mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-24 23:30:20 +00:00
rebase: bump the github-dependencies group with 2 updates
Bumps the github-dependencies group with 2 updates: [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) and [github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets](https://github.com/Azure/azure-sdk-for-go). Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.32.2 to 1.32.3 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.2...v1.32.3) Updates `github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets` from 1.1.0 to 1.2.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](https://github.com/Azure/azure-sdk-for-go/compare/v1.1...v1.2) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-dependencies - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
parent
c3c00b0e61
commit
26c237e314
16
go.mod
16
go.mod
@ -5,7 +5,7 @@ go 1.22.5
|
|||||||
require (
|
require (
|
||||||
github.com/IBM/keyprotect-go-client v0.15.1
|
github.com/IBM/keyprotect-go-client v0.15.1
|
||||||
github.com/aws/aws-sdk-go v1.55.5
|
github.com/aws/aws-sdk-go v1.55.5
|
||||||
github.com/aws/aws-sdk-go-v2/service/sts v1.32.2
|
github.com/aws/aws-sdk-go-v2/service/sts v1.32.3
|
||||||
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
|
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
|
||||||
github.com/ceph/go-ceph v0.30.0
|
github.com/ceph/go-ceph v0.30.0
|
||||||
github.com/container-storage-interface/spec v1.10.0
|
github.com/container-storage-interface/spec v1.10.0
|
||||||
@ -47,24 +47,24 @@ require (
|
|||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0
|
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0
|
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.2.0
|
||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 // indirect
|
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 // indirect
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
|
github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect
|
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 // indirect
|
||||||
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
|
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
|
||||||
github.com/NYTimes/gziphandler v1.1.1 // indirect
|
github.com/NYTimes/gziphandler v1.1.1 // indirect
|
||||||
github.com/ansel1/merry v1.6.2 // indirect
|
github.com/ansel1/merry v1.6.2 // indirect
|
||||||
github.com/ansel1/merry/v2 v2.0.1 // indirect
|
github.com/ansel1/merry/v2 v2.0.1 // indirect
|
||||||
github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
|
github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
|
||||||
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect
|
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect
|
||||||
github.com/aws/aws-sdk-go-v2 v1.32.2 // indirect
|
github.com/aws/aws-sdk-go-v2 v1.32.3 // indirect
|
||||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 // indirect
|
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22 // indirect
|
||||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 // indirect
|
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22 // indirect
|
||||||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
|
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
|
||||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 // indirect
|
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3 // indirect
|
||||||
github.com/aws/smithy-go v1.22.0 // indirect
|
github.com/aws/smithy-go v1.22.0 // indirect
|
||||||
github.com/beorn7/perks v1.0.1 // indirect
|
github.com/beorn7/perks v1.0.1 // indirect
|
||||||
github.com/blang/semver/v4 v4.0.0 // indirect
|
github.com/blang/semver/v4 v4.0.0 // indirect
|
||||||
|
32
go.sum
32
go.sum
@ -1320,18 +1320,18 @@ gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zum
|
|||||||
git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc=
|
git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc=
|
||||||
github.com/Azure/azure-sdk-for-go v62.0.0+incompatible h1:8N2k27SYtc12qj5nTsuFMFJPZn5CGmgMWqTy4y9I7Jw=
|
github.com/Azure/azure-sdk-for-go v62.0.0+incompatible h1:8N2k27SYtc12qj5nTsuFMFJPZn5CGmgMWqTy4y9I7Jw=
|
||||||
github.com/Azure/azure-sdk-for-go v62.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
|
github.com/Azure/azure-sdk-for-go v62.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8=
|
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 h1:JZg6HRh6W6U4OLl6lk7BZ7BLisIzM9dG1R50zUk9C/M=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0=
|
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g=
|
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI=
|
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw=
|
github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ=
|
github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY=
|
github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY=
|
github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 h1:h4Zxgmi9oyZL2l8jeg1iRTqPloHktywWcu0nlJmo1tA=
|
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.2.0 h1:TkNl6WlpHdZSMt0Zngw8y0c9ZMi3GwmYl0kKNbW9PvU=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0/go.mod h1:LgLGXawqSreJz135Elog0ywTJDsm0Hz2k+N+6ZK35u8=
|
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.2.0/go.mod h1:ukmL56lWl275SgNFijuwx0Wv6n6HmzzpPWW4kMoy/wY=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80=
|
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 h1:eXnN9kaS8TiDwXjoie3hMRLuwdUBUMW9KRgOqB3mCaw=
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI=
|
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0/go.mod h1:XIpam8wumeZ5rVMuhdDQLMfIPDf1WO3IzrCRO3e3e3o=
|
||||||
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
|
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
|
||||||
github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
|
github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
|
||||||
github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U=
|
github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U=
|
||||||
@ -1411,18 +1411,18 @@ github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:l
|
|||||||
github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
|
github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
|
||||||
github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU=
|
github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU=
|
||||||
github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
|
github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
|
||||||
github.com/aws/aws-sdk-go-v2 v1.32.2 h1:AkNLZEyYMLnx/Q/mSKkcMqwNFXMAvFto9bNsHqcTduI=
|
github.com/aws/aws-sdk-go-v2 v1.32.3 h1:T0dRlFBKcdaUPGNtkBSwHZxrtis8CQU17UpNBZYd0wk=
|
||||||
github.com/aws/aws-sdk-go-v2 v1.32.2/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo=
|
github.com/aws/aws-sdk-go-v2 v1.32.3/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo=
|
||||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 h1:UAsR3xA31QGf79WzpG/ixT9FZvQlh5HY1NRqSHBNOCk=
|
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22 h1:Jw50LwEkVjuVzE1NzkhNKkBf9cRN7MtE1F/b2cOKTUM=
|
||||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21/go.mod h1:JNr43NFf5L9YaG3eKTm7HQzls9J+A9YYcGI5Quh1r2Y=
|
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22/go.mod h1:Y/SmAyPcOTmpeVaWSzSKiILfXTVJwrGmYZhcRbhWuEY=
|
||||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 h1:6jZVETqmYCadGFvrYEQfC5fAQmlo80CeL5psbno6r0s=
|
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22 h1:981MHwBaRZM7+9QSR6XamDzF/o7ouUGxFzr+nVSIhrs=
|
||||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21/go.mod h1:1SR0GbLlnN3QUmYaflZNiH1ql+1qrSiB2vwcJ+4UM60=
|
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22/go.mod h1:1RA1+aBEfn+CAB/Mh0MB6LsdCYCnjZm7tKXtnk499ZQ=
|
||||||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 h1:TToQNkvGguu209puTojY/ozlqy2d/SFNcoLIqTFi42g=
|
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 h1:TToQNkvGguu209puTojY/ozlqy2d/SFNcoLIqTFi42g=
|
||||||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0/go.mod h1:0jp+ltwkf+SwG2fm/PKo8t4y8pJSgOCO4D8Lz3k0aHQ=
|
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0/go.mod h1:0jp+ltwkf+SwG2fm/PKo8t4y8pJSgOCO4D8Lz3k0aHQ=
|
||||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 h1:s7NA1SOw8q/5c0wr8477yOPp0z+uBaXBnLE0XYb0POA=
|
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3 h1:qcxX0JYlgWH3hpPUnd6U0ikcl6LLA9sLkXE2w1fpMvY=
|
||||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2/go.mod h1:fnjjWyAW/Pj5HYOxl9LJqWtEwS7W2qgcRLWP+uWbss0=
|
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3/go.mod h1:cLSNEmI45soc+Ef8K/L+8sEA3A3pYFEYf5B5UI+6bH4=
|
||||||
github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 h1:CiS7i0+FUe+/YY1GvIBLLrR/XNGZ4CtM1Ll0XavNuVo=
|
github.com/aws/aws-sdk-go-v2/service/sts v1.32.3 h1:wVnQ6tigGsRqSWDEEyH6lSAJ9OyFUsSnbaUWChuSGzs=
|
||||||
github.com/aws/aws-sdk-go-v2/service/sts v1.32.2/go.mod h1:HtaiBI8CjYoNVde8arShXb94UbQQi9L4EMr6D+xGBwo=
|
github.com/aws/aws-sdk-go-v2/service/sts v1.32.3/go.mod h1:VZa9yTFyj4o10YGsmDO4gbQJUvvhY72fhumT8W4LqsE=
|
||||||
github.com/aws/smithy-go v1.22.0 h1:uunKnWlcoL3zO7q+gG2Pk53joueEOsnNB28QdMsmiMM=
|
github.com/aws/smithy-go v1.22.0 h1:uunKnWlcoL3zO7q+gG2Pk53joueEOsnNB28QdMsmiMM=
|
||||||
github.com/aws/smithy-go v1.22.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
|
github.com/aws/smithy-go v1.22.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
|
||||||
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
|
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
|
||||||
|
25
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/CHANGELOG.md
generated
vendored
25
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/CHANGELOG.md
generated
vendored
@ -1,5 +1,30 @@
|
|||||||
# Release History
|
# Release History
|
||||||
|
|
||||||
|
## 1.16.0 (2024-10-17)
|
||||||
|
|
||||||
|
### Features Added
|
||||||
|
|
||||||
|
* Added field `Kind` to `runtime.StartSpanOptions` to allow a kind to be set when starting a span.
