + Resources []resource `json:"resources"` TotalResults int `json:"total_results"` } -type Resource struct { - Metadata Metadata `json:"metadata"` - Entity Entity `json:"entity"` +type resource struct { + Metadata metadata `json:"metadata"` + Entity entity `json:"entity"` } -type Metadata struct { +type metadata struct { GUID string `json:"guid"` } -type Entity struct { +type entity struct { Name string `json:"name"` OrganizationGUID string `json:"organization_guid"` } -type Space struct { +type space struct { Name string GUID string OrgGUID string Role string } -type Org struct { +type org struct { Name string GUID string } @@ -80,7 +80,7 @@ type Org struct { func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) { var err error - cfConn := &cfConnector{ + cloudfoundryConn := &cloudfoundryConnector{ clientID: c.ClientID, clientSecret: c.ClientSecret, apiURL: c.APIURL, @@ -88,13 +88,13 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) logger: logger, } - cfConn.httpClient, err = newHTTPClient(c.RootCAs, c.InsecureSkipVerify) + cloudfoundryConn.httpClient, err = newHTTPClient(c.RootCAs, c.InsecureSkipVerify) if err != nil { return nil, err } apiURL := strings.TrimRight(c.APIURL, "/") - apiResp, err := cfConn.httpClient.Get(fmt.Sprintf("%s/v2/info", apiURL)) + apiResp, err := cloudfoundryConn.httpClient.Get(fmt.Sprintf("%s/v2/info", apiURL)) if err != nil { logger.Errorf("failed-to-send-request-to-cloud-controller-api", err) return nil, err @@ -112,7 +112,7 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) json.NewDecoder(apiResp.Body).Decode(&apiResult) uaaURL := strings.TrimRight(apiResult["authorization_endpoint"].(string), "/") - uaaResp, err := cfConn.httpClient.Get(fmt.Sprintf("%s/.well-known/openid-configuration", uaaURL)) + uaaResp, err := cloudfoundryConn.httpClient.Get(fmt.Sprintf("%s/.well-known/openid-configuration", uaaURL)) if err != nil { logger.Errorf("failed-to-send-request-to-uaa-api", err) return nil, err @@ -134,11 +134,11 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) return nil, err } - cfConn.tokenURL, _ = uaaResult["token_endpoint"].(string) - cfConn.authorizationURL, _ = uaaResult["authorization_endpoint"].(string) - cfConn.userInfoURL, _ = uaaResult["userinfo_endpoint"].(string) + cloudfoundryConn.tokenURL, _ = uaaResult["token_endpoint"].(string) + cloudfoundryConn.authorizationURL, _ = uaaResult["authorization_endpoint"].(string) + cloudfoundryConn.userInfoURL, _ = uaaResult["userinfo_endpoint"].(string) - return cfConn, err + return cloudfoundryConn, err } func newHTTPClient(rootCAs []string, insecureSkipVerify bool) (*http.Client, error) { @@ -175,7 +175,7 @@ func newHTTPClient(rootCAs []string, insecureSkipVerify bool) (*http.Client, err }, nil } -func (c *cfConnector) LoginURL(scopes connector.Scopes, callbackURL, state string) (string, error) { +func (c *cloudfoundryConnector) LoginURL(scopes connector.Scopes, callbackURL, state string) (string, error) { if c.redirectURI != callbackURL { return "", fmt.Errorf("expected callback URL %q did not match the URL in the config %q", callbackURL, c.redirectURI) } @@ -191,15 +191,15 @@ func (c *cfConnector) LoginURL(scopes connector.Scopes, callbackURL, state strin return oauth2Config.AuthCodeURL(state), nil } -func fetchRoleSpaces(baseURL, path, role string, client *http.Client) ([]Space, error) { +func fetchRoleSpaces(baseURL, path, role string, client *http.Client) ([]space, error) { resources, err := fetchResources(baseURL, path, client) if err != nil { return nil, fmt.Errorf("failed to fetch resources: %v", err) } - spaces := make([]Space, len(resources)) + spaces := make([]space, len(resources)) for i, resource := range resources { - spaces[i] = Space{ + spaces[i] = space{ Name: resource.Entity.Name, GUID: resource.Metadata.GUID, OrgGUID: resource.Entity.OrganizationGUID, @@ -210,15 +210,15 @@ func fetchRoleSpaces(baseURL, path, role string, client *http.Client) ([]Space, return spaces, nil } -func fetchOrgs(baseURL, path string, client *http.Client) ([]Org, error) { +func fetchOrgs(baseURL, path string, client *http.Client) ([]org, error) { resources, err := fetchResources(baseURL, path, client) if err != nil { return nil, fmt.Errorf("failed to fetch resources: %v", err) } - orgs := make([]Org, len(resources)) + orgs := make([]org, len(resources)) for i, resource := range resources { - orgs[i] = Org{ + orgs[i] = org{ Name: resource.Entity.Name, GUID: resource.Metadata.GUID, } @@ -227,9 +227,9 @@ func fetchOrgs(baseURL, path string, client *http.Client) ([]Org, error) { return orgs, nil } -func fetchResources(baseURL, path string, client *http.Client) ([]Resource, error) { +func fetchResources(baseURL, path string, client *http.Client) ([]resource, error) { var ( - resources []Resource + resources []resource url string ) @@ -246,7 +246,7 @@ func fetchResources(baseURL, path string, client *http.Client) ([]Resource, erro return nil, fmt.Errorf("unsuccessful status code %d", resp.StatusCode) } - response := CCResponse{} + response := ccResponse{} err = json.NewDecoder(resp.Body).Decode(&response) if err != nil { return nil, fmt.Errorf("failed to parse spaces: %v", err) @@ -263,16 +263,16 @@ func fetchResources(baseURL, path string, client *http.Client) ([]Resource, erro return resources, nil } -func getGroupsClaims(orgs []Org, spaces []Space) []string { +func getGroupsClaims(orgs []org, spaces []space) []string { var ( orgMap = map[string]string{} - orgSpaces = map[string][]Space{} + orgSpaces = map[string][]space{} groupsClaims = map[string]bool{} ) for _, org := range orgs { orgMap[org.GUID] = org.Name - orgSpaces[org.Name] = []Space{} + orgSpaces[org.Name] = []space{} groupsClaims[org.GUID] = true groupsClaims[org.Name] = true } @@ -301,7 +301,7 @@ func getGroupsClaims(orgs []Org, spaces []Space) []string { return groups } -func (c *cfConnector) HandleCallback(s connector.Scopes, r *http.Request) (identity connector.Identity, err error) { +func (c *cloudfoundryConnector) HandleCallback(s connector.Scopes, r *http.Request) (identity connector.Identity, err error) { q := r.URL.Query() if errType := q.Get("error"); errType != "" { return identity, errors.New(q.Get("error_description")) diff --git a/connector/cf/cf_test.go b/connector/cloudfoundry/cloudfoundry_test.go similarity index 94% rename from connector/cf/cf_test.go rename to connector/cloudfoundry/cloudfoundry_test.go index b9bf68dbeb..73b521a917 100644 --- a/connector/cf/cf_test.go +++ b/connector/cloudfoundry/cloudfoundry_test.go @@ -1,4 +1,4 @@ -package cf +package cloudfoundry import ( "encoding/json" @@ -30,7 +30,7 @@ func TestHandleCallback(t *testing.T) { testServer := testSetup() defer testServer.Close() - cfConn := &cfConnector{ + cloudfoundryConn := &cloudfoundryConnector{ tokenURL: fmt.Sprintf("%s/token", testServer.URL), authorizationURL: fmt.Sprintf("%s/authorize", testServer.URL), userInfoURL: fmt.Sprintf("%s/userinfo", testServer.URL), @@ -45,7 +45,7 @@ func TestHandleCallback(t *testing.T) { expectEqual(t, err, nil) t.Run("CallbackWithGroupsScope", func(t *testing.T) { - identity, err := cfConn.HandleCallback(connector.Scopes{Groups: true}, req) + identity, err := cloudfoundryConn.HandleCallback(connector.Scopes{Groups: true}, req) expectEqual(t, err, nil) expectEqual(t, len(identity.Groups), 24) @@ -76,7 +76,7 @@ func TestHandleCallback(t *testing.T) { }) t.Run("CallbackWithoutGroupsScope", func(t *testing.T) { - identity, err := cfConn.HandleCallback(connector.Scopes{}, req) + identity, err := cloudfoundryConn.HandleCallback(connector.Scopes{}, req) expectEqual(t, err, nil) expectEqual(t, identity.UserID, "12345") @@ -84,7 +84,7 @@ func TestHandleCallback(t *testing.T) { }) t.Run("CallbackWithOfflineAccessScope", func(t *testing.T) { - identity, err := cfConn.HandleCallback(connector.Scopes{OfflineAccess: true}, req) + identity, err := cloudfoundryConn.HandleCallback(connector.Scopes{OfflineAccess: true}, req) expectEqual(t, err, nil) expectNotEqual(t, len(identity.ConnectorData), 0) @@ -220,7 +220,7 @@ func testSetup() *httptest.Server { return httptest.NewServer(mux) } -func newConnector(t *testing.T, serverURL string) *cfConnector { +func newConnector(t *testing.T, serverURL string) *cloudfoundryConnector { callBackURL := fmt.Sprintf("%s/callback", serverURL) testConfig := Config{ @@ -238,12 +238,12 @@ func newConnector(t *testing.T, serverURL string) *cfConnector { t.Fatal(err) } - cfConn, ok := conn.(*cfConnector) + cloudfoundryConn, ok := conn.(*cloudfoundryConnector) if !ok { - t.Fatal(errors.New("it is not a cf conn")) + t.Fatal(errors.New("it is not a cloudfoundry conn")) } - return cfConn + return cloudfoundryConn } func expectEqual(t *testing.T, a interface{}, b interface{}) { diff --git a/server/server.go b/server/server.go index 812bded99a..659380b950 100755 --- a/server/server.go +++ b/server/server.go @@ -29,7 +29,7 @@ import ( "github.com/dexidp/dex/connector/atlassiancrowd" "github.com/dexidp/dex/connector/authproxy" "github.com/dexidp/dex/connector/bitbucketcloud" - "github.com/dexidp/dex/connector/cf" + "github.com/dexidp/dex/connector/cloudfoundry" "github.com/dexidp/dex/connector/gitea" "github.com/dexidp/dex/connector/github" "github.com/dexidp/dex/connector/gitlab" @@ -555,7 +555,7 @@ var ConnectorsConfig = map[string]func() ConnectorConfig{ "bitbucket-cloud": func() ConnectorConfig { return new(bitbucketcloud.Config) }, "openshift": func() ConnectorConfig { return new(openshift.Config) }, "atlassian-crowd": func() ConnectorConfig { return new(atlassiancrowd.Config) }, - "cf": func() ConnectorConfig { return new(cf.Config) }, + "cloudfoundry": func() ConnectorConfig { return new(cloudfoundry.Config) }, // Keep around for backwards compatibility. "samlExperimental": func() ConnectorConfig { return new(saml.Config) }, } From e81d9df0a6e9578140ed959c31d15bd4f870e8e3 Mon Sep 17 00:00:00 2001 From: Rui Yang Date: Tue, 4 Oct 2022 23:28:34 -0400 Subject: [PATCH 19/28] add cloudfoundry to connector list in readme Signed-off-by: Rui Yang --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 271376d65e..5d3785265b 100644 --- a/README.md +++ b/README.md @@ -81,6 +81,7 @@ Dex implements the following connectors: | [Atlassian Crowd](https://dexidp.io/docs/connectors/atlassiancrowd/) | yes | yes | yes * | beta | preferred_username claim must be configured through config | | [Gitea](https://dexidp.io/docs/connectors/gitea/) | yes | no | yes | beta | | | [OpenStack Keystone](https://dexidp.io/docs/connectors/keystone/) | yes | yes | no | alpha | | +| [Cloud Foundry](https://dexidp.io/docs/connectors/cloudfoundry/) | no | yes | no | alpha | This connector is community maintained by [Concourse](https://github.com/concourse) | Stable, beta, and alpha are defined as: From faa102cedf483d9a09c989d6e7fcb7a6a0915823 Mon Sep 17 00:00:00 2001 From: Rui Yang Date: Wed, 10 Nov 2021 14:43:22 -0500 Subject: [PATCH 20/28] add client crendential grant type Signed-off-by: Rui Yang --- server/handlers.go | 25 +++++++++++++++++++++++++ server/oauth2.go | 1 + 2 files changed, 26 insertions(+) diff --git a/server/handlers.go b/server/handlers.go index 11dcdd07fd..bb75adc0ac 100755 --- a/server/handlers.go +++ b/server/handlers.go @@ -812,6 +812,8 @@ func (s *Server) handleToken(w http.ResponseWriter, r *http.Request) { s.withClientFromStorage(w, r, s.handleRefreshToken) case grantTypePassword: s.withClientFromStorage(w, r, s.handlePasswordGrant) + case grantTypeClientCredentials: + s.withClientFromStorage(w, r, s.handleClientCredentialsGrant) default: s.tokenErrHelper(w, errUnsupportedGrantType, "", http.StatusBadRequest) } @@ -1062,6 +1064,29 @@ func (s *Server) handleUserInfo(w http.ResponseWriter, r *http.Request) { w.Write(claims) } +func (s *Server) handleClientCredentialsGrant(w http.ResponseWriter, r *http.Request, client storage.Client) { + if err := r.ParseForm(); err != nil { + s.tokenErrHelper(w, errInvalidRequest, "Couldn't parse data", http.StatusBadRequest) + return + } + q := r.Form + + nonce := q.Get("nonce") + scopes := strings.Fields(q.Get("scope")) + + claims := storage.Claims{UserID: client.ID} + + accessToken := storage.NewID() + idToken, expiry, err := s.newIDToken(client.ID, claims, scopes, nonce, accessToken, "", "client") + if err != nil { + s.tokenErrHelper(w, errServerError, fmt.Sprintf("failed to create ID token: %v", err), http.StatusInternalServerError) + return + } + + resp := s.toAccessTokenResponse(idToken, accessToken, "", expiry) + s.writeAccessToken(w, resp) +} + func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, client storage.Client) { // Parse the fields if err := r.ParseForm(); err != nil { diff --git a/server/oauth2.go b/server/oauth2.go index 67223fa1c0..4139412291 100644 --- a/server/oauth2.go +++ b/server/oauth2.go @@ -132,6 +132,7 @@ const ( grantTypeImplicit = "implicit" grantTypePassword = "password" grantTypeDeviceCode = "urn:ietf:params:oauth:grant-type:device_code" + grantTypeClientCredentials = "client_credentials" ) const ( From 570c27e48e484e56348dc0210841a817dc76a8d8 Mon Sep 17 00:00:00 2001 From: Michael Kelly Date: Fri, 3 Dec 2021 10:17:21 -0800 Subject: [PATCH 21/28] Fix issues in existing client credentials change This fixes two issues in the existing client credentials change: - client_credentials was not listed as a supported grant type - access tokens are not the storage ID Signed-off-by: Michael Kelly --- server/handlers.go | 8 +++++++- server/server.go | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/server/handlers.go b/server/handlers.go index bb75adc0ac..b497c123fa 100755 --- a/server/handlers.go +++ b/server/handlers.go @@ -1076,7 +1076,13 @@ func (s *Server) handleClientCredentialsGrant(w http.ResponseWriter, r *http.Req claims := storage.Claims{UserID: client.ID} - accessToken := storage.NewID() + accessToken, err := s.newAccessToken(client.ID, claims, scopes, nonce, "client") + if err != nil { + s.logger.Errorf("failed to create new access token: %v", err) + s.tokenErrHelper(w, errServerError, err.Error(), http.StatusInternalServerError) + return + } + idToken, expiry, err := s.newIDToken(client.ID, claims, scopes, nonce, accessToken, "", "client") if err != nil { s.tokenErrHelper(w, errServerError, fmt.Sprintf("failed to create ID token: %v", err), http.StatusInternalServerError) diff --git a/server/server.go b/server/server.go index df16e655cf..216f22b60b 100755 --- a/server/server.go +++ b/server/server.go @@ -213,7 +213,7 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy) c.SupportedResponseTypes = []string{responseTypeCode} } - supportedGrant := []string{grantTypeAuthorizationCode, grantTypeRefreshToken, grantTypeDeviceCode} // default + supportedGrant := []string{grantTypeAuthorizationCode, grantTypeRefreshToken, grantTypeDeviceCode, grantTypeClientCredentials} // default supportedRes := make(map[string]bool) for _, respType := range c.SupportedResponseTypes { From 895f3b2fc98671a0284ca4e95401b574c1f97dfa Mon Sep 17 00:00:00 2001 From: Rui Yang Date: Tue, 2 Aug 2022 13:48:38 -0400 Subject: [PATCH 22/28] Fix tests in TestServerSupportedGrants for client credentials Signed-off-by: Rui Yang --- server/server_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/server/server_test.go b/server/server_test.go index 828e7faf95..03dc6d259b 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -1745,17 +1745,17 @@ func TestServerSupportedGrants(t *testing.T) { { name: "Simple", config: func(c *Config) {}, - resGrants: []string{grantTypeAuthorizationCode, grantTypeRefreshToken, grantTypeDeviceCode}, + resGrants: []string{grantTypeAuthorizationCode, grantTypeClientCredentials, grantTypeRefreshToken, grantTypeDeviceCode}, }, { name: "With password connector", config: func(c *Config) { c.PasswordConnector = "local" }, - resGrants: []string{grantTypeAuthorizationCode, grantTypePassword, grantTypeRefreshToken, grantTypeDeviceCode}, + resGrants: []string{grantTypeAuthorizationCode, grantTypeClientCredentials, grantTypePassword, grantTypeRefreshToken, grantTypeDeviceCode}, }, { name: "With token response", config: func(c *Config) { c.SupportedResponseTypes = append(c.SupportedResponseTypes, responseTypeToken) }, - resGrants: []string{grantTypeAuthorizationCode, grantTypeImplicit, grantTypeRefreshToken, grantTypeDeviceCode}, + resGrants: []string{grantTypeAuthorizationCode, grantTypeClientCredentials, grantTypeImplicit, grantTypeRefreshToken, grantTypeDeviceCode}, }, { name: "All", @@ -1763,7 +1763,7 @@ func TestServerSupportedGrants(t *testing.T) { c.PasswordConnector = "local" c.SupportedResponseTypes = append(c.SupportedResponseTypes, responseTypeToken) }, - resGrants: []string{grantTypeAuthorizationCode, grantTypeImplicit, grantTypePassword, grantTypeRefreshToken, grantTypeDeviceCode}, + resGrants: []string{grantTypeAuthorizationCode, grantTypeClientCredentials, grantTypeImplicit, grantTypePassword, grantTypeRefreshToken, grantTypeDeviceCode}, }, } From