From 3b3b02b741cd1dbb348520321f63dd43ee3f3e21 Mon Sep 17 00:00:00 2001 From: Michael Schurter Date: Wed, 3 May 2023 11:17:38 -0700 Subject: [PATCH] dep: update from jwt/v4 to jwt/v5 (#17062) Their release notes are here: https://github.com/golang-jwt/jwt/releases Seemed wise to upgrade before we do even more with JWTs. For example this upgrade *would* have mattered if we already implemented common JWT claims such as expiration. Since we didn't rely on any claim verification this upgrade is a noop... ...except for 1 test that called `Claims.Valid()`! Removing that assertion *seems* scary, but it didn't actually do anything because we didn't implement any of the standard claims it validated: https://github.com/golang-jwt/jwt/blob/v4.5.0/map_claims.go#L120-L151 So functionally this major upgrade is a noop. --- command/agent/acl_endpoint_test.go | 2 +- go.mod | 3 ++- go.sum | 2 ++ lib/auth/jwt/validator_test.go | 2 +- nomad/acl_endpoint_test.go | 2 +- nomad/encrypter.go | 2 +- nomad/encrypter_test.go | 1 - nomad/mock/acl.go | 2 +- nomad/structs/structs.go | 2 +- 9 files changed, 10 insertions(+), 8 deletions(-) diff --git a/command/agent/acl_endpoint_test.go b/command/agent/acl_endpoint_test.go index 1ca8d281c..444316207 100644 --- a/command/agent/acl_endpoint_test.go +++ b/command/agent/acl_endpoint_test.go @@ -12,7 +12,7 @@ import ( "testing" "time" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" capOIDC "github.com/hashicorp/cap/oidc" "github.com/hashicorp/nomad/ci" "github.com/hashicorp/nomad/helper/uuid" diff --git a/go.mod b/go.mod index f5e4ed8ee..76861f58d 100644 --- a/go.mod +++ b/go.mod @@ -30,6 +30,7 @@ require ( github.com/dustin/go-humanize v1.0.0 github.com/elazarl/go-bindata-assetfs v1.0.1-0.20200509193318-234c15e7648f github.com/fsouza/go-dockerclient v1.7.9 + github.com/golang-jwt/jwt/v5 v5.0.0 github.com/golang/protobuf v1.5.2 github.com/golang/snappy v0.0.4 github.com/google/go-cmp v0.5.9 @@ -188,7 +189,7 @@ require ( github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/gojuno/minimock/v3 v3.0.6 // indirect - github.com/golang-jwt/jwt/v4 v4.4.3 + github.com/golang-jwt/jwt/v4 v4.4.3 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/google/btree v1.0.0 // indirect github.com/google/go-querystring v0.0.0-20170111101155-53e6ce116135 // indirect diff --git a/go.sum b/go.sum index 9e53dadeb..1f3c7de85 100644 --- a/go.sum +++ b/go.sum @@ -647,6 +647,8 @@ github.com/gojuno/minimock/v3 v3.0.6/go.mod h1:v61ZjAKHr+WnEkND63nQPCZ/DTfQgJdvb github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU= github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE= +github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= diff --git a/lib/auth/jwt/validator_test.go b/lib/auth/jwt/validator_test.go index 137e2fcc0..ae8dc75db 100644 --- a/lib/auth/jwt/validator_test.go +++ b/lib/auth/jwt/validator_test.go @@ -11,7 +11,7 @@ import ( "testing" "time" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" "github.com/hashicorp/cap/oidc" "github.com/shoenig/test/must" diff --git a/nomad/acl_endpoint_test.go b/nomad/acl_endpoint_test.go index 27cdc8ab9..7a1ca1192 100644 --- a/nomad/acl_endpoint_test.go +++ b/nomad/acl_endpoint_test.go @@ -11,7 +11,7 @@ import ( "testing" "time" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" capOIDC "github.com/hashicorp/cap/oidc" "github.com/hashicorp/go-memdb" msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" diff --git a/nomad/encrypter.go b/nomad/encrypter.go index 221a98c66..e84bb649f 100644 --- a/nomad/encrypter.go +++ b/nomad/encrypter.go @@ -17,7 +17,7 @@ import ( "sync" "time" - jwt "github.com/golang-jwt/jwt/v4" + jwt "github.com/golang-jwt/jwt/v5" log "github.com/hashicorp/go-hclog" kms "github.com/hashicorp/go-kms-wrapping/v2" "github.com/hashicorp/go-kms-wrapping/v2/aead" diff --git a/nomad/encrypter_test.go b/nomad/encrypter_test.go index 7641cd3ba..026825924 100644 --- a/nomad/encrypter_test.go +++ b/nomad/encrypter_test.go @@ -371,7 +371,6 @@ func TestEncrypter_SignVerify(t *testing.T) { got, err := e.VerifyClaim(out) require.NoError(t, err) require.NotNil(t, got) - require.NoError(t, got.Valid()) require.Equal(t, alloc.ID, got.AllocationID) require.Equal(t, alloc.JobID, got.JobID) require.Equal(t, "web", got.TaskName) diff --git a/nomad/mock/acl.go b/nomad/mock/acl.go index 3ec6d0580..37d39c47a 100644 --- a/nomad/mock/acl.go +++ b/nomad/mock/acl.go @@ -13,7 +13,7 @@ import ( "strings" "time" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" testing "github.com/mitchellh/go-testing-interface" "github.com/stretchr/testify/assert" diff --git a/nomad/structs/structs.go b/nomad/structs/structs.go index 8a3016e72..666c260ae 100644 --- a/nomad/structs/structs.go +++ b/nomad/structs/structs.go @@ -27,7 +27,7 @@ import ( "strings" "time" - jwt "github.com/golang-jwt/jwt/v4" + jwt "github.com/golang-jwt/jwt/v5" "github.com/hashicorp/cronexpr" "github.com/hashicorp/go-msgpack/codec" "github.com/hashicorp/go-multierror"