|
||||||
|
|
||||||
|
### Bugs Fixed
|
||||||
|
|
||||||
|
* `BearerTokenPolicy` now rewinds request bodies before retrying
|
||||||
|
|
||||||
|
## 1.15.0 (2024-10-14)
|
||||||
|
|
||||||
|
### Features Added
|
||||||
|
|
||||||
|
* `BearerTokenPolicy` handles CAE claims challenges
|
||||||
|
|
||||||
|
### Bugs Fixed
|
||||||
|
|
||||||
|
* Omit the `ResponseError.RawResponse` field from JSON marshaling so instances can be marshaled.
|
||||||
|
* Fixed an integer overflow in the retry policy.
|
||||||
|
|
||||||
|
### Other Changes
|
||||||
|
|
||||||
|
* Update dependencies.
|
||||||
|
|
||||||
## 1.14.0 (2024-08-07)
|
## 1.14.0 (2024-08-07)
|
||||||
|
|
||||||
### Features Added
|
### Features Added
|
||||||
|
48
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime/policy_bearer_token.go
generated
vendored
48
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime/policy_bearer_token.go
generated
vendored
@ -5,7 +5,6 @@ package runtime
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"encoding/base64"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
@ -66,31 +65,16 @@ func NewBearerTokenPolicy(cred azcore.TokenCredential, opts *armpolicy.BearerTok
|
|||||||
p.btp = azruntime.NewBearerTokenPolicy(cred, opts.Scopes, &azpolicy.BearerTokenOptions{
|
p.btp = azruntime.NewBearerTokenPolicy(cred, opts.Scopes, &azpolicy.BearerTokenOptions{
|
||||||
InsecureAllowCredentialWithHTTP: opts.InsecureAllowCredentialWithHTTP,
|
InsecureAllowCredentialWithHTTP: opts.InsecureAllowCredentialWithHTTP,
|
||||||
AuthorizationHandler: azpolicy.AuthorizationHandler{
|
AuthorizationHandler: azpolicy.AuthorizationHandler{
|
||||||
OnChallenge: p.onChallenge,
|
OnRequest: p.onRequest,
|
||||||
OnRequest: p.onRequest,
|
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
return p
|
return p
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *BearerTokenPolicy) onChallenge(req *azpolicy.Request, res *http.Response, authNZ func(azpolicy.TokenRequestOptions) error) error {
|
|
||||||
challenge := res.Header.Get(shared.HeaderWWWAuthenticate)
|
|
||||||
claims, err := parseChallenge(challenge)
|
|
||||||
if err != nil {
|
|
||||||
// the challenge contains claims we can't parse
|
|
||||||
return err
|
|
||||||
} else if claims != "" {
|
|
||||||
// request a new token having the specified claims, send the request again
|
|
||||||
return authNZ(azpolicy.TokenRequestOptions{Claims: claims, EnableCAE: true, Scopes: b.scopes})
|
|
||||||
}
|
|
||||||
// auth challenge didn't include claims, so this is a simple authorization failure
|
|
||||||
return azruntime.NewResponseError(res)
|
|
||||||
}
|
|
||||||
|
|
||||||
// onRequest authorizes requests with one or more bearer tokens
|
// onRequest authorizes requests with one or more bearer tokens
|
||||||
func (b *BearerTokenPolicy) onRequest(req *azpolicy.Request, authNZ func(azpolicy.TokenRequestOptions) error) error {
|
func (b *BearerTokenPolicy) onRequest(req *azpolicy.Request, authNZ func(azpolicy.TokenRequestOptions) error) error {
|
||||||
// authorize the request with a token for the primary tenant
|
// authorize the request with a token for the primary tenant
|
||||||
err := authNZ(azpolicy.TokenRequestOptions{EnableCAE: true, Scopes: b.scopes})
|
err := authNZ(azpolicy.TokenRequestOptions{Scopes: b.scopes})
|
||||||
if err != nil || len(b.auxResources) == 0 {
|
if err != nil || len(b.auxResources) == 0 {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -116,31 +100,3 @@ func (b *BearerTokenPolicy) onRequest(req *azpolicy.Request, authNZ func(azpolic
|
|||||||
func (b *BearerTokenPolicy) Do(req *azpolicy.Request) (*http.Response, error) {
|
func (b *BearerTokenPolicy) Do(req *azpolicy.Request) (*http.Response, error) {
|
||||||
return b.btp.Do(req)
|
return b.btp.Do(req)
|
||||||
}
|
}
|
||||||
|
|
||||||
// parseChallenge parses claims from an authentication challenge issued by ARM so a client can request a token
|
|
||||||
// that will satisfy conditional access policies. It returns a non-nil error when the given value contains
|
|
||||||
// claims it can't parse. If the value contains no claims, it returns an empty string and a nil error.
|
|
||||||
func parseChallenge(wwwAuthenticate string) (string, error) {
|
|
||||||
claims := ""
|
|
||||||
var err error
|
|
||||||
for _, param := range strings.Split(wwwAuthenticate, ",") {
|
|
||||||
if _, after, found := strings.Cut(param, "claims="); found {
|
|
||||||
if claims != "" {
|
|
||||||
// The header contains multiple challenges, at least two of which specify claims. The specs allow this
|
|
||||||
// but it's unclear what a client should do in this case and there's as yet no concrete example of it.
|
|
||||||
err = fmt.Errorf("found multiple claims challenges in %q", wwwAuthenticate)
|
|
||||||
break
|
|
||||||
}
|
|
||||||
// trim stuff that would get an error from RawURLEncoding; claims may or may not be padded
|
|
||||||
claims = strings.Trim(after, `\"=`)
|
|
||||||
// we don't return this error because it's something unhelpful like "illegal base64 data at input byte 42"
|
|
||||||
if b, decErr := base64.RawURLEncoding.DecodeString(claims); decErr == nil {
|
|
||||||
claims = string(b)
|
|
||||||
} else {
|
|
||||||
err = fmt.Errorf("failed to parse claims from %q", wwwAuthenticate)
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return claims, err
|
|
||||||
}
|
|
||||||
|
3
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/errors.go
generated
vendored
3
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/errors.go
generated
vendored
@ -11,4 +11,7 @@ import "github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported"
|
|||||||
// ResponseError is returned when a request is made to a service and
|
// ResponseError is returned when a request is made to a service and
|
||||||
// the service returns a non-success HTTP status code.
|
// the service returns a non-success HTTP status code.
|
||||||
// Use errors.As() to access this type in the error chain.
|
// Use errors.As() to access this type in the error chain.
|
||||||
|
//
|
||||||
|
// When marshaling instances, the RawResponse field will be omitted.
|
||||||
|
// However, the contents returned by Error() will be preserved.
|
||||||
type ResponseError = exported.ResponseError
|
type ResponseError = exported.ResponseError
|
||||||
|
38
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported/response_error.go
generated
vendored
38
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported/response_error.go
generated
vendored
@ -117,12 +117,18 @@ type ResponseError struct {
|
|||||||
StatusCode int
|
StatusCode int
|
||||||
|
|
||||||
// RawResponse is the underlying HTTP response.
|
// RawResponse is the underlying HTTP response.
|
||||||
RawResponse *http.Response
|
RawResponse *http.Response `json:"-"`
|
||||||
|
|
||||||
|
errMsg string
|
||||||
}
|
}
|
||||||
|
|
||||||
// Error implements the error interface for type ResponseError.
|
// Error implements the error interface for type ResponseError.
|
||||||
// Note that the message contents are not contractual and can change over time.
|
// Note that the message contents are not contractual and can change over time.
|
||||||
func (e *ResponseError) Error() string {
|
func (e *ResponseError) Error() string {
|
||||||
|
if e.errMsg != "" {
|
||||||
|
return e.errMsg
|
||||||
|
}
|
||||||
|
|
||||||
const separator = "--------------------------------------------------------------------------------"
|
const separator = "--------------------------------------------------------------------------------"
|
||||||
// write the request method and URL with response status code
|
// write the request method and URL with response status code
|
||||||
msg := &bytes.Buffer{}
|
msg := &bytes.Buffer{}
|
||||||
@ -163,5 +169,33 @@ func (e *ResponseError) Error() string {
|
|||||||
}
|
}
|
||||||
fmt.Fprintln(msg, separator)
|
fmt.Fprintln(msg, separator)
|
||||||
|
|
||||||
return msg.String()
|
e.errMsg = msg.String()
|
||||||
|
return e.errMsg
|
||||||
|
}
|
||||||
|
|
||||||
|
// internal type used for marshaling/unmarshaling
|
||||||
|
type responseError struct {
|
||||||
|
ErrorCode string `json:"errorCode"`
|
||||||
|
StatusCode int `json:"statusCode"`
|
||||||
|
ErrorMessage string `json:"errorMessage"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func (e ResponseError) MarshalJSON() ([]byte, error) {
|
||||||
|
return json.Marshal(responseError{
|
||||||
|
ErrorCode: e.ErrorCode,
|
||||||
|
StatusCode: e.StatusCode,
|
||||||
|
ErrorMessage: e.Error(),
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func (e *ResponseError) UnmarshalJSON(data []byte) error {
|
||||||
|
re := responseError{}
|
||||||
|
if err := json.Unmarshal(data, &re); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
e.ErrorCode = re.ErrorCode
|
||||||
|
e.StatusCode = re.StatusCode
|
||||||
|
e.errMsg = re.ErrorMessage
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
2
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/constants.go
generated
vendored
2
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/constants.go
generated
vendored
@ -40,5 +40,5 @@ const (
|
|||||||
Module = "azcore"
|
Module = "azcore"
|
||||||
|
|
||||||
// Version is the semantic version (see http://semver.org) of this module.
