move to jwt-go v4 with correct releases (#13586)

2021-11-05 12:20:08 -07:00 · 2021-11-05 12:20:08 -07:00 · 520037e721
parent cbb0828ab8
commit 520037e721
16 changed files with 26 additions and 22 deletions
--- a/8
+++ b/8
@ -20,8 +20,8 @@ help: ## print this help
 getdeps: ## fetch necessary dependencies
 	@mkdir -p ${GOPATH}/bin
 	@echo "Installing golangci-lint" && curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOPATH)/bin v1.40.1
-	@which msgp 1>/dev/null || (echo "Installing msgp" && go install -v github.com/tinylib/msgp@v1.1.3)
-	@which stringer 1>/dev/null || (echo "Installing stringer" && go install -v golang.org/x/tools/cmd/stringer)
+	@echo "Installing msgp" && go install -v github.com/tinylib/msgp@latest
+	@echo "Installing stringer" && go install -v golang.org/x/tools/cmd/stringer@latest

 crosscompile: ## cross compile minio
 	@(env bash $(PWD)/buildscripts/cross-compile.sh)
@ -40,7 +40,7 @@ lint: ## runs golangci-lint suite of linters
 check: test
 test: verifiers build ## builds minio, runs linters, tests
 	@echo "Running unit tests"
-	@GOGC=25 GO111MODULE=on CGO_ENABLED=0 go test -tags kqueue ./... 1>/dev/null
+	@GO111MODULE=on CGO_ENABLED=0 go test -tags kqueue ./... 1>/dev/null

 test-race: verifiers build
 	@echo "Running unit tests under -race"
@ -50,7 +50,7 @@ test-ldap: build
 	@echo "Running tests for LDAP integration"
 	@CGO_ENABLED=0 go test -tags kqueue -v -run TestIAMWithLDAPServerSuite ./cmd
 	@echo "Running tests for LDAP integration with -race"
-	@GOGC=25 CGO_ENABLED=1 go test -race -tags kqueue -v -run TestIAMWithLDAPServerSuite ./cmd
+	@CGO_ENABLED=1 go test -race -tags kqueue -v -run TestIAMWithLDAPServerSuite ./cmd

 verify: ## verify minio various setups
 	@echo "Verifying build with race"
--- a/cmd/jwt.go
+++ b/cmd/jwt.go
@ -22,8 +22,8 @@ import (
 	"net/http"
 	"time"

-	jwtgo "github.com/golang-jwt/jwt"
-	jwtreq "github.com/golang-jwt/jwt/request"
+	jwtgo "github.com/golang-jwt/jwt/v4"
+	jwtreq "github.com/golang-jwt/jwt/v4/request"
 	"github.com/minio/minio/internal/auth"
 	xjwt "github.com/minio/minio/internal/jwt"
 	"github.com/minio/minio/internal/logger"
--- a/cmd/jwt_test.go
+++ b/cmd/jwt_test.go
@ -22,7 +22,7 @@ import (
 	"os"
 	"testing"

-	jwtgo "github.com/golang-jwt/jwt"
+	jwtgo "github.com/golang-jwt/jwt/v4"
 	"github.com/minio/minio/internal/auth"
 	xjwt "github.com/minio/minio/internal/jwt"
 )
--- a/cmd/storage-rest-server.go
+++ b/cmd/storage-rest-server.go
@ -37,7 +37,7 @@ import (

 	"github.com/tinylib/msgp/msgp"

-	jwtreq "github.com/golang-jwt/jwt/request"
+	jwtreq "github.com/golang-jwt/jwt/v4/request"
 	"github.com/gorilla/mux"
 	"github.com/minio/minio/internal/config"
 	xhttp "github.com/minio/minio/internal/http"
--- a/cmd/sts-handlers.go
+++ b/cmd/sts-handlers.go
@ -234,14 +234,16 @@ func (sts *stsAPIHandlers) AssumeRole(w http.ResponseWriter, r *http.Request) {
 		}
 	}

-	var err error
-	m := make(map[string]interface{})
-	m[expClaim], err = openid.GetDefaultExpiration(r.Form.Get(stsDurationSeconds))
+	duration, err := openid.GetDefaultExpiration(r.Form.Get(stsDurationSeconds))
 	if err != nil {
 		writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, err)
 		return
 	}

