From 54eb1116a03d25e318ac87194e4016154d54e321 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 27 Apr 2023 08:32:20 -0400 Subject: [PATCH 01/16] spelling: against Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- config.yaml.dist | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.yaml.dist b/config.yaml.dist index ba7bad68e0..12d9b92790 100644 --- a/config.yaml.dist +++ b/config.yaml.dist @@ -118,7 +118,7 @@ web: # name: 'Example App' # secret: ZXhhbXBsZS1hcHAtc2VjcmV0 -# Connectors are used to authenticate users agains upstream identity providers. +# Connectors are used to authenticate users against upstream identity providers. # # See the documentation (https://dexidp.io/docs/connectors/) for further information. # connectors: [] From b84d491d17d557cf3232bce4b4a12297943feeda Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 27 Apr 2023 08:36:23 -0400 Subject: [PATCH 02/16] spelling: argocd Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- docs/enhancements/token-exchange-2023-02-03-#2812.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/enhancements/token-exchange-2023-02-03-#2812.md b/docs/enhancements/token-exchange-2023-02-03-#2812.md index 33d80b8e5f..31c0e0bf2a 100644 --- a/docs/enhancements/token-exchange-2023-02-03-#2812.md +++ b/docs/enhancements/token-exchange-2023-02-03-#2812.md @@ -40,7 +40,7 @@ without issuing long lived API tokens. Examples of downstream issues: -- [argoproj/argo-cd#11632 Argocd SSO login via Azure AD Auth using OIDC not work for cli sso login] +- [argoproj/argo-cd#11632 ArgoCD SSO login via Azure AD Auth using OIDC not work for cli sso login] Other related Dex issues: @@ -64,7 +64,7 @@ and granting access to resources based on trusting federated identities: [#1484 Token exchange for external tokens]: https://github.com/dexidp/dex/issues/1484 [#1668 Question: non-web based clients?]: https://github.com/dexidp/dex/issues/1668 [#2657 Get OIDC token issued by Dex using a token issued by one of the connectors]: https://github.com/dexidp/dex/issues/2657 -[argoproj/argo-cd#11632 Argocd SSO login via Azure AD Auth using OIDC not work for cli sso login]: https://github.com/argoproj/argo-cd/issues/11632 +[argoproj/argo-cd#11632 ArgoCD SSO login via Azure AD Auth using OIDC not work for cli sso login]: https://github.com/argoproj/argo-cd/issues/11632 [#2450 Non-OIDC JWT Connector]: https://github.com/dexidp/dex/issues/2450 [#1225 GitHub Non-Web application flow support]: https://github.com/dexidp/dex/issues/1225 From 255d5ecfb73280fb2e17c46b5169b2bdcdafe2d7 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 27 Apr 2023 08:23:30 -0400 Subject: [PATCH 03/16] spelling: characters Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- storage/kubernetes/client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/storage/kubernetes/client.go b/storage/kubernetes/client.go index e99c069027..fe53fb47e7 100644 --- a/storage/kubernetes/client.go +++ b/storage/kubernetes/client.go @@ -99,7 +99,7 @@ func (cli *client) urlForWithParams( if name != "" && (len(name) > kubeResourceMaxLen || !kubeResourceNameRegex.MatchString(name)) { // The actual name can be found in auth request or auth code objects and equals to the state value return "", fmt.Errorf( - "invalid kubernetes resource name: must match the pattern %s and be no longer than %d charactes", + "invalid kubernetes resource name: must match the pattern %s and be no longer than %d characters", kubeResourceNameRegex.String(), kubeResourceMaxLen) } From 542cb4cb6593e9dcc9c9788fd1ea170a390e65c3 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 27 Apr 2023 08:19:48 -0400 Subject: [PATCH 04/16] spelling: data with Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- server/server_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/server_test.go b/server/server_test.go index aa34be8c27..bedc336be3 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -879,7 +879,7 @@ func TestOAuth2CodeFlow(t *testing.T) { for _, token := range tokens { if /* token was updated */ token.ObsoleteToken != "" && token.ConnectorData != nil { - t.Fatalf("token connectorDatawith id %q field is not nil: %s", token.ID, token.ConnectorData) + t.Fatalf("token connectorData with id %q field is not nil: %s", token.ID, token.ConnectorData) } } }) From 5ae0132dace209e84f71dc5ec37f70335460b76b Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 27 Apr 2023 08:32:21 -0400 Subject: [PATCH 05/16] spelling: every time Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- api/api.pb.go | 2 +- api/api.proto | 2 +- api/v2/api.pb.go | 2 +- api/v2/api.proto | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/api/api.pb.go b/api/api.pb.go index 8e24f61ddd..3b680dd650 100644 --- a/api/api.pb.go +++ b/api/api.pb.go @@ -957,7 +957,7 @@ type VersionResp struct { // Semantic version of the server. Server string `protobuf:"bytes,1,opt,name=server,proto3" json:"server,omitempty"` - // Numeric version of the API. It increases everytime a new call is added to the API. + // Numeric version of the API. It increases every time a new call is added to the API. // Clients should use this info to determine if the server supports specific features. Api int32 `protobuf:"varint,2,opt,name=api,proto3" json:"api,omitempty"` } diff --git a/api/api.proto b/api/api.proto index 7d25771a6e..cfb7979c5a 100644 --- a/api/api.proto +++ b/api/api.proto @@ -112,7 +112,7 @@ message VersionReq {} message VersionResp { // Semantic version of the server. string server = 1; - // Numeric version of the API. It increases everytime a new call is added to the API. + // Numeric version of the API. It increases every time a new call is added to the API. // Clients should use this info to determine if the server supports specific features. int32 api = 2; } diff --git a/api/v2/api.pb.go b/api/v2/api.pb.go index abaef0eef8..99b696397e 100644 --- a/api/v2/api.pb.go +++ b/api/v2/api.pb.go @@ -957,7 +957,7 @@ type VersionResp struct { // Semantic version of the server. Server string `protobuf:"bytes,1,opt,name=server,proto3" json:"server,omitempty"` - // Numeric version of the API. It increases everytime a new call is added to the API. + // Numeric version of the API. It increases every time a new call is added to the API. // Clients should use this info to determine if the server supports specific features. Api int32 `protobuf:"varint,2,opt,name=api,proto3" json:"api,omitempty"` } diff --git a/api/v2/api.proto b/api/v2/api.proto index 82a2e2afa1..eceef77c29 100644 --- a/api/v2/api.proto +++ b/api/v2/api.proto @@ -112,7 +112,7 @@ message VersionReq {} message VersionResp { // Semantic version of the server. string server = 1; - // Numeric version of the API. It increases everytime a new call is added to the API. + // Numeric version of the API. It increases every time a new call is added to the API. // Clients should use this info to determine if the server supports specific features. int32 api = 2; } From 7488f719a746d22482ea6f4d2113defe96c909bd Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 27 Apr 2023 08:01:59 -0400 Subject: [PATCH 06/16] spelling: github Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- .github/SECURITY.md | 4 ++-- docs/enhancements/token-exchange-2023-02-03-#2812.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index 9decd34e3e..eab38858be 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -11,10 +11,10 @@ to confirm receipt of the issue. ## Review Process Once a maintainer has confirmed the relevance of the report, a draft security -advisory will be created on Github. The draft advisory will be used to discuss +advisory will be created on GitHub. The draft advisory will be used to discuss the issue with maintainers, the reporter(s). If the reporter(s) wishes to participate in this discussion, then provide -reporter Github username(s) to be invited to the discussion. If the reporter(s) +reporter GitHub username(s) to be invited to the discussion. If the reporter(s) does not wish to participate directly in the discussion, then the reporter(s) can request to be updated regularly via email. diff --git a/docs/enhancements/token-exchange-2023-02-03-#2812.md b/docs/enhancements/token-exchange-2023-02-03-#2812.md index 31c0e0bf2a..9707505206 100644 --- a/docs/enhancements/token-exchange-2023-02-03-#2812.md +++ b/docs/enhancements/token-exchange-2023-02-03-#2812.md @@ -45,13 +45,13 @@ Examples of downstream issues: Other related Dex issues: - [#2450 Non-OIDC JWT Connector] is a functionally similar request, but expanded to arbitrary JWTs -- [#1225 GitHub Non-Web application flow support] also asks for an exchange, but for an opaque Github PAT +- [#1225 GitHub Non-Web application flow support] also asks for an exchange, but for an opaque GitHub PAT More broadly, this fits into recent movements to issue machine identities: - [GCP Service Identity](https://cloud.google.com/run/docs/securing/service-identity) - [AWS Execution Role](https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html) -- [Github Actions OIDC](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect) +- [GitHub Actions OIDC](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect) - [CircleCI OIDC](https://circleci.com/docs/openid-connect-tokens/) - [Kubernetes Service Accounts](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) - [SPIFFE](https://spiffe.io/) From b0803fbc777574f7ec38a0d9c88316d7c1f7f4a4 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 27 Apr 2023 08:02:08 -0400 Subject: [PATCH 07/16] spelling: gitlab Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- connector/gitlab/gitlab.