From 9243107dab59844cbcec82b1e6a87f811dbbba7c Mon Sep 17 00:00:00 2001 From: Bobby Rullo Date: Mon, 21 Dec 2015 11:41:00 -0800 Subject: [PATCH] Godeps: update github.com/coreos/go-oidc --- Godeps/Godeps.json | 10 ++-- .../src/github.com/coreos/go-oidc/key/key.go | 2 +- .../src/github.com/coreos/go-oidc/key/repo.go | 12 ++++- .../src/github.com/coreos/go-oidc/key/sync.go | 8 +-- .../github.com/coreos/go-oidc/oidc/client.go | 53 ++++++++++--------- .../coreos/go-oidc/oidc/provider.go | 14 +++++ 6 files changed, 64 insertions(+), 35 deletions(-) diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json index a3230ac9..42ecc83f 100644 --- a/Godeps/Godeps.json +++ b/Godeps/Godeps.json @@ -21,23 +21,23 @@ }, { "ImportPath": "github.com/coreos/go-oidc/http", - "Rev": "48e2a9be3918af3299c4b390399346447eefea22" + "Rev": "145916abb78708694762ff359ab1e34c47c7947f" }, { "ImportPath": "github.com/coreos/go-oidc/jose", - "Rev": "48e2a9be3918af3299c4b390399346447eefea22" + "Rev": "145916abb78708694762ff359ab1e34c47c7947f" }, { "ImportPath": "github.com/coreos/go-oidc/key", - "Rev": "48e2a9be3918af3299c4b390399346447eefea22" + "Rev": "145916abb78708694762ff359ab1e34c47c7947f" }, { "ImportPath": "github.com/coreos/go-oidc/oauth2", - "Rev": "48e2a9be3918af3299c4b390399346447eefea22" + "Rev": "145916abb78708694762ff359ab1e34c47c7947f" }, { "ImportPath": "github.com/coreos/go-oidc/oidc", - "Rev": "48e2a9be3918af3299c4b390399346447eefea22" + "Rev": "145916abb78708694762ff359ab1e34c47c7947f" }, { "ImportPath": "github.com/coreos/pkg/capnslog", diff --git a/Godeps/_workspace/src/github.com/coreos/go-oidc/key/key.go b/Godeps/_workspace/src/github.com/coreos/go-oidc/key/key.go index 3edae468..de625037 100644 --- a/Godeps/_workspace/src/github.com/coreos/go-oidc/key/key.go +++ b/Godeps/_workspace/src/github.com/coreos/go-oidc/key/key.go @@ -135,7 +135,7 @@ func (s *PrivateKeySet) Active() *PrivateKey { type GeneratePrivateKeyFunc func() (*PrivateKey, error) func GeneratePrivateKey() (*PrivateKey, error) { - pk, err := rsa.GenerateKey(rand.Reader, 1024) + pk, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { return nil, err } diff --git a/Godeps/_workspace/src/github.com/coreos/go-oidc/key/repo.go b/Godeps/_workspace/src/github.com/coreos/go-oidc/key/repo.go index 1d4ce8d3..1acdeb36 100644 --- a/Godeps/_workspace/src/github.com/coreos/go-oidc/key/repo.go +++ b/Godeps/_workspace/src/github.com/coreos/go-oidc/key/repo.go @@ -1,6 +1,9 @@ package key -import "errors" +import ( + "errors" + "sync" +) var ErrorNoKeys = errors.New("no keys found") @@ -22,6 +25,7 @@ func NewPrivateKeySetRepo() PrivateKeySetRepo { } type memPrivateKeySetRepo struct { + mu sync.RWMutex pks PrivateKeySet } @@ -33,11 +37,17 @@ func (r *memPrivateKeySetRepo) Set(ks KeySet) error { return errors.New("nil KeySet") } + r.mu.Lock() + defer r.mu.Unlock() + r.pks = *pks return nil } func (r *memPrivateKeySetRepo) Get() (KeySet, error) { + r.mu.RLock() + defer r.mu.RUnlock() + if r.pks.keys == nil { return nil, ErrorNoKeys } diff --git a/Godeps/_workspace/src/github.com/coreos/go-oidc/key/sync.go b/Godeps/_workspace/src/github.com/coreos/go-oidc/key/sync.go index 076ee462..e8d5d03d 100644 --- a/Godeps/_workspace/src/github.com/coreos/go-oidc/key/sync.go +++ b/Godeps/_workspace/src/github.com/coreos/go-oidc/key/sync.go @@ -29,7 +29,7 @@ func (s *KeySetSyncer) Run() chan struct{} { var failing bool var next time.Duration for { - exp, err := sync(s.readable, s.writable, s.clock) + exp, err := syncKeySet(s.readable, s.writable, s.clock) if err != nil || exp == 0 { if !failing { failing = true @@ -62,12 +62,12 @@ func (s *KeySetSyncer) Run() chan struct{} { } func Sync(r ReadableKeySetRepo, w WritableKeySetRepo) (time.Duration, error) { - return sync(r, w, clockwork.NewRealClock()) + return syncKeySet(r, w, clockwork.NewRealClock()) } -// sync copies the keyset from r to the KeySet at w and returns the duration in which the KeySet will expire. +// syncKeySet copies the keyset from r to the KeySet at w and returns the duration in which the KeySet will expire. // If keyset has already expired, returns a zero duration. -func sync(r ReadableKeySetRepo, w WritableKeySetRepo, clock clockwork.Clock) (exp time.Duration, err error) { +func syncKeySet(r ReadableKeySetRepo, w WritableKeySetRepo, clock clockwork.Clock) (exp time.Duration, err error) { var ks KeySet ks, err = r.Get() if err != nil { diff --git a/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/client.go b/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/client.go index 76330237..3a73e04a 100644 --- a/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/client.go +++ b/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/client.go @@ -101,34 +101,12 @@ type Client struct { redirectURL string scope []string keySet key.PublicKeySet + providerSyncer *ProviderConfigSyncer keySetSyncMutex sync.RWMutex lastKeySetSync time.Time } -type providerConfigRepo struct { - mu sync.RWMutex - config ProviderConfig // do not access directly, use Get() -} - -func newProviderConfigRepo(pc ProviderConfig) *providerConfigRepo { - return &providerConfigRepo{sync.RWMutex{}, pc} -} - -// returns an error to implement ProviderConfigSetter -func (r *providerConfigRepo) Set(cfg ProviderConfig) error { - r.mu.Lock() - defer r.mu.Unlock() - r.config = cfg - return nil -} - -func (r *providerConfigRepo) Get() ProviderConfig { - r.mu.RLock() - defer r.mu.RUnlock() - return r.config -} - func (c *Client) Healthy() error { now := time.Now().UTC() @@ -178,9 +156,13 @@ func chooseAuthMethod(cfg ProviderConfig) (string, error) { return "", errors.New("no supported auth methods") } +// SyncProviderConfig starts the provider config syncer func (c *Client) SyncProviderConfig(discoveryURL string) chan struct{} { r := NewHTTPProviderConfigGetter(c.httpClient, discoveryURL) - return NewProviderConfigSyncer(r, c.providerConfig).Run() + s := NewProviderConfigSyncer(r, c.providerConfig) + stop := s.Run() + s.WaitUntilInitialSync() + return stop } func (c *Client) maybeSyncKeys() error { @@ -340,3 +322,26 @@ func (c *Client) keysFuncAll() func() []key.PublicKey { return c.keySet.Keys() } } + +type providerConfigRepo struct { + mu sync.RWMutex + config ProviderConfig // do not access directly, use Get() +} + +func newProviderConfigRepo(pc ProviderConfig) *providerConfigRepo { + return &providerConfigRepo{sync.RWMutex{}, pc} +} + +// returns an error to implement ProviderConfigSetter +func (r *providerConfigRepo) Set(cfg ProviderConfig) error { + r.mu.Lock() + defer r.mu.Unlock() + r.config = cfg + return nil +} + +func (r *providerConfigRepo) Get() ProviderConfig { + r.mu.RLock() + defer r.mu.RUnlock() + return r.config +} diff --git a/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/provider.go b/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/provider.go index 1eca7a83..f2f165fd 100644 --- a/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/provider.go +++ b/Godeps/_workspace/src/github.com/coreos/go-oidc/oidc/provider.go @@ -4,6 +4,7 @@ import ( "encoding/json" "fmt" "net/http" + "sync" "time" "github.com/coreos/pkg/capnslog" @@ -75,6 +76,9 @@ type ProviderConfigSyncer struct { from ProviderConfigGetter to ProviderConfigSetter clock clockwork.Clock + + initialSyncDone bool + initialSyncWait sync.WaitGroup } func NewProviderConfigSyncer(from ProviderConfigGetter, to ProviderConfigSetter) *ProviderConfigSyncer { @@ -91,6 +95,7 @@ func (s *ProviderConfigSyncer) Run() chan struct{} { var next pcsStepper next = &pcsStepNext{aft: time.Duration(0)} + s.initialSyncWait.Add(1) go func() { for { select { @@ -105,6 +110,10 @@ func (s *ProviderConfigSyncer) Run() chan struct{} { return stop } +func (s *ProviderConfigSyncer) WaitUntilInitialSync() { + s.initialSyncWait.Wait() +} + func (s *ProviderConfigSyncer) sync() (time.Duration, error) { cfg, err := s.from.Get() if err != nil { @@ -115,6 +124,11 @@ func (s *ProviderConfigSyncer) sync() (time.Duration, error) { return 0, fmt.Errorf("error setting provider config: %v", err) } + if !s.initialSyncDone { + s.initialSyncWait.Done() + s.initialSyncDone = true + } + log.Infof("Updating provider config: config=%#v", cfg) return nextSyncAfter(cfg.ExpiresAt, s.clock), nil