I can build this via:
docker build --build-arg BASEIMAGE=gcr.io/distroless/static:latest -t andrew:distroless .
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
* Discard package "version"
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
* Inject api version
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
* Pass version arg to the dex API
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
Go 1.9 removed "./..." matching the vendor directory while Go 1.10 added
build and test caching. This means we no longer need to grep out
vendored matches (except for golint which doesn't implement the same
behavior), and we no longer need to pre-build packages with "go build -i".
https://golang.org/doc/go1.9#vendor-dotdotdothttps://golang.org/doc/go1.10#build
Turns out that manually setting PATH in the Makefile doesn't work
so we've been using the protobuf plugins installed on the host. Fix
this by specifying plugins by path.
This change modifies our release process to only require Docker
when building a release and updates our released binary to use Go
1.8. It also removes our .aci scripts, which we've not been
regularly building.
A nice consequence is that OSX users can now build a release image.
The server implements a strategy called "Refresh Token Rotation" to
ensure refresh tokens can only be claimed once.
ref: https://tools.ietf.org/html/rfc6819#section-5.2.2.3
Previously "refresh_token" values in token responses where just the
ID of the internal refresh object. To implement rotation, when a
client redeemed a refresh token, the object would be deleted, a new
one created, and the new ID returned as the new "refresh_token".
However, this means there was no consistent ID for refresh tokens
internally, making things like foreign keys very hard to implement.
This is problematic for revocation features like showing all the
refresh tokens a user or client has out.
This PR updates the "refresh_token" to be an encoded protobuf
message, which holds the internal ID and a nonce. When a refresh
token is used, the nonce is updated to prevent reuse, but the ID
remains the same. Additionally it adds the timestamp of each
token's last use.
Introducing glide-vc caused us to unknowingly removed our Go
protobuf compiler (since it's a main). Add flags to glide-vc usage
to remedy this.
Since we now require several glide and glide-vc flags, add a Makfile
target and tests to catch when PRs don't use the correct flags.
Add a script to check the Go version before building dex. This
gives a nice error message rather than just failing to compile.
With changes:
$ go version
go version go1.6.4 linux/amd64
$ make
ERROR: dex requires Go version 1.7+. Please update your Go installation: https://golang.org/dl/
Makefile:93: recipe for target 'check-go-version' failed
make: *** [check-go-version] Error 2
Checks only added for building the actual binary, not tests, since
this is aimed at users just starting off with the project.
This PR reworks the web layout so static files can be provided and
a "themes" directory to allow a certain degree of control over logos,
styles, etc.
This PR does NOT add general support for frontend customization,
only enough to allow us to start exploring theming internally.
The dex binary also must now be run from the root directory since
templates are no longer "compiled into" the binary.
The docker image has been updated with frontend assets.