mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-11-24 23:30:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

rebase: bump the github-dependencies group with 2 updates

Browse Source 
Bumps the github-dependencies group with 2 updates: [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) and [github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets](https://github.com/Azure/azure-sdk-for-go).


Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.32.2 to 1.32.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.2...v1.32.3)

Updates `github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets` from 1.1.0 to 1.2.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/v1.1...v1.2)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot] 2024-10-28 21:02:22 +00:00 committed by mergify[bot]
parent c3c00b0e61
commit 26c237e314
32 changed files with 416 additions and 329 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
go.mod
View File

@ -5,7 +5,7 @@ go 1.22.5
require (
github.com/IBM/keyprotect-go-client v0.15.1
github.com/aws/aws-sdk-go v1.55.5
github.com/aws/aws-sdk-go-v2/service/sts v1.32.2
github.com/aws/aws-sdk-go-v2/service/sts v1.32.3
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
github.com/ceph/go-ceph v0.30.0
github.com/container-storage-interface/spec v1.10.0
@ -47,24 +47,24 @@ require (
require (
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.2.0
)
require (
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 // indirect
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
github.com/NYTimes/gziphandler v1.1.1 // indirect
github.com/ansel1/merry v1.6.2 // indirect
github.com/ansel1/merry/v2 v2.0.1 // indirect
github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect
github.com/aws/aws-sdk-go-v2 v1.32.2 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 // indirect
github.com/aws/aws-sdk-go-v2 v1.32.3 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3 // indirect
github.com/aws/smithy-go v1.22.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/blang/semver/v4 v4.0.0 // indirect

32
go.sum
View File

@ -1320,18 +1320,18 @@ gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zum
git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc=
github.com/Azure/azure-sdk-for-go v62.0.0+incompatible h1:8N2k27SYtc12qj5nTsuFMFJPZn5CGmgMWqTy4y9I7Jw=
github.com/Azure/azure-sdk-for-go v62.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8=
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0=
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 h1:JZg6HRh6W6U4OLl6lk7BZ7BLisIzM9dG1R50zUk9C/M=
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI=
github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw=
github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ=
github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY=
github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY=
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 h1:h4Zxgmi9oyZL2l8jeg1iRTqPloHktywWcu0nlJmo1tA=
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0/go.mod h1:LgLGXawqSreJz135Elog0ywTJDsm0Hz2k+N+6ZK35u8=
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80=
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI=
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.2.0 h1:TkNl6WlpHdZSMt0Zngw8y0c9ZMi3GwmYl0kKNbW9PvU=
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.2.0/go.mod h1:ukmL56lWl275SgNFijuwx0Wv6n6HmzzpPWW4kMoy/wY=
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 h1:eXnN9kaS8TiDwXjoie3hMRLuwdUBUMW9KRgOqB3mCaw=
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0/go.mod h1:XIpam8wumeZ5rVMuhdDQLMfIPDf1WO3IzrCRO3e3e3o=
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U=
@ -1411,18 +1411,18 @@ github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:l
github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU=
github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
github.com/aws/aws-sdk-go-v2 v1.32.2 h1:AkNLZEyYMLnx/Q/mSKkcMqwNFXMAvFto9bNsHqcTduI=
github.com/aws/aws-sdk-go-v2 v1.32.2/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 h1:UAsR3xA31QGf79WzpG/ixT9FZvQlh5HY1NRqSHBNOCk=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21/go.mod h1:JNr43NFf5L9YaG3eKTm7HQzls9J+A9YYcGI5Quh1r2Y=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 h1:6jZVETqmYCadGFvrYEQfC5fAQmlo80CeL5psbno6r0s=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21/go.mod h1:1SR0GbLlnN3QUmYaflZNiH1ql+1qrSiB2vwcJ+4UM60=
github.com/aws/aws-sdk-go-v2 v1.32.3 h1:T0dRlFBKcdaUPGNtkBSwHZxrtis8CQU17UpNBZYd0wk=
github.com/aws/aws-sdk-go-v2 v1.32.3/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22 h1:Jw50LwEkVjuVzE1NzkhNKkBf9cRN7MtE1F/b2cOKTUM=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22/go.mod h1:Y/SmAyPcOTmpeVaWSzSKiILfXTVJwrGmYZhcRbhWuEY=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22 h1:981MHwBaRZM7+9QSR6XamDzF/o7ouUGxFzr+nVSIhrs=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22/go.mod h1:1RA1+aBEfn+CAB/Mh0MB6LsdCYCnjZm7tKXtnk499ZQ=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 h1:TToQNkvGguu209puTojY/ozlqy2d/SFNcoLIqTFi42g=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0/go.mod h1:0jp+ltwkf+SwG2fm/PKo8t4y8pJSgOCO4D8Lz3k0aHQ=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 h1:s7NA1SOw8q/5c0wr8477yOPp0z+uBaXBnLE0XYb0POA=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2/go.mod h1:fnjjWyAW/Pj5HYOxl9LJqWtEwS7W2qgcRLWP+uWbss0=
github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 h1:CiS7i0+FUe+/YY1GvIBLLrR/XNGZ4CtM1Ll0XavNuVo=
github.com/aws/aws-sdk-go-v2/service/sts v1.32.2/go.mod h1:HtaiBI8CjYoNVde8arShXb94UbQQi9L4EMr6D+xGBwo=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3 h1:qcxX0JYlgWH3hpPUnd6U0ikcl6LLA9sLkXE2w1fpMvY=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3/go.mod h1:cLSNEmI45soc+Ef8K/L+8sEA3A3pYFEYf5B5UI+6bH4=
github.com/aws/aws-sdk-go-v2/service/sts v1.32.3 h1:wVnQ6tigGsRqSWDEEyH6lSAJ9OyFUsSnbaUWChuSGzs=
github.com/aws/aws-sdk-go-v2/service/sts v1.32.3/go.mod h1:VZa9yTFyj4o10YGsmDO4gbQJUvvhY72fhumT8W4LqsE=
github.com/aws/smithy-go v1.22.0 h1:uunKnWlcoL3zO7q+gG2Pk53joueEOsnNB28QdMsmiMM=
github.com/aws/smithy-go v1.22.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=

