From 17c09bb0cf3938ead9140be092f435f506372228 Mon Sep 17 00:00:00 2001 From: adi6859 <aditya.ar1909@gmail.com> Date: Thu, 8 Feb 2024 16:52:12 +0530 Subject: [PATCH] story(version upgrade) : version up for authenticator --- go.mod | 2 +- go.sum | 10 +- .../authenticator/client/k8sClient.go | 31 +++-- .../devtron-labs/authenticator/jwt/jwt.go | 117 ------------------ .../devtron-labs/authenticator/oidc/oidc.go | 10 +- vendor/modules.txt | 5 +- 6 files changed, 23 insertions(+), 152 deletions(-) delete mode 100644 vendor/github.com/devtron-labs/authenticator/jwt/jwt.go diff --git a/go.mod b/go.mod index 691c6bcb..8a320319 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/arl/statsviz v0.6.0 github.com/aws/aws-sdk-go v1.44.116 github.com/caarlos0/env v3.5.0+incompatible - github.com/devtron-labs/authenticator v0.4.31 + github.com/devtron-labs/authenticator v0.4.34-0.20240208084114-6e2552488da8 github.com/gorilla/mux v1.8.0 github.com/prometheus/client_golang v1.14.0 github.com/stretchr/testify v1.8.4 diff --git a/go.sum b/go.sum index 20713930..1b2f6dc9 100644 --- a/go.sum +++ b/go.sum @@ -147,8 +147,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd/go.mod h1:dv4zxwHi5C/8AeI+4gX4dCWOIvNi7I6JCSX0HvlKPgE= -github.com/devtron-labs/authenticator v0.4.31 h1:CEMLek3JnMuH9ULsC6BHNJr+NiyGzBd4lgdSxH2IGnc= -github.com/devtron-labs/authenticator v0.4.31/go.mod h1:ozNfT8WcruiSgnUbyp48WVfc41++W6xYXhKFp67lNTU= +github.com/devtron-labs/authenticator v0.4.34-0.20240208084114-6e2552488da8 h1:1vUwC7qRUpMK2G4uL3u6sOr6WCgzWit/8kBuUsqb0Ys= +github.com/devtron-labs/authenticator v0.4.34-0.20240208084114-6e2552488da8/go.mod h1:a5gxST+HNmJReXE2TkCicFQFWtlhp8eqBRwS23GydNE= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= @@ -222,7 +222,6 @@ github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= @@ -381,8 +380,8 @@ github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -398,7 +397,6 @@ github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJ github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE= -github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-ieproxy v0.0.1 h1:qiyop7gCflfhwCzGyeT0gro3sF9AIg9HU98JORTkqfI= github.com/mattn/go-ieproxy v0.0.1/go.mod h1:pYabZ6IHcRpFh7vIaLfK7rdcWgFEb3SFJ6/gNWuh88E= @@ -643,7 +641,6 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= @@ -733,7 +730,6 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= diff --git a/vendor/github.com/devtron-labs/authenticator/client/k8sClient.go b/vendor/github.com/devtron-labs/authenticator/client/k8sClient.go index 792c07f3..11c95d8d 100644 --- a/vendor/github.com/devtron-labs/authenticator/client/k8sClient.go +++ b/vendor/github.com/devtron-labs/authenticator/client/k8sClient.go @@ -46,7 +46,8 @@ type K8sClient struct { } type RuntimeConfig struct { - LocalDevMode LocalDevMode `env:"RUNTIME_CONFIG_LOCAL_DEV" envDefault:"false"` + LocalDevMode LocalDevMode `env:"RUNTIME_CONFIG_LOCAL_DEV" envDefault:"false"` + DevtronDefaultNamespaceName string `env:"DEVTRON_DEFAULT_NAMESPACE" envDefault:"devtroncd"` } func GetRuntimeConfig() (*RuntimeConfig, error) { @@ -66,7 +67,7 @@ func NewK8sClient(runtimeConfig *RuntimeConfig) (*K8sClient, error) { }, nil } -//TODO use it as generic function across system +// TODO use it as generic function across system func getKubeConfig(devMode LocalDevMode) (*rest.Config, error) { if devMode { usr, err := user.Current() @@ -98,11 +99,11 @@ func (impl *K8sClient) GetArgocdConfig() (secret *v1.Secret, cm *v1.ConfigMap, e if err != nil { return nil, nil, err } - secret, err = clientSet.CoreV1().Secrets(DevtronDefaultNamespaceName).Get(context.Background(), ArgocdSecretName, v12.GetOptions{}) + secret, err = clientSet.CoreV1().Secrets(impl.runtimeConfig.DevtronDefaultNamespaceName).Get(context.Background(), ArgocdSecretName, v12.GetOptions{}) if err != nil { return nil, nil, err } - cm, err = clientSet.CoreV1().ConfigMaps(DevtronDefaultNamespaceName).Get(context.Background(), ArgocdConfigMapName, v12.GetOptions{}) + cm, err = clientSet.CoreV1().ConfigMaps(impl.runtimeConfig.DevtronDefaultNamespaceName).Get(context.Background(), ArgocdConfigMapName, v12.GetOptions{}) if err != nil { return nil, nil, err } @@ -118,7 +119,7 @@ func (impl *K8sClient) GetDevtronConfig() (secret *v1.Secret, err error) { if err != nil { return nil, err } - secret, err = clientSet.CoreV1().Secrets(DevtronDefaultNamespaceName).Get(context.Background(), dexConfig.DevtronSecretName, v12.GetOptions{}) + secret, err = clientSet.CoreV1().Secrets(impl.runtimeConfig.DevtronDefaultNamespaceName).Get(context.Background(), dexConfig.DevtronSecretName, v12.GetOptions{}) if err != nil { return nil, err } @@ -132,16 +133,14 @@ const ( SettingAdminPasswordMtimeKey = "admin.passwordMtime" SettingAdminEnabledKey = "admin.enabled" SettingAdminTokensKey = "admin.tokens" - - SettingServerSignatureKey = "server.secretkey" - SettingURLKey = "url" - DevtronDefaultNamespaceName = "devtroncd" - CallbackEndpoint = "/auth/callback" - SettingDexConfigKey = "dex.config" - DexCallbackEndpoint = "/api/dex/callback" - InitialPasswordLength = 16 - DevtronSecretName = "devtron-secret" - DevtronConfigMapName = "devtron-cm" + SettingServerSignatureKey = "server.secretkey" + SettingURLKey = "url" + CallbackEndpoint = "/auth/callback" + SettingDexConfigKey = "dex.config" + DexCallbackEndpoint = "/api/dex/callback" + InitialPasswordLength = 16 + DevtronSecretName = "devtron-secret" + DevtronConfigMapName = "devtron-cm" ArgocdConfigMapName = "argocd-cm" ArgocdSecretName = "argocd-secret" @@ -272,7 +271,7 @@ func (impl *K8sClient) ConfigUpdateNotify() (chan bool, error) { if err != nil { return nil, err } - informerFactory := kubeinformers.NewSharedInformerFactoryWithOptions(clusterClient, time.Minute, kubeinformers.WithNamespace(DevtronDefaultNamespaceName)) + informerFactory := kubeinformers.NewSharedInformerFactoryWithOptions(clusterClient, time.Minute, kubeinformers.WithNamespace(impl.runtimeConfig.DevtronDefaultNamespaceName)) cmInformenr := informerFactory.Core().V1().ConfigMaps() secretInformer := informerFactory.Core().V1().Secrets() chanConfigUpdate := make(chan bool) diff --git a/vendor/github.com/devtron-labs/authenticator/jwt/jwt.go b/vendor/github.com/devtron-labs/authenticator/jwt/jwt.go deleted file mode 100644 index 9df0afcc..00000000 --- a/vendor/github.com/devtron-labs/authenticator/jwt/jwt.go +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright (c) 2021 Devtron Labs - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Some of the code has been taken from argocd, for them argocd licensing terms apply - */ - -package jwt - -import ( - "encoding/json" - "fmt" - - jwt "github.com/golang-jwt/jwt/v4" -) - -// MapClaims converts a jwt.Claims to a MapClaims -func MapClaims(claims jwt.Claims) (jwt.MapClaims, error) { - claimsBytes, err := json.Marshal(claims) - if err != nil { - return nil, err - } - var mapClaims jwt.MapClaims - err = json.Unmarshal(claimsBytes, &mapClaims) - if err != nil { - return nil, err - } - return mapClaims, nil -} - -// GetField extracts a field from the claims as a string -func GetField(claims jwt.MapClaims, fieldName string) string { - if fieldIf, ok := claims[fieldName]; ok { - if field, ok := fieldIf.(string); ok { - return field - } - } - return "" -} - -// GetScopeValues extracts the values of specified scopes from the claims -func GetScopeValues(claims jwt.MapClaims, scopes []string) []string { - groups := make([]string, 0) - for i := range scopes { - scopeIf, ok := claims[scopes[i]] - if !ok { - continue - } - - switch val := scopeIf.(type) { - case []interface{}: - for _, groupIf := range val { - group, ok := groupIf.(string) - if ok { - groups = append(groups, group) - } - } - case []string: - groups = append(groups, val...) - case string: - groups = append(groups, val) - } - } - - return groups -} - -// GetIssuedAt returns the issued at as an int64 -func GetIssuedAt(m jwt.MapClaims) (int64, error) { - switch iat := m["iat"].(type) { - case float64: - return int64(iat), nil - case json.Number: - return iat.Int64() - case int64: - return iat, nil - default: - return 0, fmt.Errorf("iat '%v' is not a number", iat) - } -} - -func Claims(in interface{}) jwt.Claims { - claims, ok := in.(jwt.Claims) - if ok { - return claims - } - return nil -} - -// IsMember returns whether or not the user's claims is a member of any of the groups -func IsMember(claims jwt.Claims, groups []string) bool { - mapClaims, err := MapClaims(claims) - if err != nil { - return false - } - // TODO: groups is hard-wired but we should really be honoring the 'scopes' section in argocd-rbac-cm. - // O(n^2) loop - for _, userGroup := range GetScopeValues(mapClaims, []string{"groups"}) { - for _, group := range groups { - if userGroup == group { - return true - } - } - } - return false -} diff --git a/vendor/github.com/devtron-labs/authenticator/oidc/oidc.go b/vendor/github.com/devtron-labs/authenticator/oidc/oidc.go index 970aadca..539a932d 100644 --- a/vendor/github.com/devtron-labs/authenticator/oidc/oidc.go +++ b/vendor/github.com/devtron-labs/authenticator/oidc/oidc.go @@ -23,7 +23,6 @@ import ( "encoding/json" "errors" "fmt" - jwt2 "github.com/devtron-labs/authenticator/jwt" "github.com/golang-jwt/jwt/v4" "html" "html/template" @@ -131,7 +130,7 @@ func (a *ClientApp) UpdateConfig(c *ClientApp) { } type RedirectUrlSanitiser func(url string) string -type UserVerifier func(email string) bool +type UserVerifier func(claims jwt.MapClaims) bool func GetScopesOrDefault(scopes []string) []string { if len(scopes) == 0 { @@ -449,12 +448,7 @@ func (a *ClientApp) HandleCallback(w http.ResponseWriter, r *http.Request) { } returnUrl := appState.ReturnURL // verify user in system - email := jwt2.GetField(claims, "email") - sub := jwt2.GetField(claims, "sub") - if email == "" && sub == "admin" { - email = sub - } - valid := a.userVerifier(email) + valid := a.userVerifier(claims) // end verify user in system if !valid { w.Header().Add("Set-Cookie", "") diff --git a/vendor/modules.txt b/vendor/modules.txt index 257ff781..aac64066 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -121,10 +121,9 @@ github.com/coreos/go-oidc # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/devtron-labs/authenticator v0.4.31 -## explicit; go 1.16 +# github.com/devtron-labs/authenticator v0.4.34-0.20240208084114-6e2552488da8 +## explicit; go 1.18 github.com/devtron-labs/authenticator/client -github.com/devtron-labs/authenticator/jwt github.com/devtron-labs/authenticator/oidc # github.com/emicklei/go-restful/v3 v3.9.0 ## explicit; go 1.13