|
// Version is the semantic version (see http://semver.org) of this module.
|
||||||
Version = "v1.14.0"
|
Version = "v1.16.0"
|
||||||
)
|
)
|
||||||
|
23
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/policy/policy.go
generated
vendored
23
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/policy/policy.go
generated
vendored
@ -161,19 +161,20 @@ type BearerTokenOptions struct {
|
|||||||
|
|
||||||
// AuthorizationHandler allows SDK developers to insert custom logic that runs when BearerTokenPolicy must authorize a request.
|
// AuthorizationHandler allows SDK developers to insert custom logic that runs when BearerTokenPolicy must authorize a request.
|
||||||
type AuthorizationHandler struct {
|
type AuthorizationHandler struct {
|
||||||
// OnRequest is called each time the policy receives a request. Its func parameter authorizes the request with a token
|
// OnRequest provides TokenRequestOptions the policy can use to acquire a token for a request. The policy calls OnRequest
|
||||||
// from the policy's given credential. Implementations that need to perform I/O should use the Request's context,
|
// whenever it needs a token and may call it multiple times for the same request. Its func parameter authorizes the request
|
||||||
// available from Request.Raw().Context(). When OnRequest returns an error, the policy propagates that error and doesn't
|
// with a token from the policy's credential. Implementations that need to perform I/O should use the Request's context,
|
||||||
// send the request. When OnRequest is nil, the policy follows its default behavior, authorizing the request with a
|
// available from Request.Raw().Context(). When OnRequest returns an error, the policy propagates that error and doesn't send
|
||||||
// token from its credential according to its configuration.
|
// the request. When OnRequest is nil, the policy follows its default behavior, which is to authorize the request with a token
|
||||||
|
// from its credential according to its configuration.
|
||||||
OnRequest func(*Request, func(TokenRequestOptions) error) error
|
OnRequest func(*Request, func(TokenRequestOptions) error) error
|
||||||
|
|
||||||
// OnChallenge is called when the policy receives a 401 response, allowing the AuthorizationHandler to re-authorize the
|
// OnChallenge allows clients to implement custom HTTP authentication challenge handling. BearerTokenPolicy calls it upon
|
||||||
// request according to an authentication challenge (the Response's WWW-Authenticate header). OnChallenge is responsible
|
// receiving a 401 response containing multiple Bearer challenges or a challenge BearerTokenPolicy itself can't handle.
|
||||||
// for parsing parameters from the challenge. Its func parameter will authorize the request with a token from the policy's
|
// OnChallenge is responsible for parsing challenge(s) (the Response's WWW-Authenticate header) and reauthorizing the
|
||||||
// given credential. Implementations that need to perform I/O should use the Request's context, available from
|
// Request accordingly. Its func argument authorizes the Request with a token from the policy's credential using the given
|
||||||
// Request.Raw().Context(). When OnChallenge returns nil, the policy will send the request again. When OnChallenge is nil,
|
// TokenRequestOptions. OnChallenge should honor the Request's context, available from Request.Raw().Context(). When
|
||||||
// the policy will return any 401 response to the client.
|
// OnChallenge returns nil, the policy will send the Request again.
|
||||||
OnChallenge func(*Request, *http.Response, func(TokenRequestOptions) error) error
|
OnChallenge func(*Request, *http.Response, func(TokenRequestOptions) error) error
|
||||||
}
|
}
|
||||||
|
|
||||||
|
139
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_bearer_token.go
generated
vendored
139
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_bearer_token.go
generated
vendored
@ -4,9 +4,12 @@
|
|||||||
package runtime
|
package runtime
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"encoding/base64"
|
||||||
"errors"
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported"
|
"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported"
|
||||||
@ -17,6 +20,11 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// BearerTokenPolicy authorizes requests with bearer tokens acquired from a TokenCredential.
|
// BearerTokenPolicy authorizes requests with bearer tokens acquired from a TokenCredential.
|
||||||
|
// It handles [Continuous Access Evaluation] (CAE) challenges. Clients needing to handle
|
||||||
|
// additional authentication challenges, or needing more control over authorization, should
|
||||||
|
// provide a [policy.AuthorizationHandler] in [policy.BearerTokenOptions].
|
||||||
|
//
|
||||||
|
// [Continuous Access Evaluation]: https://learn.microsoft.com/entra/identity/conditional-access/concept-continuous-access-evaluation
|
||||||
type BearerTokenPolicy struct {
|
type BearerTokenPolicy struct {
|
||||||
// mainResource is the resource to be retreived using the tenant specified in the credential
|
// mainResource is the resource to be retreived using the tenant specified in the credential
|
||||||
mainResource *temporal.Resource[exported.AccessToken, acquiringResourceState]
|
mainResource *temporal.Resource[exported.AccessToken, acquiringResourceState]
|
||||||
@ -51,8 +59,18 @@ func NewBearerTokenPolicy(cred exported.TokenCredential, scopes []string, opts *
|
|||||||
if opts == nil {
|
if opts == nil {
|
||||||
opts = &policy.BearerTokenOptions{}
|
opts = &policy.BearerTokenOptions{}
|
||||||
}
|
}
|
||||||
|
ah := opts.AuthorizationHandler
|
||||||
|
if ah.OnRequest == nil {
|
||||||
|
// Set a default OnRequest that simply requests a token with the given scopes. OnChallenge
|
||||||
|
// doesn't get a default so the policy can use a nil check to determine whether the caller
|
||||||
|
// provided an implementation.
|
||||||
|
ah.OnRequest = func(_ *policy.Request, authNZ func(policy.TokenRequestOptions) error) error {
|
||||||
|
// authNZ sets EnableCAE: true in all cases, no need to duplicate that here
|
||||||
|
return authNZ(policy.TokenRequestOptions{Scopes: scopes})
|
||||||
|
}
|
||||||
|
}
|
||||||
return &BearerTokenPolicy{
|
return &BearerTokenPolicy{
|
||||||
authzHandler: opts.AuthorizationHandler,
|
authzHandler: ah,
|
||||||
cred: cred,
|
cred: cred,
|
||||||
scopes: scopes,
|
scopes: scopes,
|
||||||
mainResource: temporal.NewResource(acquire),
|
mainResource: temporal.NewResource(acquire),
|
||||||
@ -63,6 +81,7 @@ func NewBearerTokenPolicy(cred exported.TokenCredential, scopes []string, opts *
|
|||||||
// authenticateAndAuthorize returns a function which authorizes req with a token from the policy's credential
|
// authenticateAndAuthorize returns a function which authorizes req with a token from the policy's credential
|
||||||
func (b *BearerTokenPolicy) authenticateAndAuthorize(req *policy.Request) func(policy.TokenRequestOptions) error {
|
func (b *BearerTokenPolicy) authenticateAndAuthorize(req *policy.Request) func(policy.TokenRequestOptions) error {
|
||||||
return func(tro policy.TokenRequestOptions) error {
|
return func(tro policy.TokenRequestOptions) error {
|
||||||
|
tro.EnableCAE = true
|
||||||
as := acquiringResourceState{p: b, req: req, tro: tro}
|
as := acquiringResourceState{p: b, req: req, tro: tro}
|
||||||
tk, err := b.mainResource.Get(as)
|
tk, err := b.mainResource.Get(as)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -86,12 +105,7 @@ func (b *BearerTokenPolicy) Do(req *policy.Request) (*http.Response, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
var err error
|
err := b.authzHandler.OnRequest(req, b.authenticateAndAuthorize(req))
|
||||||
if b.authzHandler.OnRequest != nil {
|
|
||||||
err = b.authzHandler.OnRequest(req, b.authenticateAndAuthorize(req))
|
|
||||||
} else {
|
|
||||||
err = b.authenticateAndAuthorize(req)(policy.TokenRequestOptions{Scopes: b.scopes})
|
|
||||||
}
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errorinfo.NonRetriableError(err)
|
return nil, errorinfo.NonRetriableError(err)
|
||||||
}
|
}
|
||||||
@ -101,17 +115,54 @@ func (b *BearerTokenPolicy) Do(req *policy.Request) (*http.Response, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
res, err = b.handleChallenge(req, res, false)
|
||||||
|
return res, err
|
||||||
|
}
|
||||||
|
|
||||||
|
// handleChallenge handles authentication challenges either directly (for CAE challenges) or by calling
|
||||||
|
// the AuthorizationHandler. It's a no-op when the response doesn't include an authentication challenge.