25
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/CHANGELOG.md generated vendored
View File

@ -1,5 +1,30 @@
# Release History
## 1.16.0 (2024-10-17)
### Features Added
* Added field `Kind` to `runtime.StartSpanOptions` to allow a kind to be set when starting a span.
### Bugs Fixed
* `BearerTokenPolicy` now rewinds request bodies before retrying
## 1.15.0 (2024-10-14)
### Features Added
* `BearerTokenPolicy` handles CAE claims challenges
### Bugs Fixed
* Omit the `ResponseError.RawResponse` field from JSON marshaling so instances can be marshaled.
* Fixed an integer overflow in the retry policy.
### Other Changes
* Update dependencies.
## 1.14.0 (2024-08-07)
### Features Added

46
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/runtime/policy_bearer_token.go generated vendored
View File

@ -5,7 +5,6 @@ package runtime
import (
"context"
"encoding/base64"
"fmt"
"net/http"
"strings"
@ -66,31 +65,16 @@ func NewBearerTokenPolicy(cred azcore.TokenCredential, opts *armpolicy.BearerTok
p.btp = azruntime.NewBearerTokenPolicy(cred, opts.Scopes, &azpolicy.BearerTokenOptions{
InsecureAllowCredentialWithHTTP: opts.InsecureAllowCredentialWithHTTP,
AuthorizationHandler: azpolicy.AuthorizationHandler{
OnChallenge: p.onChallenge,
OnRequest: p.onRequest,
},
})
return p
}
func (b *BearerTokenPolicy) onChallenge(req *azpolicy.Request, res *http.Response, authNZ func(azpolicy.TokenRequestOptions) error) error {
challenge := res.Header.Get(shared.HeaderWWWAuthenticate)
claims, err := parseChallenge(challenge)
if err != nil {
// the challenge contains claims we can't parse
return err
} else if claims != "" {
// request a new token having the specified claims, send the request again
return authNZ(azpolicy.TokenRequestOptions{Claims: claims, EnableCAE: true, Scopes: b.scopes})
}
// auth challenge didn't include claims, so this is a simple authorization failure
return azruntime.NewResponseError(res)
}
// onRequest authorizes requests with one or more bearer tokens
func (b *BearerTokenPolicy) onRequest(req *azpolicy.Request, authNZ func(azpolicy.TokenRequestOptions) error) error {
// authorize the request with a token for the primary tenant
err := authNZ(azpolicy.TokenRequestOptions{EnableCAE: true, Scopes: b.scopes})
err := authNZ(azpolicy.TokenRequestOptions{Scopes: b.scopes})
if err != nil || len(b.auxResources) == 0 {
return err
}
@ -116,31 +100,3 @@ func (b *BearerTokenPolicy) onRequest(req *azpolicy.Request, authNZ func(azpolic
func (b *BearerTokenPolicy) Do(req *azpolicy.Request) (*http.Response, error) {
return b.btp.Do(req)
}
// parseChallenge parses claims from an authentication challenge issued by ARM so a client can request a token
// that will satisfy conditional access policies. It returns a non-nil error when the given value contains
// claims it can't parse. If the value contains no claims, it returns an empty string and a nil error.
func parseChallenge(wwwAuthenticate string) (string, error) {
claims := ""
var err error
for _, param := range strings.Split(wwwAuthenticate, ",") {
if _, after, found := strings.Cut(param, "claims="); found {
if claims != "" {
// The header contains multiple challenges, at least two of which specify claims. The specs allow this
// but it's unclear what a client should do in this case and there's as yet no concrete example of it.
err = fmt.Errorf("found multiple claims challenges in %q", wwwAuthenticate)
break
}
// trim stuff that would get an error from RawURLEncoding; claims may or may not be padded
claims = strings.Trim(after, `\"=`)
// we don't return this error because it's something unhelpful like "illegal base64 data at input byte 42"
if b, decErr := base64.RawURLEncoding.DecodeString(claims); decErr == nil {
claims = string(b)
} else {
err = fmt.Errorf("failed to parse claims from %q", wwwAuthenticate)
break
}
}
}
return claims, err
}

3
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/errors.go generated vendored
View File

@ -11,4 +11,7 @@ import "github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported"
// ResponseError is returned when a request is made to a service and
// the service returns a non-success HTTP status code.
// Use errors.As() to access this type in the error chain.
//
// When marshaling instances, the RawResponse field will be omitted.
// However, the contents returned by Error() will be preserved.
type ResponseError = exported.ResponseError

38
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported/response_error.go generated vendored
View File