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connector/gitlab/gitlab.go b/connector/gitlab/gitlab.go index f35ac35753..099cd2ef17 100644 --- a/connector/gitlab/gitlab.go +++ b/connector/gitlab/gitlab.go @@ -1,4 +1,4 @@ -// Package gitlab provides authentication strategies using Gitlab. +// Package gitlab provides authentication strategies using GitLab. package gitlab import ( From 6af340af941f437e1ad4fe55b760f7561f912546 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 27 Apr 2023 08:44:20 -0400 Subject: [PATCH 08/16] spelling: in spite Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- server/api_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/api_test.go b/server/api_test.go index 01c59cf875..bc0dcf1128 100644 --- a/server/api_test.go +++ b/server/api_test.go @@ -337,7 +337,7 @@ func TestRefreshToken(t *testing.T) { } if resp, _ := client.ListRefresh(ctx, &listReq); len(resp.RefreshTokens) != 0 { - t.Fatalf("Refresh token returned inspite of revoking it.") + t.Fatalf("Refresh token returned in spite of revoking it.") } } From 12d043c7d92ffb359ffd070eb2db6b9ac4ebbe06 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 27 Apr 2023 08:03:02 -0400 Subject: [PATCH 09/16] spelling: into Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- storage/storage.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/storage/storage.go b/storage/storage.go index 0009d4b1ce..743d2ecb4d 100644 --- a/storage/storage.go +++ b/storage/storage.go @@ -317,7 +317,7 @@ type RefreshTokenRef struct { // OfflineSessions objects are sessions pertaining to users with refresh tokens. type OfflineSessions struct { - // UserID of an end user who has logged in to the server. + // UserID of an end user who has logged into the server. UserID string // The ID of the connector used to login the user. From 8fdc29da34c6aa542f395e8aa627c69f307ef971 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 27 Apr 2023 08:01:38 -0400 Subject: [PATCH 10/16] spelling: missing Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- connector/ldap/ldap.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go index 543402718c..c26960ba77 100644 --- a/connector/ldap/ldap.go +++ b/connector/ldap/ldap.go @@ -619,7 +619,7 @@ func (c *ldapConnector) groups(ctx context.Context, user ldap.Entry) ([]string, for _, group := range groups { name := getAttr(*group, c.GroupSearch.NameAttr) if name == "" { - // Be obnoxious about missing missing attributes. If the group entry is + // Be obnoxious about missing attributes. If the group entry is // missing its name attribute, that indicates a misconfiguration. // // In the future we can add configuration options to just log these errors. From a1a05c4a650c7fe8419ac42a26bdcc3a9e67527b Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 27 Apr 2023 08:02:14 -0400 Subject: [PATCH 11/16] spelling: nonexistent Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- server/deviceflowhandlers_test.go | 2 +- storage/conformance/conformance.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/server/deviceflowhandlers_test.go b/server/deviceflowhandlers_test.go index 9a9f28584e..9abe4a6229 100644 --- a/server/deviceflowhandlers_test.go +++ b/server/deviceflowhandlers_test.go @@ -508,7 +508,7 @@ func TestDeviceTokenResponse(t *testing.T) { expectedResponseCode: http.StatusBadRequest, }, { - testName: "Test Non-existent Device Code", + testName: "Test Nonexistent Device Code", testDeviceRequest: baseDeviceRequest, testDeviceToken: storage.DeviceToken{ DeviceCode: "foo", diff --git a/storage/conformance/conformance.go b/storage/conformance/conformance.go index 1b45b76c3a..71a2e181e8 100644 --- a/storage/conformance/conformance.go +++ b/storage/conformance/conformance.go @@ -63,7 +63,7 @@ func mustLoadJWK(b string) *jose.JSONWebKey { func mustBeErrNotFound(t *testing.T, kind string, err error) { switch { case err == nil: - t.Errorf("deleting non-existent %s should return an error", kind) + t.Errorf("deleting nonexistent %s should return an error", kind) case err != storage.ErrNotFound: t.Errorf("deleting %s expected storage.ErrNotFound, got %v", kind, err) } From e15b599e6a7e5b1e8d3f19e55be60d0ec2907895 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 27 Apr 2023 08:32:21 -0400 Subject: [PATCH 12/16] spelling: programmatically Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- server/server.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/server.go b/server/server.go index 0aac0a6cd3..f23eb54b7c 100755 --- a/server/server.go +++ b/server/server.go @@ -118,7 +118,7 @@ type WebConfig struct { // * themes/(theme) - Static static served at "( issuer URL )/theme". Dir string - // Alternative way to programatically configure static web assets. + // Alternative way to programmatically configure static web assets. // If Dir is specified, WebFS is ignored. // It's expected to contain the same files and directories as mentioned above. // From acc568be4b53af46e4e2e3bd64b42ac3c33e83ea Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 27 Apr 2023 08:23:31 -0400 Subject: [PATCH 13/16] spelling: running Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- connector/ldap/ldap_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connector/ldap/ldap_test.go b/connector/ldap/ldap_test.go index 83f9f4790c..9e0003b8c0 100644 --- a/connector/ldap/ldap_test.go +++ b/connector/ldap/ldap_test.go @@ -523,7 +523,7 @@ func getenv(key, defaultVal string) string { // runTests runs a set of tests against an LDAP schema. // -// The tests require LDAP to be runnning. +// The tests require LDAP to be running. // You can use the provided docker-compose file to setup an LDAP server. func runTests(t *testing.T, connMethod connectionMethod, config *Config, tests []subtest) { ldapHost := os.Getenv("DEX_LDAP_HOST") From ad1fc3b7c14a222a28300a54389a87c53067dc8e Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 27 Apr 2023 08:23:32 -0400 Subject: [PATCH 14/16] spelling: upon Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- connector/google/google_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connector/google/google_test.go b/connector/google/google_test.go index cf5977ab6a..262657db13 100644 --- a/connector/google/google_test.go +++ b/connector/google/google_test.go @@ -86,7 +86,7 @@ func TestOpen(t *testing.T) { expectedErr string // string to set in GOOGLE_APPLICATION_CREDENTIALS. As local development environments can - // already contain ADC, test cases will be built uppon this setting this env variable + // already contain ADC, test cases will be built upon this setting this env variable adc string } From fbd6e15499cf080182992b6e2ba6f4d1acff8ee1 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 27 Apr 2023 08:43:19 -0400 Subject: [PATCH 15/16] spelling: use case Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- docs/enhancements/token-exchange-2023-02-03-#2812.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/enhancements/token-exchange-2023-02-03-#2812.md b/docs/enhancements/token-exchange-2023-02-03-#2812.md index 9707505206..f9f556d26e 100644 --- a/docs/enhancements/token-exchange-2023-02-03-#2812.md +++ b/docs/enhancements/token-exchange-2023-02-03-#2812.md @@ -166,7 +166,7 @@ Additionally, a new `allowedGrantTypes` would allow for disabling exchanges if t - The password connector could be switch to support this new endpoint, submitting passwords as access tokens, allowing for multiple password connectors to be configured - The `audience` field could be made optional if there is a single connector or the id token is inspected for issuer url -- The `actor_token` and `actor_token_type` can be checked / validated if a suitable usecase is determined. +- The `actor_token` and `actor_token_type` can be checked / validated if a suitable use case is determined. - A policy language like [cel] or [rego] as mentioned on [#1635 Connector Middleware] would allow for stronger assertions of the provided identity against requested resource access. From d8a9756df7516bbac9c4ec9b1ad48e847134d823 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Thu, 27 Apr 2023 08:23:33 -0400 Subject: [PATCH 16/16] spelling: verified Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- connector/oidc/oidc.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go index 5c10f74a60..c022b2cae9 100644 --- a/connector/oidc/oidc.go +++ b/connector/oidc/oidc.go @@ -38,7 +38,7 @@ type Config struct { // Certificates for SSL validation RootCAs []string `json:"rootCAs"` - // Override the value of email_verifed to true in the returned claims + // Override the value of email_verified to true in the returned claims InsecureSkipEmailVerified bool `json:"insecureSkipEmailVerified"` // InsecureEnableGroups enables groups claims. This is disabled by default until https://github.com/dexidp/dex/issues/1065 is resolved