+	m := map[string]interface{}{
+		expClaim: UTCNow().Add(duration).Unix(),
+	}
+
 	policies, err := globalIAMSys.PolicyDBGet(user.AccessKey, false)
 	if err != nil {
 		writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, err)
@ -798,7 +800,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithCertificate(w http.ResponseWriter, r *h
 	parentUser := "tls:" + certificate.Subject.CommonName

 	tmpCredentials, err := auth.GetNewCredentialsWithMetadata(map[string]interface{}{
-		expClaim:                   time.Now().UTC().Add(expiry).Unix(),
+		expClaim:                   UTCNow().Add(expiry).Unix(),
 		parentClaim:                parentUser,
 		subClaim:                   certificate.Subject.CommonName,
 		audClaim:                   certificate.Subject.Organization,
--- a/go.mod
+++ b/go.mod
@ -28,7 +28,7 @@ require (
 	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/go-openapi/loads v0.20.2
 	github.com/go-sql-driver/mysql v1.5.0
-	github.com/golang-jwt/jwt v3.2.2+incompatible
+	github.com/golang-jwt/jwt/v4 v4.1.0
 	github.com/gomodule/redigo v2.0.0+incompatible
 	github.com/google/uuid v1.3.0
 	github.com/gorilla/mux v1.8.0
--- a/go.sum
+++ b/go.sum
@ -560,6 +560,8 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69
 github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/golang-jwt/jwt/v4 v4.1.0 h1:XUgk2Ex5veyVFVeLm0xhusUTQybEbexJXrvPNOKkSY0=
+github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
--- a/internal/auth/credentials.go
+++ b/internal/auth/credentials.go
@ -28,7 +28,7 @@ import (
 	"strings"
 	"time"

-	jwtgo "github.com/golang-jwt/jwt"
+	jwtgo "github.com/golang-jwt/jwt/v4"
 	"github.com/minio/minio/internal/jwt"
 )

--- a/internal/config/dns/operator_dns.go
+++ b/internal/config/dns/operator_dns.go
@ -31,7 +31,7 @@ import (
 	"strings"
 	"time"

-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/minio/minio/internal/config"
 	xhttp "github.com/minio/minio/internal/http"
 )
--- a/internal/config/identity/openid/ecdsa-sha3_contrib.go
+++ b/internal/config/identity/openid/ecdsa-sha3_contrib.go
@ -19,7 +19,7 @@ package openid
 import (
 	"crypto"

-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v4"

 	// Needed for SHA3 to work - See: https://golang.org/src/crypto/crypto.go?s=1034:1288
 	_ "golang.org/x/crypto/sha3" // There is no SHA-3 FIPS-140 2 compliant implementation
--- a/internal/config/identity/openid/jwt.go
+++ b/internal/config/identity/openid/jwt.go
@ -29,7 +29,7 @@ import (
 	"sync"
 	"time"

-	jwtgo "github.com/golang-jwt/jwt"
+	jwtgo "github.com/golang-jwt/jwt/v4"
 	"github.com/minio/minio/internal/auth"
 	"github.com/minio/minio/internal/config"
 	"github.com/minio/minio/internal/config/identity/openid/provider"
--- a/internal/config/identity/openid/jwt_test.go
+++ b/internal/config/identity/openid/jwt_test.go
@ -26,7 +26,7 @@ import (
 	"testing"
 	"time"

-	jwtg "github.com/golang-jwt/jwt"
+	jwtg "github.com/golang-jwt/jwt/v4"
 	jwtm "github.com/minio/minio/internal/jwt"
 	xnet "github.com/minio/pkg/net"
 )
--- a/internal/config/identity/openid/rsa-sha3_contrib.go
+++ b/internal/config/identity/openid/rsa-sha3_contrib.go
@ -20,7 +20,7 @@ package openid
 import (
 	"crypto"

-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v4"

 	// Needed for SHA3 to work - See: https://golang.org/src/crypto/crypto.go?s=1034:1288
 	_ "golang.org/x/crypto/sha3" // There is no SHA-3 FIPS-140 2 compliant implementation
--- a/internal/config/subnet/license.go
+++ b/internal/config/subnet/license.go
@ -18,7 +18,7 @@
 package subnet

 import (
-	jwtgo "github.com/golang-jwt/jwt"
+	jwtgo "github.com/golang-jwt/jwt/v4"
 	"github.com/minio/minio/internal/config"
 	"github.com/minio/pkg/env"
 )
--- a/internal/jwt/parser.go
+++ b/internal/jwt/parser.go
@ -32,7 +32,7 @@ import (
 	"sync"
 	"time"

-	jwtgo "github.com/golang-jwt/jwt"
+	jwtgo "github.com/golang-jwt/jwt/v4"
 	jsoniter "github.com/json-iterator/go"
 )

--- a/internal/jwt/parser_test.go
+++ b/internal/jwt/parser_test.go
@ -27,7 +27,7 @@ import (
 	"testing"
 	"time"

-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v4"
 )

 var (