@ -117,12 +117,18 @@ type ResponseError struct {
StatusCode int
// RawResponse is the underlying HTTP response.
RawResponse *http.Response
RawResponse *http.Response `json:"-"`
errMsg string
}
// Error implements the error interface for type ResponseError.
// Note that the message contents are not contractual and can change over time.
func (e *ResponseError) Error() string {
if e.errMsg != "" {
return e.errMsg
}
const separator = "--------------------------------------------------------------------------------"
// write the request method and URL with response status code
msg := &bytes.Buffer{}
@ -163,5 +169,33 @@ func (e *ResponseError) Error() string {
}
fmt.Fprintln(msg, separator)
return msg.String()
e.errMsg = msg.String()
return e.errMsg
}
// internal type used for marshaling/unmarshaling
type responseError struct {
ErrorCode string `json:"errorCode"`
StatusCode int `json:"statusCode"`
ErrorMessage string `json:"errorMessage"`
}
func (e ResponseError) MarshalJSON() ([]byte, error) {
return json.Marshal(responseError{
ErrorCode: e.ErrorCode,
StatusCode: e.StatusCode,
ErrorMessage: e.Error(),
})
}
func (e *ResponseError) UnmarshalJSON(data []byte) error {
re := responseError{}
if err := json.Unmarshal(data, &re); err != nil {
return err
}
e.ErrorCode = re.ErrorCode
e.StatusCode = re.StatusCode
e.errMsg = re.ErrorMessage
return nil
}

2
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/constants.go generated vendored
View File

@ -40,5 +40,5 @@ const (
Module = "azcore"
// Version is the semantic version (see http://semver.org) of this module.
Version = "v1.14.0"
Version = "v1.16.0"
)

23
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/policy/policy.go generated vendored
View File

@ -161,19 +161,20 @@ type BearerTokenOptions struct {
// AuthorizationHandler allows SDK developers to insert custom logic that runs when BearerTokenPolicy must authorize a request.
type AuthorizationHandler struct {
// OnRequest is called each time the policy receives a request. Its func parameter authorizes the request with a token
// from the policy's given credential. Implementations that need to perform I/O should use the Request's context,
// available from Request.Raw().Context(). When OnRequest returns an error, the policy propagates that error and doesn't
// send the request. When OnRequest is nil, the policy follows its default behavior, authorizing the request with a
// token from its credential according to its configuration.
// OnRequest provides TokenRequestOptions the policy can use to acquire a token for a request. The policy calls OnRequest
// whenever it needs a token and may call it multiple times for the same request. Its func parameter authorizes the request
// with a token from the policy's credential. Implementations that need to perform I/O should use the Request's context,
// available from Request.Raw().Context(). When OnRequest returns an error, the policy propagates that error and doesn't send
// the request. When OnRequest is nil, the policy follows its default behavior, which is to authorize the request with a token
// from its credential according to its configuration.
OnRequest func(*Request, func(TokenRequestOptions) error) error
// OnChallenge is called when the policy receives a 401 response, allowing the AuthorizationHandler to re-authorize the
// request according to an authentication challenge (the Response's WWW-Authenticate header). OnChallenge is responsible
// for parsing parameters from the challenge. Its func parameter will authorize the request with a token from the policy's
// given credential. Implementations that need to perform I/O should use the Request's context, available from
// Request.Raw().Context(). When OnChallenge returns nil, the policy will send the request again. When OnChallenge is nil,
// the policy will return any 401 response to the client.
// OnChallenge allows clients to implement custom HTTP authentication challenge handling. BearerTokenPolicy calls it upon
// receiving a 401 response containing multiple Bearer challenges or a challenge BearerTokenPolicy itself can't handle.
// OnChallenge is responsible for parsing challenge(s) (the Response's WWW-Authenticate header) and reauthorizing the
// Request accordingly. Its func argument authorizes the Request with a token from the policy's credential using the given
// TokenRequestOptions. OnChallenge should honor the Request's context, available from Request.Raw().Context(). When
// OnChallenge returns nil, the policy will send the Request again.
OnChallenge func(*Request, *http.Response, func(TokenRequestOptions) error) error
}

133
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_bearer_token.go generated vendored
View File