|
||||||
|
// It will recurse at most once, to handle a CAE challenge following a non-CAE challenge handled by the
|
||||||
|
// AuthorizationHandler.
|
||||||
|
func (b *BearerTokenPolicy) handleChallenge(req *policy.Request, res *http.Response, recursed bool) (*http.Response, error) {
|
||||||
|
var err error
|
||||||
if res.StatusCode == http.StatusUnauthorized {
|
if res.StatusCode == http.StatusUnauthorized {
|
||||||
b.mainResource.Expire()
|
b.mainResource.Expire()
|
||||||
if res.Header.Get("WWW-Authenticate") != "" && b.authzHandler.OnChallenge != nil {
|
if res.Header.Get(shared.HeaderWWWAuthenticate) != "" {
|
||||||
if err = b.authzHandler.OnChallenge(req, res, b.authenticateAndAuthorize(req)); err == nil {
|
caeChallenge, parseErr := parseCAEChallenge(res)
|
||||||
res, err = req.Next()
|
if parseErr != nil {
|
||||||
|
return res, parseErr
|
||||||
|
}
|
||||||
|
switch {
|
||||||
|
case caeChallenge != nil:
|
||||||
|
authNZ := func(tro policy.TokenRequestOptions) error {
|
||||||
|
// Take the TokenRequestOptions provided by OnRequest and add the challenge claims. The value
|
||||||
|
// will be empty at time of writing because CAE is the only feature involving claims. If in
|
||||||
|
// the future some client needs to specify unrelated claims, this function may need to merge
|
||||||
|
// them with the challenge claims.
|
||||||
|
tro.Claims = caeChallenge.params["claims"]
|
||||||
|
return b.authenticateAndAuthorize(req)(tro)
|
||||||
|
}
|
||||||
|
if err = b.authzHandler.OnRequest(req, authNZ); err == nil {
|
||||||
|
if err = req.RewindBody(); err == nil {
|
||||||
|
res, err = req.Next()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
case b.authzHandler.OnChallenge != nil && !recursed:
|
||||||
|
if err = b.authzHandler.OnChallenge(req, res, b.authenticateAndAuthorize(req)); err == nil {
|
||||||
|
if err = req.RewindBody(); err == nil {
|
||||||
|
if res, err = req.Next(); err == nil {
|
||||||
|
res, err = b.handleChallenge(req, res, true)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// don't retry challenge handling errors
|
||||||
|
err = errorinfo.NonRetriableError(err)
|
||||||
|
}
|
||||||
|
default:
|
||||||
|
// return the response to the pipeline
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if err != nil {
|
|
||||||
err = errorinfo.NonRetriableError(err)
|
|
||||||
}
|
|
||||||
return res, err
|
return res, err
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -121,3 +172,65 @@ func checkHTTPSForAuth(req *policy.Request, allowHTTP bool) error {
|
|||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// parseCAEChallenge returns a *authChallenge representing Response's CAE challenge (nil when Response has none).
|
||||||
|
// If Response includes a CAE challenge having invalid claims, it returns a NonRetriableError.
|
||||||
|
func parseCAEChallenge(res *http.Response) (*authChallenge, error) {
|
||||||
|
var (
|
||||||
|
caeChallenge *authChallenge
|
||||||
|
err error
|
||||||
|
)
|
||||||
|
for _, c := range parseChallenges(res) {
|
||||||
|
if c.scheme == "Bearer" {
|
||||||
|
if claims := c.params["claims"]; claims != "" && c.params["error"] == "insufficient_claims" {
|
||||||
|
if b, de := base64.StdEncoding.DecodeString(claims); de == nil {
|
||||||
|
c.params["claims"] = string(b)
|
||||||
|
caeChallenge = &c
|
||||||
|
} else {
|
||||||
|
// don't include the decoding error because it's something
|
||||||
|
// unhelpful like "illegal base64 data at input byte 42"
|
||||||
|
err = errorinfo.NonRetriableError(errors.New("authentication challenge contains invalid claims: " + claims))
|
||||||
|
}
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return caeChallenge, err
|
||||||
|
}
|
||||||
|
|
||||||
|
var (
|
||||||
|
challenge, challengeParams *regexp.Regexp
|
||||||
|
once = &sync.Once{}
|
||||||
|
)
|
||||||
|
|
||||||
|
type authChallenge struct {
|
||||||
|
scheme string
|
||||||
|
params map[string]string
|
||||||
|
}
|
||||||
|
|
||||||
|
// parseChallenges assumes authentication challenges have quoted parameter values
|
||||||
|
func parseChallenges(res *http.Response) []authChallenge {
|
||||||
|
once.Do(func() {
|
||||||
|
// matches challenges having quoted parameters, capturing scheme and parameters
|
||||||
|
challenge = regexp.MustCompile(`(?:(\w+) ((?:\w+="[^"]*",?\s*)+))`)
|
||||||
|
// captures parameter names and values in a match of the above expression
|
||||||
|
challengeParams = regexp.MustCompile(`(\w+)="([^"]*)"`)
|
||||||
|
})
|
||||||
|
parsed := []authChallenge{}
|
||||||
|
// WWW-Authenticate can have multiple values, each containing multiple challenges
|
||||||
|
for _, h := range res.Header.Values(shared.HeaderWWWAuthenticate) {
|
||||||
|
for _, sm := range challenge.FindAllStringSubmatch(h, -1) {
|
||||||
|
// sm is [challenge, scheme, params] (see regexp documentation on submatches)
|
||||||
|
c := authChallenge{
|
||||||
|
params: make(map[string]string),
|
||||||
|
scheme: sm[1],
|
||||||
|
}
|
||||||
|
for _, sm := range challengeParams.FindAllStringSubmatch(sm[2], -1) {
|
||||||
|
// sm is [key="value", key, value] (see regexp documentation on submatches)
|
||||||
|
c.params[sm[1]] = sm[2]
|
||||||
|
}
|
||||||
|
parsed = append(parsed, c)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return parsed
|
||||||
|
}
|
||||||
|
10
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_http_trace.go
generated
vendored
10
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_http_trace.go
generated
vendored
@ -96,6 +96,8 @@ func (h *httpTracePolicy) Do(req *policy.Request) (resp *http.Response, err erro
|
|||||||
|
|
||||||
// StartSpanOptions contains the optional values for StartSpan.
|
// StartSpanOptions contains the optional values for StartSpan.
|
||||||
type StartSpanOptions struct {
|
type StartSpanOptions struct {
|
||||||
|
// Kind indicates the kind of Span.
|
||||||
|
Kind tracing.SpanKind
|
||||||
// Attributes contains key-value pairs of attributes for the span.
|
// Attributes contains key-value pairs of attributes for the span.
|
||||||
Attributes []tracing.Attribute
|
Attributes []tracing.Attribute
|
||||||
}
|
}
|
||||||
@ -115,7 +117,6 @@ func StartSpan(ctx context.Context, name string, tracer tracing.Tracer, options
|
|||||||
// we MUST propagate the active tracer before returning so that the trace policy can access it
|
// we MUST propagate the active tracer before returning so that the trace policy can access it
|
||||||
ctx = context.WithValue(ctx, shared.CtxWithTracingTracer{}, tracer)
|
ctx = context.WithValue(ctx, shared.CtxWithTracingTracer{}, tracer)
|
||||||
|
|
||||||
const newSpanKind = tracing.SpanKindInternal
|
|
||||||
if activeSpan := ctx.Value(ctxActiveSpan{}); activeSpan != nil {
|
if activeSpan := ctx.Value(ctxActiveSpan{}); activeSpan != nil {
|
||||||
// per the design guidelines, if a SDK method Foo() calls SDK method Bar(),
|
// per the design guidelines, if a SDK method Foo() calls SDK method Bar(),
|
||||||
// then the span for Bar() must be suppressed. however, if Bar() makes a REST
|
// then the span for Bar() must be suppressed. however, if Bar() makes a REST
|
||||||
@ -131,12 +132,15 @@ func StartSpan(ctx context.Context, name string, tracer tracing.Tracer, options
|
|||||||
if options == nil {
|
if options == nil {
|
||||||
options = &StartSpanOptions{}
|
options = &StartSpanOptions{}
|
||||||
}
|
}
|
||||||
|
if options.Kind == 0 {
|
||||||
|
options.Kind = tracing.SpanKindInternal
|
||||||
|
}
|
||||||
|
|
||||||
ctx, span := tracer.Start(ctx, name, &tracing.SpanOptions{
|
ctx, span := tracer.Start(ctx, name, &tracing.SpanOptions{
|
||||||
Kind: newSpanKind,
|
Kind: options.Kind,
|
||||||
Attributes: options.Attributes,
|
Attributes: options.Attributes,
|
||||||
})
|
})
|
||||||
ctx = context.WithValue(ctx, ctxActiveSpan{}, newSpanKind)
|
ctx = context.WithValue(ctx, ctxActiveSpan{}, options.Kind)
|
||||||
return ctx, func(err error) {
|
return ctx, func(err error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errType := strings.Replace(fmt.Sprintf("%T", err), "*exported.", "*azcore.", 1)
|
errType := strings.Replace(fmt.Sprintf("%T", err), "*exported.", "*azcore.", 1)
|
||||||
|
28
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_retry.go
generated
vendored
28
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_retry.go
generated
vendored
@ -59,13 +59,33 @@ func setDefaults(o *policy.RetryOptions) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func calcDelay(o policy.RetryOptions, try int32) time.Duration { // try is >=1; never 0
|
func calcDelay(o policy.RetryOptions, try int32) time.Duration { // try is >=1; never 0
|
||||||
delay := time.Duration((1<<try)-1) * o.RetryDelay
|
// avoid overflow when shifting left
|
||||||
|
factor := time.Duration(math.MaxInt64)
|
||||||
|
if try < 63 {
|
||||||
|
factor = time.Duration(int64(1<<try) - 1)
|
||||||
|
}
|
||||||
|
|
||||||
// Introduce some jitter: [0.0, 1.0) / 2 = [0.0, 0.5) + 0.8 = [0.8, 1.3)
|
delay := factor * o.RetryDelay
|
||||||
delay = time.Duration(delay.Seconds() * (rand.Float64()/2 + 0.8) * float64(time.Second)) // NOTE: We want math/rand; not crypto/rand
|
if delay < factor {
|
||||||
if delay > o.MaxRetryDelay {
|
// overflow has happened so set to max value
|
||||||
|
delay = time.Duration(math.MaxInt64)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Introduce jitter: [0.0, 1.0) / 2 = [0.0, 0.5) + 0.8 = [0.8, 1.3)
|
||||||
|
jitterMultiplier := rand.Float64()/2 + 0.8 // NOTE: We want math/rand; not crypto/rand
|
||||||
|
|
||||||
|
delayFloat := float64(delay) * jitterMultiplier
|
||||||
|
if delayFloat > float64(math.MaxInt64) {
|
||||||
|
// the jitter pushed us over MaxInt64, so just use MaxInt64
|
||||||
|
delay = time.Duration(math.MaxInt64)
|
||||||
|
} else {
|
||||||
|
delay = time.Duration(delayFloat)
|
||||||
|
}
|
||||||
|
|
||||||
|
if delay > o.MaxRetryDelay { // MaxRetryDelay is backfilled with non-negative value
|
||||||
delay = o.MaxRetryDelay
|
delay = o.MaxRetryDelay
|
||||||
}
|
}
|
||||||
|
|
||||||
return delay
|
return delay
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,5 +1,12 @@
|
|||||||
# Release History
|
# Release History
|
||||||
|
|
||||||
|
## 1.2.0 (2024-10-21)
|
||||||
|
|
||||||
|
### Features Added
|
||||||
|
* Added CAE support
|
||||||
|
* Client requests tokens from the Vault's tenant, overriding any credential default
|
||||||
|
(thanks @francescomari)
|
||||||
|
|
||||||
## 1.1.0 (2024-02-13)
|
## 1.1.0 (2024-02-13)
|
||||||
|
|
||||||
### Other Changes
|
### Other Changes
|
||||||
|
92
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/MIGRATION.md
generated
vendored
Normal file
92
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/MIGRATION.md
generated
vendored
Normal file
@ -0,0 +1,92 @@
|
|||||||
|
# Guide to migrate from `keyvault` to `azsecrets`
|
||||||
|
|
||||||
|
This guide is intended to assist in the migration to the `azsecrets` module from the deprecated `keyvault` module. `azsecrets` allows users to create and manage [secrets] with Azure Key Vault.
|
||||||
|
|
||||||
|
## General changes
|
||||||
|
|
||||||
|
In the past, Azure Key Vault operations were all contained in a single package. For Go, this was `github.com/Azure/azure-sdk-for-go/services/keyvault/<version>/keyvault`.
|
||||||
|
|
||||||
|
The new SDK divides the Key Vault API into separate modules for keys, secrets, and certificates. This guide focuses on migrating secret operations to use the new `azsecrets` module.
|
||||||
|
|
||||||
|
There are other changes besides the module name. For example, some type and method names are different, and all new modules authenticate using our [azidentity] module.
|
||||||
|
|
||||||
|
## Code examples
|
||||||
|
|
||||||
|
The following code example shows the difference between the old and new modules when creating a secret. The biggest differences are the client and authentication. In the `keyvault` module, users created a `keyvault.BaseClient` then added an `Authorizer` to the client to authenticate. In the `azsecrets` module, users create a credential using the [azidentity] module then use that credential to construct the client.
|
||||||
|
|
||||||
|
Another difference is that the Key Vault URL is now passed to the client once during construction, not every time a method is called.
|
||||||
|
|
||||||
|
### `keyvault` create secret
|
||||||
|
|
||||||
|
```go
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/Azure/azure-sdk-for-go/profiles/latest/keyvault/keyvault"
|
||||||
|
kvauth "github.com/Azure/azure-sdk-for-go/services/keyvault/auth"
|
||||||
|
)
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
vaultURL := "https://<TODO: your vault name>.vault.azure.net"
|
||||||
|
secretName := "mySecret"
|
||||||
|
secretValue := "mySecretValue"
|
||||||
|
|
||||||
|
authorizer, err := kvauth.NewAuthorizerFromEnvironment()
|
||||||
|
if err != nil {
|
||||||
|
// TODO: handle error
|
||||||
|
}
|
||||||
|
|
||||||
|
basicClient := keyvault.New()
|
||||||
|
basicClient.Authorizer = authorizer
|
||||||
|
|
||||||
|
fmt.Println("\ncreating secret in keyvault:")
|
||||||
|
var secParams keyvault.SecretSetParameters
|
||||||
|
secParams.Value = &secretValue
|
||||||
|
newBundle, err := basicClient.SetSecret(context.Background(), vaultURL, secretName, secParams)
|
||||||
|
if err != nil {
|
||||||
|
// TODO: handle error
|
||||||
|
}
|
||||||
|
fmt.Println("added/updated: " + *newBundle.ID)
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### `azsecrets` create secret
|
||||||
|
|
||||||
|
```go
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
|
||||||
|
"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets"
|
||||||
|
)
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
vaultURL := "https://<TODO: your vault name>.vault.azure.net"
|
||||||
|
secretName := "mySecret"
|
||||||
|
secretValue := "mySecretValue"
|
||||||
|
|
||||||
|
cred, err := azidentity.NewDefaultAzureCredential(nil)
|
||||||
|
if err != nil {
|
||||||
|
// TODO: handle error
|
||||||
|
}
|
||||||
|
|
||||||
|
client, err := azsecrets.NewClient(vaultURL, cred, nil)
|
||||||
|
if err != nil {
|
||||||
|
// TODO: handle error
|
||||||
|
}
|
||||||
|
|
||||||
|
resp, err := client.SetSecret(context.TODO(), secretName, azsecrets.SetSecretParameters{Value: &secretValue}, nil)
|
||||||
|
if err != nil {
|
||||||
|
// TODO: handle error
|
||||||
|
}
|
||||||
|
|
||||||
|
fmt.Printf("Set secret %s", resp.ID.Name())
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
[azidentity]: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity
|
||||||
|
[secrets]: https://learn.microsoft.com/azure/key-vault/secrets/about-secrets
|
2
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/assets.json
generated
vendored
2
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/assets.json
generated
vendored
@ -2,5 +2,5 @@
|
|||||||
"AssetsRepo": "Azure/azure-sdk-assets",
|
"AssetsRepo": "Azure/azure-sdk-assets",
|
||||||
"AssetsRepoPrefixPath": "go",
|
"AssetsRepoPrefixPath": "go",
|
||||||
"TagPrefix": "go/security/keyvault/azsecrets",
|
"TagPrefix": "go/security/keyvault/azsecrets",
|
||||||
"Tag": "go/security/keyvault/azsecrets_46bc7ae56f"
|
"Tag": "go/security/keyvault/azsecrets_f05a21134a"
|
||||||
}
|
}
|
||||||
|
5
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/ci.yml
generated
vendored
5
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/ci.yml
generated
vendored
@ -22,9 +22,10 @@ pr:
|
|||||||
include:
|
include:
|
||||||
- sdk/security/keyvault/azsecrets
|
- sdk/security/keyvault/azsecrets
|
||||||
|
|
||||||
stages:
|
extends:
|
||||||
- template: /eng/pipelines/templates/jobs/archetype-sdk-client.yml
|
template: /eng/pipelines/templates/jobs/archetype-sdk-client.yml
|
||||||
parameters:
|
parameters:
|
||||||
ServiceDirectory: 'security/keyvault/azsecrets'
|
ServiceDirectory: 'security/keyvault/azsecrets'
|
||||||
RunLiveTests: true
|
RunLiveTests: true
|
||||||
UsePipelineProxy: false
|
UsePipelineProxy: false
|
||||||
|
SupportedClouds: 'Public,UsGov,China'
|
||||||
|
176
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/test-resources.json
generated
vendored
176
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/test-resources.json
generated
vendored
@ -35,62 +35,18 @@
|
|||||||
"description": "The location of the resource. By default, this is the same as the resource group."
|
"description": "The location of the resource. By default, this is the same as the resource group."
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"hsmLocation": {
|
|
||||||
"type": "string",
|
|
||||||
"defaultValue": "southcentralus",
|
|
||||||
"allowedValues": [
|
|
||||||
"australiacentral",
|
|
||||||
"canadacentral",
|
|
||||||
"centralus",
|
|
||||||
"eastasia",
|
|
||||||
"eastus2",
|
|
||||||
"koreacentral",
|
|
||||||
"northeurope",
|
|
||||||
"southafricanorth",
|
|
||||||
"southcentralus",
|
|
||||||
"southeastasia",
|
|
||||||
"switzerlandnorth",
|
|
||||||
"uksouth",
|
|
||||||
"westeurope",
|
|
||||||
"westus"
|
|
||||||
],
|
|
||||||
"metadata": {
|
|
||||||
"description": "The location of the Managed HSM. By default, this is 'southcentralus'."
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"enableHsm": {
|
|
||||||
"type": "bool",
|
|
||||||
"defaultValue": false,
|
|
||||||
"metadata": {
|
|
||||||
"description": "Whether to enable deployment of Managed HSM. The default is false."
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"keyVaultSku": {
|
"keyVaultSku": {
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"defaultValue": "premium",
|
"defaultValue": "premium",
|
||||||
"metadata": {
|
"metadata": {
|
||||||
"description": "Key Vault SKU to deploy. The default is 'premium'"
|
"description": "Key Vault SKU to deploy. The default is 'premium'"
|
||||||
}
|
}
|
||||||
},
|
|
||||||
"attestationImage": {
|
|
||||||
"type": "string",
|
|
||||||
"defaultValue": "keyvault-mock-attestation:latest",
|
|
||||||
"metadata": {
|
|
||||||
"description": "The container image name and tag to use for the attestation mock service."
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"variables": {
|
"variables": {
|
||||||
"attestationFarm": "[concat(parameters('baseName'), 'farm')]",
|
|
||||||
"attestationSite": "[concat(parameters('baseName'), 'site')]",
|
|
||||||
"attestationUri": "[concat('DOCKER|azsdkengsys.azurecr.io/', parameters('attestationImage'))]",
|
|
||||||
"kvApiVersion": "2019-09-01",
|
"kvApiVersion": "2019-09-01",
|
||||||
"kvName": "[parameters('baseName')]",
|
"kvName": "[parameters('baseName')]",
|
||||||
"hsmApiVersion": "2021-04-01-preview",
|
|
||||||
"hsmName": "[concat(parameters('baseName'), 'hsm')]",
|
|
||||||
"mgmtApiVersion": "2019-04-01",
|
"mgmtApiVersion": "2019-04-01",
|
||||||
"blobContainerName": "backup",
|
|
||||||
"primaryAccountName": "[concat(parameters('baseName'), 'prim')]",
|
|
||||||
"encryption": {
|
"encryption": {
|
||||||
"services": {
|
"services": {
|
||||||
"blob": {
|
"blob": {
|
||||||
@ -180,116 +136,6 @@
|
|||||||
"enableSoftDelete": true,
|
"enableSoftDelete": true,
|
||||||
"softDeleteRetentionInDays": 7
|
"softDeleteRetentionInDays": 7
|
||||||
}
|
}
|
||||||
},
|
|
||||||
{
|
|
||||||
"type": "Microsoft.KeyVault/managedHSMs",
|
|
||||||
"apiVersion": "[variables('hsmApiVersion')]",
|
|
||||||
"name": "[variables('hsmName')]",
|
|
||||||
"condition": "[parameters('enableHsm')]",
|
|
||||||
"location": "[parameters('hsmLocation')]",
|
|
||||||
"sku": {
|
|
||||||
"family": "B",
|
|
||||||
"name": "Standard_B1"
|
|
||||||
},
|
|
||||||
"properties": {
|
|
||||||
"tenantId": "[parameters('tenantId')]",
|
|
||||||
"initialAdminObjectIds": "[union(array(parameters('testApplicationOid')), array(parameters('provisionerApplicationOid')))]",
|
|
||||||
"enablePurgeProtection": false,
|
|
||||||
"enableSoftDelete": true,
|
|
||||||
"softDeleteRetentionInDays": 7,
|
|
||||||
"publicNetworkAccess": "Enabled",
|
|
||||||
"networkAcls": "[variables('networkAcls')]"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"type": "Microsoft.Storage/storageAccounts",
|
|
||||||
"apiVersion": "[variables('mgmtApiVersion')]",
|
|
||||||
"name": "[variables('primaryAccountName')]",
|
|
||||||
"location": "[parameters('location')]",
|
|
||||||
"sku": {
|
|
||||||
"name": "Standard_RAGRS",
|
|
||||||
"tier": "Standard"
|
|
||||||
},
|
|
||||||
"kind": "StorageV2",
|
|
||||||
"properties": {
|
|
||||||
"networkAcls": "[variables('networkAcls')]",
|
|
||||||
"supportsHttpsTrafficOnly": true,
|
|
||||||
"encryption": "[variables('encryption')]",
|
|
||||||
"accessTier": "Hot"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"type": "Microsoft.Storage/storageAccounts/blobServices",
|
|
||||||
"apiVersion": "2019-06-01",
|
|
||||||
"name": "[concat(variables('primaryAccountName'), '/default')]",
|
|
||||||
"dependsOn": [
|
|
||||||
"[resourceId('Microsoft.Storage/storageAccounts', variables('primaryAccountName'))]"
|
|
||||||
],
|
|
||||||
"sku": {
|
|
||||||
"name": "Standard_RAGRS",
|
|
||||||
"tier": "Standard"
|
|
||||||
},
|
|
||||||
"properties": {
|
|
||||||
"cors": {
|
|
||||||
"corsRules": []
|
|
||||||
},
|
|
||||||
"deleteRetentionPolicy": {
|
|
||||||
"enabled": false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"type": "Microsoft.Storage/storageAccounts/blobServices/containers",
|
|
||||||
"apiVersion": "2019-06-01",
|
|
||||||
"name": "[concat(variables('primaryAccountName'), '/default/', variables('blobContainerName'))]",
|
|
||||||
"dependsOn": [
|
|
||||||
"[resourceId('Microsoft.Storage/storageAccounts/blobServices', variables('primaryAccountName'), 'default')]",
|
|
||||||
"[resourceId('Microsoft.Storage/storageAccounts', variables('primaryAccountName'))]"
|
|
||||||
],
|
|
||||||
"properties": {
|
|
||||||
"publicAccess": "None"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
|
|
||||||
"type": "Microsoft.Web/serverfarms",
|
|
||||||
"apiVersion": "2020-12-01",
|
|
||||||
"name": "[variables('attestationFarm')]",
|
|
||||||
"condition": "[parameters('enableHsm')]",
|
|
||||||
"location": "[parameters('location')]",
|
|
||||||
"kind": "linux",
|
|
||||||
"sku": {
|
|
||||||
"name": "B1"
|
|
||||||
},
|
|
||||||
"properties": {
|
|
||||||
"reserved": true
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
|
|
||||||
"type": "Microsoft.Web/sites",
|
|
||||||
"apiVersion": "2020-12-01",
|
|
||||||
"name": "[variables('attestationSite')]",
|
|
||||||
"condition": "[parameters('enableHsm')]",
|
|
||||||
"dependsOn": [
|
|
||||||
"[resourceId('Microsoft.Web/serverfarms', variables('attestationFarm'))]"
|
|
||||||
],
|
|
||||||
"location": "[parameters('location')]",
|
|
||||||
"properties": {
|
|
||||||
"httpsOnly": true,
|
|
||||||
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('attestationFarm'))]",
|
|
||||||
"siteConfig": {
|
|
||||||
"name": "[variables('attestationSite')]",
|
|
||||||
"alwaysOn": true,
|
|
||||||
"linuxFxVersion": "[variables('attestationUri')]",
|
|
||||||
"appSettings": [
|
|
||||||
{
|
|
||||||
"name": "WEBSITES_ENABLE_APP_SERVICE_STORAGE",
|
|
||||||
"value": "false"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"outputs": {
|
"outputs": {
|
||||||
@ -297,11 +143,6 @@
|
|||||||
"type": "string",
|
"type": "string",
|
||||||
"value": "[reference(variables('kvName')).vaultUri]"
|
"value": "[reference(variables('kvName')).vaultUri]"
|
||||||
},
|
},
|
||||||
"AZURE_MANAGEDHSM_URL": {
|
|
||||||
"type": "string",
|
|
||||||
"condition": "[parameters('enableHsm')]",
|
|
||||||
"value": "[reference(variables('hsmName')).hsmUri]"
|
|
||||||
},
|
|
||||||
"KEYVAULT_SKU": {
|
"KEYVAULT_SKU": {
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"value": "[reference(parameters('baseName')).sku.name]"
|
"value": "[reference(parameters('baseName')).sku.name]"
|
||||||
@ -309,23 +150,6 @@
|
|||||||
"CLIENT_OBJECTID": {
|
"CLIENT_OBJECTID": {
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"value": "[parameters('testApplicationOid')]"
|
"value": "[parameters('testApplicationOid')]"
|
||||||
},
|
|
||||||
"BLOB_STORAGE_ACCOUNT_NAME": {
|
|
||||||
"type": "string",
|
|
||||||
"value": "[variables('primaryAccountName')]"
|
|
||||||
},
|
|
||||||
"BLOB_PRIMARY_STORAGE_ACCOUNT_KEY": {
|
|
||||||
"type": "string",
|
|
||||||
"value": "[listKeys(variables('primaryAccountName'), variables('mgmtApiVersion')).keys[0].value]"
|
|
||||||
},
|
|
||||||
"BLOB_CONTAINER_NAME" : {
|
|
||||||
"type": "string",
|
|
||||||
"value": "[variables('blobContainerName')]"
|
|
||||||
},
|
|
||||||
"AZURE_KEYVAULT_ATTESTATION_URL": {
|
|
||||||
"type": "string",
|
|
||||||
"condition": "[parameters('enableHsm')]",
|
|
||||||
"value": "[format('https://{0}/', reference(variables('attestationSite')).defaultHostName)]"
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
2
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/version.go
generated
vendored
2
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/version.go
generated
vendored
@ -8,5 +8,5 @@ package azsecrets
|
|||||||
|
|
||||||
const (
|
const (
|
||||||
moduleName = "github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets"
|
moduleName = "github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets"
|
||||||
version = "v1.1.0"
|
version = "v1.2.0"
|
||||||
)
|
)
|
||||||
|
11
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal/CHANGELOG.md
generated
vendored
11
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal/CHANGELOG.md
generated
vendored
@ -1,5 +1,16 @@
|
|||||||
# Release History
|
# Release History
|
||||||
|
|
||||||
|
## 1.1.0 (2024-10-21)
|
||||||
|
|
||||||
|
### Features Added
|
||||||
|
* Added CAE support
|
||||||
|
* `KeyVaultChallengePolicy` always requests tokens from the Vault's tenant, overriding any credential default
|
||||||
|
|
||||||
|
## 1.0.1 (2024-04-09)
|
||||||
|
|
||||||
|
### Other Changes
|
||||||
|
* Upgraded dependencies
|
||||||
|
|
||||||
## 1.0.0 (2023-08-15)
|
## 1.0.0 (2023-08-15)
|
||||||
|
|
||||||
### Features Added
|
### Features Added
|
||||||
|
@ -17,7 +17,6 @@ import (
|
|||||||
"github.com/Azure/azure-sdk-for-go/sdk/azcore"
|
"github.com/Azure/azure-sdk-for-go/sdk/azcore"
|
||||||
"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
|
"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
|
||||||
"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
|
"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
|
||||||
"github.com/Azure/azure-sdk-for-go/sdk/internal/errorinfo"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const challengeMatchError = `challenge resource "%s" doesn't match the requested domain. Set DisableChallengeResourceVerification to true in your client options to disable. See https://aka.ms/azsdk/blog/vault-uri for more information`
|
const challengeMatchError = `challenge resource "%s" doesn't match the requested domain. Set DisableChallengeResourceVerification to true in your client options to disable. See https://aka.ms/azsdk/blog/vault-uri for more information`
|
||||||
@ -31,9 +30,7 @@ type KeyVaultChallengePolicyOptions struct {
|
|||||||
type keyVaultAuthorizer struct {
|
type keyVaultAuthorizer struct {
|
||||||
// tro is the policy's authentication parameters. These are discovered from an authentication challenge
|
// tro is the policy's authentication parameters. These are discovered from an authentication challenge
|
||||||
// elicited ahead of the first client request.
|
// elicited ahead of the first client request.
|
||||||
tro policy.TokenRequestOptions
|
tro policy.TokenRequestOptions
|
||||||
// TODO: move into tro once it has a tenant field (https://github.com/Azure/azure-sdk-for-go/issues/19841)
|
|
||||||
tenantID string
|
|
||||||
verifyChallengeResource bool
|
verifyChallengeResource bool
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -58,7 +55,7 @@ func NewKeyVaultChallengePolicy(cred azcore.TokenCredential, opts *KeyVaultChall
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (k *keyVaultAuthorizer) authorize(req *policy.Request, authNZ func(policy.TokenRequestOptions) error) error {
|
func (k *keyVaultAuthorizer) authorize(req *policy.Request, authNZ func(policy.TokenRequestOptions) error) error {
|
||||||
if len(k.tro.Scopes) == 0 || k.tenantID == "" {
|
if len(k.tro.Scopes) == 0 || k.tro.TenantID == "" {
|
||||||
if body := req.Body(); body != nil {
|
if body := req.Body(); body != nil {
|
||||||
// We don't know the scope or tenant ID because we haven't seen a challenge yet. We elicit one now by sending
|
// We don't know the scope or tenant ID because we haven't seen a challenge yet. We elicit one now by sending
|
||||||
// the request without authorization, first removing its body, if any. authorizeOnChallenge will reattach the
|
// the request without authorization, first removing its body, if any. authorizeOnChallenge will reattach the
|
||||||
@ -105,29 +102,11 @@ func parseTenant(url string) string {
|
|||||||
return tenant
|
return tenant
|
||||||
}
|
}
|
||||||
|
|
||||||
type challengePolicyError struct {
|
|
||||||
err error
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *challengePolicyError) Error() string {
|
|
||||||
return c.err.Error()
|
|
||||||
}
|
|
||||||
|
|
||||||
func (*challengePolicyError) NonRetriable() {
|
|
||||||
// marker method
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *challengePolicyError) Unwrap() error {
|
|
||||||
return c.err
|
|
||||||
}
|
|
||||||
|
|
||||||
var _ errorinfo.NonRetriable = (*challengePolicyError)(nil)
|
|
||||||
|
|
||||||
// updateTokenRequestOptions parses authentication parameters from Key Vault's challenge
|
// updateTokenRequestOptions parses authentication parameters from Key Vault's challenge
|
||||||
func (k *keyVaultAuthorizer) updateTokenRequestOptions(resp *http.Response, req *http.Request) error {
|
func (k *keyVaultAuthorizer) updateTokenRequestOptions(resp *http.Response, req *http.Request) error {
|
||||||
authHeader := resp.Header.Get("WWW-Authenticate")
|
authHeader := resp.Header.Get("WWW-Authenticate")
|
||||||
if authHeader == "" {
|
if authHeader == "" {
|
||||||
return &challengePolicyError{err: errors.New("response has no WWW-Authenticate header for challenge authentication")}
|
return errors.New("response has no WWW-Authenticate header for challenge authentication")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Strip down to auth and resource
|
// Strip down to auth and resource
|
||||||
@ -147,7 +126,7 @@ func (k *keyVaultAuthorizer) updateTokenRequestOptions(resp *http.Response, req
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
k.tenantID = parseTenant(vals["authorization"])
|
k.tro.TenantID = parseTenant(vals["authorization"])
|
||||||
scope := ""
|
scope := ""
|
||||||
if v, ok := vals["scope"]; ok {
|
if v, ok := vals["scope"]; ok {
|
||||||
scope = v
|
scope = v
|
||||||
@ -155,16 +134,16 @@ func (k *keyVaultAuthorizer) updateTokenRequestOptions(resp *http.Response, req
|
|||||||
scope = v
|
scope = v
|
||||||
}
|
}
|
||||||
if scope == "" {
|
if scope == "" {
|
||||||
return &challengePolicyError{err: errors.New("could not find a valid resource in the WWW-Authenticate header")}
|
return errors.New("could not find a valid resource in the WWW-Authenticate header")
|
||||||
}
|
}
|
||||||
if k.verifyChallengeResource {
|
if k.verifyChallengeResource {
|
||||||
// the challenge resource's host must match the requested vault's host
|
// the challenge resource's host must match the requested vault's host
|
||||||
parsed, err := url.Parse(scope)
|
parsed, err := url.Parse(scope)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return &challengePolicyError{err: fmt.Errorf(`invalid challenge resource "%s": %v`, scope, err)}
|
return fmt.Errorf("invalid challenge resource %q: %v", scope, err)
|
||||||
}
|
}
|
||||||
if !strings.HasSuffix(req.URL.Host, "."+parsed.Host) {
|
if !strings.HasSuffix(req.URL.Host, "."+parsed.Host) {
|
||||||
return &challengePolicyError{err: fmt.Errorf(challengeMatchError, scope)}
|
return fmt.Errorf(challengeMatchError, scope)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if !strings.HasSuffix(scope, "/.default") {
|
if !strings.HasSuffix(scope, "/.default") {
|
||||||
|
@ -21,8 +21,8 @@ pr:
|
|||||||
include:
|
include:
|
||||||
- sdk/security/keyvault/internal
|
- sdk/security/keyvault/internal
|
||||||
|
|
||||||
stages:
|
extends:
|
||||||
- template: /eng/pipelines/templates/jobs/archetype-sdk-client.yml
|
template: /eng/pipelines/templates/jobs/archetype-sdk-client.yml
|
||||||
parameters:
|
parameters:
|
||||||
ServiceDirectory: 'security/keyvault/internal'
|
ServiceDirectory: 'security/keyvault/internal'
|
||||||
RunLiveTests: false
|
RunLiveTests: false
|
2
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal/constants.go
generated
vendored
2
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal/constants.go
generated
vendored
@ -7,5 +7,5 @@
|
|||||||
package internal
|
package internal
|
||||||
|
|
||||||
const (
|
const (
|
||||||
version = "v1.0.0" //nolint
|
version = "v1.1.0" //nolint
|
||||||
)
|
)
|
||||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
|||||||
package aws
|
package aws
|
||||||
|
|
||||||
// goModuleVersion is the tagged release for this module
|
// goModuleVersion is the tagged release for this module
|
||||||
const goModuleVersion = "1.32.2"
|
const goModuleVersion = "1.32.3"
|
||||||
|
3
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go
generated
vendored
3
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go
generated
vendored
@ -372,8 +372,9 @@ func GetSignedRequestSignature(r *http.Request) ([]byte, error) {
|
|||||||
const authHeaderSignatureElem = "Signature="
|
const authHeaderSignatureElem = "Signature="
|
||||||
|
|
||||||
if auth := r.Header.Get(authorizationHeader); len(auth) != 0 {
|
if auth := r.Header.Get(authorizationHeader); len(auth) != 0 {
|
||||||
ps := strings.Split(auth, ", ")
|
ps := strings.Split(auth, ",")
|
||||||
for _, p := range ps {
|
for _, p := range ps {
|
||||||
|
p = strings.TrimSpace(p)
|
||||||
if idx := strings.Index(p, authHeaderSignatureElem); idx >= 0 {
|
if idx := strings.Index(p, authHeaderSignatureElem); idx >= 0 {
|
||||||
sig := p[len(authHeaderSignatureElem):]
|
sig := p[len(authHeaderSignatureElem):]
|
||||||
if len(sig) == 0 {
|
if len(sig) == 0 {
|
||||||
|
4
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
generated
vendored
4
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
generated
vendored
@ -1,3 +1,7 @@
|
|||||||
|
# v1.3.22 (2024-10-28)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
# v1.3.21 (2024-10-08)
|
# v1.3.21 (2024-10-08)
|
||||||
|
|
||||||
* **Dependency Update**: Updated to the latest SDK module versions
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
|||||||
package configsources
|
package configsources
|
||||||
|
|
||||||
// goModuleVersion is the tagged release for this module
|
// goModuleVersion is the tagged release for this module
|
||||||
const goModuleVersion = "1.3.21"
|
const goModuleVersion = "1.3.22"
|
||||||
|
4
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
generated
vendored
4
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
generated
vendored
@ -1,3 +1,7 @@
|
|||||||
|
# v2.6.22 (2024-10-28)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
# v2.6.21 (2024-10-08)
|
# v2.6.21 (2024-10-08)
|
||||||
|
|
||||||
* **Dependency Update**: Updated to the latest SDK module versions
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
|||||||
package endpoints
|
package endpoints
|
||||||
|
|
||||||
// goModuleVersion is the tagged release for this module
|
// goModuleVersion is the tagged release for this module
|
||||||
const goModuleVersion = "2.6.21"
|
const goModuleVersion = "2.6.22"
|
||||||
|
4
vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
generated
vendored
4
vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
generated
vendored
@ -1,3 +1,7 @@
|
|||||||
|
# v1.12.3 (2024-10-28)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
# v1.12.2 (2024-10-08)
|
# v1.12.2 (2024-10-08)
|
||||||
|
|
||||||
* **Dependency Update**: Updated to the latest SDK module versions
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
@ -3,4 +3,4 @@
|
|||||||
package presignedurl
|
package presignedurl
|
||||||
|
|
||||||
// goModuleVersion is the tagged release for this module
|
// goModuleVersion is the tagged release for this module
|
||||||
const goModuleVersion = "1.12.2"
|
const goModuleVersion = "1.12.3"
|
||||||
|
4
vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
generated
vendored
4
vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
generated
vendored
@ -1,3 +1,7 @@
|
|||||||
|
# v1.32.3 (2024-10-28)
|
||||||
|
|
||||||
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
|
||||||
# v1.32.2 (2024-10-08)
|
# v1.32.2 (2024-10-08)
|
||||||
|
|
||||||
* **Dependency Update**: Updated to the latest SDK module versions
|
* **Dependency Update**: Updated to the latest SDK module versions
|
||||||
|
2
vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
generated
vendored
@ -3,4 +3,4 @@
|
|||||||
package sts
|
package sts
|
||||||
|
|
||||||
// goModuleVersion is the tagged release for this module
|
// goModuleVersion is the tagged release for this module
|
||||||
const goModuleVersion = "1.32.2"
|
const goModuleVersion = "1.32.3"
|
||||||
|
16
vendor/modules.txt
vendored
16
vendor/modules.txt
vendored
@ -1,4 +1,4 @@
|
|||||||
# github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0
|
# github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0
|
||||||
## explicit; go 1.18
|
## explicit; go 1.18
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/azcore
|
github.com/Azure/azure-sdk-for-go/sdk/azcore
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/internal/resource
|
github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/internal/resource
|
||||||
@ -33,10 +33,10 @@ github.com/Azure/azure-sdk-for-go/sdk/internal/log
|
|||||||
github.com/Azure/azure-sdk-for-go/sdk/internal/poller
|
github.com/Azure/azure-sdk-for-go/sdk/internal/poller
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/internal/temporal
|
github.com/Azure/azure-sdk-for-go/sdk/internal/temporal
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/internal/uuid
|
github.com/Azure/azure-sdk-for-go/sdk/internal/uuid
|
||||||
# github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0
|
# github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.2.0
|
||||||
## explicit; go 1.18
|
## explicit; go 1.18
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets
|
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets
|
||||||
# github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0
|
# github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0
|
||||||
## explicit; go 1.18
|
## explicit; go 1.18
|
||||||
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal
|
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal
|
||||||
# github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2
|
# github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2
|
||||||
@ -126,7 +126,7 @@ github.com/aws/aws-sdk-go/service/sso/ssoiface
|
|||||||
github.com/aws/aws-sdk-go/service/ssooidc
|
github.com/aws/aws-sdk-go/service/ssooidc
|
||||||
github.com/aws/aws-sdk-go/service/sts
|
github.com/aws/aws-sdk-go/service/sts
|
||||||
github.com/aws/aws-sdk-go/service/sts/stsiface
|
github.com/aws/aws-sdk-go/service/sts/stsiface
|
||||||
# github.com/aws/aws-sdk-go-v2 v1.32.2
|
# github.com/aws/aws-sdk-go-v2 v1.32.3
|
||||||
## explicit; go 1.21
|
## explicit; go 1.21
|
||||||
github.com/aws/aws-sdk-go-v2/aws
|
github.com/aws/aws-sdk-go-v2/aws
|
||||||
github.com/aws/aws-sdk-go-v2/aws/defaults
|
github.com/aws/aws-sdk-go-v2/aws/defaults
|
||||||
@ -149,19 +149,19 @@ github.com/aws/aws-sdk-go-v2/internal/sdk
|
|||||||
github.com/aws/aws-sdk-go-v2/internal/strings
|
github.com/aws/aws-sdk-go-v2/internal/strings
|
||||||
github.com/aws/aws-sdk-go-v2/internal/sync/singleflight
|
github.com/aws/aws-sdk-go-v2/internal/sync/singleflight
|
||||||
github.com/aws/aws-sdk-go-v2/internal/timeconv
|
github.com/aws/aws-sdk-go-v2/internal/timeconv
|
||||||
# github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21
|
# github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22
|
||||||
## explicit; go 1.21
|
## explicit; go 1.21
|
||||||
github.com/aws/aws-sdk-go-v2/internal/configsources
|
github.com/aws/aws-sdk-go-v2/internal/configsources
|
||||||
# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21
|
# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22
|
||||||
## explicit; go 1.21
|
## explicit; go 1.21
|
||||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2
|
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2
|
||||||
# github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0
|
# github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0
|
||||||
## explicit; go 1.21
|
## explicit; go 1.21
|
||||||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding
|
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding
|
||||||
# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2
|
# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3
|
||||||
## explicit; go 1.21
|
## explicit; go 1.21
|
||||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url
|
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url
|
||||||
# github.com/aws/aws-sdk-go-v2/service/sts v1.32.2
|
# github.com/aws/aws-sdk-go-v2/service/sts v1.32.3
|
||||||
## explicit; go 1.21
|
## explicit; go 1.21
|
||||||
github.com/aws/aws-sdk-go-v2/service/sts
|
github.com/aws/aws-sdk-go-v2/service/sts
|
||||||
github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints
|
github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints
|
||||||
|
Loading…
Reference in New Issue
Block a user