ac3d07f352ff02e69b2a126fe3f836ce9bc481b8 Mon Sep 17 00:00:00 2001 From: Alex Suraci Date: Tue, 14 Aug 2018 13:49:07 -0400 Subject: [PATCH 23/28] allow configuring CAs/skip verify for OIDC Signed-off-by: Alex Suraci Co-authored-by: Rui Yang --- connector/oidc/oidc.go | 65 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 63 insertions(+), 2 deletions(-) diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go index e345dca0b2..cf055f832a 100644 --- a/connector/oidc/oidc.go +++ b/connector/oidc/oidc.go @@ -3,9 +3,13 @@ package oidc import ( "context" + "crypto/tls" + "crypto/x509" "encoding/json" "errors" "fmt" + "io/ioutil" + "net" "net/http" "net/url" "strings" @@ -34,7 +38,14 @@ type Config struct { Scopes []string `json:"scopes"` // defaults to "profile" and "email" - // Override the value of email_verified to true in the returned claims + // Optional list of whitelisted domains when using Google + // If this field is nonempty, only users from a listed domain will be allowed to log in + HostedDomains []string `json:"hostedDomains"` + + // Certificates for SSL validation + RootCAs []string `json:"rootCAs"` + + // Override the value of email_verifed to true in the returned claims InsecureSkipEmailVerified bool `json:"insecureSkipEmailVerified"` // InsecureEnableGroups enables groups claims. This is disabled by default until https://github.com/dexidp/dex/issues/1065 is resolved @@ -45,6 +56,9 @@ type Config struct { // processing requests from this Client, with the values appearing in order of preference. AcrValues []string `json:"acrValues"` + // Disable certificate verification + InsecureSkipVerify bool `json:"insecureSkipVerify"` + // GetUserInfo uses the userinfo endpoint to get additional claims for // the token. This is especially useful where upstreams return "thin" // id tokens @@ -105,7 +119,13 @@ func knownBrokenAuthHeaderProvider(issuerURL string) bool { // Open returns a connector which can be used to login users through an upstream // OpenID Connect provider. func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, err error) { + httpClient, err := newHTTPClient(c.RootCAs, c.InsecureSkipVerify) + if err != nil { + return nil, err + } + ctx, cancel := context.WithCancel(context.Background()) + ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient) provider, err := oidc.NewProvider(ctx, c.Issuer) if err != nil { @@ -152,6 +172,8 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e ), logger: logger, cancel: cancel, + httpClient: httpClient, + hostedDomains: c.HostedDomains, insecureSkipEmailVerified: c.InsecureSkipEmailVerified, insecureEnableGroups: c.InsecureEnableGroups, acrValues: c.AcrValues, @@ -166,6 +188,40 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e }, nil } +func newHTTPClient(rootCAs []string, insecureSkipVerify bool) (*http.Client, error) { + pool, err := x509.SystemCertPool() + if err != nil { + return nil, err + } + + tlsConfig := tls.Config{RootCAs: pool, InsecureSkipVerify: insecureSkipVerify} + for _, rootCA := range rootCAs { + rootCABytes, err := ioutil.ReadFile(rootCA) + if err != nil { + return nil, fmt.Errorf("failed to read root-ca: %v", err) + } + if !tlsConfig.RootCAs.AppendCertsFromPEM(rootCABytes) { + return nil, fmt.Errorf("no certs found in root CA file %q", rootCA) + } + } + + return &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tlsConfig, + Proxy: http.ProxyFromEnvironment, + DialContext: (&net.Dialer{ + Timeout: 30 * time.Second, + KeepAlive: 30 * time.Second, + DualStack: true, + }).DialContext, + MaxIdleConns: 100, + IdleConnTimeout: 90 * time.Second, + TLSHandshakeTimeout: 10 * time.Second, + ExpectContinueTimeout: 1 * time.Second, + }, + }, nil +} + var ( _ connector.CallbackConnector = (*oidcConnector)(nil) _ connector.RefreshConnector = (*oidcConnector)(nil) @@ -178,6 +234,8 @@ type oidcConnector struct { verifier *oidc.IDTokenVerifier cancel context.CancelFunc logger log.Logger + httpClient *http.Client + hostedDomains []string insecureSkipEmailVerified bool insecureEnableGroups bool acrValues []string @@ -238,7 +296,10 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide if errType := q.Get("error"); errType != "" { return identity, &oauth2Error{errType, q.Get("error_description")} } - token, err := c.oauth2Config.Exchange(r.Context(), q.Get("code")) + + ctx := context.WithValue(r.Context(), oauth2.HTTPClient, c.httpClient) + + token, err := c.oauth2Config.Exchange(ctx, q.Get("code")) if err != nil { return identity, fmt.Errorf("oidc: failed to get token: %v", err) } From eb3dbfc4ed60cb7ff6a3df028cc6fa07cd93076f Mon Sep 17 00:00:00 2001 From: Rui Yang Date: Tue, 2 Aug 2022 13:59:09 -0400 Subject: [PATCH 24/28] Fix io/ioutil deprecation error Signed-off-by: Rui Yang --- connector/oidc/oidc.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go index cf055f832a..80c23320ae 100644 --- a/connector/oidc/oidc.go +++ b/connector/oidc/oidc.go @@ -8,10 +8,10 @@ import ( "encoding/json" "errors" "fmt" - "io/ioutil" "net" "net/http" "net/url" + "os" "strings" "time" @@ -196,7 +196,7 @@ func newHTTPClient(rootCAs []string, insecureSkipVerify bool) (*http.Client, err tlsConfig := tls.Config{RootCAs: pool, InsecureSkipVerify: insecureSkipVerify} for _, rootCA := range rootCAs { - rootCABytes, err := ioutil.ReadFile(rootCA) + rootCABytes, err := os.ReadFile(rootCA) if err != nil { return nil, fmt.Errorf("failed to read root-ca: %v", err) } From 3eff26cf79bb25519c2a6ba6903010dd2a081547 Mon Sep 17 00:00:00 2001 From: Rui Yang Date: Fri, 7 Oct 2022 21:25:25 -0400 Subject: [PATCH 25/28] refactor newHTTPClient func * extract common newHTTPClient func out to its own package * add test for testing root CAs in the constructor. * test certs are set to expired in 10 years Signed-off-by: Rui Yang --- connector/github/github.go | 44 +++-------------- connector/oauth/oauth.go | 42 +--------------- connector/oidc/oidc.go | 41 +--------------- connector/openshift/openshift.go | 46 +++-------------- connector/openshift/openshift_test.go | 11 +++-- pkg/httpclient/httpclient.go | 45 +++++++++++++++++ pkg/httpclient/httpclient_test.go | 68 ++++++++++++++++++++++++++ pkg/httpclient/readme.md | 44 +++++++++++++++++ pkg/httpclient/testdata/rootCA.key | 27 ++++++++++ pkg/httpclient/testdata/rootCA.pem | 23 +++++++++ pkg/httpclient/testdata/rootCA.srl | 1 + pkg/httpclient/testdata/server.crt | 29 +++++++++++ pkg/httpclient/testdata/server.csr | 18 +++++++ pkg/httpclient/testdata/server.csr.cnf | 14 ++++++ pkg/httpclient/testdata/server.key | 28 +++++++++++ pkg/httpclient/testdata/v3.ext | 8 +++ 16 files changed, 329 insertions(+), 160 deletions(-) create mode 100644 pkg/httpclient/httpclient.go create mode 100644 pkg/httpclient/httpclient_test.go create mode 100644 pkg/httpclient/readme.md create mode 100644 pkg/httpclient/testdata/rootCA.key create mode 100644 pkg/httpclient/testdata/rootCA.pem create mode 100644 pkg/httpclient/testdata/rootCA.srl create mode 100644 pkg/httpclient/testdata/server.crt create mode 100644 pkg/httpclient/testdata/server.csr create mode 100644 pkg/httpclient/testdata/server.csr.cnf create mode 100644 pkg/httpclient/testdata/server.key create mode 100644 pkg/httpclient/testdata/v3.ext diff --git a/connector/github/github.go b/connector/github/github.go index ef8d418fa8..933b23ff31 100644 --- a/connector/github/github.go +++ b/connector/github/github.go @@ -3,25 +3,21 @@ package github import ( "context" - "crypto/tls" - "crypto/x509" "encoding/json" "errors" "fmt" "io" - "net" "net/http" - "os" "regexp" "strconv" "strings" - "time" "golang.org/x/oauth2" "golang.org/x/oauth2/github" "github.com/dexidp/dex/connector" groups_pkg "github.com/dexidp/dex/pkg/groups" + "github.com/dexidp/dex/pkg/httpclient" "github.com/dexidp/dex/pkg/log" ) @@ -106,7 +102,7 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) g.rootCA = c.RootCA var err error - if g.httpClient, err = newHTTPClient(g.rootCA); err != nil { + if g.httpClient, err = httpclient.NewHTTPClient([]string{g.rootCA}, false); err != nil { return nil, fmt.Errorf("failed to create HTTP client: %v", err) } } @@ -208,34 +204,6 @@ func (e *oauth2Error) Error() string { return e.error + ": " + e.errorDescription } -// newHTTPClient returns a new HTTP client that trusts the custom declared rootCA cert. -func newHTTPClient(rootCA string) (*http.Client, error) { - tlsConfig := tls.Config{RootCAs: x509.NewCertPool()} - rootCABytes, err := os.ReadFile(rootCA) - if err != nil { - return nil, fmt.Errorf("failed to read root-ca: %v", err) - } - if !tlsConfig.RootCAs.AppendCertsFromPEM(rootCABytes) { - return nil, fmt.Errorf("no certs found in root CA file %q", rootCA) - } - - return &http.Client{ - Transport: &http.Transport{ - TLSClientConfig: &tlsConfig, - Proxy: http.ProxyFromEnvironment, - DialContext: (&net.Dialer{ - Timeout: 30 * time.Second, - KeepAlive: 30 * time.Second, - DualStack: true, - }).DialContext, - MaxIdleConns: 100, - IdleConnTimeout: 90 * time.Second, - TLSHandshakeTimeout: 10 * time.Second, - ExpectContinueTimeout: 1 * time.Second, - }, - }, nil -} - func (c *githubConnector) HandleCallback(s connector.Scopes, r *http.Request) (identity connector.Identity, err error) { q := r.URL.Query() if errType := q.Get("error"); errType != "" { @@ -356,9 +324,11 @@ func formatTeamName(org string, team string) string { // groupsForOrgs enforces org and team constraints on user authorization // Cases in which user is authorized: -// N orgs, no teams: user is member of at least 1 org -// N orgs, M teams per org: user is member of any team from at least 1 org -// N-1 orgs, M teams per org, 1 org with no teams: user is member of any team +// +// N orgs, no teams: user is member of at least 1 org +// N orgs, M teams per org: user is member of any team from at least 1 org +// N-1 orgs, M teams per org, 1 org with no teams: user is member of any team +// // from at least 1 org, or member of org with no teams func (c *githubConnector) groupsForOrgs(ctx context.Context, client *http.Client, userName string) ([]string, error) { groups := make([]string, 0) diff --git a/connector/oauth/oauth.go b/connector/oauth/oauth.go index 237d075e83..2fe39fd467 100644 --- a/connector/oauth/oauth.go +++ b/connector/oauth/oauth.go @@ -2,21 +2,17 @@ package oauth import ( "context" - "crypto/tls" - "crypto/x509" "encoding/base64" "encoding/json" "errors" "fmt" - "net" "net/http" - "os" "strings" - "time" "golang.org/x/oauth2" "github.com/dexidp/dex/connector" + "github.com/dexidp/dex/pkg/httpclient" "github.com/dexidp/dex/pkg/log" ) @@ -112,7 +108,7 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) emailVerifiedKey: emailVerifiedKey, } - oauthConn.httpClient, err = newHTTPClient(c.RootCAs, c.InsecureSkipVerify) + oauthConn.httpClient, err = httpclient.NewHTTPClient(c.RootCAs, c.InsecureSkipVerify) if err != nil { return nil, err } @@ -120,40 +116,6 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) return oauthConn, err } -func newHTTPClient(rootCAs []string, insecureSkipVerify bool) (*http.Client, error) { - pool, err := x509.SystemCertPool() - if err != nil { - return nil, err - } - - tlsConfig := tls.Config{RootCAs: pool, InsecureSkipVerify: insecureSkipVerify} - for _, rootCA := range rootCAs { - rootCABytes, err := os.ReadFile(rootCA) - if err != nil { - return nil, fmt.Errorf("failed to read root-ca: %v", err) - } - if !tlsConfig.RootCAs.AppendCertsFromPEM(rootCABytes) { - return nil, fmt.Errorf("no certs found in root CA file %q", rootCA) - } - } - - return &http.Client{ - Transport: &http.Transport{ - TLSClientConfig: &tlsConfig, - Proxy: http.ProxyFromEnvironment, - DialContext: (&net.Dialer{ - Timeout: 30 * time.Second, - KeepAlive: 30 * time.Second, - DualStack: true, - }).DialContext, - MaxIdleConns: 100, - IdleConnTimeout: 90 * time.Second, - TLSHandshakeTimeout: 10 * time.Second, - ExpectContinueTimeout: 1 * time.Second, - }, - }, nil -} - func (c *oauthConnector) LoginURL(scopes connector.Scopes, callbackURL, state string) (string, error) { if c.redirectURI != callbackURL { return "", fmt.Errorf("expected callback URL %q did not match the URL in the config %q", callbackURL, c.redirectURI) diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go index 80c23320ae..981f3a39c9 100644 --- a/connector/oidc/oidc.go +++ b/connector/oidc/oidc.go @@ -3,15 +3,11 @@ package oidc import ( "context" - "crypto/tls" - "crypto/x509" "encoding/json" "errors" "fmt" - "net" "net/http" "net/url" - "os" "strings" "time" @@ -19,6 +15,7 @@ import ( "golang.org/x/oauth2" "github.com/dexidp/dex/connector" + "github.com/dexidp/dex/pkg/httpclient" "github.com/dexidp/dex/pkg/log" ) @@ -119,7 +116,7 @@ func knownBrokenAuthHeaderProvider(issuerURL string) bool { // Open returns a connector which can be used to login users through an upstream // OpenID Connect provider. func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, err error) { - httpClient, err := newHTTPClient(c.RootCAs, c.InsecureSkipVerify) + httpClient, err := httpclient.NewHTTPClient(c.RootCAs, c.InsecureSkipVerify) if err != nil { return nil, err } @@ -188,40 +185,6 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e }, nil } -func newHTTPClient(rootCAs []string, insecureSkipVerify bool) (*http.Client, error) { - pool, err := x509.SystemCertPool() - if err != nil { - return nil, err - } - - tlsConfig := tls.Config{RootCAs: pool, InsecureSkipVerify: insecureSkipVerify} - for _, rootCA := range rootCAs { - rootCABytes, err := os.ReadFile(rootCA) - if err != nil { - return nil, fmt.Errorf("failed to read root-ca: %v", err) - } - if !tlsConfig.RootCAs.AppendCertsFromPEM(rootCABytes) { - return nil, fmt.Errorf("no certs found in root CA file %q", rootCA) - } - } - - return &http.Client{ - Transport: &http.Transport{ - TLSClientConfig: &tlsConfig, - Proxy: http.ProxyFromEnvironment, - DialContext: (&net.Dialer{ - Timeout: 30 * time.Second, - KeepAlive: 30 * time.Second, - DualStack: true, - }).DialContext, - MaxIdleConns: 100, - IdleConnTimeout: 90 * time.Second, - TLSHandshakeTimeout: 10 * time.Second, - ExpectContinueTimeout: 1 * time.Second, - }, - }, nil -} - var ( _ connector.CallbackConnector = (*oidcConnector)(nil) _ connector.RefreshConnector = (*oidcConnector)(nil) diff --git a/connector/openshift/openshift.go b/connector/openshift/openshift.go index 81d2b35633..35ee33afb7 100644 --- a/connector/openshift/openshift.go +++ b/connector/openshift/openshift.go @@ -2,21 +2,17 @@ package openshift import ( "context" - "crypto/tls" - "crypto/x509" "encoding/json" "fmt" "io" - "net" "net/http" - "os" "strings" - "time" "golang.org/x/oauth2" "github.com/dexidp/dex/connector" "github.com/dexidp/dex/pkg/groups" + "github.com/dexidp/dex/pkg/httpclient" "github.com/dexidp/dex/pkg/log" "github.com/dexidp/dex/storage/kubernetes/k8sapi" ) @@ -67,7 +63,12 @@ type user struct { // Open returns a connector which can be used to login users through an upstream // OpenShift OAuth2 provider. func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, err error) { - httpClient, err := newHTTPClient(c.InsecureCA, c.RootCA) + var rootCAs []string + if c.RootCA != "" { + rootCAs = append(rootCAs, c.RootCA) + } + + httpClient, err := httpclient.NewHTTPClient(rootCAs, c.InsecureCA) if err != nil { return nil, fmt.Errorf("failed to create HTTP client: %w", err) } @@ -262,36 +263,3 @@ func validateAllowedGroups(userGroups, allowedGroups []string) bool { return len(matchingGroups) != 0 } - -// newHTTPClient returns a new HTTP client -func newHTTPClient(insecureCA bool, rootCA string) (*http.Client, error) { - tlsConfig := tls.Config{} - if insecureCA { - tlsConfig = tls.Config{InsecureSkipVerify: true} - } else if rootCA != "" { - tlsConfig = tls.Config{RootCAs: x509.NewCertPool()} - rootCABytes, err := os.ReadFile(rootCA) - if err != nil { - return nil, fmt.Errorf("failed to read root-ca: %w", err) - } - if !tlsConfig.RootCAs.AppendCertsFromPEM(rootCABytes) { - return nil, fmt.Errorf("no certs found in root CA file %q", rootCA) - } - } - - return &http.Client{ - Transport: &http.Transport{ - TLSClientConfig: &tlsConfig, - Proxy: http.ProxyFromEnvironment, - DialContext: (&net.Dialer{ - Timeout: 30 * time.Second, - KeepAlive: 30 * time.Second, - DualStack: true, - }).DialContext, - MaxIdleConns: 100, - IdleConnTimeout: 90 * time.Second, - TLSHandshakeTimeout: 10 * time.Second, - ExpectContinueTimeout: 1 * time.Second, - }, - }, nil -} diff --git a/connector/openshift/openshift_test.go b/connector/openshift/openshift_test.go index 6280b831de..1a2c7a4840 100644 --- a/connector/openshift/openshift_test.go +++ b/connector/openshift/openshift_test.go @@ -15,6 +15,7 @@ import ( "golang.org/x/oauth2" "github.com/dexidp/dex/connector" + "github.com/dexidp/dex/pkg/httpclient" "github.com/dexidp/dex/storage/kubernetes/k8sapi" ) @@ -70,7 +71,7 @@ func TestGetUser(t *testing.T) { _, err = http.NewRequest("GET", hostURL.String(), nil) expectNil(t, err) - h, err := newHTTPClient(true, "") + h, err := httpclient.NewHTTPClient(nil, true) expectNil(t, err) @@ -128,7 +129,7 @@ func TestVerifyGroup(t *testing.T) { _, err = http.NewRequest("GET", hostURL.String(), nil) expectNil(t, err) - h, err := newHTTPClient(true, "") + h, err := httpclient.NewHTTPClient(nil, true) expectNil(t, err) @@ -164,7 +165,7 @@ func TestCallbackIdentity(t *testing.T) { req, err := http.NewRequest("GET", hostURL.String(), nil) expectNil(t, err) - h, err := newHTTPClient(true, "") + h, err := httpclient.NewHTTPClient(nil, true) expectNil(t, err) @@ -198,7 +199,7 @@ func TestRefreshIdentity(t *testing.T) { }) defer s.Close() - h, err := newHTTPClient(true, "") + h, err := httpclient.NewHTTPClient(nil, true) expectNil(t, err) oc := openshiftConnector{apiURL: s.URL, httpClient: h, oauth2Config: &oauth2.Config{ @@ -237,7 +238,7 @@ func TestRefreshIdentityFailure(t *testing.T) { }) defer s.Close() - h, err := newHTTPClient(true, "") + h, err := httpclient.NewHTTPClient(nil, true) expectNil(t, err) oc := openshiftConnector{apiURL: s.URL, httpClient: h, oauth2Config: &oauth2.Config{ diff --git a/pkg/httpclient/httpclient.go b/pkg/httpclient/httpclient.go new file mode 100644 index 0000000000..04837a7da0 --- /dev/null +++ b/pkg/httpclient/httpclient.go @@ -0,0 +1,45 @@ +package httpclient + +import ( + "crypto/tls" + "crypto/x509" + "fmt" + "net" + "net/http" + "os" + "time" +) + +func NewHTTPClient(rootCAs []string, insecureSkipVerify bool) (*http.Client, error) { + pool, err := x509.SystemCertPool() + if err != nil { + return nil, err + } + + tlsConfig := tls.Config{RootCAs: pool, InsecureSkipVerify: insecureSkipVerify} + for _, rootCA := range rootCAs { + rootCABytes, err := os.ReadFile(rootCA) + if err != nil { + return nil, fmt.Errorf("failed to read root-ca: %v", err) + } + if !tlsConfig.RootCAs.AppendCertsFromPEM(rootCABytes) { + return nil, fmt.Errorf("no certs found in root CA file %q", rootCA) + } + } + + return &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tlsConfig, + Proxy: http.ProxyFromEnvironment, + DialContext: (&net.Dialer{ + Timeout: 30 * time.Second, + KeepAlive: 30 * time.Second, + DualStack: true, + }).DialContext, + MaxIdleConns: 100, + IdleConnTimeout: 90 * time.Second, + TLSHandshakeTimeout: 10 * time.Second, + ExpectContinueTimeout: 1 * time.Second, + }, + }, nil +} diff --git a/pkg/httpclient/httpclient_test.go b/pkg/httpclient/httpclient_test.go new file mode 100644 index 0000000000..07baea04ee --- /dev/null +++ b/pkg/httpclient/httpclient_test.go @@ -0,0 +1,68 @@ +package httpclient_test + +import ( + "crypto/tls" + "fmt" + "io" + "net/http" + "net/http/httptest" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/dexidp/dex/pkg/httpclient" +) + +func TestRootCAs(t *testing.T) { + ts, err := NewLocalHTTPSTestServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + fmt.Fprint(w, "Hello, client") + })) + assert.Nil(t, err) + defer ts.Close() + + rootCAs := []string{"testdata/rootCA.pem"} + testClient, err := httpclient.NewHTTPClient(rootCAs, false) + assert.Nil(t, err) + + res, err := testClient.Get(ts.URL) + assert.Nil(t, err) + + greeting, err := io.ReadAll(res.Body) + res.Body.Close() + assert.Nil(t, err) + + assert.Equal(t, "Hello, client", string(greeting)) +} + +func TestInsecureSkipVerify(t *testing.T) { + ts, err := NewLocalHTTPSTestServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + fmt.Fprint(w, "Hello, client") + })) + assert.Nil(t, err) + defer ts.Close() + + insecureSkipVerify := true + + testClient, err := httpclient.NewHTTPClient(nil, insecureSkipVerify) + assert.Nil(t, err) + + res, err := testClient.Get(ts.URL) + assert.Nil(t, err) + + greeting, err := io.ReadAll(res.Body) + res.Body.Close() + assert.Nil(t, err) + + assert.Equal(t, "Hello, client", string(greeting)) +} + +func NewLocalHTTPSTestServer(handler http.Handler) (*httptest.Server, error) { + ts := httptest.NewUnstartedServer(handler) + cert, err := tls.LoadX509KeyPair("testdata/server.crt", "testdata/server.key") + if err != nil { + return nil, err + } + ts.TLS = &tls.Config{Certificates: []tls.Certificate{cert}} + ts.StartTLS() + return ts, nil +} diff --git a/pkg/httpclient/readme.md b/pkg/httpclient/readme.md new file mode 100644 index 0000000000..cc26252293 --- /dev/null +++ b/pkg/httpclient/readme.md @@ -0,0 +1,44 @@ +# Regenerate testdata + +### server.csr.cnf + +``` +[req] +default_bits = 2048 +prompt = no +default_md = sha256 +distinguished_name = dn + +[dn] +C=US +ST=RandomState +L=RandomCity +O=RandomOrganization +OU=RandomOrganizationUnit +emailAddress=hello@example.com +CN = localhost +``` + +and + +### v3.ext +``` +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment +subjectAltName = @alt_names + +[alt_names] +DNS.1 = localhost +IP.1 = 127.0.0.1 +``` + +### Then enter the following commands: + +`openssl genrsa -out rootCA.key 2048` + +`openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 3650 -out rootCA.pem -config server.csr.cnf` + +`openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config server.csr.cnf` + +`openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3650 -sha256 -extfile v3.ext` diff --git a/pkg/httpclient/testdata/rootCA.key b/pkg/httpclient/testdata/rootCA.key new file mode 100644 index 0000000000..9c4eeee12a --- /dev/null +++ b/pkg/httpclient/testdata/rootCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA4dB5aQCjCmMsW71u9F0WNm1TYjXQBZ4p7oNT+BQwCc/MZ2xc +5NexS2O86nbRkw5jwyfAAMSMKRr9s2FluVTHqiln78rg+XUgmrmNT3ZroLmW6QL6 +Ca8dbMPky+tQclZsvMd3HAeCyyrs4pf7wM1AyUJD7H0xAlVD1fsohkg7jhBFUfV+ +q2VMMdnsaV5vFrW/2vPBWz1SNPW/Xm+Ilny7xg9njQLcPMNtVtF+7EPB6sxD6qrj +BC+Kj5zQ3bZOfdrh7yy63dbh/Kh+3NScgO+k+x92HlAjRIvj5y4KrbGZl7CmOth5 +y7fPywApVbDfZRWJChI1PVflOyDdnC+vhMLbHQIDAQABAoIBAEmjrrQrXP/6L3EL +aa+O27uME3Enk1sBpTL+6Ncx3iiU91eS4whNvqeTMvxTGy0VuDrgL6EQd5TAFJP2 +4zF5EFPRhO+R/aPcKnHKqOaM+7RCUZBTRC78SGA70dUeO/HNdVBqy9D8Mg8HRJDw +d0z8om//iB8LBHx6SdDyQtjnnWRKFTzQRurBBoyLe2vPMFtINKtNUkahjc8HE4GO +aIv1LICJUzf4ZnkntKd5cFHZ42R2Tmfj0Y9G9DyJbuSA3+0u5IhYB39Uy6jFxLi8 +I5PoIVhgYZ0aivsVBIviShwQ9kgv6807YBxt22eSNovBDrSp+cAnIF9+p0b3MnkU +aCHSiBECgYEA84lssi6AqfCEsSiQMSM9kMCXJ4KQI/l7pmrIA50+V5HSEby9lg2Y +N6XJ4V4q46t8FcZBjmMvzn9fwiPMRw5e995cVNBQ31a1FX/1Hy6RNtEiLZRnkHI5 +WznY9IxQ+c9JXJeFY1sO0BfO0TS3WvOf1rwqOb92q+cQaItnPQ+4Ya8CgYEA7V7e +IqW3PpO4H+c5hH9egM0BjAxH71C9YpYzZpF9uiPIkuMnJ8nm9bB6RiuDaYCxvrfE +A0h/SQewoYJKL4OfKGjrbG7U4zLMZHIWlf8Za55Zik5BNjvgBqFFrrSgLUGxdRTX +N0+TlWlW1bvJblWpdjIbJbg/6kCU98TzK852fvMCgYAWYa/apElw1MjtGyQ9T9bN +odWCbQ5gMAJ8Jd4h7uaW17DtrmHiE3fEzXjDPItGhzENMz49HsJ7ANvFFNMmSJzT +vNzRcp+sFuTnh+34Iqh32DqC49usu8KnrqZQu0CJ5NICL26z1d+DolyAf47GThOH +gZ2D1yPJ4p9wbDddtj8kwwKBgCFKB68mPG+rOcxHmjppvnAj0A66/i+izBySYf0F +dHNxZ0SqVKhw2VIlgNBsc86M/OB5VyT6utccG/paklrdg6mgJTwcwwBl9GI12dMJ +ZqBAIeCSnvSjKwTjAynALSKLrv5zgMdCArmWf1YUMuilXNG1rzb4AwawLfQdi9jd +6KJfAoGBALFl6ldywl3sGPk9K2xCDYYhb1TNQyheA5YvoZzZ6XCo1q0Lbwy/FamZ +0TSWkoEmGB/Hck3HgtZDRo3CTI1vYfbpAtgI7oD1NA1zMaLulNQxKjH3iVvyb+R7 +ZcIT7EVPZgkUwr0bsp22yVDekh/CHoB6FZPCyoAb8WnfJfooTBzB +-----END RSA PRIVATE KEY----- diff --git a/pkg/httpclient/testdata/rootCA.pem b/pkg/httpclient/testdata/rootCA.pem new file mode 100644 index 0000000000..c03bdac0c0 --- /dev/null +++ b/pkg/httpclient/testdata/rootCA.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID1jCCAr4CCQCG4JBeSi6cDjANBgkqhkiG9w0BAQsFADCBrDELMAkGA1UEBhMC +VVMxFDASBgNVBAgMC1JhbmRvbVN0YXRlMRMwEQYDVQQHDApSYW5kb21DaXR5MRsw +GQYDVQQKDBJSYW5kb21Pcmdhbml6YXRpb24xHzAdBgNVBAsMFlJhbmRvbU9yZ2Fu +aXphdGlvblVuaXQxIDAeBgkqhkiG9w0BCQEWEWhlbGxvQGV4YW1wbGUuY29tMRIw +EAYDVQQDDAlsb2NhbGhvc3QwHhcNMjIxMDA3MjIwNjQwWhcNMzIxMDA0MjIwNjQw +WjCBrDELMAkGA1UEBhMCVVMxFDASBgNVBAgMC1JhbmRvbVN0YXRlMRMwEQYDVQQH +DApSYW5kb21DaXR5MRswGQYDVQQKDBJSYW5kb21Pcmdhbml6YXRpb24xHzAdBgNV +BAsMFlJhbmRvbU9yZ2FuaXphdGlvblVuaXQxIDAeBgkqhkiG9w0BCQEWEWhlbGxv +QGV4YW1wbGUuY29tMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDh0HlpAKMKYyxbvW70XRY2bVNiNdAFninug1P4FDAJ +z8xnbFzk17FLY7zqdtGTDmPDJ8AAxIwpGv2zYWW5VMeqKWfvyuD5dSCauY1Pdmug +uZbpAvoJrx1sw+TL61ByVmy8x3ccB4LLKuzil/vAzUDJQkPsfTECVUPV+yiGSDuO +EEVR9X6rZUwx2expXm8Wtb/a88FbPVI09b9eb4iWfLvGD2eNAtw8w21W0X7sQ8Hq +zEPqquMEL4qPnNDdtk592uHvLLrd1uH8qH7c1JyA76T7H3YeUCNEi+PnLgqtsZmX +sKY62HnLt8/LAClVsN9lFYkKEjU9V+U7IN2cL6+EwtsdAgMBAAEwDQYJKoZIhvcN +AQELBQADggEBAN6g0qit/3R2X+KdR0LgRXF/h4qQFgcV6cxnhRAmLIDNJlxKSHqN +IE5+bxzCbkblzGfr/jNPqW0s+yaN4CyMgKNYSzkLBPE4FF+19Uv+dyYfFms3mDJ7 +0rGjS5bCscThWhpaSw20LcwQcr/+X+/fGzJ01dVFK1UOjBKg4d4dMwxklbIkZqIq +siRW0GMy26mgVZ/BSjeh5kEjs6h6H3cJsGl7xYT+BI7wnxHwGeT9tkBgiyT5FwaS +vtdZkBpQ9q8f7FwsEm3woLHdWuOnrtUtVpY/oc6WFGdROQdGzjSk0D3kHs9YhueC +GSzZKrqX+TSIgpPrLYNHX4uxlo5TAwP/5GM= +-----END CERTIFICATE----- diff --git a/pkg/httpclient/testdata/rootCA.srl b/pkg/httpclient/testdata/rootCA.srl new file mode 100644 index 0000000000..214ae68bf1 --- /dev/null +++ b/pkg/httpclient/testdata/rootCA.srl @@ -0,0 +1 @@ +C1B35F0051A641BB diff --git a/pkg/httpclient/testdata/server.crt b/pkg/httpclient/testdata/server.crt new file mode 100644 index 0000000000..9b0f12ec58 --- /dev/null +++ b/pkg/httpclient/testdata/server.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5TCCA82gAwIBAgIJAMGzXwBRpkG7MA0GCSqGSIb3DQEBCwUAMIGsMQswCQYD +VQQGEwJVUzEUMBIGA1UECAwLUmFuZG9tU3RhdGUxEzARBgNVBAcMClJhbmRvbUNp +dHkxGzAZBgNVBAoMElJhbmRvbU9yZ2FuaXphdGlvbjEfMB0GA1UECwwWUmFuZG9t +T3JnYW5pemF0aW9uVW5pdDEgMB4GCSqGSIb3DQEJARYRaGVsbG9AZXhhbXBsZS5j +b20xEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMjEwMDcyMjA3MDhaFw0zMjEwMDQy +MjA3MDhaMIGsMQswCQYDVQQGEwJVUzEUMBIGA1UECAwLUmFuZG9tU3RhdGUxEzAR +BgNVBAcMClJhbmRvbUNpdHkxGzAZBgNVBAoMElJhbmRvbU9yZ2FuaXphdGlvbjEf +MB0GA1UECwwWUmFuZG9tT3JnYW5pemF0aW9uVW5pdDEgMB4GCSqGSIb3DQEJARYR +aGVsbG9AZXhhbXBsZS5jb20xEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMuKdpXP87Q7Kg3iafXzvBuVIyV1K5UmMYiN +koztkC5XrCzHaQRS/CoIb7/nUqmtAxx7RL0jzhZ93zBN4HY/Zcnrd9tXoPPxi0mG +ZZWfFU6nN8nOkMHWzEbHVBmhxpfGtwmLcajQ4HrK1TZwJUn6GqclHQRy/gjxkiw5 +KPqzfVOVlA6ht4KdKstKazQkWZ5gdWT4d8yrEy/IT4oaW05xALBMQ7YGjkzWKsSF +6ygXI7xqF9rg9jCnUsPYg4f8ut3N0c00KjsfKOOj2dF/ZyjedQ5c0u4hHmxSo3Ka +0ZTmIrMfbVXgGjxRG2HZXLpPvQKoCf/fOX8Irdr+lahFVKASxN0CAwEAAaOCAQYw +ggECMIHLBgNVHSMEgcMwgcChgbKkga8wgawxCzAJBgNVBAYTAlVTMRQwEgYDVQQI +DAtSYW5kb21TdGF0ZTETMBEGA1UEBwwKUmFuZG9tQ2l0eTEbMBkGA1UECgwSUmFu +ZG9tT3JnYW5pemF0aW9uMR8wHQYDVQQLDBZSYW5kb21Pcmdhbml6YXRpb25Vbml0 +MSAwHgYJKoZIhvcNAQkBFhFoZWxsb0BleGFtcGxlLmNvbTESMBAGA1UEAwwJbG9j +YWxob3N0ggkAhuCQXkounA4wCQYDVR0TBAIwADALBgNVHQ8EBAMCBPAwGgYDVR0R +BBMwEYIJbG9jYWxob3N0hwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQCWmh5ebpkm +v2B1yQgarSCSSkLZ5DZSAJjrPgW2IJqCW2q2D1HworbW1Yn5jqrM9FKGnJfjCyve +zBB5AOlGp+0bsZGgMRMCavgv4QhTThXUoJqqHcfEu4wHndcgrqSadxmV5aisSR4u +gXnjW43o3akby+h1K40RR3vVkpzPaoC3/bgk7WVpfpPiP32E24a01gETozRb/of/ +ATN3JBe0xh+e63CrPX1sago5+u3UETIoOr0fW8M/gU9GApmJiFAXwHag6j54hLCG +23EtVDwmlarG8Pj+i0yru8s22QqzAJi5E0OwR4aB8tqicLKYBVfzyLCOielIBUrK +OkuFKp+VjxQX +-----END CERTIFICATE----- diff --git a/pkg/httpclient/testdata/server.csr b/pkg/httpclient/testdata/server.csr new file mode 100644 index 0000000000..f422a853c3 --- /dev/null +++ b/pkg/httpclient/testdata/server.csr @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC8jCCAdoCAQAwgawxCzAJBgNVBAYTAlVTMRQwEgYDVQQIDAtSYW5kb21TdGF0 +ZTETMBEGA1UEBwwKUmFuZG9tQ2l0eTEbMBkGA1UECgwSUmFuZG9tT3JnYW5pemF0 +aW9uMR8wHQYDVQQLDBZSYW5kb21Pcmdhbml6YXRpb25Vbml0MSAwHgYJKoZIhvcN +AQkBFhFoZWxsb0BleGFtcGxlLmNvbTESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4p2lc/ztDsqDeJp9fO8G5UjJXUr +lSYxiI2SjO2QLlesLMdpBFL8Kghvv+dSqa0DHHtEvSPOFn3fME3gdj9lyet321eg +8/GLSYZllZ8VTqc3yc6QwdbMRsdUGaHGl8a3CYtxqNDgesrVNnAlSfoapyUdBHL+ +CPGSLDko+rN9U5WUDqG3gp0qy0prNCRZnmB1ZPh3zKsTL8hPihpbTnEAsExDtgaO +TNYqxIXrKBcjvGoX2uD2MKdSw9iDh/y63c3RzTQqOx8o46PZ0X9nKN51DlzS7iEe +bFKjcprRlOYisx9tVeAaPFEbYdlcuk+9AqgJ/985fwit2v6VqEVUoBLE3QIDAQAB +oAAwDQYJKoZIhvcNAQELBQADggEBADjuujIFoDJllR6Xo/w7j5vfNOeHO5GSgxF2 +XnuuDOI9Tomi7vURFZNbz3VAYiehpxRxYqLwFoQUwFtux2qRuGyg0P9fP1iQXPUE +QUfFXmvB80uf2bG4lkbUwnmlZLFOEwhGZyPxpvsrxp2Ei2ppkUopCkzOMsSk3m0X +MC50ZsTHOxfkA3r1WmS7oE2c0p0Fvyx+UJw0URAXFvDS1X0ONgww3FxqbBbm9W37 +5N4FZzGAK6j1wzuynKKXrn20YDCANXYH55PZyupfCeSZT0H0AZifWL7rz/G9uqme +RzbIYc/CNQQTympjinBegQdVeB3yjVNZIvpGOuPSKQqhwFtmDFo= +-----END CERTIFICATE REQUEST----- diff --git a/pkg/httpclient/testdata/server.csr.cnf b/pkg/httpclient/testdata/server.csr.cnf new file mode 100644 index 0000000000..6ff57d1a35 --- /dev/null +++ b/pkg/httpclient/testdata/server.csr.cnf @@ -0,0 +1,14 @@ +[req] +default_bits = 2048 +prompt = no +default_md = sha256 +distinguished_name = dn + +[dn] +C=US +ST=RandomState +L=RandomCity +O=RandomOrganization +OU=RandomOrganizationUnit +emailAddress=hello@example.com +CN = localhost diff --git a/pkg/httpclient/testdata/server.key b/pkg/httpclient/testdata/server.key new file mode 100644 index 0000000000..9708e1e6ea --- /dev/null +++ b/pkg/httpclient/testdata/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDLinaVz/O0OyoN +4mn187wblSMldSuVJjGIjZKM7ZAuV6wsx2kEUvwqCG+/51KprQMce0S9I84Wfd8w +TeB2P2XJ63fbV6Dz8YtJhmWVnxVOpzfJzpDB1sxGx1QZocaXxrcJi3Go0OB6ytU2 +cCVJ+hqnJR0Ecv4I8ZIsOSj6s31TlZQOobeCnSrLSms0JFmeYHVk+HfMqxMvyE+K +GltOcQCwTEO2Bo5M1irEhesoFyO8ahfa4PYwp1LD2IOH/LrdzdHNNCo7Hyjjo9nR +f2co3nUOXNLuIR5sUqNymtGU5iKzH21V4Bo8URth2Vy6T70CqAn/3zl/CK3a/pWo +RVSgEsTdAgMBAAECggEAU6cxu7q+54kVbKVsdThaTF/MFR4F7oPHAd9lpuQQSOuh +iLngMHXGy6OyAgYZlEDWMYN8KdwoXFgZPaoUIaVGuWk8Vnq6XOgeHfbNk2PRhwT0 +yc1K80/Lnx9XMj2p+EEkgxi7eu12BSGN5ZTLzo6rG50GQwjb3WMjd2d6rybL0GjC +wg2arcBk3sSMYmvZOqlAsaQmtgwkJhvhVkVfEQSD3VKF7g0dh/h3LIPyM0Ff4M67 +KpLMPPwzUJ/0Z4ewAP06mMKUA86R93M+dWs2eh1oBGnRkVQdhCJLXJpuGHZ6BTiB +Ry0AeorHfnVXPbtpUeAq6m5/BBl6qX0ooB08BIFwAQKBgQDqJpTZS/ZzqL6Kcs14 +MyFu+7DungSxQ5oK9ju7EFSosanSk4UEa/lw992kM6nsIMwgSVQgba5zKcVMeSmk +AVbpznegQD1BYCwOGwbGvkJ8jbhPy+WLbbRjWT/E6AItZgUK+fyTIcNvSehcQqsT +fhgWsK7ueZCmLQfVhK1AxtvY3QKBgQDeiKuo8plsH/7IxDn7KVHBOHKPC2ZPzg03 +i7La6zomiRckwwPnhicRSYsjtfCCW6Ms+uzjTEItgFM+5PdrXheeku+z/sExRtZu +emqPqDomixlXDRQ6RN3gnBSk4RU+ROB1u1uBLWXqRz8Gp2zJGRxhHfYt2zefBv4w +/cIuPC3cAQKBgD2UsAkGJWb9tj8LOmama+CYaUwYWvuT3+uKHuNvxBQpxZQQICet +jgjb53rL66Cib4z+PBXbQsoe7jjSlNUBVS5gkq2et31+IZgEG6AhYbMIQrUZ1uD4 +lTybuF289vWhoynj3T2E37VhJq89CWky/HrbNOabKiPKLAlHv5kNs7wxAoGBANEJ +XQbU7J2O6Iy7FyQBSlTQq3wHX1Iz4mJ9DcNrFzK/sEfOEMrZT7WDefpPm984KW3F +P+S766ZGVuxLtMbcmh9RM23HLr8VJbSdtZ/AjO9L1r/Y/1lE+49TzmibLpNRq++r +0WbkuEl8J44ek6fLuMbZmDi3JeZycTCgDlnUGdgBAoGAYdliovtURZCm46t1uE3F +idCLCXCccjkt1hcNGNjck/b0trHA7wOEqICIguoWDlEBTc0PDvHEq6PfKyqptGkj +AgaZTMF/aZiGqlT7VRpBuzxM/uV5xzCg+i2ViaW/p3xq0z2PRljVZiEfe5aWcjiM +ouTtnC3TgmcjhTgGmb48QQE= +-----END PRIVATE KEY----- diff --git a/pkg/httpclient/testdata/v3.ext b/pkg/httpclient/testdata/v3.ext new file mode 100644 index 0000000000..68e35be863 --- /dev/null +++ b/pkg/httpclient/testdata/v3.ext @@ -0,0 +1,8 @@ +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment +subjectAltName = @alt_names + +[alt_names] +DNS.1 = localhost +IP.1 = 127.0.0.1 From 67d9142887361d1cc2ea125f59f0f244449742a7 Mon Sep 17 00:00:00 2001 From: Rui Yang Date: Fri, 7 Oct 2022 21:32:49 -0400 Subject: [PATCH 26/28] remove unused HostedDomains Signed-off-by: Rui Yang --- connector/oidc/oidc.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go index 981f3a39c9..56aad4b37b 100644 --- a/connector/oidc/oidc.go +++ b/connector/oidc/oidc.go @@ -35,10 +35,6 @@ type Config struct { Scopes []string `json:"scopes"` // defaults to "profile" and "email" - // Optional list of whitelisted domains when using Google - // If this field is nonempty, only users from a listed domain will be allowed to log in - HostedDomains []string `json:"hostedDomains"` - // Certificates for SSL validation RootCAs []string `json:"rootCAs"` @@ -170,7 +166,6 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e logger: logger, cancel: cancel, httpClient: httpClient, - hostedDomains: c.HostedDomains, insecureSkipEmailVerified: c.InsecureSkipEmailVerified, insecureEnableGroups: c.InsecureEnableGroups, acrValues: c.AcrValues, @@ -198,7 +193,6 @@ type oidcConnector struct { cancel context.CancelFunc logger log.Logger httpClient *http.Client - hostedDomains []string insecureSkipEmailVerified bool insecureEnableGroups bool acrValues []string From d40dc2016af3735f88c41bae72962cb6eaff4448 Mon Sep 17 00:00:00 2001 From: CI Bot Date: Mon, 31 Oct 2022 15:05:28 +0000 Subject: [PATCH 27/28] upstream dex release: v2.35.