@ -4,9 +4,12 @@
package runtime
import (
"encoding/base64"
"errors"
"net/http"
"regexp"
"strings"
"sync"
"time"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported"
@ -17,6 +20,11 @@ import (
)
// BearerTokenPolicy authorizes requests with bearer tokens acquired from a TokenCredential.
// It handles [Continuous Access Evaluation] (CAE) challenges. Clients needing to handle
// additional authentication challenges, or needing more control over authorization, should
// provide a [policy.AuthorizationHandler] in [policy.BearerTokenOptions].
//
// [Continuous Access Evaluation]: https://learn.microsoft.com/entra/identity/conditional-access/concept-continuous-access-evaluation
type BearerTokenPolicy struct {
// mainResource is the resource to be retreived using the tenant specified in the credential
mainResource *temporal.Resource[exported.AccessToken, acquiringResourceState]
@ -51,8 +59,18 @@ func NewBearerTokenPolicy(cred exported.TokenCredential, scopes []string, opts *
if opts == nil {
opts = &policy.BearerTokenOptions{}
}
ah := opts.AuthorizationHandler
if ah.OnRequest == nil {
// Set a default OnRequest that simply requests a token with the given scopes. OnChallenge
// doesn't get a default so the policy can use a nil check to determine whether the caller
// provided an implementation.
ah.OnRequest = func(_ *policy.Request, authNZ func(policy.TokenRequestOptions) error) error {
// authNZ sets EnableCAE: true in all cases, no need to duplicate that here
return authNZ(policy.TokenRequestOptions{Scopes: scopes})
}
}
return &BearerTokenPolicy{
authzHandler: opts.AuthorizationHandler,
authzHandler: ah,
cred: cred,
scopes: scopes,
mainResource: temporal.NewResource(acquire),
@ -63,6 +81,7 @@ func NewBearerTokenPolicy(cred exported.TokenCredential, scopes []string, opts *
// authenticateAndAuthorize returns a function which authorizes req with a token from the policy's credential
func (b *BearerTokenPolicy) authenticateAndAuthorize(req *policy.Request) func(policy.TokenRequestOptions) error {
return func(tro policy.TokenRequestOptions) error {
tro.EnableCAE = true
as := acquiringResourceState{p: b, req: req, tro: tro}
tk, err := b.mainResource.Get(as)
if err != nil {
@ -86,12 +105,7 @@ func (b *BearerTokenPolicy) Do(req *policy.Request) (*http.Response, error) {
return nil, err
}
var err error
if b.authzHandler.OnRequest != nil {
err = b.authzHandler.OnRequest(req, b.authenticateAndAuthorize(req))
} else {
err = b.authenticateAndAuthorize(req)(policy.TokenRequestOptions{Scopes: b.scopes})
}
err := b.authzHandler.OnRequest(req, b.authenticateAndAuthorize(req))
if err != nil {
return nil, errorinfo.NonRetriableError(err)
}
@ -101,17 +115,54 @@ func (b *BearerTokenPolicy) Do(req *policy.Request) (*http.Response, error) {
return nil, err
}
res, err = b.handleChallenge(req, res, false)
return res, err
}
// handleChallenge handles authentication challenges either directly (for CAE challenges) or by calling
// the AuthorizationHandler. It's a no-op when the response doesn't include an authentication challenge.
// It will recurse at most once, to handle a CAE challenge following a non-CAE challenge handled by the
// AuthorizationHandler.
func (b *BearerTokenPolicy) handleChallenge(req *policy.Request, res *http.Response, recursed bool) (*http.Response, error) {
var err error
if res.StatusCode == http.StatusUnauthorized {
b.mainResource.Expire()
if res.Header.Get("WWW-Authenticate") != "" && b.authzHandler.OnChallenge != nil {
if err = b.authzHandler.OnChallenge(req, res, b.authenticateAndAuthorize(req)); err == nil {
if res.Header.Get(shared.HeaderWWWAuthenticate) != "" {
caeChallenge, parseErr := parseCAEChallenge(res)
if parseErr != nil {
return res, parseErr
}
switch {
case caeChallenge != nil:
authNZ := func(tro policy.TokenRequestOptions) error {
// Take the TokenRequestOptions provided by OnRequest and add the challenge claims. The value
// will be empty at time of writing because CAE is the only feature involving claims. If in
// the future some client needs to specify unrelated claims, this function may need to merge
// them with the challenge claims.
tro.Claims = caeChallenge.params["claims"]
return b.authenticateAndAuthorize(req)(tro)
}
if err = b.authzHandler.OnRequest(req, authNZ); err == nil {
if err = req.RewindBody(); err == nil {
res, err = req.Next()
}
}
case b.authzHandler.OnChallenge != nil && !recursed:
if err = b.authzHandler.OnChallenge(req, res, b.authenticateAndAuthorize(req)); err == nil {
if err = req.RewindBody(); err == nil {
if res, err = req.Next(); err == nil {
res, err = b.handleChallenge(req, res, true)
}
if err != nil {
}
} else {
// don't retry challenge handling errors
err = errorinfo.NonRetriableError(err)
}
default:
// return the response to the pipeline
}
}
}
return res, err
}
@ -121,3 +172,65 @@ func checkHTTPSForAuth(req *policy.Request, allowHTTP bool) error {
}
return nil
}
// parseCAEChallenge returns a *authChallenge representing Response's CAE challenge (nil when Response has none).
// If Response includes a CAE challenge having invalid claims, it returns a NonRetriableError.
func parseCAEChallenge(res *http.Response) (*authChallenge, error) {
var (
caeChallenge *authChallenge
err error
)
for _, c := range parseChallenges(res) {
if c.scheme == "Bearer" {
if claims := c.params["claims"]; claims != "" && c.params["error"] == "insufficient_claims" {
if b, de := base64.StdEncoding.DecodeString(claims); de == nil {
c.params["claims"] = string(b)
caeChallenge = &c
} else {
// don't include the decoding error because it's something
// unhelpful like "illegal base64 data at input byte 42"
err = errorinfo.NonRetriableError(errors.New("authentication challenge contains invalid claims: " + claims))
}
break
}
}
}
return caeChallenge, err
}
var (
challenge, challengeParams *regexp.Regexp
once = &sync.Once{}
)
type authChallenge struct {
scheme string
params map[string]string
}
// parseChallenges assumes authentication challenges have quoted parameter values
func parseChallenges(res *http.Response) []authChallenge {
once.Do(func() {
// matches challenges having quoted parameters, capturing scheme and parameters
challenge = regexp.MustCompile(`(?:(\w+) ((?:\w+="[^"]*",?\s*)+))`)
// captures parameter names and values in a match of the above expression
challengeParams = regexp.MustCompile(`(\w+)="([^"]*)"`)
})
parsed := []authChallenge{}
// WWW-Authenticate can have multiple values, each containing multiple challenges
for _, h := range res.Header.Values(shared.HeaderWWWAuthenticate) {
for _, sm := range challenge.FindAllStringSubmatch(h, -1) {
// sm is [challenge, scheme, params] (see regexp documentation on submatches)
c := authChallenge{
params: make(map[string]string),
scheme: sm[1],
}
for _, sm := range challengeParams.FindAllStringSubmatch(sm[2], -1) {
// sm is [key="value", key, value] (see regexp documentation on submatches)
c.params[sm[1]] = sm[2]
}
parsed = append(parsed, c)
}
}
return parsed
}

10
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_http_trace.go generated vendored
View File

