diff --git a/glide.lock b/glide.lock index c4f5fb61..818deb2a 100644 --- a/glide.lock +++ b/glide.lock @@ -1,10 +1,10 @@ -hash: 2e6ef5ae85fe17d9b695b37ba6875b438a617692cc1f6fefc682c4e405a4dcf1 -updated: 2016-06-28T10:36:39.146887182-07:00 +hash: 9e02d162b5001e9ba3028f5cac8b8a85f73be2e7546a4add488b446821e13da6 +updated: 2016-08-16T12:24:59.701803152-07:00 imports: - name: github.com/andybalholm/cascadia version: 6122e68c2642b7b75c538a63b15168c6c80fb757 - name: github.com/coreos/go-oidc - version: 5aa9381f6e998aa16cc96b4347d33dcc29792864 + version: 1efe0e1303a62da553fcb6beb8bd2aa9250c0ca8 subpackages: - http - jose @@ -14,7 +14,6 @@ imports: - name: github.com/coreos/pkg version: fa94270d4bac0d8ae5dc6b71894e251aada93f74 subpackages: - - capnslog - flagutil - health - httputil diff --git a/glide.yaml b/glide.yaml index a6646213..a8c37dd4 100644 --- a/glide.yaml +++ b/glide.yaml @@ -5,7 +5,7 @@ import: - package: github.com/andybalholm/cascadia version: 6122e68c2642b7b75c538a63b15168c6c80fb757 - package: github.com/coreos/go-oidc - version: 5aa9381f6e998aa16cc96b4347d33dcc29792864 + version: 1efe0e1303a62da553fcb6beb8bd2aa9250c0ca8 subpackages: - http - jose @@ -15,7 +15,6 @@ import: - package: github.com/coreos/pkg version: fa94270d4bac0d8ae5dc6b71894e251aada93f74 subpackages: - - capnslog - flagutil - health - httputil diff --git a/vendor/github.com/coreos/go-oidc/http/http.go b/vendor/github.com/coreos/go-oidc/http/http.go index f0d051b5..c3f51215 100644 --- a/vendor/github.com/coreos/go-oidc/http/http.go +++ b/vendor/github.com/coreos/go-oidc/http/http.go @@ -4,18 +4,13 @@ import ( "encoding/base64" "encoding/json" "errors" + "log" "net/http" "net/url" "path" "strconv" "strings" "time" - - "github.com/coreos/pkg/capnslog" -) - -var ( - log = capnslog.NewPackageLogger("github.com/coreos/go-oidc", "http") ) func WriteError(w http.ResponseWriter, code int, msg string) { @@ -26,7 +21,9 @@ func WriteError(w http.ResponseWriter, code int, msg string) { } b, err := json.Marshal(e) if err != nil { - log.Errorf("Failed marshaling %#v to JSON: %v", e, err) + log.Printf("go-oidc: failed to marshal %#v: %v", e, err) + code = http.StatusInternalServerError + b = []byte(`{"error":"server_error"}`) } w.Header().Set("Content-Type", "application/json") w.WriteHeader(code) diff --git a/vendor/github.com/coreos/go-oidc/http/middleware.go b/vendor/github.com/coreos/go-oidc/http/middleware.go deleted file mode 100644 index 270b3bc0..00000000 --- a/vendor/github.com/coreos/go-oidc/http/middleware.go +++ /dev/null @@ -1,14 +0,0 @@ -package http - -import ( - "net/http" -) - -type LoggingMiddleware struct { - Next http.Handler -} - -func (l *LoggingMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) { - log.Infof("HTTP %s %v", r.Method, r.URL) - l.Next.ServeHTTP(w, r) -} diff --git a/vendor/github.com/coreos/go-oidc/key/rotate.go b/vendor/github.com/coreos/go-oidc/key/rotate.go index 9c5508bc..bc6cdfb1 100644 --- a/vendor/github.com/coreos/go-oidc/key/rotate.go +++ b/vendor/github.com/coreos/go-oidc/key/rotate.go @@ -2,16 +2,14 @@ package key import ( "errors" + "log" "time" - "github.com/coreos/pkg/capnslog" ptime "github.com/coreos/pkg/timeutil" "github.com/jonboulle/clockwork" ) var ( - log = capnslog.NewPackageLogger("github.com/coreos/go-oidc", "key") - ErrorPrivateKeysExpired = errors.New("private keys have expired") ) @@ -67,7 +65,6 @@ func (r *PrivateKeyRotator) privateKeySet() (*PrivateKeySet, error) { func (r *PrivateKeyRotator) nextRotation() (time.Duration, error) { pks, err := r.privateKeySet() if err == ErrorNoKeys { - log.Infof("No