From 520037e72149dd65f06b70db006984967c0523b0 Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Fri, 5 Nov 2021 12:20:08 -0700 Subject: [PATCH] move to jwt-go v4 with correct releases (#13586) --- Makefile | 8 ++++---- cmd/jwt.go | 4 ++-- cmd/jwt_test.go | 2 +- cmd/storage-rest-server.go | 2 +- cmd/sts-handlers.go | 10 ++++++---- go.mod | 2 +- go.sum | 2 ++ internal/auth/credentials.go | 2 +- internal/config/dns/operator_dns.go | 2 +- internal/config/identity/openid/ecdsa-sha3_contrib.go | 2 +- internal/config/identity/openid/jwt.go | 2 +- internal/config/identity/openid/jwt_test.go | 2 +- internal/config/identity/openid/rsa-sha3_contrib.go | 2 +- internal/config/subnet/license.go | 2 +- internal/jwt/parser.go | 2 +- internal/jwt/parser_test.go | 2 +- 16 files changed, 26 insertions(+), 22 deletions(-) diff --git a/Makefile b/Makefile index acc78a4fa..699eb9494 100644 --- a/Makefile +++ b/Makefile @@ -20,8 +20,8 @@ help: ## print this help getdeps: ## fetch necessary dependencies @mkdir -p ${GOPATH}/bin @echo "Installing golangci-lint" && curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOPATH)/bin v1.40.1 - @which msgp 1>/dev/null || (echo "Installing msgp" && go install -v github.com/tinylib/msgp@v1.1.3) - @which stringer 1>/dev/null || (echo "Installing stringer" && go install -v golang.org/x/tools/cmd/stringer) + @echo "Installing msgp" && go install -v github.com/tinylib/msgp@latest + @echo "Installing stringer" && go install -v golang.org/x/tools/cmd/stringer@latest crosscompile: ## cross compile minio @(env bash $(PWD)/buildscripts/cross-compile.sh) @@ -40,7 +40,7 @@ lint: ## runs golangci-lint suite of linters check: test test: verifiers build ## builds minio, runs linters, tests @echo "Running unit tests" - @GOGC=25 GO111MODULE=on CGO_ENABLED=0 go test -tags kqueue ./... 1>/dev/null + @GO111MODULE=on CGO_ENABLED=0 go test -tags kqueue ./... 1>/dev/null test-race: verifiers build @echo "Running unit tests under -race" @@ -50,7 +50,7 @@ test-ldap: build @echo "Running tests for LDAP integration" @CGO_ENABLED=0 go test -tags kqueue -v -run TestIAMWithLDAPServerSuite ./cmd @echo "Running tests for LDAP integration with -race" - @GOGC=25 CGO_ENABLED=1 go test -race -tags kqueue -v -run TestIAMWithLDAPServerSuite ./cmd + @CGO_ENABLED=1 go test -race -tags kqueue -v -run TestIAMWithLDAPServerSuite ./cmd verify: ## verify minio various setups @echo "Verifying build with race" diff --git a/cmd/jwt.go b/cmd/jwt.go index e94077be9..a8d409576 100644 --- a/cmd/jwt.go +++ b/cmd/jwt.go @@ -22,8 +22,8 @@ import ( "net/http" "time" - jwtgo "github.com/golang-jwt/jwt" - jwtreq "github.com/golang-jwt/jwt/request" + jwtgo "github.com/golang-jwt/jwt/v4" + jwtreq "github.com/golang-jwt/jwt/v4/request" "github.com/minio/minio/internal/auth" xjwt "github.com/minio/minio/internal/jwt" "github.com/minio/minio/internal/logger" diff --git a/cmd/jwt_test.go b/cmd/jwt_test.go index b95c429d4..d85b8ccd0 100644 --- a/cmd/jwt_test.go +++ b/cmd/jwt_test.go @@ -22,7 +22,7 @@ import ( "os" "testing" - jwtgo "github.com/golang-jwt/jwt" + jwtgo "github.com/golang-jwt/jwt/v4" "github.com/minio/minio/internal/auth" xjwt "github.com/minio/minio/internal/jwt" ) diff --git a/cmd/storage-rest-server.go b/cmd/storage-rest-server.go index 7f759f74c..db258869f 100644 --- a/cmd/storage-rest-server.go +++ b/cmd/storage-rest-server.go @@ -37,7 +37,7 @@ import ( "github.com/tinylib/msgp/msgp" - jwtreq "github.com/golang-jwt/jwt/request" + jwtreq "github.com/golang-jwt/jwt/v4/request" "github.com/gorilla/mux" "github.com/minio/minio/internal/config" xhttp "github.com/minio/minio/internal/http" diff --git a/cmd/sts-handlers.go b/cmd/sts-handlers.go index 6a75c80ee..b42a97077 100644 --- a/cmd/sts-handlers.go +++ b/cmd/sts-handlers.go @@ -234,14 +234,16 @@ func (sts *stsAPIHandlers) AssumeRole(w http.ResponseWriter, r *http.Request) { } } - var err error - m := make(map[string]interface{}) - m[expClaim], err = openid.GetDefaultExpiration(r.Form.Get(stsDurationSeconds)) + duration, err := openid.GetDefaultExpiration(r.Form.Get(stsDurationSeconds)) if err != nil { writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, err) return } + m := map[string]interface{}{ + expClaim: UTCNow().Add(duration).Unix(), + } + policies, err := globalIAMSys.PolicyDBGet(user.AccessKey, false) if err != nil { writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, err) @@ -798,7 +800,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithCertificate(w http.ResponseWriter, r *h parentUser := "tls:" + certificate.Subject.CommonName tmpCredentials, err := auth.GetNewCredentialsWithMetadata(map[string]interface{}{ - expClaim: time.Now().UTC().Add(expiry).Unix(), + expClaim: UTCNow().Add(expiry).Unix(), parentClaim: parentUser, subClaim: certificate.Subject.CommonName, audClaim: certificate.Subject.Organization, diff --git a/go.mod b/go.mod index 3c7b89238..890b76d43 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( github.com/go-ole/go-ole v1.2.6 // indirect github.com/go-openapi/loads v0.20.2 github.com/go-sql-driver/mysql v1.5.0 - github.com/golang-jwt/jwt v3.2.2+incompatible + github.com/golang-jwt/jwt/v4 v4.1.0 github.com/gomodule/redigo v2.0.0+incompatible github.com/google/uuid v1.3.0 github.com/gorilla/mux v1.8.0 diff --git a/go.sum b/go.sum index 0d6f13631..376a0fddf 100644 --- a/go.sum +++ b/go.sum @@ -560,6 +560,8 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69 github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= +github.com/golang-jwt/jwt/v4 v4.1.0 h1:XUgk2Ex5veyVFVeLm0xhusUTQybEbexJXrvPNOKkSY0= +github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= diff --git a/internal/auth/credentials.go b/internal/auth/credentials.go index f652f420a..23d1cb432 100644 --- a/internal/auth/credentials.go +++ b/internal/auth/credentials.go @@ -28,7 +28,7 @@ import ( "strings" "time" - jwtgo "github.com/golang-jwt/jwt" + jwtgo "github.com/golang-jwt/jwt/v4" "github.com/minio/minio/internal/jwt" ) diff --git a/internal/config/dns/operator_dns.go b/internal/config/dns/operator_dns.go index 1aceffba7..47759ccb3 100644 --- a/internal/config/dns/operator_dns.go +++ b/internal/config/dns/operator_dns.go @@ -31,7 +31,7 @@ import ( "strings" "time" - "github.com/golang-jwt/jwt" + "github.com/golang-jwt/jwt/v4" "github.com/minio/minio/internal/config" xhttp "github.com/minio/minio/internal/http" ) diff --git a/internal/config/identity/openid/ecdsa-sha3_contrib.go b/internal/config/identity/openid/ecdsa-sha3_contrib.go index b3af99d48..7a820b870 100644 --- a/internal/config/identity/openid/ecdsa-sha3_contrib.go +++ b/internal/config/identity/openid/ecdsa-sha3_contrib.go @@ -19,7 +19,7 @@ package openid import ( "crypto" - "github.com/golang-jwt/jwt" + "github.com/golang-jwt/jwt/v4" // Needed for SHA3 to work - See: https://golang.org/src/crypto/crypto.go?s=1034:1288 _ "golang.org/x/crypto/sha3" // There is no SHA-3 FIPS-140 2 compliant implementation diff --git a/internal/config/identity/openid/jwt.go b/internal/config/identity/openid/jwt.go index 9b35e9785..88fd62746 100644 --- a/internal/config/identity/openid/jwt.go +++ b/internal/config/identity/openid/jwt.go @@ -29,7 +29,7 @@ import ( "sync" "time" - jwtgo "github.com/golang-jwt/jwt" + jwtgo "github.com/golang-jwt/jwt/v4" "github.com/minio/minio/internal/auth" "github.com/minio/minio/internal/config" "github.com/minio/minio/internal/config/identity/openid/provider" diff --git a/internal/config/identity/openid/jwt_test.go b/internal/config/identity/openid/jwt_test.go index 27d3e8f02..175a8ea72 100644 --- a/internal/config/identity/openid/jwt_test.go +++ b/internal/config/identity/openid/jwt_test.go @@ -26,7 +26,7 @@ import ( "testing" "time" - jwtg "github.com/golang-jwt/jwt" + jwtg "github.com/golang-jwt/jwt/v4" jwtm "github.com/minio/minio/internal/jwt" xnet "github.com/minio/pkg/net" ) diff --git a/internal/config/identity/openid/rsa-sha3_contrib.go b/internal/config/identity/openid/rsa-sha3_contrib.go index ccb596d4b..2481abf99 100644 --- a/internal/config/identity/openid/rsa-sha3_contrib.go +++ b/internal/config/identity/openid/rsa-sha3_contrib.go @@ -20,7 +20,7 @@ package openid import ( "crypto" - "github.com/golang-jwt/jwt" + "github.com/golang-jwt/jwt/v4" // Needed for SHA3 to work - See: https://golang.org/src/crypto/crypto.go?s=1034:1288 _ "golang.org/x/crypto/sha3" // There is no SHA-3 FIPS-140 2 compliant implementation diff --git a/internal/config/subnet/license.go b/internal/config/subnet/license.go index 377f73ad2..0882ccd94 100644 --- a/internal/config/subnet/license.go +++ b/internal/config/subnet/license.go @@ -18,7 +18,7 @@ package subnet import ( - jwtgo "github.com/golang-jwt/jwt" + jwtgo "github.com/golang-jwt/jwt/v4" "github.com/minio/minio/internal/config" "github.com/minio/pkg/env" ) diff --git a/internal/jwt/parser.go b/internal/jwt/parser.go index 7e49cc956..17248eef7 100644 --- a/internal/jwt/parser.go +++ b/internal/jwt/parser.go @@ -32,7 +32,7 @@ import ( "sync" "time" - jwtgo "github.com/golang-jwt/jwt" + jwtgo "github.com/golang-jwt/jwt/v4" jsoniter "github.com/json-iterator/go" ) diff --git a/internal/jwt/parser_test.go b/internal/jwt/parser_test.go index 5f0fcfdc3..9fc6889e9 100644 --- a/internal/jwt/parser_test.go +++ b/internal/jwt/parser_test.go @@ -27,7 +27,7 @@ import ( "testing" "time" - "github.com/golang-jwt/jwt" + "github.com/golang-jwt/jwt/v4" ) var (