@ -96,6 +96,8 @@ func (h *httpTracePolicy) Do(req *policy.Request) (resp *http.Response, err erro
// StartSpanOptions contains the optional values for StartSpan.
type StartSpanOptions struct {
// Kind indicates the kind of Span.
Kind tracing.SpanKind
// Attributes contains key-value pairs of attributes for the span.
Attributes []tracing.Attribute
}
@ -115,7 +117,6 @@ func StartSpan(ctx context.Context, name string, tracer tracing.Tracer, options
// we MUST propagate the active tracer before returning so that the trace policy can access it
ctx = context.WithValue(ctx, shared.CtxWithTracingTracer{}, tracer)
const newSpanKind = tracing.SpanKindInternal
if activeSpan := ctx.Value(ctxActiveSpan{}); activeSpan != nil {
// per the design guidelines, if a SDK method Foo() calls SDK method Bar(),
// then the span for Bar() must be suppressed. however, if Bar() makes a REST
@ -131,12 +132,15 @@ func StartSpan(ctx context.Context, name string, tracer tracing.Tracer, options
if options == nil {
options = &StartSpanOptions{}
}
if options.Kind == 0 {
options.Kind = tracing.SpanKindInternal
}
ctx, span := tracer.Start(ctx, name, &tracing.SpanOptions{
Kind: newSpanKind,
Kind: options.Kind,
Attributes: options.Attributes,
})
ctx = context.WithValue(ctx, ctxActiveSpan{}, newSpanKind)
ctx = context.WithValue(ctx, ctxActiveSpan{}, options.Kind)
return ctx, func(err error) {
if err != nil {
errType := strings.Replace(fmt.Sprintf("%T", err), "*exported.", "*azcore.", 1)

28
vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_retry.go generated vendored
View File

@ -59,13 +59,33 @@ func setDefaults(o *policy.RetryOptions) {
}
func calcDelay(o policy.RetryOptions, try int32) time.Duration { // try is >=1; never 0
delay := time.Duration((1<<try)-1) * o.RetryDelay
// avoid overflow when shifting left
factor := time.Duration(math.MaxInt64)
if try < 63 {
factor = time.Duration(int64(1<<try) - 1)
}
// Introduce some jitter: [0.0, 1.0) / 2 = [0.0, 0.5) + 0.8 = [0.8, 1.3)
delay = time.Duration(delay.Seconds() * (rand.Float64()/2 + 0.8) * float64(time.Second)) // NOTE: We want math/rand; not crypto/rand
if delay > o.MaxRetryDelay {
delay := factor * o.RetryDelay
if delay < factor {
// overflow has happened so set to max value
delay = time.Duration(math.MaxInt64)
}
// Introduce jitter: [0.0, 1.0) / 2 = [0.0, 0.5) + 0.8 = [0.8, 1.3)
jitterMultiplier := rand.Float64()/2 + 0.8 // NOTE: We want math/rand; not crypto/rand
delayFloat := float64(delay) * jitterMultiplier
if delayFloat > float64(math.MaxInt64) {
// the jitter pushed us over MaxInt64, so just use MaxInt64
delay = time.Duration(math.MaxInt64)
} else {
delay = time.Duration(delayFloat)
}
if delay > o.MaxRetryDelay { // MaxRetryDelay is backfilled with non-negative value
delay = o.MaxRetryDelay
}
return delay
}

7
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/CHANGELOG.md generated vendored
View File

@ -1,5 +1,12 @@
# Release History
## 1.2.0 (2024-10-21)
### Features Added
* Added CAE support
* Client requests tokens from the Vault's tenant, overriding any credential default
(thanks @francescomari)
## 1.1.0 (2024-02-13)
### Other Changes

92
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/MIGRATION.md generated vendored Normal file
View File

@ -0,0 +1,92 @@
# Guide to migrate from `keyvault` to `azsecrets`
This guide is intended to assist in the migration to the `azsecrets` module from the deprecated `keyvault` module. `azsecrets` allows users to create and manage [secrets] with Azure Key Vault.
## General changes
In the past, Azure Key Vault operations were all contained in a single package. For Go, this was `github.com/Azure/azure-sdk-for-go/services/keyvault/<version>/keyvault`.
The new SDK divides the Key Vault API into separate modules for keys, secrets, and certificates. This guide focuses on migrating secret operations to use the new `azsecrets` module.
There are other changes besides the module name. For example, some type and method names are different, and all new modules authenticate using our [azidentity] module.
## Code examples
The following code example shows the difference between the old and new modules when creating a secret. The biggest differences are the client and authentication. In the `keyvault` module, users created a `keyvault.BaseClient` then added an `Authorizer` to the client to authenticate. In the `azsecrets` module, users create a credential using the [azidentity] module then use that credential to construct the client.
Another difference is that the Key Vault URL is now passed to the client once during construction, not every time a method is called.
### `keyvault` create secret
```go
import (
"context"
"fmt"
"github.com/Azure/azure-sdk-for-go/profiles/latest/keyvault/keyvault"
kvauth "github.com/Azure/azure-sdk-for-go/services/keyvault/auth"
)
func main() {
vaultURL := "https://<TODO: your vault name>.vault.azure.net"
secretName := "mySecret"
secretValue := "mySecretValue"
authorizer, err := kvauth.NewAuthorizerFromEnvironment()
if err != nil {
// TODO: handle error
}
basicClient := keyvault.New()
basicClient.Authorizer = authorizer
fmt.Println("\ncreating secret in keyvault:")
var secParams keyvault.SecretSetParameters
secParams.Value = &secretValue
newBundle, err := basicClient.SetSecret(context.Background(), vaultURL, secretName, secParams)
if err != nil {
// TODO: handle error
}
fmt.Println("added/updated: " + *newBundle.ID)
}
```
### `azsecrets` create secret
```go
package main
import (
"context"
"fmt"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets"
)
func main() {
vaultURL := "https://<TODO: your vault name>.vault.azure.net"
secretName := "mySecret"
secretValue := "mySecretValue"
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
// TODO: handle error
}
client, err := azsecrets.NewClient(vaultURL, cred, nil)
if err != nil {
// TODO: handle error
}
resp, err := client.SetSecret(context.TODO(), secretName, azsecrets.SetSecretParameters{Value: &secretValue}, nil)
if err != nil {
// TODO: handle error
}
fmt.Printf("Set secret %s", resp.ID.Name())
}
```
[azidentity]: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity
[secrets]: https://learn.microsoft.com/azure/key-vault/secrets/about-secrets