keys in private key set; must rotate immediately") return 0, nil } if err != nil { @@ -94,17 +91,15 @@ func (r *PrivateKeyRotator) Run() chan struct{} { attempt := func() { k, err := r.generateKey() if err != nil { - log.Errorf("Failed generating signing key: %v", err) + log.Printf("go-oidc: failed generating signing key: %v", err) return } exp := r.expiresAt() if err := rotatePrivateKeys(r.repo, k, r.keep, exp); err != nil { - log.Errorf("Failed key rotation: %v", err) + log.Printf("go-oidc: key rotation failed: %v", err) return } - - log.Infof("Rotated signing keys: id=%s expiresAt=%s", k.ID(), exp) } stop := make(chan struct{}) @@ -118,11 +113,10 @@ func (r *PrivateKeyRotator) Run() chan struct{} { break } sleep = ptime.ExpBackoff(sleep, time.Minute) - log.Errorf("error getting nextRotation, retrying in %v: %v", sleep, err) + log.Printf("go-oidc: error getting nextRotation, retrying in %v: %v", sleep, err) time.Sleep(sleep) } - log.Infof("will rotate keys in %v", nextRotation) select { case <-r.clock.After(nextRotation): attempt() diff --git a/vendor/github.com/coreos/go-oidc/key/rotate_test.go b/vendor/github.com/coreos/go-oidc/key/rotate_test.go index 394a84f0..b66a4b86 100644 --- a/vendor/github.com/coreos/go-oidc/key/rotate_test.go +++ b/vendor/github.com/coreos/go-oidc/key/rotate_test.go @@ -92,7 +92,7 @@ func TestRotate(t *testing.T) { if tt.start != nil { err := repo.Set(tt.start) if err != nil { - log.Fatalf("case %d: unexpected error: %v", i, err) + t.Fatalf("case %d: unexpected error: %v", i, err) } } @@ -242,7 +242,7 @@ func TestNextRotation(t *testing.T) { } err := kRepo.Set(pks) if err != nil { - log.Fatalf("case %d: unexpected error: %v", i, err) + t.Fatalf("case %d: unexpected error: %v", i, err) } } @@ -300,7 +300,7 @@ func TestHealthy(t *testing.T) { } err := kRepo.Set(pks) if err != nil { - log.Fatalf("case %d: unexpected error: %v", i, err) + t.Fatalf("case %d: unexpected error: %v", i, err) } } diff --git a/vendor/github.com/coreos/go-oidc/key/sync.go b/vendor/github.com/coreos/go-oidc/key/sync.go index e8d5d03d..b887f7b5 100644 --- a/vendor/github.com/coreos/go-oidc/key/sync.go +++ b/vendor/github.com/coreos/go-oidc/key/sync.go @@ -2,6 +2,7 @@ package key import ( "errors" + "log" "time" "github.com/jonboulle/clockwork" @@ -38,15 +39,14 @@ func (s *KeySetSyncer) Run() chan struct{} { next = timeutil.ExpBackoff(next, time.Minute) } if exp == 0 { - log.Errorf("Synced to already expired key set, retrying in %v: %v", next, err) + log.Printf("Synced to already expired key set, retrying in %v: %v", next, err) } else { - log.Errorf("Failed syncing key set, retrying in %v: %v", next, err) + log.Printf("Failed syncing key set, retrying in %v: %v", next, err) } } else { failing = false next = exp / 2 - log.Infof("Synced key set, checking again in %v", next) } select { diff --git a/vendor/github.com/coreos/go-oidc/oidc/provider.go b/vendor/github.com/coreos/go-oidc/oidc/provider.go index dcae4c92..ca283844 100644 --- a/vendor/github.com/coreos/go-oidc/oidc/provider.go +++ b/vendor/github.com/coreos/go-oidc/oidc/provider.go @@ -4,13 +4,13 @@ import ( "encoding/json" "errors" "fmt" + "log" "net/http" "net/url" "strings" "sync" "time" - "github.com/coreos/pkg/capnslog" "github.com/coreos/pkg/timeutil" "github.com/jonboulle/clockwork" @@ -18,10 +18,6 @@ import ( "github.com/coreos/go-oidc/oauth2" ) -var ( - log = capnslog.NewPackageLogger("github.com/coreos/go-oidc", "http") -) - const ( // Subject Identifier types defined by the OIDC spec. Specifies if the provider // should provide the same sub claim value