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The official container image for this release can be pulled from ``` ghcr.io/dexidp/dex:v2.35.3 ``` ## What's Changed ### Dependency Updates ⬆️ * Backport #2705 to v2.35.x by @nabokihms in https://github.com/dexidp/dex/pull/2706 **Full Changelog**: https://github.com/dexidp/dex/compare/v2.35.2...v2.35.3 --- .github/workflows/artifacts.yaml | 97 ------------- .github/workflows/checks.yaml | 18 --- .github/workflows/ci.yaml | 129 ------------------ .github/workflows/codeql-analysis.yaml | 67 --------- .github/workflows/docker.yaml | 111 --------------- cmd/dex/config.go | 16 +-- cmd/dex/config_test.go | 10 +- cmd/dex/serve.go | 6 +- connector/atlassiancrowd/atlassiancrowd.go | 6 +- connector/authproxy/authproxy.go | 4 +- connector/authproxy/authproxy_test.go | 2 +- connector/bitbucketcloud/bitbucketcloud.go | 6 +- .../bitbucketcloud/bitbucketcloud_test.go | 2 +- connector/cloudfoundry/cloudfoundry.go | 4 +- connector/cloudfoundry/cloudfoundry_test.go | 2 +- connector/gitea/gitea.go | 4 +- connector/gitea/gitea_test.go | 2 +- connector/github/github.go | 8 +- connector/github/github_test.go | 2 +- connector/gitlab/gitlab.go | 6 +- connector/gitlab/gitlab_test.go | 2 +- connector/google/google.go | 6 +- connector/keystone/keystone.go | 4 +- connector/keystone/keystone_test.go | 2 +- connector/ldap/ldap.go | 4 +- connector/ldap/ldap_test.go | 2 +- connector/linkedin/linkedin.go | 4 +- connector/microsoft/microsoft.go | 6 +- connector/microsoft/microsoft_test.go | 2 +- connector/mock/connectortest.go | 4 +- connector/oauth/oauth.go | 6 +- connector/oauth/oauth_test.go | 2 +- connector/oidc/oidc.go | 6 +- connector/oidc/oidc_test.go | 2 +- connector/openshift/openshift.go | 10 +- connector/openshift/openshift_test.go | 6 +- connector/saml/saml.go | 6 +- connector/saml/saml_test.go | 2 +- examples/go.mod | 2 +- go.mod | 2 +- pkg/groups/groups_test.go | 2 +- pkg/httpclient/httpclient_test.go | 2 +- server/api.go | 6 +- server/api_test.go | 8 +- server/deviceflowhandlers.go | 4 +- server/deviceflowhandlers_test.go | 2 +- server/handlers.go | 6 +- server/handlers_test.go | 2 +- server/oauth2.go | 6 +- server/oauth2_test.go | 4 +- server/refreshhandlers.go | 6 +- server/refreshhandlers_test.go | 4 +- server/rotation.go | 4 +- server/rotation_test.go | 4 +- server/server.go | 42 +++--- server/server_test.go | 8 +- storage/conformance/conformance.go | 2 +- storage/conformance/transactions.go | 2 +- storage/ent/client/authcode.go | 2 +- storage/ent/client/authrequest.go | 2 +- storage/ent/client/client.go | 2 +- storage/ent/client/connector.go | 2 +- storage/ent/client/devicerequest.go | 4 +- storage/ent/client/devicetoken.go | 4 +- storage/ent/client/keys.go | 4 +- storage/ent/client/main.go | 14 +- storage/ent/client/offlinesession.go | 2 +- storage/ent/client/password.go | 4 +- storage/ent/client/refreshtoken.go | 2 +- storage/ent/client/types.go | 4 +- storage/ent/client/utils.go | 4 +- storage/ent/db/authcode.go | 2 +- storage/ent/db/authcode/where.go | 2 +- storage/ent/db/authcode_create.go | 2 +- storage/ent/db/authcode_delete.go | 4 +- storage/ent/db/authcode_query.go | 4 +- storage/ent/db/authcode_update.go | 4 +- storage/ent/db/authrequest.go | 2 +- storage/ent/db/authrequest/where.go | 2 +- storage/ent/db/authrequest_create.go | 2 +- storage/ent/db/authrequest_delete.go | 4 +- storage/ent/db/authrequest_query.go | 4 +- storage/ent/db/authrequest_update.go | 4 +- storage/ent/db/client.go | 24 ++-- storage/ent/db/connector.go | 2 +- storage/ent/db/connector/where.go | 2 +- storage/ent/db/connector_create.go | 2 +- storage/ent/db/connector_delete.go | 4 +- storage/ent/db/connector_query.go | 4 +- storage/ent/db/connector_update.go | 4 +- storage/ent/db/devicerequest.go | 2 +- storage/ent/db/devicerequest/where.go | 2 +- storage/ent/db/devicerequest_create.go | 2 +- storage/ent/db/devicerequest_delete.go | 4 +- storage/ent/db/devicerequest_query.go | 4 +- storage/ent/db/devicerequest_update.go | 4 +- storage/ent/db/devicetoken.go | 2 +- storage/ent/db/devicetoken/where.go | 2 +- storage/ent/db/devicetoken_create.go | 2 +- storage/ent/db/devicetoken_delete.go | 4 +- storage/ent/db/devicetoken_query.go | 4 +- storage/ent/db/devicetoken_update.go | 4 +- storage/ent/db/ent.go | 20 +-- storage/ent/db/enttest/enttest.go | 6 +- storage/ent/db/hook/hook.go | 2 +- storage/ent/db/keys.go | 4 +- storage/ent/db/keys/where.go | 2 +- storage/ent/db/keys_create.go | 4 +- storage/ent/db/keys_delete.go | 4 +- storage/ent/db/keys_query.go | 4 +- storage/ent/db/keys_update.go | 6 +- storage/ent/db/mutation.go | 24 ++-- storage/ent/db/oauth2client.go | 2 +- storage/ent/db/oauth2client/where.go | 2 +- storage/ent/db/oauth2client_create.go | 2 +- storage/ent/db/oauth2client_delete.go | 4 +- storage/ent/db/oauth2client_query.go | 4 +- storage/ent/db/oauth2client_update.go | 4 +- storage/ent/db/offlinesession.go | 2 +- storage/ent/db/offlinesession/where.go | 2 +- storage/ent/db/offlinesession_create.go | 2 +- storage/ent/db/offlinesession_delete.go | 4 +- storage/ent/db/offlinesession_query.go | 4 +- storage/ent/db/offlinesession_update.go | 4 +- storage/ent/db/password.go | 2 +- storage/ent/db/password/where.go | 2 +- storage/ent/db/password_create.go | 2 +- storage/ent/db/password_delete.go | 4 +- storage/ent/db/password_query.go | 4 +- storage/ent/db/password_update.go | 4 +- storage/ent/db/refreshtoken.go | 2 +- storage/ent/db/refreshtoken/where.go | 2 +- storage/ent/db/refreshtoken_create.go | 2 +- storage/ent/db/refreshtoken_delete.go | 4 +- storage/ent/db/refreshtoken_query.go | 4 +- storage/ent/db/refreshtoken_update.go | 4 +- storage/ent/db/runtime.go | 22 +-- storage/ent/mysql.go | 8 +- storage/ent/mysql_test.go | 4 +- storage/ent/postgres.go | 8 +- storage/ent/postgres_test.go | 4 +- storage/ent/schema/keys.go | 2 +- storage/ent/sqlite.go | 8 +- storage/ent/sqlite_test.go | 4 +- storage/etcd/config.go | 4 +- storage/etcd/etcd.go | 4 +- storage/etcd/etcd_test.go | 4 +- storage/etcd/types.go | 2 +- storage/kubernetes/client.go | 6 +- storage/kubernetes/client_test.go | 2 +- storage/kubernetes/storage.go | 6 +- storage/kubernetes/storage_test.go | 4 +- storage/kubernetes/transport.go | 2 +- storage/kubernetes/types.go | 4 +- storage/memory/memory.go | 4 +- storage/memory/memory_test.go | 4 +- storage/memory/static_test.go | 2 +- storage/sql/config.go | 4 +- storage/sql/config_test.go | 6 +- storage/sql/crud.go | 2 +- storage/sql/sql.go | 2 +- storage/sql/sqlite.go | 4 +- storage/static.go | 2 +- 163 files changed, 357 insertions(+), 779 deletions(-) delete mode 100644 .github/workflows/artifacts.yaml delete mode 100644 .github/workflows/checks.yaml delete mode 100644 .github/workflows/ci.yaml delete mode 100644 .github/workflows/codeql-analysis.yaml delete mode 100644 .github/workflows/docker.yaml diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml deleted file mode 100644 index 0237b3ac66..0000000000 --- a/.github/workflows/artifacts.yaml +++ /dev/null @@ -1,97 +0,0 @@ -name: Artifacts - -on: - push: - branches: - - master - tags: - - v[0-9]+.[0-9]+.[0-9]+ - pull_request: - -jobs: - container-images: - name: Container images - runs-on: ubuntu-latest - strategy: - matrix: - variant: - - alpine - - distroless - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Gather metadata - id: meta - uses: docker/metadata-action@v4 - with: - images: | - ghcr.io/dexidp/dex - dexidp/dex - flavor: | - latest = false - tags: | - type=ref,event=branch,enable=${{ matrix.variant == 'alpine' }} - type=ref,event=pr,enable=${{ matrix.variant == 'alpine' }} - type=semver,pattern={{raw}},enable=${{ matrix.variant == 'alpine' }} - type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && matrix.variant == 'alpine' }} - type=ref,event=branch,suffix=-${{ matrix.variant }} - type=ref,event=pr,suffix=-${{ matrix.variant }} - type=semver,pattern={{raw}},suffix=-${{ matrix.variant }} - type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }},suffix=-${{ matrix.variant }} - labels: | - org.opencontainers.image.documentation=https://dexidp.io/docs/ - - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - with: - platforms: all - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ github.token }} - if: github.event_name == 'push' - - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - if: github.event_name == 'push' - - - name: Build and push - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le - # cache-from: type=gha - # cache-to: type=gha,mode=max - push: ${{ github.event_name == 'push' }} - tags: ${{ steps.meta.outputs.tags }} - build-args: | - BASE_IMAGE=${{ matrix.variant }} - VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} - COMMIT_HASH=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} - BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} - labels: ${{ steps.meta.outputs.labels }} - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.7.1 - with: - image-ref: "ghcr.io/dexidp/dex:${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}" - format: "sarif" - output: "trivy-results.sarif" - if: github.event_name == 'push' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: "trivy-results.sarif" - if: github.event_name == 'push' diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml deleted file mode 100644 index c7eb4ea73c..0000000000 --- a/.github/workflows/checks.yaml +++ /dev/null @@ -1,18 +0,0 @@ -name: PR Checks - -on: - pull_request: - types: [opened, labeled, unlabeled, synchronize] - -jobs: - release-label: - name: Release note label - runs-on: ubuntu-latest - - steps: - - name: Check minimum labels - uses: mheap/github-action-required-labels@v2 - with: - mode: minimum - count: 1 - labels: "release-note/ignore, kind/feature, release-note/new-feature, kind/enhancement, release-note/enhancement, kind/bug, release-note/bug-fix, release-note/breaking-change, release-note/deprecation, area/dependencies, release-note/dependency-update" diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml deleted file mode 100644 index c38ed934a7..0000000000 --- a/.github/workflows/ci.yaml +++ /dev/null @@ -1,129 +0,0 @@ -name: CI - -on: - push: - branches: - - master - pull_request: - -jobs: - build: - name: Build - runs-on: ubuntu-latest - env: - GOFLAGS: -mod=readonly - - services: - postgres: - image: postgres:10.8 - ports: - - 5432 - options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 - - postgres-ent: - image: postgres:10.8 - ports: - - 5432 - options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 - - mysql: - image: mysql:5.7 - env: - MYSQL_ROOT_PASSWORD: root - MYSQL_DATABASE: dex - ports: - - 3306 - options: --health-cmd "mysql -proot -e \"show databases;\"" --health-interval 10s --health-timeout 5s --health-retries 5 - - mysql-ent: - image: mysql:5.7 - env: - MYSQL_ROOT_PASSWORD: root - MYSQL_DATABASE: dex - ports: - - 3306 - options: --health-cmd "mysql -proot -e \"show databases;\"" --health-interval 10s --health-timeout 5s --health-retries 5 - - etcd: - image: gcr.io/etcd-development/etcd:v3.5.0 - ports: - - 2379 - env: - ETCD_LISTEN_CLIENT_URLS: http://0.0.0.0:2379 - ETCD_ADVERTISE_CLIENT_URLS: http://0.0.0.0:2379 - options: --health-cmd "ETCDCTL_API=3 etcdctl --endpoints http://localhost:2379 endpoint health" --health-interval 10s --health-timeout 5s --health-retries 5 - - keystone: - image: openio/openstack-keystone:rocky - ports: - - 5000 - - 35357 - options: --health-cmd "curl --fail http://localhost:5000/v3" --health-interval 10s --health-timeout 5s --health-retries 5 - - steps: - - name: Set up Go - uses: actions/setup-go@v3 - with: - go-version: 1.18 - - - name: Checkout code - uses: actions/checkout@v3 - - - name: Start services - run: docker-compose -f docker-compose.test.yaml up -d - - - name: Create kind cluster - uses: helm/kind-action@v1.4.0 - with: - version: v0.11.1 - node_image: kindest/node:v1.19.11@sha256:07db187ae84b4b7de440a73886f008cf903fcf5764ba8106a9fd5243d6f32729 - - - name: Download tool dependencies - run: make deps - - - name: Test - run: make testall - env: - DEX_MYSQL_DATABASE: dex - DEX_MYSQL_USER: root - DEX_MYSQL_PASSWORD: root - DEX_MYSQL_HOST: 127.0.0.1 - DEX_MYSQL_PORT: ${{ job.services.mysql.ports[3306] }} - - DEX_MYSQL_ENT_DATABASE: dex - DEX_MYSQL_ENT_USER: root - DEX_MYSQL_ENT_PASSWORD: root - DEX_MYSQL_ENT_HOST: 127.0.0.1 - DEX_MYSQL_ENT_PORT: ${{ job.services.mysql-ent.ports[3306] }} - - DEX_POSTGRES_DATABASE: postgres - DEX_POSTGRES_USER: postgres - DEX_POSTGRES_PASSWORD: postgres - DEX_POSTGRES_HOST: localhost - DEX_POSTGRES_PORT: ${{ job.services.postgres.ports[5432] }} - - DEX_POSTGRES_ENT_DATABASE: postgres - DEX_POSTGRES_ENT_USER: postgres - DEX_POSTGRES_ENT_PASSWORD: postgres - DEX_POSTGRES_ENT_HOST: localhost - DEX_POSTGRES_ENT_PORT: ${{ job.services.postgres-ent.ports[5432] }} - - DEX_ETCD_ENDPOINTS: http://localhost:${{ job.services.etcd.ports[2379] }} - - DEX_LDAP_HOST: localhost - DEX_LDAP_PORT: 389 - DEX_LDAP_TLS_PORT: 636 - - DEX_KEYSTONE_URL: http://localhost:${{ job.services.keystone.ports[5000] }} - DEX_KEYSTONE_ADMIN_URL: http://localhost:${{ job.services.keystone.ports[35357] }} - DEX_KEYSTONE_ADMIN_USER: demo - DEX_KEYSTONE_ADMIN_PASS: DEMO_PASS - - DEX_KUBERNETES_CONFIG_PATH: ~/.kube/config - - - name: Lint - run: make lint - - # Ensure proto generation doesn't depend on external packages. - - name: Verify proto - run: make verify-proto diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml deleted file mode 100644 index 926f8be539..0000000000 --- a/.github/workflows/codeql-analysis.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" - -on: - push: - branches: [ master, v1 ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ master ] - schedule: - - cron: '28 10 * * 6' - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - language: [ 'go' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more: - # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - # ℹ️ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml deleted file mode 100644 index f841d55640..0000000000 --- a/.github/workflows/docker.yaml +++ /dev/null @@ -1,111 +0,0 @@ -name: Docker - -on: - # push: - # branches: - # - master - # tags: - # - v[0-9]+.[0-9]+.[0-9]+ - pull_request: - -jobs: - docker: - name: Docker - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Calculate Docker image tags - id: tags - env: - DOCKER_IMAGES: "ghcr.io/dexidp/dex dexidp/dex" - run: | - case $GITHUB_REF in - refs/tags/*) VERSION=${GITHUB_REF#refs/tags/};; - refs/heads/*) VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g');; - refs/pull/*) VERSION=pr-${{ github.event.number }};; - *) VERSION=sha-${GITHUB_SHA::8};; - esac - - TAGS=() - for image in $DOCKER_IMAGES; do - TAGS+=("${image}:${VERSION}") - - if [[ "${{ github.event.repository.default_branch }}" == "$VERSION" ]]; then - TAGS+=("${image}:latest") - fi - done - - echo ::set-output name=version::${VERSION} - echo ::set-output name=tags::$(IFS=,; echo "${TAGS[*]}") - echo ::set-output name=commit_hash::${GITHUB_SHA::8} - echo ::set-output name=build_date::$(git show -s --format=%cI) - - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - with: - platforms: all - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - with: - install: true - version: latest - # TODO: Remove driver-opts once fix is released docker/buildx#386 - driver-opts: image=moby/buildkit:master - - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ github.token }} - if: github.event_name == 'push' - - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - if: github.event_name == 'push' - - - name: Build and push - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le - # cache-from: type=gha - # cache-to: type=gha,mode=max - push: ${{ github.event_name == 'push' }} - tags: ${{ steps.tags.outputs.tags }} - build-args: | - VERSION=${{ steps.tags.outputs.version }} - COMMIT_HASH=${{ steps.tags.outputs.commit_hash }} - BUILD_DATE=${{ steps.tags.outputs.build_date }} - labels: | - org.opencontainers.image.title=${{ github.event.repository.name }} - org.opencontainers.image.description=${{ github.event.repository.description }} - org.opencontainers.image.url=${{ github.event.repository.html_url }} - org.opencontainers.image.source=${{ github.event.repository.clone_url }} - org.opencontainers.image.version=${{ steps.tags.outputs.version }} - org.opencontainers.image.created=${{ steps.tags.outputs.build_date }} - org.opencontainers.image.revision=${{ github.sha }} - org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }} - org.opencontainers.image.documentation=https://dexidp.io/docs/ - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.7.1 - with: - image-ref: "ghcr.io/dexidp/dex:${{ steps.tags.outputs.version }}" - format: "template" - template: "@/contrib/sarif.tpl" - output: "trivy-results.sarif" - if: github.event_name == 'push' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: "trivy-results.sarif" - if: github.event_name == 'push' diff --git a/cmd/dex/config.go b/cmd/dex/config.go index 7bb7fbb780..0a0a14e1f6 100644 --- a/cmd/dex/config.go +++ b/cmd/dex/config.go @@ -10,14 +10,14 @@ import ( "golang.org/x/crypto/bcrypt" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/server" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent" - "github.com/dexidp/dex/storage/etcd" - "github.com/dexidp/dex/storage/kubernetes" - "github.com/dexidp/dex/storage/memory" - "github.com/dexidp/dex/storage/sql" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/server" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent" + "github.com/concourse/dex/storage/etcd" + "github.com/concourse/dex/storage/kubernetes" + "github.com/concourse/dex/storage/memory" + "github.com/concourse/dex/storage/sql" ) // Config is the config format for the main application. diff --git a/cmd/dex/config_test.go b/cmd/dex/config_test.go index 8ee02d5aa2..2f7bc8447e 100644 --- a/cmd/dex/config_test.go +++ b/cmd/dex/config_test.go @@ -7,11 +7,11 @@ import ( "github.com/ghodss/yaml" "github.com/kylelemons/godebug/pretty" - "github.com/dexidp/dex/connector/mock" - "github.com/dexidp/dex/connector/oidc" - "github.com/dexidp/dex/server" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/sql" + "github.com/concourse/dex/connector/mock" + "github.com/concourse/dex/connector/oidc" + "github.com/concourse/dex/server" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/sql" ) var _ = yaml.YAMLToJSON diff --git a/cmd/dex/serve.go b/cmd/dex/serve.go index c8fb95eb16..cd867abf54 100644 --- a/cmd/dex/serve.go +++ b/cmd/dex/serve.go @@ -31,9 +31,9 @@ import ( "google.golang.org/grpc/reflection" "github.com/dexidp/dex/api/v2" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/server" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/server" + "github.com/concourse/dex/storage" ) type serveOptions struct { diff --git a/connector/atlassiancrowd/atlassiancrowd.go b/connector/atlassiancrowd/atlassiancrowd.go index e2ca94b0de..16605be799 100644 --- a/connector/atlassiancrowd/atlassiancrowd.go +++ b/connector/atlassiancrowd/atlassiancrowd.go @@ -12,9 +12,9 @@ import ( "strings" "time" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/groups" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/groups" + "github.com/concourse/dex/pkg/log" ) // Config holds configuration options for Atlassian Crowd connector. diff --git a/connector/authproxy/authproxy.go b/connector/authproxy/authproxy.go index 8715412146..aea4512f46 100644 --- a/connector/authproxy/authproxy.go +++ b/connector/authproxy/authproxy.go @@ -9,8 +9,8 @@ import ( "net/url" "strings" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/log" ) // Config holds the configuration parameters for a connector which returns an diff --git a/connector/authproxy/authproxy_test.go b/connector/authproxy/authproxy_test.go index 5d42530e07..0d58cfbc3d 100644 --- a/connector/authproxy/authproxy_test.go +++ b/connector/authproxy/authproxy_test.go @@ -8,7 +8,7 @@ import ( "github.com/sirupsen/logrus" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) const ( diff --git a/connector/bitbucketcloud/bitbucketcloud.go b/connector/bitbucketcloud/bitbucketcloud.go index 27eafb5299..adf18c8a35 100644 --- a/connector/bitbucketcloud/bitbucketcloud.go +++ b/connector/bitbucketcloud/bitbucketcloud.go @@ -14,9 +14,9 @@ import ( "golang.org/x/oauth2" "golang.org/x/oauth2/bitbucket" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/groups" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/groups" + "github.com/concourse/dex/pkg/log" ) const ( diff --git a/connector/bitbucketcloud/bitbucketcloud_test.go b/connector/bitbucketcloud/bitbucketcloud_test.go index 9545ff09c5..035ec1da3e 100644 --- a/connector/bitbucketcloud/bitbucketcloud_test.go +++ b/connector/bitbucketcloud/bitbucketcloud_test.go @@ -10,7 +10,7 @@ import ( "reflect" "testing" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) func TestUserGroups(t *testing.T) { diff --git a/connector/cloudfoundry/cloudfoundry.go b/connector/cloudfoundry/cloudfoundry.go index 8d3ab7f0ae..faa86bbab1 100644 --- a/connector/cloudfoundry/cloudfoundry.go +++ b/connector/cloudfoundry/cloudfoundry.go @@ -16,8 +16,8 @@ import ( "golang.org/x/oauth2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/log" ) type cloudfoundryConnector struct { diff --git a/connector/cloudfoundry/cloudfoundry_test.go b/connector/cloudfoundry/cloudfoundry_test.go index 73b521a917..1e6af394de 100644 --- a/connector/cloudfoundry/cloudfoundry_test.go +++ b/connector/cloudfoundry/cloudfoundry_test.go @@ -12,7 +12,7 @@ import ( "github.com/sirupsen/logrus" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) func TestOpen(t *testing.T) { diff --git a/connector/gitea/gitea.go b/connector/gitea/gitea.go index 6b02099414..fa11769159 100644 --- a/connector/gitea/gitea.go +++ b/connector/gitea/gitea.go @@ -14,8 +14,8 @@ import ( "golang.org/x/oauth2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/log" ) // Config holds configuration options for gitea logins. diff --git a/connector/gitea/gitea_test.go b/connector/gitea/gitea_test.go index a71d79956e..c4576d0fd2 100644 --- a/connector/gitea/gitea_test.go +++ b/connector/gitea/gitea_test.go @@ -9,7 +9,7 @@ import ( "reflect" "testing" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) // tests that the email is used as their username when they have no username set diff --git a/connector/github/github.go b/connector/github/github.go index 933b23ff31..c0cba8aefa 100644 --- a/connector/github/github.go +++ b/connector/github/github.go @@ -15,10 +15,10 @@ import ( "golang.org/x/oauth2" "golang.org/x/oauth2/github" - "github.com/dexidp/dex/connector" - groups_pkg "github.com/dexidp/dex/pkg/groups" - "github.com/dexidp/dex/pkg/httpclient" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + groups_pkg "github.com/concourse/dex/pkg/groups" + "github.com/concourse/dex/pkg/httpclient" + "github.com/concourse/dex/pkg/log" ) const ( diff --git a/connector/github/github_test.go b/connector/github/github_test.go index 76d7463cf6..b9d10d7d27 100644 --- a/connector/github/github_test.go +++ b/connector/github/github_test.go @@ -12,7 +12,7 @@ import ( "strings" "testing" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) type testResponse struct { diff --git a/connector/gitlab/gitlab.go b/connector/gitlab/gitlab.go index f35ac35753..ffdcd709e9 100644 --- a/connector/gitlab/gitlab.go +++ b/connector/gitlab/gitlab.go @@ -13,9 +13,9 @@ import ( "golang.org/x/oauth2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/groups" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/groups" + "github.com/concourse/dex/pkg/log" ) const ( diff --git a/connector/gitlab/gitlab_test.go b/connector/gitlab/gitlab_test.go index d828b8bd16..f5886ca96c 100644 --- a/connector/gitlab/gitlab_test.go +++ b/connector/gitlab/gitlab_test.go @@ -10,7 +10,7 @@ import ( "reflect" "testing" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) func TestUserGroups(t *testing.T) { diff --git a/connector/google/google.go b/connector/google/google.go index 3f79a8a227..14decfc93d 100644 --- a/connector/google/google.go +++ b/connector/google/google.go @@ -16,9 +16,9 @@ import ( admin "google.golang.org/api/admin/directory/v1" "google.golang.org/api/option" - "github.com/dexidp/dex/connector" - pkg_groups "github.com/dexidp/dex/pkg/groups" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + pkg_groups "github.com/concourse/dex/pkg/groups" + "github.com/concourse/dex/pkg/log" ) const ( diff --git a/connector/keystone/keystone.go b/connector/keystone/keystone.go index 03f473310b..ecdb3f1742 100644 --- a/connector/keystone/keystone.go +++ b/connector/keystone/keystone.go @@ -9,8 +9,8 @@ import ( "io" "net/http" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/log" ) type conn struct { diff --git a/connector/keystone/keystone_test.go b/connector/keystone/keystone_test.go index 8f1ea1bbcd..1a93f565db 100644 --- a/connector/keystone/keystone_test.go +++ b/connector/keystone/keystone_test.go @@ -11,7 +11,7 @@ import ( "strings" "testing" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) const ( diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go index 543402718c..59f91fcbb8 100644 --- a/connector/ldap/ldap.go +++ b/connector/ldap/ldap.go @@ -12,8 +12,8 @@ import ( "github.com/go-ldap/ldap/v3" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/log" ) // Config holds the configuration parameters for the LDAP connector. The LDAP diff --git a/connector/ldap/ldap_test.go b/connector/ldap/ldap_test.go index 83f9f4790c..4abc5c83d1 100644 --- a/connector/ldap/ldap_test.go +++ b/connector/ldap/ldap_test.go @@ -10,7 +10,7 @@ import ( "github.com/kylelemons/godebug/pretty" "github.com/sirupsen/logrus" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) // connectionMethod indicates how the test should connect to the LDAP server. diff --git a/connector/linkedin/linkedin.go b/connector/linkedin/linkedin.go index f79f1c49d8..c5b02fd863 100644 --- a/connector/linkedin/linkedin.go +++ b/connector/linkedin/linkedin.go @@ -11,8 +11,8 @@ import ( "golang.org/x/oauth2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/log" ) const ( diff --git a/connector/microsoft/microsoft.go b/connector/microsoft/microsoft.go index 3952c94be6..f743158cc0 100644 --- a/connector/microsoft/microsoft.go +++ b/connector/microsoft/microsoft.go @@ -15,9 +15,9 @@ import ( "golang.org/x/oauth2" - "github.com/dexidp/dex/connector" - groups_pkg "github.com/dexidp/dex/pkg/groups" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + groups_pkg "github.com/concourse/dex/pkg/groups" + "github.com/concourse/dex/pkg/log" ) // GroupNameFormat represents the format of the group identifier diff --git a/connector/microsoft/microsoft_test.go b/connector/microsoft/microsoft_test.go index 67be660fce..34381bc3fb 100644 --- a/connector/microsoft/microsoft_test.go +++ b/connector/microsoft/microsoft_test.go @@ -10,7 +10,7 @@ import ( "reflect" "testing" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) type testResponse struct { diff --git a/connector/mock/connectortest.go b/connector/mock/connectortest.go index e7ee438625..9ed7fdafae 100644 --- a/connector/mock/connectortest.go +++ b/connector/mock/connectortest.go @@ -8,8 +8,8 @@ import ( "net/http" "net/url" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/log" ) // NewCallbackConnector returns a mock connector which requires no user interaction. It always returns diff --git a/connector/oauth/oauth.go b/connector/oauth/oauth.go index 2fe39fd467..40b3dc72bf 100644 --- a/connector/oauth/oauth.go +++ b/connector/oauth/oauth.go @@ -11,9 +11,9 @@ import ( "golang.org/x/oauth2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/httpclient" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/httpclient" + "github.com/concourse/dex/pkg/log" ) type oauthConnector struct { diff --git a/connector/oauth/oauth_test.go b/connector/oauth/oauth_test.go index 3a5ec6bf59..c547c3ca30 100644 --- a/connector/oauth/oauth_test.go +++ b/connector/oauth/oauth_test.go @@ -16,7 +16,7 @@ import ( "github.com/stretchr/testify/assert" jose "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) func TestOpen(t *testing.T) { diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go index 56aad4b37b..89929a76f4 100644 --- a/connector/oidc/oidc.go +++ b/connector/oidc/oidc.go @@ -14,9 +14,9 @@ import ( "github.com/coreos/go-oidc/v3/oidc" "golang.org/x/oauth2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/httpclient" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/httpclient" + "github.com/concourse/dex/pkg/log" ) // Config holds configuration options for OpenID Connect logins. diff --git a/connector/oidc/oidc_test.go b/connector/oidc/oidc_test.go index d94af79de8..98d366d488 100644 --- a/connector/oidc/oidc_test.go +++ b/connector/oidc/oidc_test.go @@ -19,7 +19,7 @@ import ( "github.com/sirupsen/logrus" "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) func TestKnownBrokenAuthHeaderProvider(t *testing.T) { diff --git a/connector/openshift/openshift.go b/connector/openshift/openshift.go index 35ee33afb7..727ac29567 100644 --- a/connector/openshift/openshift.go +++ b/connector/openshift/openshift.go @@ -10,11 +10,11 @@ import ( "golang.org/x/oauth2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/groups" - "github.com/dexidp/dex/pkg/httpclient" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage/kubernetes/k8sapi" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/groups" + "github.com/concourse/dex/pkg/httpclient" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage/kubernetes/k8sapi" ) const ( diff --git a/connector/openshift/openshift_test.go b/connector/openshift/openshift_test.go index 1a2c7a4840..6aedf78e27 100644 --- a/connector/openshift/openshift_test.go +++ b/connector/openshift/openshift_test.go @@ -14,9 +14,9 @@ import ( "github.com/sirupsen/logrus" "golang.org/x/oauth2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/httpclient" - "github.com/dexidp/dex/storage/kubernetes/k8sapi" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/httpclient" + "github.com/concourse/dex/storage/kubernetes/k8sapi" ) func TestOpen(t *testing.T) { diff --git a/connector/saml/saml.go b/connector/saml/saml.go index 908ec703c9..6215ee5f5e 100644 --- a/connector/saml/saml.go +++ b/connector/saml/saml.go @@ -19,9 +19,9 @@ import ( dsig "github.com/russellhaering/goxmldsig" "github.com/russellhaering/goxmldsig/etreeutils" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/groups" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/groups" + "github.com/concourse/dex/pkg/log" ) // nolint diff --git a/connector/saml/saml_test.go b/connector/saml/saml_test.go index 95d513ed19..3ac421899e 100644 --- a/connector/saml/saml_test.go +++ b/connector/saml/saml_test.go @@ -14,7 +14,7 @@ import ( dsig "github.com/russellhaering/goxmldsig" "github.com/sirupsen/logrus" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) // responseTest maps a SAML 2.0 response object to a set of expected values. diff --git a/examples/go.mod b/examples/go.mod index d66c118a7f..64a8e825c3 100644 --- a/examples/go.mod +++ b/examples/go.mod @@ -1,4 +1,4 @@ -module github.com/dexidp/dex/examples +module github.com/concourse/dex/examples go 1.17 diff --git a/go.mod b/go.mod index 38055711bb..af2d03c892 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/dexidp/dex +module github.com/concourse/dex go 1.19 diff --git a/pkg/groups/groups_test.go b/pkg/groups/groups_test.go index 0be62fb430..2ff38a2df8 100644 --- a/pkg/groups/groups_test.go +++ b/pkg/groups/groups_test.go @@ -5,7 +5,7 @@ import ( "github.com/stretchr/testify/assert" - "github.com/dexidp/dex/pkg/groups" + "github.com/concourse/dex/pkg/groups" ) func TestFilter(t *testing.T) { diff --git a/pkg/httpclient/httpclient_test.go b/pkg/httpclient/httpclient_test.go index 07baea04ee..567778e10b 100644 --- a/pkg/httpclient/httpclient_test.go +++ b/pkg/httpclient/httpclient_test.go @@ -10,7 +10,7 @@ import ( "github.com/stretchr/testify/assert" - "github.com/dexidp/dex/pkg/httpclient" + "github.com/concourse/dex/pkg/httpclient" ) func TestRootCAs(t *testing.T) { diff --git a/server/api.go b/server/api.go index a68742b3cc..7370a114f5 100644 --- a/server/api.go +++ b/server/api.go @@ -8,9 +8,9 @@ import ( "golang.org/x/crypto/bcrypt" "github.com/dexidp/dex/api/v2" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/server/internal" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/server/internal" + "github.com/concourse/dex/storage" ) // apiVersion increases every time a new call is added to the API. Clients should use this info diff --git a/server/api_test.go b/server/api_test.go index 01c59cf875..b69a6b0b06 100644 --- a/server/api_test.go +++ b/server/api_test.go @@ -12,10 +12,10 @@ import ( "google.golang.org/grpc/credentials/insecure" "github.com/dexidp/dex/api/v2" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/server/internal" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/memory" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/server/internal" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/memory" ) // apiClient is a test gRPC client. When constructed, it runs a server in diff --git a/server/deviceflowhandlers.go b/server/deviceflowhandlers.go index 95fed3b3c3..72ea5e923f 100644 --- a/server/deviceflowhandlers.go +++ b/server/deviceflowhandlers.go @@ -13,8 +13,8 @@ import ( "golang.org/x/net/html" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" ) type deviceCodeResponse struct { diff --git a/server/deviceflowhandlers_test.go b/server/deviceflowhandlers_test.go index 9a9f28584e..c7a67474c1 100644 --- a/server/deviceflowhandlers_test.go +++ b/server/deviceflowhandlers_test.go @@ -13,7 +13,7 @@ import ( "testing" "time" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) func TestDeviceVerificationURI(t *testing.T) { diff --git a/server/handlers.go b/server/handlers.go index b497c123fa..f23e9db6ea 100755 --- a/server/handlers.go +++ b/server/handlers.go @@ -20,9 +20,9 @@ import ( "github.com/gorilla/mux" jose "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/server/internal" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/server/internal" + "github.com/concourse/dex/storage" ) const ( diff --git a/server/handlers_test.go b/server/handlers_test.go index fb1a05064f..44e4888531 100644 --- a/server/handlers_test.go +++ b/server/handlers_test.go @@ -18,7 +18,7 @@ import ( "github.com/stretchr/testify/require" "golang.org/x/oauth2" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) func TestHandleHealth(t *testing.T) { diff --git a/server/oauth2.go b/server/oauth2.go index 4139412291..9bb58c0b9e 100644 --- a/server/oauth2.go +++ b/server/oauth2.go @@ -23,9 +23,9 @@ import ( jose "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/server/internal" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/server/internal" + "github.com/concourse/dex/storage" ) // TODO(ericchiang): clean this file up and figure out more idiomatic error handling. diff --git a/server/oauth2_test.go b/server/oauth2_test.go index 710382aa23..b11ecaa3d8 100644 --- a/server/oauth2_test.go +++ b/server/oauth2_test.go @@ -12,8 +12,8 @@ import ( "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/memory" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/memory" ) func TestParseAuthorizationRequest(t *testing.T) { diff --git a/server/refreshhandlers.go b/server/refreshhandlers.go index ecfda137f0..f043396acc 100644 --- a/server/refreshhandlers.go +++ b/server/refreshhandlers.go @@ -8,9 +8,9 @@ import ( "strings" "time" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/server/internal" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/server/internal" + "github.com/concourse/dex/storage" ) func contains(arr []string, item string) bool { diff --git a/server/refreshhandlers_test.go b/server/refreshhandlers_test.go index c64c50b330..9dc953b7f7 100644 --- a/server/refreshhandlers_test.go +++ b/server/refreshhandlers_test.go @@ -13,8 +13,8 @@ import ( "github.com/stretchr/testify/require" - "github.com/dexidp/dex/server/internal" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/server/internal" + "github.com/concourse/dex/storage" ) func mockRefreshTokenTestStorage(t *testing.T, s storage.Storage, useObsolete bool) { diff --git a/server/rotation.go b/server/rotation.go index 98489767e0..8a4af3dfa7 100644 --- a/server/rotation.go +++ b/server/rotation.go @@ -12,8 +12,8 @@ import ( "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" ) var errAlreadyRotated = errors.New("keys already rotated by another server instance") diff --git a/server/rotation_test.go b/server/rotation_test.go index e279bf543e..9a7972dbae 100644 --- a/server/rotation_test.go +++ b/server/rotation_test.go @@ -9,8 +9,8 @@ import ( "github.com/sirupsen/logrus" "github.com/stretchr/testify/require" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/memory" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/memory" ) func signingKeyID(t *testing.T, s storage.Storage) string { diff --git a/server/server.go b/server/server.go index 731f346769..04228405c4 100755 --- a/server/server.go +++ b/server/server.go @@ -25,27 +25,27 @@ import ( "github.com/prometheus/client_golang/prometheus" "golang.org/x/crypto/bcrypt" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/connector/atlassiancrowd" - "github.com/dexidp/dex/connector/authproxy" - "github.com/dexidp/dex/connector/bitbucketcloud" - "github.com/dexidp/dex/connector/cloudfoundry" - "github.com/dexidp/dex/connector/gitea" - "github.com/dexidp/dex/connector/github" - "github.com/dexidp/dex/connector/gitlab" - "github.com/dexidp/dex/connector/google" - "github.com/dexidp/dex/connector/keystone" - "github.com/dexidp/dex/connector/ldap" - "github.com/dexidp/dex/connector/linkedin" - "github.com/dexidp/dex/connector/microsoft" - "github.com/dexidp/dex/connector/mock" - "github.com/dexidp/dex/connector/oauth" - "github.com/dexidp/dex/connector/oidc" - "github.com/dexidp/dex/connector/openshift" - "github.com/dexidp/dex/connector/saml" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/web" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/connector/atlassiancrowd" + "github.com/concourse/dex/connector/authproxy" + "github.com/concourse/dex/connector/bitbucketcloud" + "github.com/concourse/dex/connector/cloudfoundry" + "github.com/concourse/dex/connector/gitea" + "github.com/concourse/dex/connector/github" + "github.com/concourse/dex/connector/gitlab" + "github.com/concourse/dex/connector/google" + "github.com/concourse/dex/connector/keystone" + "github.com/concourse/dex/connector/ldap" + "github.com/concourse/dex/connector/linkedin" + "github.com/concourse/dex/connector/microsoft" + "github.com/concourse/dex/connector/mock" + "github.com/concourse/dex/connector/oauth" + "github.com/concourse/dex/connector/oidc" + "github.com/concourse/dex/connector/openshift" + "github.com/concourse/dex/connector/saml" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/web" ) // LocalConnector is the local passwordDB connector which is an internal diff --git a/server/server_test.go b/server/server_test.go index 03dc6d259b..a955669918 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -31,10 +31,10 @@ import ( "golang.org/x/oauth2" jose "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/connector/mock" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/memory" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/connector/mock" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/memory" ) func mustLoad(s string) *rsa.PrivateKey { diff --git a/storage/conformance/conformance.go b/storage/conformance/conformance.go index 1b45b76c3a..8bdda0d981 100644 --- a/storage/conformance/conformance.go +++ b/storage/conformance/conformance.go @@ -11,7 +11,7 @@ import ( "golang.org/x/crypto/bcrypt" jose "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // ensure that values being tested on never expire. diff --git a/storage/conformance/transactions.go b/storage/conformance/transactions.go index 1d4011a423..cffe06a28a 100644 --- a/storage/conformance/transactions.go +++ b/storage/conformance/transactions.go @@ -6,7 +6,7 @@ import ( "golang.org/x/crypto/bcrypt" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // RunTransactionTests runs a test suite aimed a verifying the transaction diff --git a/storage/ent/client/authcode.go b/storage/ent/client/authcode.go index b6b263bff8..31fd891f9a 100644 --- a/storage/ent/client/authcode.go +++ b/storage/ent/client/authcode.go @@ -3,7 +3,7 @@ package client import ( "context" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // CreateAuthCode saves provided auth code into the database. diff --git a/storage/ent/client/authrequest.go b/storage/ent/client/authrequest.go index d68fd438a1..a54acfcaf9 100644 --- a/storage/ent/client/authrequest.go +++ b/storage/ent/client/authrequest.go @@ -4,7 +4,7 @@ import ( "context" "fmt" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // CreateAuthRequest saves provided auth request into the database. diff --git a/storage/ent/client/client.go b/storage/ent/client/client.go index 07434bd60b..ae9da0b415 100644 --- a/storage/ent/client/client.go +++ b/storage/ent/client/client.go @@ -3,7 +3,7 @@ package client import ( "context" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // CreateClient saves provided oauth2 client settings into the database. diff --git a/storage/ent/client/connector.go b/storage/ent/client/connector.go index bfec4418dd..3c7461bb18 100644 --- a/storage/ent/client/connector.go +++ b/storage/ent/client/connector.go @@ -3,7 +3,7 @@ package client import ( "context" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // CreateConnector saves a connector into the database. diff --git a/storage/ent/client/devicerequest.go b/storage/ent/client/devicerequest.go index 6e9c25001d..d200997e87 100644 --- a/storage/ent/client/devicerequest.go +++ b/storage/ent/client/devicerequest.go @@ -3,8 +3,8 @@ package client import ( "context" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db/devicerequest" ) // CreateDeviceRequest saves provided device request into the database. diff --git a/storage/ent/client/devicetoken.go b/storage/ent/client/devicetoken.go index 99cf077d02..2fb412fb03 100644 --- a/storage/ent/client/devicetoken.go +++ b/storage/ent/client/devicetoken.go @@ -3,8 +3,8 @@ package client import ( "context" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db/devicetoken" ) // CreateDeviceToken saves provided token into the database. diff --git a/storage/ent/client/keys.go b/storage/ent/client/keys.go index f65d40fc21..3f06032735 100644 --- a/storage/ent/client/keys.go +++ b/storage/ent/client/keys.go @@ -4,8 +4,8 @@ import ( "context" "errors" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db" ) func getKeys(client *db.KeysClient) (storage.Keys, error) { diff --git a/storage/ent/client/main.go b/storage/ent/client/main.go index bc4c1600ac..cf7abc8ec3 100644 --- a/storage/ent/client/main.go +++ b/storage/ent/client/main.go @@ -6,13 +6,13 @@ import ( "hash" "time" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db" - "github.com/dexidp/dex/storage/ent/db/authcode" - "github.com/dexidp/dex/storage/ent/db/authrequest" - "github.com/dexidp/dex/storage/ent/db/devicerequest" - "github.com/dexidp/dex/storage/ent/db/devicetoken" - "github.com/dexidp/dex/storage/ent/db/migrate" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db" + "github.com/concourse/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/migrate" ) var _ storage.Storage = (*Database)(nil) diff --git a/storage/ent/client/offlinesession.go b/storage/ent/client/offlinesession.go index 9f54ea1d3c..df6cf240e5 100644 --- a/storage/ent/client/offlinesession.go +++ b/storage/ent/client/offlinesession.go @@ -5,7 +5,7 @@ import ( "encoding/json" "fmt" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // CreateOfflineSessions saves provided offline session into the database. diff --git a/storage/ent/client/password.go b/storage/ent/client/password.go index daaae30cea..ce36559e70 100644 --- a/storage/ent/client/password.go +++ b/storage/ent/client/password.go @@ -4,8 +4,8 @@ import ( "context" "strings" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db/password" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db/password" ) // CreatePassword saves provided password into the database. diff --git a/storage/ent/client/refreshtoken.go b/storage/ent/client/refreshtoken.go index eca048f463..c861385959 100644 --- a/storage/ent/client/refreshtoken.go +++ b/storage/ent/client/refreshtoken.go @@ -3,7 +3,7 @@ package client import ( "context" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // CreateRefresh saves provided refresh token into the database. diff --git a/storage/ent/client/types.go b/storage/ent/client/types.go index 397d4d30a2..3b0eed0a73 100644 --- a/storage/ent/client/types.go +++ b/storage/ent/client/types.go @@ -4,8 +4,8 @@ import ( "encoding/json" "strings" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db" ) const keysRowID = "keys" diff --git a/storage/ent/client/utils.go b/storage/ent/client/utils.go index 65c037ac3c..daf0f2fa6b 100644 --- a/storage/ent/client/utils.go +++ b/storage/ent/client/utils.go @@ -6,8 +6,8 @@ import ( "github.com/pkg/errors" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db" ) func rollback(tx *db.Tx, t string, err error) error { diff --git a/storage/ent/db/authcode.go b/storage/ent/db/authcode.go index 6ddbeb57dc..3f60c2d918 100644 --- a/storage/ent/db/authcode.go +++ b/storage/ent/db/authcode.go @@ -9,7 +9,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/authcode" ) // AuthCode is the model entity for the AuthCode schema. diff --git a/storage/ent/db/authcode/where.go b/storage/ent/db/authcode/where.go index be1954d7bb..abf54ddba6 100644 --- a/storage/ent/db/authcode/where.go +++ b/storage/ent/db/authcode/where.go @@ -6,7 +6,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/authcode_create.go b/storage/ent/db/authcode_create.go index c075c3d3fc..ef1f824b59 100644 --- a/storage/ent/db/authcode_create.go +++ b/storage/ent/db/authcode_create.go @@ -10,7 +10,7 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/authcode" ) // AuthCodeCreate is the builder for creating a AuthCode entity. diff --git a/storage/ent/db/authcode_delete.go b/storage/ent/db/authcode_delete.go index 3471394ad2..27dbd1c593 100644 --- a/storage/ent/db/authcode_delete.go +++ b/storage/ent/db/authcode_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/authcode" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/predicate" ) // AuthCodeDelete is the builder for deleting a AuthCode entity. diff --git a/storage/ent/db/authcode_query.go b/storage/ent/db/authcode_query.go index a82a450686..199f106999 100644 --- a/storage/ent/db/authcode_query.go +++ b/storage/ent/db/authcode_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/authcode" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/predicate" ) // AuthCodeQuery is the builder for querying AuthCode entities. diff --git a/storage/ent/db/authcode_update.go b/storage/ent/db/authcode_update.go index 5d9764bcf4..9b70a5ac3f 100644 --- a/storage/ent/db/authcode_update.go +++ b/storage/ent/db/authcode_update.go @@ -11,8 +11,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/authcode" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/predicate" ) // AuthCodeUpdate is the builder for updating AuthCode entities. diff --git a/storage/ent/db/authrequest.go b/storage/ent/db/authrequest.go index 095427ae2d..80ea77eb5a 100644 --- a/storage/ent/db/authrequest.go +++ b/storage/ent/db/authrequest.go @@ -9,7 +9,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/authrequest" ) // AuthRequest is the model entity for the AuthRequest schema. diff --git a/storage/ent/db/authrequest/where.go b/storage/ent/db/authrequest/where.go index 1fd1d4e49a..813571d3c2 100644 --- a/storage/ent/db/authrequest/where.go +++ b/storage/ent/db/authrequest/where.go @@ -6,7 +6,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/authrequest_create.go b/storage/ent/db/authrequest_create.go index c353c18201..cd48d15dbe 100644 --- a/storage/ent/db/authrequest_create.go +++ b/storage/ent/db/authrequest_create.go @@ -10,7 +10,7 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/authrequest" ) // AuthRequestCreate is the builder for creating a AuthRequest entity. diff --git a/storage/ent/db/authrequest_delete.go b/storage/ent/db/authrequest_delete.go index 495f467609..3b8873e42e 100644 --- a/storage/ent/db/authrequest_delete.go +++ b/storage/ent/db/authrequest_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/authrequest" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/predicate" ) // AuthRequestDelete is the builder for deleting a AuthRequest entity. diff --git a/storage/ent/db/authrequest_query.go b/storage/ent/db/authrequest_query.go index 577da17b06..dafd295c2b 100644 --- a/storage/ent/db/authrequest_query.go +++ b/storage/ent/db/authrequest_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/authrequest" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/predicate" ) // AuthRequestQuery is the builder for querying AuthRequest entities. diff --git a/storage/ent/db/authrequest_update.go b/storage/ent/db/authrequest_update.go index f0bf9b341e..144f63dc3c 100644 --- a/storage/ent/db/authrequest_update.go +++ b/storage/ent/db/authrequest_update.go @@ -11,8 +11,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/authrequest" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/predicate" ) // AuthRequestUpdate is the builder for updating AuthRequest entities. diff --git a/storage/ent/db/client.go b/storage/ent/db/client.go index 4bf5586513..472644e5c6 100644 --- a/storage/ent/db/client.go +++ b/storage/ent/db/client.go @@ -8,18 +8,18 @@ import ( "fmt" "log" - "github.com/dexidp/dex/storage/ent/db/migrate" - - "github.com/dexidp/dex/storage/ent/db/authcode" - "github.com/dexidp/dex/storage/ent/db/authrequest" - "github.com/dexidp/dex/storage/ent/db/connector" - "github.com/dexidp/dex/storage/ent/db/devicerequest" - "github.com/dexidp/dex/storage/ent/db/devicetoken" - "github.com/dexidp/dex/storage/ent/db/keys" - "github.com/dexidp/dex/storage/ent/db/oauth2client" - "github.com/dexidp/dex/storage/ent/db/offlinesession" - "github.com/dexidp/dex/storage/ent/db/password" - "github.com/dexidp/dex/storage/ent/db/refreshtoken" + "github.com/concourse/dex/storage/ent/db/migrate" + + "github.com/concourse/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/connector" + "github.com/concourse/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/keys" + "github.com/concourse/dex/storage/ent/db/oauth2client" + "github.com/concourse/dex/storage/ent/db/offlinesession" + "github.com/concourse/dex/storage/ent/db/password" + "github.com/concourse/dex/storage/ent/db/refreshtoken" "entgo.io/ent/dialect" "entgo.io/ent/dialect/sql" diff --git a/storage/ent/db/connector.go b/storage/ent/db/connector.go index 65cd4d25e8..58113c412a 100644 --- a/storage/ent/db/connector.go +++ b/storage/ent/db/connector.go @@ -7,7 +7,7 @@ import ( "strings" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/connector" + "github.com/concourse/dex/storage/ent/db/connector" ) // Connector is the model entity for the Connector schema. diff --git a/storage/ent/db/connector/where.go b/storage/ent/db/connector/where.go index e48576de93..82017f2496 100644 --- a/storage/ent/db/connector/where.go +++ b/storage/ent/db/connector/where.go @@ -4,7 +4,7 @@ package connector import ( "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/connector_create.go b/storage/ent/db/connector_create.go index ecff1c2f18..02cf77052e 100644 --- a/storage/ent/db/connector_create.go +++ b/storage/ent/db/connector_create.go @@ -9,7 +9,7 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/connector" + "github.com/concourse/dex/storage/ent/db/connector" ) // ConnectorCreate is the builder for creating a Connector entity. diff --git a/storage/ent/db/connector_delete.go b/storage/ent/db/connector_delete.go index 0c5381eef5..a9d821fa62 100644 --- a/storage/ent/db/connector_delete.go +++ b/storage/ent/db/connector_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/connector" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/connector" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ConnectorDelete is the builder for deleting a Connector entity. diff --git a/storage/ent/db/connector_query.go b/storage/ent/db/connector_query.go index 32d6020499..4f3c721b4b 100644 --- a/storage/ent/db/connector_query.go +++ b/storage/ent/db/connector_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/connector" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/connector" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ConnectorQuery is the builder for querying Connector entities. diff --git a/storage/ent/db/connector_update.go b/storage/ent/db/connector_update.go index 736d0a62fb..e0bbe02070 100644 --- a/storage/ent/db/connector_update.go +++ b/storage/ent/db/connector_update.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/connector" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/connector" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ConnectorUpdate is the builder for updating Connector entities. diff --git a/storage/ent/db/devicerequest.go b/storage/ent/db/devicerequest.go index d358f1741f..494ef89a70 100644 --- a/storage/ent/db/devicerequest.go +++ b/storage/ent/db/devicerequest.go @@ -9,7 +9,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/devicerequest" ) // DeviceRequest is the model entity for the DeviceRequest schema. diff --git a/storage/ent/db/devicerequest/where.go b/storage/ent/db/devicerequest/where.go index 5cb5ce4489..a1a87f8376 100644 --- a/storage/ent/db/devicerequest/where.go +++ b/storage/ent/db/devicerequest/where.go @@ -6,7 +6,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/devicerequest_create.go b/storage/ent/db/devicerequest_create.go index ae7644ca0c..cc61023295 100644 --- a/storage/ent/db/devicerequest_create.go +++ b/storage/ent/db/devicerequest_create.go @@ -10,7 +10,7 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/devicerequest" ) // DeviceRequestCreate is the builder for creating a DeviceRequest entity. diff --git a/storage/ent/db/devicerequest_delete.go b/storage/ent/db/devicerequest_delete.go index 635a8a498d..3e210730c6 100644 --- a/storage/ent/db/devicerequest_delete.go +++ b/storage/ent/db/devicerequest_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/devicerequest" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/predicate" ) // DeviceRequestDelete is the builder for deleting a DeviceRequest entity. diff --git a/storage/ent/db/devicerequest_query.go b/storage/ent/db/devicerequest_query.go index 3fd43dd89d..ca48028354 100644 --- a/storage/ent/db/devicerequest_query.go +++ b/storage/ent/db/devicerequest_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/devicerequest" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/predicate" ) // DeviceRequestQuery is the builder for querying DeviceRequest entities. diff --git a/storage/ent/db/devicerequest_update.go b/storage/ent/db/devicerequest_update.go index 2bf38af697..839d3e0e4a 100644 --- a/storage/ent/db/devicerequest_update.go +++ b/storage/ent/db/devicerequest_update.go @@ -11,8 +11,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/devicerequest" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/predicate" ) // DeviceRequestUpdate is the builder for updating DeviceRequest entities. diff --git a/storage/ent/db/devicetoken.go b/storage/ent/db/devicetoken.go index 0daa128064..a84a360570 100644 --- a/storage/ent/db/devicetoken.go +++ b/storage/ent/db/devicetoken.go @@ -8,7 +8,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/devicetoken" ) // DeviceToken is the model entity for the DeviceToken schema. diff --git a/storage/ent/db/devicetoken/where.go b/storage/ent/db/devicetoken/where.go index a8e33f1e00..41567acc65 100644 --- a/storage/ent/db/devicetoken/where.go +++ b/storage/ent/db/devicetoken/where.go @@ -6,7 +6,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/devicetoken_create.go b/storage/ent/db/devicetoken_create.go index bbf67e5a29..58e7093bcf 100644 --- a/storage/ent/db/devicetoken_create.go +++ b/storage/ent/db/devicetoken_create.go @@ -10,7 +10,7 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/devicetoken" ) // DeviceTokenCreate is the builder for creating a DeviceToken entity. diff --git a/storage/ent/db/devicetoken_delete.go b/storage/ent/db/devicetoken_delete.go index 3c196aac09..f3644bea99 100644 --- a/storage/ent/db/devicetoken_delete.go +++ b/storage/ent/db/devicetoken_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/devicetoken" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/predicate" ) // DeviceTokenDelete is the builder for deleting a DeviceToken entity. diff --git a/storage/ent/db/devicetoken_query.go b/storage/ent/db/devicetoken_query.go index 1860a841ad..f4007ea1e0 100644 --- a/storage/ent/db/devicetoken_query.go +++ b/storage/ent/db/devicetoken_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/devicetoken" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/predicate" ) // DeviceTokenQuery is the builder for querying DeviceToken entities. diff --git a/storage/ent/db/devicetoken_update.go b/storage/ent/db/devicetoken_update.go index cc0b92f5ba..3a42da85f2 100644 --- a/storage/ent/db/devicetoken_update.go +++ b/storage/ent/db/devicetoken_update.go @@ -11,8 +11,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/devicetoken" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/predicate" ) // DeviceTokenUpdate is the builder for updating DeviceToken entities. diff --git a/storage/ent/db/ent.go b/storage/ent/db/ent.go index ed76b32b51..6d28a816c3 100644 --- a/storage/ent/db/ent.go +++ b/storage/ent/db/ent.go @@ -10,16 +10,16 @@ import ( "entgo.io/ent" "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" - "github.com/dexidp/dex/storage/ent/db/authcode" - "github.com/dexidp/dex/storage/ent/db/authrequest" - "github.com/dexidp/dex/storage/ent/db/connector" - "github.com/dexidp/dex/storage/ent/db/devicerequest" - "github.com/dexidp/dex/storage/ent/db/devicetoken" - "github.com/dexidp/dex/storage/ent/db/keys" - "github.com/dexidp/dex/storage/ent/db/oauth2client" - "github.com/dexidp/dex/storage/ent/db/offlinesession" - "github.com/dexidp/dex/storage/ent/db/password" - "github.com/dexidp/dex/storage/ent/db/refreshtoken" + "github.com/concourse/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/connector" + "github.com/concourse/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/keys" + "github.com/concourse/dex/storage/ent/db/oauth2client" + "github.com/concourse/dex/storage/ent/db/offlinesession" + "github.com/concourse/dex/storage/ent/db/password" + "github.com/concourse/dex/storage/ent/db/refreshtoken" ) // ent aliases to avoid import conflicts in user's code. diff --git a/storage/ent/db/enttest/enttest.go b/storage/ent/db/enttest/enttest.go index ecbb02d930..73dc40add5 100644 --- a/storage/ent/db/enttest/enttest.go +++ b/storage/ent/db/enttest/enttest.go @@ -5,12 +5,12 @@ package enttest import ( "context" - "github.com/dexidp/dex/storage/ent/db" + "github.com/concourse/dex/storage/ent/db" // required by schema hooks. - _ "github.com/dexidp/dex/storage/ent/db/runtime" + _ "github.com/concourse/dex/storage/ent/db/runtime" "entgo.io/ent/dialect/sql/schema" - "github.com/dexidp/dex/storage/ent/db/migrate" + "github.com/concourse/dex/storage/ent/db/migrate" ) type ( diff --git a/storage/ent/db/hook/hook.go b/storage/ent/db/hook/hook.go index 856e5e5949..b8ad6c6a8b 100644 --- a/storage/ent/db/hook/hook.go +++ b/storage/ent/db/hook/hook.go @@ -6,7 +6,7 @@ import ( "context" "fmt" - "github.com/dexidp/dex/storage/ent/db" + "github.com/concourse/dex/storage/ent/db" ) // The AuthCodeFunc type is an adapter to allow the use of ordinary diff --git a/storage/ent/db/keys.go b/storage/ent/db/keys.go index d307ad8ed2..5361dbff45 100644 --- a/storage/ent/db/keys.go +++ b/storage/ent/db/keys.go @@ -9,8 +9,8 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db/keys" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db/keys" jose "gopkg.in/square/go-jose.v2" ) diff --git a/storage/ent/db/keys/where.go b/storage/ent/db/keys/where.go index f918579da8..d87592c7fc 100644 --- a/storage/ent/db/keys/where.go +++ b/storage/ent/db/keys/where.go @@ -6,7 +6,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/keys_create.go b/storage/ent/db/keys_create.go index 818ca27891..b1b55bf3bc 100644 --- a/storage/ent/db/keys_create.go +++ b/storage/ent/db/keys_create.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db/keys" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db/keys" jose "gopkg.in/square/go-jose.v2" ) diff --git a/storage/ent/db/keys_delete.go b/storage/ent/db/keys_delete.go index 5bcf970f58..1c678db8b7 100644 --- a/storage/ent/db/keys_delete.go +++ b/storage/ent/db/keys_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/keys" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/keys" + "github.com/concourse/dex/storage/ent/db/predicate" ) // KeysDelete is the builder for deleting a Keys entity. diff --git a/storage/ent/db/keys_query.go b/storage/ent/db/keys_query.go index 7d9ea9082d..f946238250 100644 --- a/storage/ent/db/keys_query.go +++ b/storage/ent/db/keys_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/keys" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/keys" + "github.com/concourse/dex/storage/ent/db/predicate" ) // KeysQuery is the builder for querying Keys entities. diff --git a/storage/ent/db/keys_update.go b/storage/ent/db/keys_update.go index b5fbefff67..7310e03c28 100644 --- a/storage/ent/db/keys_update.go +++ b/storage/ent/db/keys_update.go @@ -11,9 +11,9 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db/keys" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db/keys" + "github.com/concourse/dex/storage/ent/db/predicate" jose "gopkg.in/square/go-jose.v2" ) diff --git a/storage/ent/db/mutation.go b/storage/ent/db/mutation.go index 85e1af7240..fae7c4dad0 100644 --- a/storage/ent/db/mutation.go +++ b/storage/ent/db/mutation.go @@ -9,18 +9,18 @@ import ( "sync" "time" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db/authcode" - "github.com/dexidp/dex/storage/ent/db/authrequest" - "github.com/dexidp/dex/storage/ent/db/connector" - "github.com/dexidp/dex/storage/ent/db/devicerequest" - "github.com/dexidp/dex/storage/ent/db/devicetoken" - "github.com/dexidp/dex/storage/ent/db/keys" - "github.com/dexidp/dex/storage/ent/db/oauth2client" - "github.com/dexidp/dex/storage/ent/db/offlinesession" - "github.com/dexidp/dex/storage/ent/db/password" - "github.com/dexidp/dex/storage/ent/db/predicate" - "github.com/dexidp/dex/storage/ent/db/refreshtoken" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/connector" + "github.com/concourse/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/keys" + "github.com/concourse/dex/storage/ent/db/oauth2client" + "github.com/concourse/dex/storage/ent/db/offlinesession" + "github.com/concourse/dex/storage/ent/db/password" + "github.com/concourse/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/refreshtoken" jose "gopkg.in/square/go-jose.v2" "entgo.io/ent" diff --git a/storage/ent/db/oauth2client.go b/storage/ent/db/oauth2client.go index f96ca218e1..30418fcf54 100644 --- a/storage/ent/db/oauth2client.go +++ b/storage/ent/db/oauth2client.go @@ -8,7 +8,7 @@ import ( "strings" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/oauth2client" + "github.com/concourse/dex/storage/ent/db/oauth2client" ) // OAuth2Client is the model entity for the OAuth2Client schema. diff --git a/storage/ent/db/oauth2client/where.go b/storage/ent/db/oauth2client/where.go index d74a6ab78e..17927306b8 100644 --- a/storage/ent/db/oauth2client/where.go +++ b/storage/ent/db/oauth2client/where.go @@ -4,7 +4,7 @@ package oauth2client import ( "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/oauth2client_create.go b/storage/ent/db/oauth2client_create.go index 02c41a8377..ac0719dfe1 100644 --- a/storage/ent/db/oauth2client_create.go +++ b/storage/ent/db/oauth2client_create.go @@ -9,7 +9,7 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/oauth2client" + "github.com/concourse/dex/storage/ent/db/oauth2client" ) // OAuth2ClientCreate is the builder for creating a OAuth2Client entity. diff --git a/storage/ent/db/oauth2client_delete.go b/storage/ent/db/oauth2client_delete.go index 239d904dc2..cc70c8fe0a 100644 --- a/storage/ent/db/oauth2client_delete.go +++ b/storage/ent/db/oauth2client_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/oauth2client" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/oauth2client" + "github.com/concourse/dex/storage/ent/db/predicate" ) // OAuth2ClientDelete is the builder for deleting a OAuth2Client entity. diff --git a/storage/ent/db/oauth2client_query.go b/storage/ent/db/oauth2client_query.go index 1776c943d2..bed780975c 100644 --- a/storage/ent/db/oauth2client_query.go +++ b/storage/ent/db/oauth2client_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/oauth2client" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/oauth2client" + "github.com/concourse/dex/storage/ent/db/predicate" ) // OAuth2ClientQuery is the builder for querying OAuth2Client entities. diff --git a/storage/ent/db/oauth2client_update.go b/storage/ent/db/oauth2client_update.go index aeddbba63c..6913f3f079 100644 --- a/storage/ent/db/oauth2client_update.go +++ b/storage/ent/db/oauth2client_update.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/oauth2client" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/oauth2client" + "github.com/concourse/dex/storage/ent/db/predicate" ) // OAuth2ClientUpdate is the builder for updating OAuth2Client entities. diff --git a/storage/ent/db/offlinesession.go b/storage/ent/db/offlinesession.go index 4b797e2672..50b55c0440 100644 --- a/storage/ent/db/offlinesession.go +++ b/storage/ent/db/offlinesession.go @@ -7,7 +7,7 @@ import ( "strings" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/offlinesession" + "github.com/concourse/dex/storage/ent/db/offlinesession" ) // OfflineSession is the model entity for the OfflineSession schema. diff --git a/storage/ent/db/offlinesession/where.go b/storage/ent/db/offlinesession/where.go index 2dbab2537e..6eca11d738 100644 --- a/storage/ent/db/offlinesession/where.go +++ b/storage/ent/db/offlinesession/where.go @@ -4,7 +4,7 @@ package offlinesession import ( "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/offlinesession_create.go b/storage/ent/db/offlinesession_create.go index 82b8014f1b..54f26f82e5 100644 --- a/storage/ent/db/offlinesession_create.go +++ b/storage/ent/db/offlinesession_create.go @@ -9,7 +9,7 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/offlinesession" + "github.com/concourse/dex/storage/ent/db/offlinesession" ) // OfflineSessionCreate is the builder for creating a OfflineSession entity. diff --git a/storage/ent/db/offlinesession_delete.go b/storage/ent/db/offlinesession_delete.go index b9c60ba9a3..fa84b062ae 100644 --- a/storage/ent/db/offlinesession_delete.go +++ b/storage/ent/db/offlinesession_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/offlinesession" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/offlinesession" + "github.com/concourse/dex/storage/ent/db/predicate" ) // OfflineSessionDelete is the builder for deleting a OfflineSession entity. diff --git a/storage/ent/db/offlinesession_query.go b/storage/ent/db/offlinesession_query.go index e5e09cf16d..754bee5b8f 100644 --- a/storage/ent/db/offlinesession_query.go +++ b/storage/ent/db/offlinesession_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/offlinesession" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/offlinesession" + "github.com/concourse/dex/storage/ent/db/predicate" ) // OfflineSessionQuery is the builder for querying OfflineSession entities. diff --git a/storage/ent/db/offlinesession_update.go b/storage/ent/db/offlinesession_update.go index f9f1d9cbf1..bcc69f299c 100644 --- a/storage/ent/db/offlinesession_update.go +++ b/storage/ent/db/offlinesession_update.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/offlinesession" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/offlinesession" + "github.com/concourse/dex/storage/ent/db/predicate" ) // OfflineSessionUpdate is the builder for updating OfflineSession entities. diff --git a/storage/ent/db/password.go b/storage/ent/db/password.go index cd30ec54ed..d2fcf46db7 100644 --- a/storage/ent/db/password.go +++ b/storage/ent/db/password.go @@ -7,7 +7,7 @@ import ( "strings" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/password" + "github.com/concourse/dex/storage/ent/db/password" ) // Password is the model entity for the Password schema. diff --git a/storage/ent/db/password/where.go b/storage/ent/db/password/where.go index e33c134f2e..60b20ec13b 100644 --- a/storage/ent/db/password/where.go +++ b/storage/ent/db/password/where.go @@ -4,7 +4,7 @@ package password import ( "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/password_create.go b/storage/ent/db/password_create.go index 277a5c8321..bd54d36161 100644 --- a/storage/ent/db/password_create.go +++ b/storage/ent/db/password_create.go @@ -9,7 +9,7 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/password" + "github.com/concourse/dex/storage/ent/db/password" ) // PasswordCreate is the builder for creating a Password entity. diff --git a/storage/ent/db/password_delete.go b/storage/ent/db/password_delete.go index 6bbe5af57b..70b5aa42cd 100644 --- a/storage/ent/db/password_delete.go +++ b/storage/ent/db/password_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/password" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/password" + "github.com/concourse/dex/storage/ent/db/predicate" ) // PasswordDelete is the builder for deleting a Password entity. diff --git a/storage/ent/db/password_query.go b/storage/ent/db/password_query.go index 0da4d08aef..f993949794 100644 --- a/storage/ent/db/password_query.go +++ b/storage/ent/db/password_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/password" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/password" + "github.com/concourse/dex/storage/ent/db/predicate" ) // PasswordQuery is the builder for querying Password entities. diff --git a/storage/ent/db/password_update.go b/storage/ent/db/password_update.go index 8d149991a8..f709cb5f19 100644 --- a/storage/ent/db/password_update.go +++ b/storage/ent/db/password_update.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/password" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/password" + "github.com/concourse/dex/storage/ent/db/predicate" ) // PasswordUpdate is the builder for updating Password entities. diff --git a/storage/ent/db/refreshtoken.go b/storage/ent/db/refreshtoken.go index b5c75bb101..f19e696d2b 100644 --- a/storage/ent/db/refreshtoken.go +++ b/storage/ent/db/refreshtoken.go @@ -9,7 +9,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/refreshtoken" + "github.com/concourse/dex/storage/ent/db/refreshtoken" ) // RefreshToken is the model entity for the RefreshToken schema. diff --git a/storage/ent/db/refreshtoken/where.go b/storage/ent/db/refreshtoken/where.go index e6abf9824b..37c81885c6 100644 --- a/storage/ent/db/refreshtoken/where.go +++ b/storage/ent/db/refreshtoken/where.go @@ -6,7 +6,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/refreshtoken_create.go b/storage/ent/db/refreshtoken_create.go index e2bd6c2fad..252d273dd2 100644 --- a/storage/ent/db/refreshtoken_create.go +++ b/storage/ent/db/refreshtoken_create.go @@ -10,7 +10,7 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/refreshtoken" + "github.com/concourse/dex/storage/ent/db/refreshtoken" ) // RefreshTokenCreate is the builder for creating a RefreshToken entity. diff --git a/storage/ent/db/refreshtoken_delete.go b/storage/ent/db/refreshtoken_delete.go index 2c8d7c1e80..92ba71c168 100644 --- a/storage/ent/db/refreshtoken_delete.go +++ b/storage/ent/db/refreshtoken_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/predicate" - "github.com/dexidp/dex/storage/ent/db/refreshtoken" + "github.com/concourse/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/refreshtoken" ) // RefreshTokenDelete is the builder for deleting a RefreshToken entity. diff --git a/storage/ent/db/refreshtoken_query.go b/storage/ent/db/refreshtoken_query.go index a90ac2f912..5cc467dd77 100644 --- a/storage/ent/db/refreshtoken_query.go +++ b/storage/ent/db/refreshtoken_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/predicate" - "github.com/dexidp/dex/storage/ent/db/refreshtoken" + "github.com/concourse/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/refreshtoken" ) // RefreshTokenQuery is the builder for querying RefreshToken entities. diff --git a/storage/ent/db/refreshtoken_update.go b/storage/ent/db/refreshtoken_update.go index 6c11c7f73c..84b13f1f1c 100644 --- a/storage/ent/db/refreshtoken_update.go +++ b/storage/ent/db/refreshtoken_update.go @@ -11,8 +11,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/predicate" - "github.com/dexidp/dex/storage/ent/db/refreshtoken" + "github.com/concourse/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/refreshtoken" ) // RefreshTokenUpdate is the builder for updating RefreshToken entities. diff --git a/storage/ent/db/runtime.go b/storage/ent/db/runtime.go index 797c97613b..d3c86c6f27 100644 --- a/storage/ent/db/runtime.go +++ b/storage/ent/db/runtime.go @@ -5,17 +5,17 @@ package db import ( "time" - "github.com/dexidp/dex/storage/ent/db/authcode" - "github.com/dexidp/dex/storage/ent/db/authrequest" - "github.com/dexidp/dex/storage/ent/db/connector" - "github.com/dexidp/dex/storage/ent/db/devicerequest" - "github.com/dexidp/dex/storage/ent/db/devicetoken" - "github.com/dexidp/dex/storage/ent/db/keys" - "github.com/dexidp/dex/storage/ent/db/oauth2client" - "github.com/dexidp/dex/storage/ent/db/offlinesession" - "github.com/dexidp/dex/storage/ent/db/password" - "github.com/dexidp/dex/storage/ent/db/refreshtoken" - "github.com/dexidp/dex/storage/ent/schema" + "github.com/concourse/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/connector" + "github.com/concourse/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/keys" + "github.com/concourse/dex/storage/ent/db/oauth2client" + "github.com/concourse/dex/storage/ent/db/offlinesession" + "github.com/concourse/dex/storage/ent/db/password" + "github.com/concourse/dex/storage/ent/db/refreshtoken" + "github.com/concourse/dex/storage/ent/schema" ) // The init function reads all schema descriptors with runtime code diff --git a/storage/ent/mysql.go b/storage/ent/mysql.go index 4a9407f95c..23824db367 100644 --- a/storage/ent/mysql.go +++ b/storage/ent/mysql.go @@ -15,10 +15,10 @@ import ( entSQL "entgo.io/ent/dialect/sql" "github.com/go-sql-driver/mysql" // Register mysql driver. - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/client" - "github.com/dexidp/dex/storage/ent/db" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/client" + "github.com/concourse/dex/storage/ent/db" ) const ( diff --git a/storage/ent/mysql_test.go b/storage/ent/mysql_test.go index 6c2dfa1ddf..db51c3fe7e 100644 --- a/storage/ent/mysql_test.go +++ b/storage/ent/mysql_test.go @@ -8,8 +8,8 @@ import ( "github.com/sirupsen/logrus" "github.com/stretchr/testify/require" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/conformance" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/conformance" ) const ( diff --git a/storage/ent/postgres.go b/storage/ent/postgres.go index 1953f5992f..0b006657e4 100644 --- a/storage/ent/postgres.go +++ b/storage/ent/postgres.go @@ -14,10 +14,10 @@ import ( entSQL "entgo.io/ent/dialect/sql" _ "github.com/lib/pq" // Register postgres driver. - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/client" - "github.com/dexidp/dex/storage/ent/db" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/client" + "github.com/concourse/dex/storage/ent/db" ) // nolint diff --git a/storage/ent/postgres_test.go b/storage/ent/postgres_test.go index c8e3a54df2..92bd8ba154 100644 --- a/storage/ent/postgres_test.go +++ b/storage/ent/postgres_test.go @@ -8,8 +8,8 @@ import ( "github.com/sirupsen/logrus" "github.com/stretchr/testify/require" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/conformance" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/conformance" ) const ( diff --git a/storage/ent/schema/keys.go b/storage/ent/schema/keys.go index ec5cd3f6bb..c4b4c8adb2 100644 --- a/storage/ent/schema/keys.go +++ b/storage/ent/schema/keys.go @@ -5,7 +5,7 @@ import ( "entgo.io/ent/schema/field" "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) /* Original SQL table: diff --git a/storage/ent/sqlite.go b/storage/ent/sqlite.go index c0b442f400..cee8872c8c 100644 --- a/storage/ent/sqlite.go +++ b/storage/ent/sqlite.go @@ -8,10 +8,10 @@ import ( "entgo.io/ent/dialect/sql" _ "github.com/mattn/go-sqlite3" // Register sqlite driver. - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/client" - "github.com/dexidp/dex/storage/ent/db" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/client" + "github.com/concourse/dex/storage/ent/db" ) // SQLite3 options for creating an SQL db. diff --git a/storage/ent/sqlite_test.go b/storage/ent/sqlite_test.go index 301d769b4a..440aff8b9c 100644 --- a/storage/ent/sqlite_test.go +++ b/storage/ent/sqlite_test.go @@ -6,8 +6,8 @@ import ( "github.com/sirupsen/logrus" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/conformance" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/conformance" ) func newSQLiteStorage() storage.Storage { diff --git a/storage/etcd/config.go b/storage/etcd/config.go index 7f1a7b4fb7..10d1aeb962 100644 --- a/storage/etcd/config.go +++ b/storage/etcd/config.go @@ -7,8 +7,8 @@ import ( clientv3 "go.etcd.io/etcd/client/v3" "go.etcd.io/etcd/client/v3/namespace" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" ) var defaultDialTimeout = 2 * time.Second diff --git a/storage/etcd/etcd.go b/storage/etcd/etcd.go index 13e815ec8d..7fdc9b7adf 100644 --- a/storage/etcd/etcd.go +++ b/storage/etcd/etcd.go @@ -9,8 +9,8 @@ import ( clientv3 "go.etcd.io/etcd/client/v3" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" ) const ( diff --git a/storage/etcd/etcd_test.go b/storage/etcd/etcd_test.go index 8a9af5c9d5..e9e56678e5 100644 --- a/storage/etcd/etcd_test.go +++ b/storage/etcd/etcd_test.go @@ -12,8 +12,8 @@ import ( "github.com/sirupsen/logrus" clientv3 "go.etcd.io/etcd/client/v3" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/conformance" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/conformance" ) func withTimeout(t time.Duration, f func()) { diff --git a/storage/etcd/types.go b/storage/etcd/types.go index 91199ab655..b786e2e217 100644 --- a/storage/etcd/types.go +++ b/storage/etcd/types.go @@ -5,7 +5,7 @@ import ( jose "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // AuthCode is a mirrored struct from storage with JSON struct tags diff --git a/storage/kubernetes/client.go b/storage/kubernetes/client.go index 57f21e00cd..c08359059a 100644 --- a/storage/kubernetes/client.go +++ b/storage/kubernetes/client.go @@ -26,9 +26,9 @@ import ( "github.com/ghodss/yaml" "golang.org/x/net/http2" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/kubernetes/k8sapi" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/kubernetes/k8sapi" ) type client struct { diff --git a/storage/kubernetes/client_test.go b/storage/kubernetes/client_test.go index cfd04857b6..34801639be 100644 --- a/storage/kubernetes/client_test.go +++ b/storage/kubernetes/client_test.go @@ -13,7 +13,7 @@ import ( "github.com/sirupsen/logrus" "github.com/stretchr/testify/require" - "github.com/dexidp/dex/storage/kubernetes/k8sapi" + "github.com/concourse/dex/storage/kubernetes/k8sapi" ) // This test does not have an explicit error condition but is used diff --git a/storage/kubernetes/storage.go b/storage/kubernetes/storage.go index 0979f14ac0..4d3543afe3 100644 --- a/storage/kubernetes/storage.go +++ b/storage/kubernetes/storage.go @@ -9,9 +9,9 @@ import ( "strings" "time" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/kubernetes/k8sapi" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/kubernetes/k8sapi" ) const ( diff --git a/storage/kubernetes/storage_test.go b/storage/kubernetes/storage_test.go index d0048506be..e394dbd9a7 100644 --- a/storage/kubernetes/storage_test.go +++ b/storage/kubernetes/storage_test.go @@ -17,8 +17,8 @@ import ( "github.com/stretchr/testify/require" "github.com/stretchr/testify/suite" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/conformance" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/conformance" ) const kubeconfigPathVariableName = "DEX_KUBERNETES_CONFIG_PATH" diff --git a/storage/kubernetes/transport.go b/storage/kubernetes/transport.go index 5d39c27fba..e764630034 100644 --- a/storage/kubernetes/transport.go +++ b/storage/kubernetes/transport.go @@ -6,7 +6,7 @@ import ( "sync" "time" - "github.com/dexidp/dex/storage/kubernetes/k8sapi" + "github.com/concourse/dex/storage/kubernetes/k8sapi" ) // transport is a simple http.Transport wrapper diff --git a/storage/kubernetes/types.go b/storage/kubernetes/types.go index a5ec29afd4..57bec68e8a 100644 --- a/storage/kubernetes/types.go +++ b/storage/kubernetes/types.go @@ -6,8 +6,8 @@ import ( jose "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/kubernetes/k8sapi" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/kubernetes/k8sapi" ) const ( diff --git a/storage/memory/memory.go b/storage/memory/memory.go index a940665714..447d058735 100644 --- a/storage/memory/memory.go +++ b/storage/memory/memory.go @@ -6,8 +6,8 @@ import ( "sync" "time" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" ) // New returns an in memory storage. diff --git a/storage/memory/memory_test.go b/storage/memory/memory_test.go index 84a8826ef2..9c020ee095 100644 --- a/storage/memory/memory_test.go +++ b/storage/memory/memory_test.go @@ -6,8 +6,8 @@ import ( "github.com/sirupsen/logrus" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/conformance" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/conformance" ) func TestStorage(t *testing.T) { diff --git a/storage/memory/static_test.go b/storage/memory/static_test.go index 8513e0ee89..fdca32882d 100644 --- a/storage/memory/static_test.go +++ b/storage/memory/static_test.go @@ -8,7 +8,7 @@ import ( "github.com/sirupsen/logrus" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) func TestStaticClients(t *testing.T) { diff --git a/storage/sql/config.go b/storage/sql/config.go index 1aedf04cae..ee846fab06 100644 --- a/storage/sql/config.go +++ b/storage/sql/config.go @@ -15,8 +15,8 @@ import ( "github.com/go-sql-driver/mysql" "github.com/lib/pq" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" ) const ( diff --git a/storage/sql/config_test.go b/storage/sql/config_test.go index 1178728c1a..1eca0194a8 100644 --- a/storage/sql/config_test.go +++ b/storage/sql/config_test.go @@ -10,9 +10,9 @@ import ( "github.com/sirupsen/logrus" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/conformance" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/conformance" ) func withTimeout(t time.Duration, f func()) { diff --git a/storage/sql/crud.go b/storage/sql/crud.go index 1583c17741..4a1d6e6767 100644 --- a/storage/sql/crud.go +++ b/storage/sql/crud.go @@ -9,7 +9,7 @@ import ( "strings" "time" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // TODO(ericchiang): The update, insert, and select methods queries are all diff --git a/storage/sql/sql.go b/storage/sql/sql.go index 0a29216936..dad6a79ad4 100644 --- a/storage/sql/sql.go +++ b/storage/sql/sql.go @@ -10,7 +10,7 @@ import ( _ "github.com/lib/pq" _ "github.com/mattn/go-sqlite3" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/pkg/log" ) // flavor represents a specific SQL implementation, and is used to translate query strings diff --git a/storage/sql/sqlite.go b/storage/sql/sqlite.go index 43df671a7c..eb0d7fcaad 100644 --- a/storage/sql/sqlite.go +++ b/storage/sql/sqlite.go @@ -9,8 +9,8 @@ import ( sqlite3 "github.com/mattn/go-sqlite3" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" ) // SQLite3 options for creating an SQL db. diff --git a/storage/static.go b/storage/static.go index 806b61f9cd..c5a8acaf90 100644 --- a/storage/static.go +++ b/storage/static.go @@ -4,7 +4,7 @@ import ( "errors" "strings" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/pkg/log" ) // Tests for this code are in the "memory" package, since this package doesn't From 229e0b5f2d502ff6cd8f5f67f51f95b98ea3f995 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Feb 2023 10:00:31 +0000 Subject: [PATCH 28/28] build(deps): bump golang from 1.19.2-alpine3.16 to 1.20.1-alpine3.16 Bumps golang from 1.19.2-alpine3.16 to 1.20.1-alpine3.16. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 12b3a7a739..647c472f13 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_IMAGE=alpine -FROM golang:1.19.2-alpine3.16 AS builder +FROM golang:1.20.1-alpine3.16 AS builder WORKDIR /usr/local/src/dex