2
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/assets.json generated vendored
View File

@ -2,5 +2,5 @@
"AssetsRepo": "Azure/azure-sdk-assets",
"AssetsRepoPrefixPath": "go",
"TagPrefix": "go/security/keyvault/azsecrets",
"Tag": "go/security/keyvault/azsecrets_46bc7ae56f"
"Tag": "go/security/keyvault/azsecrets_f05a21134a"
}

5
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/ci.yml generated vendored
View File

@ -22,9 +22,10 @@ pr:
include:
- sdk/security/keyvault/azsecrets
stages:
- template: /eng/pipelines/templates/jobs/archetype-sdk-client.yml
extends:
template: /eng/pipelines/templates/jobs/archetype-sdk-client.yml
parameters:
ServiceDirectory: 'security/keyvault/azsecrets'
RunLiveTests: true
UsePipelineProxy: false
SupportedClouds: 'Public,UsGov,China'

176
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/test-resources.json generated vendored
View File

@ -35,62 +35,18 @@
"description": "The location of the resource. By default, this is the same as the resource group."
}
},
"hsmLocation": {
"type": "string",
"defaultValue": "southcentralus",
"allowedValues": [
"australiacentral",
"canadacentral",
"centralus",
"eastasia",
"eastus2",
"koreacentral",
"northeurope",
"southafricanorth",
"southcentralus",
"southeastasia",
"switzerlandnorth",
"uksouth",
"westeurope",
"westus"
],
"metadata": {
"description": "The location of the Managed HSM. By default, this is 'southcentralus'."
}
},
"enableHsm": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Whether to enable deployment of Managed HSM. The default is false."
}
},
"keyVaultSku": {
"type": "string",
"defaultValue": "premium",
"metadata": {
"description": "Key Vault SKU to deploy. The default is 'premium'"
}
},
"attestationImage": {
"type": "string",
"defaultValue": "keyvault-mock-attestation:latest",
"metadata": {
"description": "The container image name and tag to use for the attestation mock service."
}
}
},
"variables": {
"attestationFarm": "[concat(parameters('baseName'), 'farm')]",
"attestationSite": "[concat(parameters('baseName'), 'site')]",
"attestationUri": "[concat('DOCKER|azsdkengsys.azurecr.io/', parameters('attestationImage'))]",
"kvApiVersion": "2019-09-01",
"kvName": "[parameters('baseName')]",
"hsmApiVersion": "2021-04-01-preview",
"hsmName": "[concat(parameters('baseName'), 'hsm')]",
"mgmtApiVersion": "2019-04-01",
"blobContainerName": "backup",
"primaryAccountName": "[concat(parameters('baseName'), 'prim')]",
"encryption": {
"services": {
"blob": {
@ -180,116 +136,6 @@
"enableSoftDelete": true,
"softDeleteRetentionInDays": 7
}
},
{
"type": "Microsoft.KeyVault/managedHSMs",
"apiVersion": "[variables('hsmApiVersion')]",
"name": "[variables('hsmName')]",
"condition": "[parameters('enableHsm')]",
"location": "[parameters('hsmLocation')]",
"sku": {
"family": "B",
"name": "Standard_B1"
},
"properties": {
"tenantId": "[parameters('tenantId')]",
"initialAdminObjectIds": "[union(array(parameters('testApplicationOid')), array(parameters('provisionerApplicationOid')))]",
"enablePurgeProtection": false,
"enableSoftDelete": true,
"softDeleteRetentionInDays": 7,
"publicNetworkAccess": "Enabled",
"networkAcls": "[variables('networkAcls')]"
}
},
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "[variables('mgmtApiVersion')]",
"name": "[variables('primaryAccountName')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard_RAGRS",
"tier": "Standard"
},
"kind": "StorageV2",
"properties": {
"networkAcls": "[variables('networkAcls')]",
"supportsHttpsTrafficOnly": true,
"encryption": "[variables('encryption')]",
"accessTier": "Hot"
}
},
{
"type": "Microsoft.Storage/storageAccounts/blobServices",
"apiVersion": "2019-06-01",
"name": "[concat(variables('primaryAccountName'), '/default')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('primaryAccountName'))]"
],
"sku": {
"name": "Standard_RAGRS",
"tier": "Standard"
},
"properties": {
"cors": {
"corsRules": []
},
"deleteRetentionPolicy": {
"enabled": false
}
}
},
{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers",
"apiVersion": "2019-06-01",
"name": "[concat(variables('primaryAccountName'), '/default/', variables('blobContainerName'))]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/blobServices', variables('primaryAccountName'), 'default')]",
"[resourceId('Microsoft.Storage/storageAccounts', variables('primaryAccountName'))]"
],
"properties": {
"publicAccess": "None"
}
},
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2020-12-01",
"name": "[variables('attestationFarm')]",
"condition": "[parameters('enableHsm')]",
"location": "[parameters('location')]",
"kind": "linux",
"sku": {
"name": "B1"
},
"properties": {
"reserved": true
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2020-12-01",
"name": "[variables('attestationSite')]",
"condition": "[parameters('enableHsm')]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('attestationFarm'))]"
],
"location": "[parameters('location')]",
"properties": {
"httpsOnly": true,
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('attestationFarm'))]",
"siteConfig": {
"name": "[variables('attestationSite')]",
"alwaysOn": true,
"linuxFxVersion": "[variables('attestationUri')]",
"appSettings": [
{
"name": "WEBSITES_ENABLE_APP_SERVICE_STORAGE",
"value": "false"
}
]
}
}
}
],
"outputs": {
@ -297,11 +143,6 @@
"type": "string",
"value": "[reference(variables('kvName')).vaultUri]"
},
"AZURE_MANAGEDHSM_URL": {
"type": "string",
"condition": "[parameters('enableHsm')]",
"value": "[reference(variables('hsmName')).hsmUri]"
},
"KEYVAULT_SKU": {
"type": "string",
"value": "[reference(parameters('baseName')).sku.name]"
@ -309,23 +150,6 @@
"CLIENT_OBJECTID": {
"type": "string",
"value": "[parameters('testApplicationOid')]"
},
"BLOB_STORAGE_ACCOUNT_NAME": {
"type": "string",
"value": "[variables('primaryAccountName')]"
},
"BLOB_PRIMARY_STORAGE_ACCOUNT_KEY": {
"type": "string",
"value": "[listKeys(variables('primaryAccountName'), variables('mgmtApiVersion')).keys[0].value]"
},
"BLOB_CONTAINER_NAME" : {
"type": "string",
"value": "[variables('blobContainerName')]"
},
"AZURE_KEYVAULT_ATTESTATION_URL": {
"type": "string",
"condition": "[parameters('enableHsm')]",
"value": "[format('https://{0}/', reference(variables('attestationSite')).defaultHostName)]"
}
}
}