to all clients (public) or a unique @@ -69,6 +65,8 @@ type ProviderConfig struct { UserInfoEndpoint *url.URL KeysEndpoint *url.URL // Required RegistrationEndpoint *url.URL + EndSessionEndpoint *url.URL + CheckSessionIFrame *url.URL // Servers MAY choose not to advertise some supported scope values even when this // parameter is used, although those defined in OpenID Core SHOULD be listed, if supported. @@ -170,6 +168,8 @@ type encodableProviderConfig struct { UserInfoEndpoint string `json:"userinfo_endpoint,omitempty"` KeysEndpoint string `json:"jwks_uri"` RegistrationEndpoint string `json:"registration_endpoint,omitempty"` + EndSessionEndpoint string `json:"end_session_endpoint,omitempty"` + CheckSessionIFrame string `json:"check_session_iframe,omitempty"` // Use 'omitempty' for all slices as per OIDC spec: // "Claims that return multiple values are represented as JSON arrays. @@ -219,6 +219,8 @@ func (cfg ProviderConfig) toEncodableStruct() encodableProviderConfig { UserInfoEndpoint: uriToString(cfg.UserInfoEndpoint), KeysEndpoint: uriToString(cfg.KeysEndpoint), RegistrationEndpoint: uriToString(cfg.RegistrationEndpoint), + EndSessionEndpoint: uriToString(cfg.EndSessionEndpoint), + CheckSessionIFrame: uriToString(cfg.CheckSessionIFrame), ScopesSupported: cfg.ScopesSupported, ResponseTypesSupported: cfg.ResponseTypesSupported, ResponseModesSupported: cfg.ResponseModesSupported, @@ -260,6 +262,8 @@ func (e encodableProviderConfig) toStruct() (ProviderConfig, error) { UserInfoEndpoint: p.parseURI(e.UserInfoEndpoint, "userinfo_endpoint"), KeysEndpoint: p.parseURI(e.KeysEndpoint, "jwks_uri"), RegistrationEndpoint: p.parseURI(e.RegistrationEndpoint, "registration_endpoint"), + EndSessionEndpoint: p.parseURI(e.EndSessionEndpoint, "end_session_endpoint"), + CheckSessionIFrame: p.parseURI(e.CheckSessionIFrame, "check_session_iframe"), ScopesSupported: e.ScopesSupported, ResponseTypesSupported: e.ResponseTypesSupported, ResponseModesSupported: e.ResponseModesSupported, @@ -364,6 +368,8 @@ func (p ProviderConfig) Valid() error { {p.UserInfoEndpoint, "userinfo_endpoint", false}, {p.KeysEndpoint, "jwks_uri", true}, {p.RegistrationEndpoint, "registration_endpoint", false}, + {p.EndSessionEndpoint, "end_session_endpoint", false}, + {p.CheckSessionIFrame, "check_session_iframe", false}, {p.ServiceDocs, "service_documentation", false}, {p.Policy, "op_policy_uri", false}, {p.TermsOfService, "op_tos_uri", false}, @@ -537,8 +543,6 @@ func (s *ProviderConfigSyncer) sync() (time.Duration, error) { s.initialSyncDone = true } - log.Debugf("Updating provider config: config=%#v", cfg) - return nextSyncAfter(cfg.ExpiresAt, s.clock), nil } @@ -561,10 +565,9 @@ func (n *pcsStepNext) step(fn pcsStepFunc) (next pcsStepper) { ttl, err := fn() if err == nil { next = &pcsStepNext{aft: ttl} - log.Debugf("Synced provider config, next attempt in %v", next.after()) } else { next = &pcsStepRetry{aft: time.Second} - log.Errorf("Provider config sync failed, retrying in %v: %v", next.after(), err) + log.Printf("go-oidc: provider config sync falied, retyring in %v: %v", next.after(), err) } return } @@ -581,10 +584,9 @@ func (r *pcsStepRetry) step(fn pcsStepFunc) (next pcsStepper) { ttl, err := fn() if err == nil { next = &pcsStepNext{aft: ttl} - log.Infof("Provider config sync no longer failing") } else { next = &pcsStepRetry{aft: timeutil.ExpBackoff(r.aft, time.Minute)} - log.Errorf("Provider config sync still failing, retrying in %v: %v", next.after(), err) + log.Printf("go-oidc: provider config sync falied, retyring in %v: %v", next.after(), err) } return }