2
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/version.go generated vendored
View File

@ -8,5 +8,5 @@ package azsecrets
const (
moduleName = "github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets"
version = "v1.1.0"
version = "v1.2.0"
)

11
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal/CHANGELOG.md generated vendored
View File

@ -1,5 +1,16 @@
# Release History
## 1.1.0 (2024-10-21)
### Features Added
* Added CAE support
* `KeyVaultChallengePolicy` always requests tokens from the Vault's tenant, overriding any credential default
## 1.0.1 (2024-04-09)
### Other Changes
* Upgraded dependencies
## 1.0.0 (2023-08-15)
### Features Added

33
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal/challenge_policy.go generated vendored
View File

@ -17,7 +17,6 @@ import (
"github.com/Azure/azure-sdk-for-go/sdk/azcore"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
"github.com/Azure/azure-sdk-for-go/sdk/internal/errorinfo"
)
const challengeMatchError = `challenge resource "%s" doesn't match the requested domain. Set DisableChallengeResourceVerification to true in your client options to disable. See https://aka.ms/azsdk/blog/vault-uri for more information`
@ -32,8 +31,6 @@ type keyVaultAuthorizer struct {
// tro is the policy's authentication parameters. These are discovered from an authentication challenge
// elicited ahead of the first client request.
tro policy.TokenRequestOptions
// TODO: move into tro once it has a tenant field (https://github.com/Azure/azure-sdk-for-go/issues/19841)
tenantID string
verifyChallengeResource bool
}
@ -58,7 +55,7 @@ func NewKeyVaultChallengePolicy(cred azcore.TokenCredential, opts *KeyVaultChall
}
func (k *keyVaultAuthorizer) authorize(req *policy.Request, authNZ func(policy.TokenRequestOptions) error) error {
if len(k.tro.Scopes) == 0 || k.tenantID == "" {
if len(k.tro.Scopes) == 0 || k.tro.TenantID == "" {
if body := req.Body(); body != nil {
// We don't know the scope or tenant ID because we haven't seen a challenge yet. We elicit one now by sending
// the request without authorization, first removing its body, if any. authorizeOnChallenge will reattach the
@ -105,29 +102,11 @@ func parseTenant(url string) string {
return tenant
}
type challengePolicyError struct {
err error
}
func (c *challengePolicyError) Error() string {
return c.err.Error()
}
func (*challengePolicyError) NonRetriable() {
// marker method
}
func (c *challengePolicyError) Unwrap() error {
return c.err
}
var _ errorinfo.NonRetriable = (*challengePolicyError)(nil)
// updateTokenRequestOptions parses authentication parameters from Key Vault's challenge
func (k *keyVaultAuthorizer) updateTokenRequestOptions(resp *http.Response, req *http.Request) error {
authHeader := resp.Header.Get("WWW-Authenticate")
if authHeader == "" {
return &challengePolicyError{err: errors.New("response has no WWW-Authenticate header for challenge authentication")}
return errors.New("response has no WWW-Authenticate header for challenge authentication")
}
// Strip down to auth and resource
@ -147,7 +126,7 @@ func (k *keyVaultAuthorizer) updateTokenRequestOptions(resp *http.Response, req
}
}
k.tenantID = parseTenant(vals["authorization"])
k.tro.TenantID = parseTenant(vals["authorization"])
scope := ""
if v, ok := vals["scope"]; ok {
scope = v
@ -155,16 +134,16 @@ func (k *keyVaultAuthorizer) updateTokenRequestOptions(resp *http.Response, req
scope = v
}
if scope == "" {
return &challengePolicyError{err: errors.New("could not find a valid resource in the WWW-Authenticate header")}
return errors.New("could not find a valid resource in the WWW-Authenticate header")
}
if k.verifyChallengeResource {
// the challenge resource's host must match the requested vault's host
parsed, err := url.Parse(scope)
if err != nil {
return &challengePolicyError{err: fmt.Errorf(`invalid challenge resource "%s": %v`, scope, err)}
return fmt.Errorf("invalid challenge resource %q: %v", scope, err)
}
if !strings.HasSuffix(req.URL.Host, "."+parsed.Host) {
return &challengePolicyError{err: fmt.Errorf(challengeMatchError, scope)}
return fmt.Errorf(challengeMatchError, scope)
}
}
if !strings.HasSuffix(scope, "/.default") {

4
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal/ci.securitykeyvault.yml → vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal/ci.keyvault.yml generated vendored
View File

@ -21,8 +21,8 @@ pr:
include:
- sdk/security/keyvault/internal
stages:
- template: /eng/pipelines/templates/jobs/archetype-sdk-client.yml
extends:
template: /eng/pipelines/templates/jobs/archetype-sdk-client.yml
parameters:
ServiceDirectory: 'security/keyvault/internal'
RunLiveTests: false

2
vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal/constants.go generated vendored
View File

@ -7,5 +7,5 @@
package internal
const (
version = "v1.0.0" //nolint
version = "v1.1.0" //nolint
)

2
vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go generated vendored
View File

@ -3,4 +3,4 @@
package aws
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.32.2"
const goModuleVersion = "1.32.3"

1
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go generated vendored
View File

@ -374,6 +374,7 @@ func GetSignedRequestSignature(r *http.Request) ([]byte, error) {
if auth := r.Header.Get(authorizationHeader); len(auth) != 0 {
ps := strings.Split(auth, ",")
for _, p := range ps {
p = strings.TrimSpace(p)
if idx := strings.Index(p, authHeaderSignatureElem); idx >= 0 {
sig := p[len(authHeaderSignatureElem):]
if len(sig) == 0 {

4
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md generated vendored
View File

@ -1,3 +1,7 @@
# v1.3.22 (2024-10-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.21 (2024-10-08)
* **Dependency Update**: Updated to the latest SDK module versions

2
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go generated vendored
View File

@ -3,4 +3,4 @@
package configsources
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.3.21"
const goModuleVersion = "1.3.22"

4
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md generated vendored
View File

@ -1,3 +1,7 @@
# v2.6.22 (2024-10-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.21 (2024-10-08)
* **Dependency Update**: Updated to the latest SDK module versions

2
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go generated vendored
View File

@ -3,4 +3,4 @@
package endpoints
// goModuleVersion is the tagged release for this module
const goModuleVersion = "2.6.21"
const goModuleVersion = "2.6.22"

4
vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md generated vendored
View File

@ -1,3 +1,7 @@
# v1.12.3 (2024-10-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.2 (2024-10-08)
* **Dependency Update**: Updated to the latest SDK module versions

2
vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go generated vendored
View File

@ -3,4 +3,4 @@
package presignedurl
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.12.2"
const goModuleVersion = "1.12.3"

4
vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md generated vendored
View File

@ -1,3 +1,7 @@
# v1.32.3 (2024-10-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.32.2 (2024-10-08)
* **Dependency Update**: Updated to the latest SDK module versions

2
vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go generated vendored
View File

@ -3,4 +3,4 @@
package sts
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.32.2"
const goModuleVersion = "1.32.3"

16
vendor/modules.txt vendored
View File

@ -1,4 +1,4 @@
# github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0
# github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0
## explicit; go 1.18
github.com/Azure/azure-sdk-for-go/sdk/azcore
github.com/Azure/azure-sdk-for-go/sdk/azcore/arm/internal/resource
@ -33,10 +33,10 @@ github.com/Azure/azure-sdk-for-go/sdk/internal/log
github.com/Azure/azure-sdk-for-go/sdk/internal/poller
github.com/Azure/azure-sdk-for-go/sdk/internal/temporal
github.com/Azure/azure-sdk-for-go/sdk/internal/uuid
# github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0
# github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.2.0
## explicit; go 1.18
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets
# github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0
# github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0
## explicit; go 1.18
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal
# github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2
@ -126,7 +126,7 @@ github.com/aws/aws-sdk-go/service/sso/ssoiface
github.com/aws/aws-sdk-go/service/ssooidc
github.com/aws/aws-sdk-go/service/sts
github.com/aws/aws-sdk-go/service/sts/stsiface
# github.com/aws/aws-sdk-go-v2 v1.32.2
# github.com/aws/aws-sdk-go-v2 v1.32.3
## explicit; go 1.21
github.com/aws/aws-sdk-go-v2/aws
github.com/aws/aws-sdk-go-v2/aws/defaults
@ -149,19 +149,19 @@ github.com/aws/aws-sdk-go-v2/internal/sdk
github.com/aws/aws-sdk-go-v2/internal/strings
github.com/aws/aws-sdk-go-v2/internal/sync/singleflight
github.com/aws/aws-sdk-go-v2/internal/timeconv
# github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21
# github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22
## explicit; go 1.21
github.com/aws/aws-sdk-go-v2/internal/configsources
# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21
# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22
## explicit; go 1.21
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2
# github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0
## explicit; go 1.21
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding
# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2
# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3
## explicit; go 1.21
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url
# github.com/aws/aws-sdk-go-v2/service/sts v1.32.2
# github.com/aws/aws-sdk-go-v2/service/sts v1.32.3
## explicit; go 1.21
github.com/aws/aws-sdk-go-v2/service/sts
github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints