diff --git a/cmd/ks-apiserver/app/options/validation.go b/cmd/ks-apiserver/app/options/validation.go index 3d18551ad..77dd70d55 100644 --- a/cmd/ks-apiserver/app/options/validation.go +++ b/cmd/ks-apiserver/app/options/validation.go @@ -31,6 +31,7 @@ func (s *ServerRunOptions) Validate() []error { errors = append(errors, s.OpenPitrixOptions.Validate()...) errors = append(errors, s.NetworkOptions.Validate()...) errors = append(errors, s.LoggingOptions.Validate()...) + errors = append(errors, s.AuthenticationOptions.Validate()...) errors = append(errors, s.AuthorizationOptions.Validate()...) errors = append(errors, s.EventsOptions.Validate()...) errors = append(errors, s.AuditingOptions.Validate()...) diff --git a/go.mod b/go.mod index 76458cd1c..cd24cd04d 100644 --- a/go.mod +++ b/go.mod @@ -14,6 +14,7 @@ require ( github.com/beevik/etree v1.1.0 github.com/container-storage-interface/spec v1.2.0 github.com/containernetworking/cni v0.8.0 + github.com/coreos/go-oidc v2.1.0+incompatible github.com/davecgh/go-spew v1.1.1 github.com/dgrijalva/jwt-go v3.2.0+incompatible github.com/docker/distribution v2.7.1+incompatible @@ -73,6 +74,7 @@ require ( golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d google.golang.org/grpc v1.30.0 gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect + gopkg.in/square/go-jose.v2 v2.4.0 gopkg.in/src-d/go-billy.v4 v4.3.0 // indirect gopkg.in/src-d/go-git.v4 v4.11.0 gopkg.in/yaml.v2 v2.3.0 @@ -111,7 +113,9 @@ replace ( cloud.google.com/go/storage => cloud.google.com/go/storage v1.6.0 code.cloudfoundry.org/bytefmt => code.cloudfoundry.org/bytefmt v0.0.0-20190710193110-1eb035ffe2b6 collectd.org => collectd.org v0.3.0 + github.com/Azure/azure-pipeline-go => github.com/Azure/azure-pipeline-go v0.2.2 github.com/Azure/azure-sdk-for-go => github.com/Azure/azure-sdk-for-go v41.3.0+incompatible + github.com/Azure/azure-storage-blob-go => github.com/Azure/azure-storage-blob-go v0.8.0 github.com/Azure/go-ansiterm => github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 github.com/Azure/go-autorest/autorest => github.com/Azure/go-autorest/autorest v0.10.0 github.com/Azure/go-autorest/autorest/adal => github.com/Azure/go-autorest/autorest/adal v0.8.3 @@ -130,6 +134,7 @@ replace ( github.com/Masterminds/semver => github.com/Masterminds/semver v1.5.0 github.com/Masterminds/semver/v3 => github.com/Masterminds/semver/v3 v3.0.1 github.com/Masterminds/sprig/v3 => github.com/Masterminds/sprig/v3 v3.0.0 + github.com/Masterminds/squirrel => github.com/Masterminds/squirrel v0.0.0-20161115235646-20f192218cf5 github.com/Masterminds/vcs => github.com/Masterminds/vcs v1.13.0 github.com/Microsoft/go-winio => github.com/Microsoft/go-winio v0.4.12 github.com/Microsoft/hcsshim => github.com/Microsoft/hcsshim v0.8.6 @@ -151,6 +156,7 @@ replace ( github.com/alecthomas/template => github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 github.com/alecthomas/units => github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d github.com/alessio/shellescape => github.com/alessio/shellescape v1.2.2 + github.com/aliyun/aliyun-oss-go-sdk => github.com/aliyun/aliyun-oss-go-sdk v2.0.4+incompatible github.com/andreyvit/diff => github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 github.com/andybalholm/cascadia => github.com/andybalholm/cascadia v1.0.0 github.com/anmitsu/go-shlex => github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 @@ -161,23 +167,29 @@ replace ( github.com/armon/consul-api => github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6 github.com/armon/go-metrics => github.com/armon/go-metrics v0.3.3 github.com/armon/go-radix => github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310 + github.com/armon/go-socks5 => github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 github.com/aryann/difflib => github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a github.com/asaskevich/govalidator => github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496 github.com/aws/aws-lambda-go => github.com/aws/aws-lambda-go v1.13.3 github.com/aws/aws-sdk-go => github.com/aws/aws-sdk-go v1.30.12 github.com/aws/aws-sdk-go-v2 => github.com/aws/aws-sdk-go-v2 v0.18.0 github.com/beevik/etree => github.com/beevik/etree v1.1.0 + github.com/beevik/ntp => github.com/beevik/ntp v0.2.0 github.com/beorn7/perks => github.com/beorn7/perks v1.0.1 github.com/bgentry/speakeasy => github.com/bgentry/speakeasy v0.1.0 + github.com/bitly/go-hostpool => github.com/bitly/go-hostpool v0.0.0-20171023180738-a3a6125de932 github.com/bitly/go-simplejson => github.com/bitly/go-simplejson v0.5.0 github.com/blang/semver => github.com/blang/semver v3.5.0+incompatible github.com/bmizerany/assert => github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 github.com/bmizerany/pat => github.com/bmizerany/pat v0.0.0-20170815010413-6226ea591a40 github.com/boltdb/bolt => github.com/boltdb/bolt v1.3.1 + github.com/bradfitz/gomemcache => github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b + github.com/brancz/kube-rbac-proxy => github.com/brancz/kube-rbac-proxy v0.5.0 github.com/bshuster-repo/logrus-logstash-hook => github.com/bshuster-repo/logrus-logstash-hook v0.4.1 github.com/bugsnag/bugsnag-go => github.com/bugsnag/bugsnag-go v1.5.0 github.com/bugsnag/panicwrap => github.com/bugsnag/panicwrap v1.2.0 github.com/c-bata/go-prompt => github.com/c-bata/go-prompt v0.2.2 + github.com/campoy/embedmd => github.com/campoy/embedmd v1.0.0 github.com/casbin/casbin/v2 => github.com/casbin/casbin/v2 v2.1.2 github.com/cenkalti/backoff => github.com/cenkalti/backoff v2.2.1+incompatible github.com/census-instrumentation/opencensus-proto => github.com/census-instrumentation/opencensus-proto v0.2.1 @@ -185,12 +197,16 @@ replace ( github.com/cespare/xxhash/v2 => github.com/cespare/xxhash/v2 v2.1.1 github.com/chai2010/gettext-go => github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 github.com/chai2010/jsonmap => github.com/chai2010/jsonmap v1.0.0 + github.com/chromedp/cdproto => github.com/chromedp/cdproto v0.0.0-20200424080200-0de008e41fa0 + github.com/chromedp/chromedp => github.com/chromedp/chromedp v0.5.3 github.com/chzyer/logex => github.com/chzyer/logex v1.1.10 github.com/chzyer/readline => github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e github.com/chzyer/test => github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 github.com/circonus-labs/circonus-gometrics => github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible github.com/circonus-labs/circonusllhist => github.com/circonus-labs/circonusllhist v0.1.3 github.com/clbanning/x2j => github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec + github.com/cockroachdb/apd => github.com/cockroachdb/apd v1.1.0 + github.com/cockroachdb/cockroach-go => github.com/cockroachdb/cockroach-go v0.0.0-20181001143604-e0a95dfd547c github.com/cockroachdb/datadriven => github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa github.com/codahale/hdrhistogram => github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd github.com/container-storage-interface/spec => github.com/container-storage-interface/spec v1.2.0 @@ -203,9 +219,20 @@ replace ( github.com/coreos/go-semver => github.com/coreos/go-semver v0.3.0 github.com/coreos/go-systemd => github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f github.com/coreos/pkg => github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f - github.com/cpuguy83/go-md2man/v2 => github.com/cpuguy83/go-md2man/v2 v2.0.0 + github.com/cortexproject/cortex => github.com/cortexproject/cortex v1.3.1-0.20200901115931-255ff3306960 + github.com/cpuguy83/go-md2man => github.com/cpuguy83/go-md2man v1.0.10 github.com/creack/pty => github.com/creack/pty v1.1.7 github.com/cyphar/filepath-securejoin => github.com/cyphar/filepath-securejoin v0.2.2 + github.com/cznic/b => github.com/cznic/b v0.0.0-20180115125044-35e9bbe41f07 + github.com/cznic/fileutil => github.com/cznic/fileutil v0.0.0-20180108211300-6a051e75936f + github.com/cznic/golex => github.com/cznic/golex v0.0.0-20170803123110-4ab7c5e190e4 + github.com/cznic/internal => github.com/cznic/internal v0.0.0-20180608152220-f44710a21d00 + github.com/cznic/lldb => github.com/cznic/lldb v1.1.0 + github.com/cznic/mathutil => github.com/cznic/mathutil v0.0.0-20180504122225-ca4c9f2c1369 + github.com/cznic/ql => github.com/cznic/ql v1.2.0 + github.com/cznic/sortutil => github.com/cznic/sortutil v0.0.0-20150617083342-4c7342852e65 + github.com/cznic/strutil => github.com/cznic/strutil v0.0.0-20171016134553-529a34b1c186 + github.com/cznic/zappy => github.com/cznic/zappy v0.0.0-20160723133515-2533cb5b45cc github.com/dave/jennifer => github.com/dave/jennifer v1.2.0 github.com/davecgh/go-spew => github.com/davecgh/go-spew v1.1.1 github.com/daviddengcn/go-colortext => github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd @@ -215,6 +242,7 @@ replace ( github.com/dgrijalva/jwt-go => github.com/dgrijalva/jwt-go v3.2.0+incompatible github.com/dgryski/go-bitstream => github.com/dgryski/go-bitstream v0.0.0-20180413035011-3522498ce2c8 github.com/dgryski/go-sip13 => github.com/dgryski/go-sip13 v0.0.0-20190329191031-25c5027a8c7b + github.com/dhui/dktest => github.com/dhui/dktest v0.3.0 github.com/disintegration/imaging => github.com/disintegration/imaging v1.6.1 github.com/docker/cli => github.com/docker/cli v0.0.0-20190506213505-d88565df0c2d github.com/docker/distribution => github.com/docker/distribution v2.7.1+incompatible @@ -235,8 +263,11 @@ replace ( github.com/elastic/go-elasticsearch/v5 => github.com/elastic/go-elasticsearch/v5 v5.6.1 github.com/elastic/go-elasticsearch/v6 => github.com/elastic/go-elasticsearch/v6 v6.8.2 github.com/elastic/go-elasticsearch/v7 => github.com/elastic/go-elasticsearch/v7 v7.3.0 + github.com/elastic/go-sysinfo => github.com/elastic/go-sysinfo v1.1.1 + github.com/elastic/go-windows => github.com/elastic/go-windows v1.0.1 github.com/elazarl/goproxy => github.com/elazarl/goproxy v0.0.0-20200315184450-1f3cb6622dad github.com/elazarl/goproxy/ext => github.com/elazarl/goproxy/ext v0.0.0-20190711103511-473e67f1d7d2 + github.com/ema/qdisc => github.com/ema/qdisc v0.0.0-20190904071900-b82c76788043 github.com/emicklei/go-restful => github.com/emicklei/go-restful v2.14.3+incompatible github.com/emicklei/go-restful-openapi => github.com/emicklei/go-restful-openapi v1.4.1 github.com/emirpasic/gods => github.com/emirpasic/gods v1.12.0 @@ -246,14 +277,19 @@ replace ( github.com/evanphx/json-patch => github.com/evanphx/json-patch v4.9.0+incompatible github.com/evanphx/json-patch/v5 => github.com/evanphx/json-patch/v5 v5.0.0 github.com/exponent-io/jsonpath => github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d + github.com/facette/natsort => github.com/facette/natsort v0.0.0-20181210072756-2cd4dd1e2dcb github.com/fatih/camelcase => github.com/fatih/camelcase v1.0.0 github.com/fatih/color => github.com/fatih/color v1.9.0 github.com/fatih/structs => github.com/fatih/structs v1.1.0 + github.com/fatih/structtag => github.com/fatih/structtag v1.1.0 + github.com/felixge/fgprof => github.com/felixge/fgprof v0.9.1 + github.com/felixge/httpsnoop => github.com/felixge/httpsnoop v1.0.1 github.com/flynn/go-shlex => github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 github.com/fogleman/gg => github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90 github.com/franela/goblin => github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db github.com/franela/goreq => github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8 github.com/fsnotify/fsnotify => github.com/fsnotify/fsnotify v1.4.9 + github.com/fsouza/fake-gcs-server => github.com/fsouza/fake-gcs-server v1.7.0 github.com/garyburd/redigo => github.com/garyburd/redigo v1.6.0 github.com/ghodss/yaml => github.com/ghodss/yaml v1.0.0 github.com/gin-contrib/sse => github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3 @@ -295,25 +331,36 @@ replace ( github.com/gobuffalo/packr/v2 => github.com/gobuffalo/packr/v2 v2.2.0 github.com/gobuffalo/syncx => github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754 github.com/gobwas/glob => github.com/gobwas/glob v0.2.3 + github.com/gobwas/httphead => github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee + github.com/gobwas/pool => github.com/gobwas/pool v0.2.0 + github.com/gobwas/ws => github.com/gobwas/ws v1.0.2 + github.com/gocql/gocql => github.com/gocql/gocql v0.0.0-20200526081602-cd04bd7f22a7 github.com/gocraft/dbr => github.com/gocraft/dbr v0.0.0-20180507214907-a0fd650918f6 + github.com/godbus/dbus => github.com/godbus/dbus v0.0.0-20190402143921-271e53dc4968 github.com/gofrs/flock => github.com/gofrs/flock v0.7.1 github.com/gofrs/uuid => github.com/gofrs/uuid v3.2.0+incompatible + github.com/gogo/googleapis => github.com/gogo/googleapis v1.1.0 github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.1 + github.com/gogo/status => github.com/gogo/status v1.0.3 + github.com/golang-migrate/migrate/v4 => github.com/golang-migrate/migrate/v4 v4.7.0 github.com/golang/example => github.com/golang/example v0.0.0-20170904185048-46695d81d1fa github.com/golang/freetype => github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 github.com/golang/geo => github.com/golang/geo v0.0.0-20190916061304-5b978397cfec github.com/golang/glog => github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b github.com/golang/groupcache => github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e + github.com/golang/lint => github.com/golang/lint v0.0.0-20180702182130-06c8688daad7 github.com/golang/mock => github.com/golang/mock v1.4.3 github.com/golang/protobuf => github.com/golang/protobuf v1.4.2 github.com/golang/snappy => github.com/golang/snappy v0.0.1 github.com/golangplus/bytes => github.com/golangplus/bytes v0.0.0-20160111154220-45c989fe5450 github.com/golangplus/fmt => github.com/golangplus/fmt v0.0.0-20150411045040-2a5d6d7d2995 github.com/golangplus/testing => github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e + github.com/gomodule/redigo => github.com/gomodule/redigo v2.0.0+incompatible github.com/google/addlicense => github.com/google/addlicense v0.0.0-20200906110928-a0294312aa76 github.com/google/btree => github.com/google/btree v1.0.0 github.com/google/flatbuffers => github.com/google/flatbuffers v1.11.0 github.com/google/go-cmp => github.com/google/go-cmp v0.4.0 + github.com/google/go-github => github.com/google/go-github v17.0.0+incompatible github.com/google/go-querystring => github.com/google/go-querystring v1.0.0 github.com/google/gofuzz => github.com/google/gofuzz v1.1.0 github.com/google/gops => github.com/google/gops v0.3.6 @@ -321,6 +368,7 @@ replace ( github.com/google/pprof => github.com/google/pprof v0.0.0-20200417002340-c6e0a841f49a github.com/google/renameio => github.com/google/renameio v0.1.0 github.com/google/uuid => github.com/google/uuid v1.1.1 + github.com/googleapis/gax-go => github.com/googleapis/gax-go v2.0.2+incompatible github.com/googleapis/gax-go/v2 => github.com/googleapis/gax-go/v2 v2.0.5 github.com/googleapis/gnostic => github.com/googleapis/gnostic v0.4.0 github.com/gophercloud/gophercloud => github.com/gophercloud/gophercloud v0.10.0 @@ -334,6 +382,7 @@ replace ( github.com/grpc-ecosystem/go-grpc-middleware => github.com/grpc-ecosystem/go-grpc-middleware v1.1.0 github.com/grpc-ecosystem/go-grpc-prometheus => github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 github.com/grpc-ecosystem/grpc-gateway => github.com/grpc-ecosystem/grpc-gateway v1.14.4 + github.com/hailocab/go-hostpool => github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed github.com/hashicorp/consul/api => github.com/hashicorp/consul/api v1.4.0 github.com/hashicorp/consul/sdk => github.com/hashicorp/consul/sdk v0.4.0 github.com/hashicorp/errwrap => github.com/hashicorp/errwrap v1.0.0 @@ -354,6 +403,7 @@ replace ( github.com/hashicorp/mdns => github.com/hashicorp/mdns v1.0.1 github.com/hashicorp/memberlist => github.com/hashicorp/memberlist v0.2.0 github.com/hashicorp/serf => github.com/hashicorp/serf v0.9.0 + github.com/hodgesds/perf-utils => github.com/hodgesds/perf-utils v0.0.8 github.com/huandu/xstrings => github.com/huandu/xstrings v1.2.0 github.com/hudl/fargo => github.com/hudl/fargo v1.3.0 github.com/ianlancetaylor/demangle => github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6 @@ -368,15 +418,19 @@ replace ( github.com/influxdata/roaring => github.com/influxdata/roaring v0.4.13-0.20180809181101-fc520f41fab6 github.com/influxdata/tdigest => github.com/influxdata/tdigest v0.0.0-20181121200506-bf2b5ad3c0a9 github.com/influxdata/usage-client => github.com/influxdata/usage-client v0.0.0-20160829180054-6d3895376368 + github.com/jackc/fake => github.com/jackc/fake v0.0.0-20150926172116-812a484cc733 + github.com/jackc/pgx => github.com/jackc/pgx v3.2.0+incompatible github.com/jbenet/go-context => github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 github.com/jessevdk/go-flags => github.com/jessevdk/go-flags v1.4.0 github.com/jinzhu/gorm => github.com/jinzhu/gorm v1.9.2 github.com/jinzhu/inflection => github.com/jinzhu/inflection v0.0.0-20180308033659-04140366298a github.com/jinzhu/now => github.com/jinzhu/now v1.0.0 github.com/jmespath/go-jmespath => github.com/jmespath/go-jmespath v0.3.0 + github.com/joeshaw/multierror => github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 github.com/joho/godotenv => github.com/joho/godotenv v1.3.0 github.com/jonboulle/clockwork => github.com/jonboulle/clockwork v0.1.0 github.com/jpillora/backoff => github.com/jpillora/backoff v1.0.0 + github.com/jsimonetti/rtnetlink => github.com/jsimonetti/rtnetlink v0.0.0-20200117123717-f846d4f6c1f4 github.com/json-iterator/go => github.com/json-iterator/go v1.1.10 github.com/jstemmer/go-junit-report => github.com/jstemmer/go-junit-report v0.9.1 github.com/jsternberg/zap-logfmt => github.com/jsternberg/zap-logfmt v1.0.0 @@ -395,37 +449,52 @@ replace ( github.com/klauspost/cpuid => github.com/klauspost/cpuid v0.0.0-20170728055534-ae7887de9fa5 github.com/klauspost/crc32 => github.com/klauspost/crc32 v0.0.0-20161016154125-cb6bfca970f6 github.com/klauspost/pgzip => github.com/klauspost/pgzip v1.0.2-0.20170402124221-0bf5dcad4ada + github.com/knq/sysutil => github.com/knq/sysutil v0.0.0-20191005231841-15668db23d08 github.com/koding/multiconfig => github.com/koding/multiconfig v0.0.0-20171124222453-69c27309b2d7 github.com/konsorten/go-windows-terminal-sequences => github.com/konsorten/go-windows-terminal-sequences v1.0.2 github.com/kr/pretty => github.com/kr/pretty v0.2.0 github.com/kr/pty => github.com/kr/pty v1.1.5 github.com/kr/text => github.com/kr/text v0.1.0 + github.com/kshvakov/clickhouse => github.com/kshvakov/clickhouse v1.3.5 github.com/kubernetes-csi/external-snapshotter/client/v3 => github.com/kubernetes-csi/external-snapshotter/client/v3 v3.0.0 github.com/kubesphere/sonargo => github.com/kubesphere/sonargo v0.0.2 github.com/kylelemons/godebug => github.com/kylelemons/godebug v0.0.0-20160406211939-eadb3ce320cb + github.com/leanovate/gopter => github.com/leanovate/gopter v0.2.4 github.com/leodido/go-urn => github.com/leodido/go-urn v0.0.0-20181204092800-a67a23e1c1af github.com/lib/pq => github.com/lib/pq v1.2.0 github.com/liggitt/tabwriter => github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de github.com/lightstep/lightstep-tracer-common/golang/gogo => github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743 github.com/lightstep/lightstep-tracer-go => github.com/lightstep/lightstep-tracer-go v0.18.1 github.com/lithammer/dedent => github.com/lithammer/dedent v1.1.0 + github.com/lovoo/gcloud-opentracing => github.com/lovoo/gcloud-opentracing v0.3.0 + github.com/lufia/iostat => github.com/lufia/iostat v1.1.0 github.com/magiconair/properties => github.com/magiconair/properties v1.8.0 github.com/mailru/easyjson => github.com/mailru/easyjson v0.7.1 github.com/markbates/oncer => github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2 github.com/markbates/safe => github.com/markbates/safe v1.0.1 github.com/mattn/go-colorable => github.com/mattn/go-colorable v0.1.6 + github.com/mattn/go-ieproxy => github.com/mattn/go-ieproxy v0.0.0-20191113090002-7c0f6868bffe github.com/mattn/go-isatty => github.com/mattn/go-isatty v0.0.12 github.com/mattn/go-runewidth => github.com/mattn/go-runewidth v0.0.4 github.com/mattn/go-shellwords => github.com/mattn/go-shellwords v1.0.5 github.com/mattn/go-sqlite3 => github.com/mattn/go-sqlite3 v1.11.0 github.com/mattn/go-tty => github.com/mattn/go-tty v0.0.0-20180907095812-13ff1204f104 + github.com/mattn/go-xmlrpc => github.com/mattn/go-xmlrpc v0.0.3 github.com/matttproud/golang_protobuf_extensions => github.com/matttproud/golang_protobuf_extensions v1.0.1 + github.com/mdlayher/genetlink => github.com/mdlayher/genetlink v1.0.0 + github.com/mdlayher/netlink => github.com/mdlayher/netlink v1.1.0 + github.com/mdlayher/wifi => github.com/mdlayher/wifi v0.0.0-20190303161829-b1436901ddee + github.com/mgutz/ansi => github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b github.com/miekg/dns => github.com/miekg/dns v1.1.29 + github.com/minio/md5-simd => github.com/minio/md5-simd v1.1.0 + github.com/minio/minio-go/v7 => github.com/minio/minio-go/v7 v7.0.2 + github.com/minio/sha256-simd => github.com/minio/sha256-simd v0.1.1 github.com/mitchellh/cli => github.com/mitchellh/cli v1.0.0 github.com/mitchellh/copystructure => github.com/mitchellh/copystructure v1.0.0 github.com/mitchellh/go-homedir => github.com/mitchellh/go-homedir v1.1.0 github.com/mitchellh/go-testing-interface => github.com/mitchellh/go-testing-interface v1.0.0 github.com/mitchellh/go-wordwrap => github.com/mitchellh/go-wordwrap v1.0.0 + github.com/mitchellh/hashstructure => github.com/mitchellh/hashstructure v0.0.0-20170609045927-2bca23e0e452 github.com/mitchellh/mapstructure => github.com/mitchellh/mapstructure v1.2.2 github.com/mitchellh/reflectwalk => github.com/mitchellh/reflectwalk v1.0.0 github.com/mna/pigeon => github.com/mna/pigeon v0.0.0-20180808201053-bb0192cfc2ae @@ -433,15 +502,19 @@ replace ( github.com/modern-go/reflect2 => github.com/modern-go/reflect2 v1.0.1 github.com/montanaflynn/stats => github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe github.com/morikuni/aec => github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c + github.com/mozillazg/go-cos => github.com/mozillazg/go-cos v0.13.0 + github.com/mozillazg/go-httpheader => github.com/mozillazg/go-httpheader v0.2.1 github.com/mschoch/smat => github.com/mschoch/smat v0.0.0-20160514031455-90eadee771ae github.com/munnerz/goautoneg => github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 github.com/mwitkow/go-conntrack => github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f github.com/mxk/go-flowrate => github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f + github.com/nakagami/firebirdsql => github.com/nakagami/firebirdsql v0.0.0-20190310045651-3c02a58cfed8 github.com/nats-io/jwt => github.com/nats-io/jwt v0.3.2 github.com/nats-io/nats-server/v2 => github.com/nats-io/nats-server/v2 v2.1.2 github.com/nats-io/nats.go => github.com/nats-io/nats.go v1.9.1 github.com/nats-io/nkeys => github.com/nats-io/nkeys v0.1.3 github.com/nats-io/nuid => github.com/nats-io/nuid v1.0.1 + github.com/ncw/swift => github.com/ncw/swift v1.0.50 github.com/nxadm/tail => github.com/nxadm/tail v1.4.4 github.com/oklog/oklog => github.com/oklog/oklog v0.3.2 github.com/oklog/run => github.com/oklog/run v1.1.0 @@ -454,6 +527,7 @@ replace ( github.com/opencontainers/go-digest => github.com/opencontainers/go-digest v1.0.0-rc1 github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.1 github.com/opencontainers/runc => github.com/opencontainers/runc v0.1.1 + github.com/opentracing-contrib/go-grpc => github.com/opentracing-contrib/go-grpc v0.0.0-20180928155321-4b5a12d3ff02 github.com/opentracing-contrib/go-observer => github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 github.com/opentracing-contrib/go-stdlib => github.com/opentracing-contrib/go-stdlib v0.0.0-20190519235532-cf7a6c988dc9 github.com/opentracing/basictracer-go => github.com/opentracing/basictracer-go v1.0.0 @@ -485,12 +559,16 @@ replace ( github.com/projectcalico/kube-controllers => github.com/projectcalico/kube-controllers v3.8.8+incompatible github.com/projectcalico/libcalico-go => github.com/projectcalico/libcalico-go v1.7.2-0.20191104213956-8f81e1e344ce github.com/prometheus-community/prom-label-proxy => github.com/prometheus-community/prom-label-proxy v0.2.0 + github.com/prometheus-operator/prometheus-operator => github.com/prometheus-operator/prometheus-operator v0.42.2-0.20200928114327-fbd01683839a + github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring => github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.42.1 github.com/prometheus/alertmanager => github.com/prometheus/alertmanager v0.20.0 github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.7.1 github.com/prometheus/client_model => github.com/prometheus/client_model v0.2.0 github.com/prometheus/common => github.com/prometheus/common v0.10.0 + github.com/prometheus/node_exporter => github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289 github.com/prometheus/procfs => github.com/prometheus/procfs v0.1.3 github.com/prometheus/prometheus => github.com/prometheus/prometheus v1.8.2-0.20200507164740-ecee9c8abfd1 + github.com/rafaeljusto/redigomock => github.com/rafaeljusto/redigomock v0.0.0-20190202135759-257e089e14a1 github.com/rcrowley/go-metrics => github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a github.com/retailnext/hllpp => github.com/retailnext/hllpp v1.0.1-0.20180308014038-101a6d2f8b52 github.com/robfig/cron => github.com/robfig/cron v1.2.0 @@ -501,19 +579,26 @@ replace ( github.com/russross/blackfriday => github.com/russross/blackfriday v1.5.2 github.com/ryanuber/columnize => github.com/ryanuber/columnize v2.1.0+incompatible github.com/samuel/go-zookeeper => github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da + github.com/santhosh-tekuri/jsonschema => github.com/santhosh-tekuri/jsonschema v1.2.4 github.com/satori/go.uuid => github.com/satori/go.uuid v1.2.0 github.com/sean-/seed => github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 + github.com/segmentio/fasthash => github.com/segmentio/fasthash v0.0.0-20180216231524-a72b379d632e github.com/segmentio/kafka-go => github.com/segmentio/kafka-go v0.2.0 + github.com/sercand/kuberesolver => github.com/sercand/kuberesolver v2.4.0+incompatible github.com/sergi/go-diff => github.com/sergi/go-diff v1.0.0 github.com/shirou/gopsutil => github.com/shirou/gopsutil v0.0.0-20180427012116-c95755e4bcd7 github.com/shirou/w32 => github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 + github.com/shopspring/decimal => github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24 github.com/shurcooL/httpfs => github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749 github.com/shurcooL/vfsgen => github.com/shurcooL/vfsgen v0.0.0-20181202132449-6a9ea43bcacd + github.com/siebenmann/go-kstat => github.com/siebenmann/go-kstat v0.0.0-20160321171754-d34789b79745 github.com/sirupsen/logrus => github.com/sirupsen/logrus v1.4.2 github.com/smartystreets/assertions => github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d github.com/smartystreets/goconvey => github.com/smartystreets/goconvey v1.6.4 github.com/soheilhy/cmux => github.com/soheilhy/cmux v0.1.4 + github.com/sony/gobreaker => github.com/sony/gobreaker v0.4.1 github.com/sony/sonyflake => github.com/sony/sonyflake v0.0.0-20181109022403-6d5bd6181009 + github.com/soundcloud/go-runit => github.com/soundcloud/go-runit v0.0.0-20150630195641-06ad41a06c4a github.com/spaolacci/murmur3 => github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72 github.com/speps/go-hashids => github.com/speps/go-hashids v2.0.0+incompatible github.com/spf13/afero => github.com/spf13/afero v1.2.2 @@ -523,8 +608,11 @@ replace ( github.com/spf13/pflag => github.com/spf13/pflag v1.0.5 github.com/spf13/viper => github.com/spf13/viper v1.4.0 github.com/src-d/gcfg => github.com/src-d/gcfg v1.4.0 + github.com/streadway/amqp => github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271 + github.com/streadway/handy => github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a github.com/stretchr/objx => github.com/stretchr/objx v0.2.0 github.com/stretchr/testify => github.com/stretchr/testify v1.4.0 + github.com/thanos-io/thanos => github.com/thanos-io/thanos v0.13.1-0.20200910143741-e0b7f7b32e9c github.com/tidwall/pretty => github.com/tidwall/pretty v1.0.0 github.com/tinylib/msgp => github.com/tinylib/msgp v1.1.0 github.com/tmc/grpc-websocket-proxy => github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5 @@ -534,7 +622,11 @@ replace ( github.com/ugorji/go => github.com/ugorji/go v1.1.4 github.com/ugorji/go/codec => github.com/ugorji/go/codec v0.0.0-20190128213124-ee1426cffec0 github.com/urfave/cli => github.com/urfave/cli v1.20.0 + github.com/vektah/gqlparser => github.com/vektah/gqlparser v1.1.2 + github.com/weaveworks/common => github.com/weaveworks/common v0.0.0-20200820123129-280614068c5e + github.com/weaveworks/promrus => github.com/weaveworks/promrus v1.2.0 github.com/willf/bitset => github.com/willf/bitset v1.1.3 + github.com/xanzy/go-gitlab => github.com/xanzy/go-gitlab v0.15.0 github.com/xanzy/ssh-agent => github.com/xanzy/ssh-agent v0.2.1 github.com/xdg/scram => github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c github.com/xdg/stringprep => github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc @@ -550,11 +642,18 @@ replace ( github.com/yvasiyarov/go-metrics => github.com/yvasiyarov/go-metrics v0.0.0-20150112132944-c25f46c4b940 github.com/yvasiyarov/gorelic => github.com/yvasiyarov/gorelic v0.0.6 github.com/yvasiyarov/newrelic_platform_go => github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f + gitlab.com/nyarla/go-crypt => gitlab.com/nyarla/go-crypt v0.0.0-20160106005555-d9a5dc2b789b + go.elastic.co/apm => go.elastic.co/apm v1.5.0 + go.elastic.co/apm/module/apmhttp => go.elastic.co/apm/module/apmhttp v1.5.0 + go.elastic.co/apm/module/apmot => go.elastic.co/apm/module/apmot v1.5.0 + go.elastic.co/fastjson => go.elastic.co/fastjson v1.0.0 go.etcd.io/bbolt => go.etcd.io/bbolt v1.3.3 go.etcd.io/etcd => go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738 go.mongodb.org/mongo-driver => go.mongodb.org/mongo-driver v1.3.2 go.opencensus.io => go.opencensus.io v0.22.3 go.uber.org/atomic => go.uber.org/atomic v1.6.0 + go.uber.org/automaxprocs => go.uber.org/automaxprocs v1.2.0 + go.uber.org/goleak => go.uber.org/goleak v1.1.0 go.uber.org/multierr => go.uber.org/multierr v1.3.0 go.uber.org/tools => go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee go.uber.org/zap => go.uber.org/zap v1.13.0 @@ -596,6 +695,7 @@ replace ( gopkg.in/go-playground/validator.v9 => gopkg.in/go-playground/validator.v9 v9.27.0 gopkg.in/gomail.v2 => gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df gopkg.in/inf.v0 => gopkg.in/inf.v0 v0.9.1 + gopkg.in/ini.v1 => gopkg.in/ini.v1 v1.57.0 gopkg.in/mail.v2 => gopkg.in/mail.v2 v2.3.1 gopkg.in/natefinch/lumberjack.v2 => gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/square/go-jose.v1 => gopkg.in/square/go-jose.v1 v1.1.2 @@ -612,6 +712,7 @@ replace ( gotest.tools => gotest.tools v2.2.0+incompatible helm.sh/helm/v3 => helm.sh/helm/v3 v3.0.1 honnef.co/go/tools => honnef.co/go/tools v0.0.1-2020.1.3 + howett.net/plist => howett.net/plist v0.0.0-20181124034731-591f970eefbb istio.io/api => istio.io/api v0.0.0-20201113182140-d4b7e3fc2b44 istio.io/client-go => istio.io/client-go v0.0.0-20201113183938-0734e976e785 @@ -629,6 +730,7 @@ replace ( k8s.io/klog/v2 => k8s.io/klog/v2 v2.0.0 k8s.io/kube-openapi => k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6 k8s.io/kubectl => k8s.io/kubectl v0.18.6 + k8s.io/kubernetes => k8s.io/kubernetes v1.14.0 k8s.io/metrics => k8s.io/metrics v0.18.6 k8s.io/utils => k8s.io/utils v0.0.0-20200603063816-c1c6865ac451 kubesphere.io/im => kubesphere.io/im v0.1.0 diff --git a/go.sum b/go.sum index 88c16308f..809497da0 100644 --- a/go.sum +++ b/go.sum @@ -7,7 +7,6 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl code.cloudfoundry.org/bytefmt v0.0.0-20190710193110-1eb035ffe2b6 h1:tW+ztA4A9UT9xnco5wUjW1oNi35k22eUEn9tNpPYVwE= code.cloudfoundry.org/bytefmt v0.0.0-20190710193110-1eb035ffe2b6/go.mod h1:wN/zk7mhREp/oviagqUXY3EwuHhWyOvAdsn5Y4CzOrc= collectd.org v0.3.0/go.mod h1:A/8DzQBkF6abtvrT2j/AU/4tiBgJWYyh0y/oB/4MlWE= -github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= github.com/Azure/azure-pipeline-go v0.2.2/go.mod h1:4rQ/NZncSvGqNkkOsNpOU1tgoNuIlp9AfUH5G1tvCHc= github.com/Azure/azure-sdk-for-go v41.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= @@ -84,7 +83,6 @@ github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQ github.com/aws/aws-sdk-go v1.30.12 h1:KrjyosZvkpJjcwMk0RNxMZewQ47v7+ZkbQDXjWsJMs8= github.com/aws/aws-sdk-go v1.30.12/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= -github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs= github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= @@ -116,7 +114,6 @@ github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+ github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5/go.mod h1:/iP1qXHoty45bqomnu2LM+VVyAEdWN+vtSHGlQgyxbw= github.com/chai2010/jsonmap v1.0.0/go.mod h1:+30HSZixzW7NVqyqXTDyQi0hsexrb6hnpvhuW0bot6s= -github.com/chromedp/cdproto v0.0.0-20200116234248-4da64dd111ac/go.mod h1:PfAWWKJqjlGFYJEidUM6aVIWPr0EpobeyVWEEmplX7g= github.com/chromedp/cdproto v0.0.0-20200424080200-0de008e41fa0/go.mod h1:PfAWWKJqjlGFYJEidUM6aVIWPr0EpobeyVWEEmplX7g= github.com/chromedp/chromedp v0.5.3/go.mod h1:YLdPtndaHQ4rCpSpBG+IPpy9JvX0VD+7aaLxYgYj28w= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= @@ -139,6 +136,7 @@ github.com/containernetworking/cni v0.8.0 h1:BT9lpgGoH4jw3lFC7Odz2prU5ruiYKcgAjM github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/coreos/bbolt v1.3.3/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.17+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/go-oidc v2.1.0+incompatible h1:sdJrfw8akMnCuUlaZU3tE/uYXFgfqom8DBE9so9EBsM= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= @@ -146,8 +144,6 @@ github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f h1:JOrtw2xFKzlg+ github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f h1:lBNOc5arjvs8E5mO2tbpBpLoyyu8B6e44T7hJy6potg= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cortexproject/cortex v0.6.1-0.20200228110116-92ab6cbe0995/go.mod h1:3Xa3DjJxtpXqxcMGdk850lcIRb81M0fyY1MQ6udY134= -github.com/cortexproject/cortex v1.2.1-0.20200805064754-d8edc95e2c91/go.mod h1:PVPxNLrxKH+yc8asaJOxuz7TiRmMizFfnSMOnRzM6oM= github.com/cortexproject/cortex v1.3.1-0.20200901115931-255ff3306960/go.mod h1:ub8BpRZrRa02BOM8NJTnI2YklxW/mGhEkJDrhsDfcfg= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= @@ -205,9 +201,7 @@ github.com/elastic/go-elasticsearch/v6 v6.8.2 h1:rp5DGrd63V5c6nHLjF6QEXUpZSvs0+Q github.com/elastic/go-elasticsearch/v6 v6.8.2/go.mod h1:UwaDJsD3rWLM5rKNFzv9hgox93HoX8utj1kxD9aFUcI= github.com/elastic/go-elasticsearch/v7 v7.3.0 h1:H29Nqf9cB9dVxX6LwS+zTDC2D4t9s+8dK8ln4HPS9rw= github.com/elastic/go-elasticsearch/v7 v7.3.0/go.mod h1:OJ4wdbtDNk5g503kvlHLyErCgQwwzmDtaFC4XyOxXA4= -github.com/elastic/go-sysinfo v1.0.1/go.mod h1:O/D5m1VpYLwGjCYzEt63g3Z1uO3jXfwyzzjiW90t8cY= github.com/elastic/go-sysinfo v1.1.1/go.mod h1:i1ZYdU10oLNfRzq4vq62BEwD2fH8KaWh6eh0ikPT9F0= -github.com/elastic/go-windows v1.0.0/go.mod h1:TsU0Nrp7/y3+VwE82FoZF8gC/XFg/Elz6CcloAxnPgU= github.com/elastic/go-windows v1.0.1/go.mod h1:FoVvqWSun28vaDQPbj2Elfc0JahhPB7WQEGa3c814Ss= github.com/elazarl/goproxy v0.0.0-20200315184450-1f3cb6622dad h1:zPs0fNF2Io1Qytf92EI2CDJ9oCXZr+NmjEVexrUEdq4= github.com/elazarl/goproxy v0.0.0-20200315184450-1f3cb6622dad/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= @@ -240,7 +234,6 @@ github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= -github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= @@ -312,8 +305,6 @@ github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJA github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo= github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM= -github.com/gocql/gocql v0.0.0-20190301043612-f6df8288f9b4/go.mod h1:4Fw1eo5iaEhDUs8XyuhSVCVy52Jq3L+/3GJgYkwc+/0= -github.com/gocql/gocql v0.0.0-20200121121104-95d072f1b5bb/go.mod h1:DL0ekTmBSTdlNF25Orwt/JMzqIq3EJ4MVa/J/uK64OY= github.com/gocql/gocql v0.0.0-20200526081602-cd04bd7f22a7/go.mod h1:DL0ekTmBSTdlNF25Orwt/JMzqIq3EJ4MVa/J/uK64OY= github.com/gocraft/dbr v0.0.0-20180507214907-a0fd650918f6 h1:kumyNm8Vr8cbVm/aLQYTbDE3SKCbbn5HEVoDp/Dyyfc= github.com/gocraft/dbr v0.0.0-20180507214907-a0fd650918f6/go.mod h1:K/9g3pPouf13kP5K7pdriQEJAy272R9yXuWuDIEWJTM= @@ -436,8 +427,6 @@ github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqx github.com/jonboulle/clockwork v0.1.0 h1:VKV+ZcuP6l3yW9doeqz6ziZGgcynBVQO+obU0+0hcPo= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= -github.com/jsimonetti/rtnetlink v0.0.0-20190606172950-9527aa82566a/go.mod h1:Oz+70psSo5OFh8DBl0Zv2ACw7Esh6pPUphlvZG9x7uw= -github.com/jsimonetti/rtnetlink v0.0.0-20190830100107-3784a6c7c552/go.mod h1:Oz+70psSo5OFh8DBl0Zv2ACw7Esh6pPUphlvZG9x7uw= github.com/jsimonetti/rtnetlink v0.0.0-20200117123717-f846d4f6c1f4/go.mod h1:WGuG/smIU4J/54PblvSbh+xvCZmpJnFgr3ds6Z55XMQ= github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= @@ -465,7 +454,6 @@ github.com/koding/multiconfig v0.0.0-20171124222453-69c27309b2d7 h1:SWlt7BoQNASb github.com/koding/multiconfig v0.0.0-20171124222453-69c27309b2d7/go.mod h1:Y2SaZf2Rzd0pXkLVhLlCiAXFCLSXAIbTKDivVgff/AM= github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= @@ -477,8 +465,6 @@ github.com/kubernetes-csi/external-snapshotter/client/v3 v3.0.0/go.mod h1:Q7VUue github.com/kubesphere/sonargo v0.0.2 h1:hsSRE3sv3mkPcUAeSABdp7rtfcNW2zzeHXzFa01CTkU= github.com/kubesphere/sonargo v0.0.2/go.mod h1:ww8n9ANlDXhX5PBZ18iaRnCgEkXN0GMml3/KZXOZ11w= github.com/kylelemons/godebug v0.0.0-20160406211939-eadb3ce320cb/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= -github.com/lann/builder v0.0.0-20150808151131-f22ce00fd939/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o= -github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw= github.com/leanovate/gopter v0.2.4/go.mod h1:gNcbPWNEWRe4lm+bycKqxUYoH5uoVje5SkOJ3uoLer8= github.com/leodido/go-urn v0.0.0-20181204092800-a67a23e1c1af/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= github.com/lib/pq v1.2.0 h1:LXpIM/LZ5xGFhOpXAQUIMM1HdyqzVYM13zNdjCEEcA0= @@ -498,8 +484,6 @@ github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsI github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= -github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc= -github.com/mattn/go-ieproxy v0.0.0-20190702010315-6dee0af9227d/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc= github.com/mattn/go-ieproxy v0.0.0-20191113090002-7c0f6868bffe/go.mod h1:pYabZ6IHcRpFh7vIaLfK7rdcWgFEb3SFJ6/gNWuh88E= github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= @@ -512,16 +496,11 @@ github.com/mattn/go-xmlrpc v0.0.3/go.mod h1:mqc2dz7tP5x5BKlCahN/n+hs7OSZKJkS9JsH github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mdlayher/genetlink v1.0.0/go.mod h1:0rJ0h4itni50A86M2kHcgS85ttZazNt7a8H2a2cw0Gc= -github.com/mdlayher/netlink v0.0.0-20190409211403-11939a169225/go.mod h1:eQB3mZE4aiYnlUsyGGCOpPETfdQq4Jhsgf1fk3cwQaA= -github.com/mdlayher/netlink v0.0.0-20190828143259-340058475d09/go.mod h1:KxeJAFOFLG6AjpyDkQ/iIhxygIUKD+vcwqcnu43w/+M= -github.com/mdlayher/netlink v1.0.0/go.mod h1:KxeJAFOFLG6AjpyDkQ/iIhxygIUKD+vcwqcnu43w/+M= github.com/mdlayher/netlink v1.1.0/go.mod h1:H4WCitaheIsdF9yOYu8CFmCgQthAPIWZmcKp9uZHgmY= github.com/mdlayher/wifi v0.0.0-20190303161829-b1436901ddee/go.mod h1:Evt/EIne46u9PtQbeTx2NTcqURpr5K4SvKtGmBuDPN8= github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/miekg/dns v1.1.29/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= github.com/minio/md5-simd v1.1.0/go.mod h1:XpBqgZULrMYD3R+M28PcmP0CkI7PEMzB3U77ZrKZ0Gw= -github.com/minio/minio-go/v6 v6.0.44/go.mod h1:qD0lajrGW49lKZLtXKtCB4X/qkMf0a5tBvN2PaZg7Gg= -github.com/minio/minio-go/v6 v6.0.56/go.mod h1:KQMM+/44DSlSGSQWSfRrAZ12FVMmpWNuX37i2AX0jfI= github.com/minio/minio-go/v7 v7.0.2/go.mod h1:dJ80Mv2HeGkYLH1sqS/ksz07ON6csH3S6JUMSQ2zAns= github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= @@ -606,6 +585,7 @@ github.com/pkg/term v0.0.0-20180730021639-bffc007b7fd5/go.mod h1:eCbImbZ95eXtAUI github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= +github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021 h1:0XM1XL/OFFJjXsYXlG30spTkV/E9+gmd5GD1w2HE8xM= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/pquerna/ffjson v0.0.0-20190813045741-dac163c6c0a9/go.mod h1:YARuvh7BUWHNhzDq2OM5tzR2RiCcN2D7sapiKyCel/M= github.com/projectcalico/go-json v0.0.0-20161128004156-6219dc7339ba h1:aaF2byUCZhzszHsfPEr2M3qcU4ibtD/yk/il2R7T1PU= @@ -654,7 +634,6 @@ github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdh github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/segmentio/fasthash v0.0.0-20180216231524-a72b379d632e/go.mod h1:tm/wZFQ8e24NYaBGIlnO2WGCAi67re4HHuOm0sftE/M= github.com/segmentio/kafka-go v0.2.0/go.mod h1:X6itGqS9L4jDletMsxZ7Dz+JFWxM6JHfPOCvTvk+EJo= -github.com/sercand/kuberesolver v2.1.0+incompatible/go.mod h1:lWF3GL0xptCB/vCiJPl/ZshwPsX/n4Y7u0CW9E7aQIQ= github.com/sercand/kuberesolver v2.4.0+incompatible/go.mod h1:lWF3GL0xptCB/vCiJPl/ZshwPsX/n4Y7u0CW9E7aQIQ= github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= @@ -692,15 +671,11 @@ github.com/spf13/viper v1.4.0 h1:yXHLWeravcrgGyFSyCgdYpXQ9dR9c/WED3pg1RhxqEU= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/src-d/gcfg v1.4.0 h1:xXbNR5AlLSA315x2UO+fTSSAXCDf+Ar38/6oyGbDKQ4= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= -github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/thanos-io/thanos v0.8.1-0.20200109203923-552ffa4c1a0d/go.mod h1:usT/TxtJQ7DzinTt+G9kinDQmRS5sxwu0unVKZ9vdcw= -github.com/thanos-io/thanos v0.13.1-0.20200731083140-69b87607decf/go.mod h1:G8caR6G7pSDreRDvFm9wFuyjEBztmr8Ag3kBYpa/fEc= -github.com/thanos-io/thanos v0.13.1-0.20200807203500-9b578afb4763/go.mod h1:KyW0a93tsh7v4hXAwo2CVAIRYuZT1Kkf4e04gisQjAg= github.com/thanos-io/thanos v0.13.1-0.20200910143741-e0b7f7b32e9c/go.mod h1:1IzeMKiS+pvxbG2M6ZJyi8ZHaAQKXNjDbP2gjhPbSXE= github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= @@ -716,8 +691,6 @@ github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGr github.com/ugorji/go/codec v0.0.0-20190128213124-ee1426cffec0/go.mod h1:iT03XoTwV7xq/+UGwKO3UbC1nNNlopQiY61beSdrtOA= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= -github.com/weaveworks/common v0.0.0-20200206153930-760e36ae819a/go.mod h1:6enWAqfQBFrE8X/XdJwZr8IKgh1chStuFR0mjU/UOUw= -github.com/weaveworks/common v0.0.0-20200625145055-4b1847531bc9/go.mod h1:c98fKi5B9u8OsKGiWHLRKus6ToQ1Tubeow44ECO1uxY= github.com/weaveworks/common v0.0.0-20200820123129-280614068c5e/go.mod h1:hz10LOsAdzC3K/iXaKoFxOKTDRgxJl+BTGX1GY+TzO4= github.com/weaveworks/promrus v1.2.0/go.mod h1:SaE82+OJ91yqjrE1rsvBWVzNZKcHYFtMUyS1+Ogs/KA= github.com/willf/bitset v1.1.3/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= @@ -819,13 +792,12 @@ gopkg.in/go-playground/validator.v9 v9.27.0/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWd gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df/go.mod h1:LRQQ+SO6ZHR7tOkpBDuZnXENFzX8qRjMDMyPD6BRkCw= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/mail.v2 v2.3.1/go.mod h1:htwXN1Qh09vZJ1NVKxQqHPBaCBbzKhp5GzuJEA4VJWw= gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/square/go-jose.v1 v1.1.2/go.mod h1:QpYS+a4WhS+DTlyQIi6Ka7MS3SuR9a055rgXNEe6EiA= +gopkg.in/square/go-jose.v2 v2.4.0 h1:0kXPskUMGAXXWJlP05ktEMOV0vmzFQUWw6d+aZJQU8A= gopkg.in/square/go-jose.v2 v2.4.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/src-d/go-billy.v4 v4.3.0 h1:KtlZ4c1OWbIs4jCv5ZXrTqG8EQocr0g/d4DjNg70aek= gopkg.in/src-d/go-billy.v4 v4.3.0/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk= @@ -881,20 +853,11 @@ k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6 h1:Oh3Mzx5pJ+yIumsAD0MOEC k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= k8s.io/kubectl v0.18.6 h1:IFPNuLPkZ59vSGQzynXY8XGz9yuOSRpkJupnobdYvO4= k8s.io/kubectl v0.18.6/go.mod h1:3TLzFOrF9h4mlRPAvdNkDbs5NWspN4e0EnPnEB41CGo= +k8s.io/kubernetes v1.14.0 h1:6T2iAEoOYQnzQb3WvPlUkcczEEXZ7+YPlAO8olwujRw= +k8s.io/kubernetes v1.14.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= k8s.io/metrics v0.18.6/go.mod h1:iAwGeabusQNO3duHDM7BBExTUB8L+iq8PM7N9EtQw6g= k8s.io/utils v0.0.0-20200603063816-c1c6865ac451 h1:v8ud2Up6QK1lNOKFgiIVrZdMg7MpmSnvtrOieolJKoE= k8s.io/utils v0.0.0-20200603063816-c1c6865ac451/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a h1:UcxjrRMyNx/i/y8G7kPvLyy7rfbeuf1PYyBf973pgyU= -k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= -k8s.io/kubectl v0.17.3 h1:9HHYj07kuFkM+sMJMOyQX29CKWq4lvKAG1UIPxNPMQ4= -k8s.io/kubectl v0.17.3/go.mod h1:NUn4IBY7f7yCMwSop2HCXlw/MVYP4HJBiUmOR3n9w28= -k8s.io/kubernetes v1.14.0 h1:6T2iAEoOYQnzQb3WvPlUkcczEEXZ7+YPlAO8olwujRw= -k8s.io/kubernetes v1.14.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= -k8s.io/metrics v0.17.3/go.mod h1:HEJGy1fhHOjHggW9rMDBJBD3YuGroH3Y1pnIRw9FFaI= -k8s.io/utils v0.0.0-20191114184206-e782cd3c129f h1:GiPwtSzdP43eI1hpPCbROQCCIgCuiMMNF8YUVLF3vJo= -k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= -kubesphere.io/application v1.0.0 h1:1H9HOb2OryNdrlUqrrhqtKC+IWmeE1rUsjrtcgKczEk= -kubesphere.io/application v1.0.0/go.mod h1:Mv+ht9RE/QNtITYCzRbt3XTIN6t6so6cInmiyg6wOIg= kubesphere.io/im v0.1.0 h1:Isu/WBOawUb4fzSlQeD1f6Vbq9pqFS0PmDg8v8iFYaY= kubesphere.io/im v0.1.0/go.mod h1:DHJj/JngMUFyaXecLjBPXj/zk5Oi7ifIixLRp0qJkyA= openpitrix.io/iam v0.1.0 h1:cb1mCusim7EGeoXEfuaVa1m7Co/pzim3keoxxKdv944= diff --git a/pkg/apiserver/authentication/identityprovider/aliyunidaas/idaas.go b/pkg/apiserver/authentication/identityprovider/aliyunidaas/idaas.go index b7a7eab8a..18fd8affb 100644 --- a/pkg/apiserver/authentication/identityprovider/aliyunidaas/idaas.go +++ b/pkg/apiserver/authentication/identityprovider/aliyunidaas/idaas.go @@ -37,7 +37,7 @@ type aliyunIDaaS struct { ClientID string `json:"clientID" yaml:"clientID"` // ClientSecret is the application's secret. - ClientSecret string `json:"-" yaml:"clientSecret"` + ClientSecret string `json:"clientSecret" yaml:"clientSecret"` // Endpoint contains the resource server's token endpoint // URLs. These are constants specific to each server and are @@ -51,6 +51,8 @@ type aliyunIDaaS struct { // Scope specifies optional requested permissions. Scopes []string `json:"scopes" yaml:"scopes"` + + Config *oauth2.Config `json:"-" yaml:"-"` } // endpoint represents an OAuth 2.0 provider's authorization and token @@ -58,7 +60,7 @@ type aliyunIDaaS struct { type endpoint struct { AuthURL string `json:"authURL" yaml:"authURL"` TokenURL string `json:"tokenURL" yaml:"tokenURL"` - UserInfoURL string `json:"user_info_url" yaml:"userInfoUrl"` + UserInfoURL string `json:"userInfoURL" yaml:"userInfoURL"` } type idaasIdentity struct { @@ -81,15 +83,26 @@ type userInfoResp struct { type idaasProviderFactory struct { } -func (g *idaasProviderFactory) Type() string { - return "AliyunIDaasProvider" +func (f *idaasProviderFactory) Type() string { + return "AliyunIDaaSProvider" } -func (g *idaasProviderFactory) Create(options *oauth.DynamicOptions) (identityprovider.OAuthProvider, error) { +func (f *idaasProviderFactory) Create(options oauth.DynamicOptions) (identityprovider.OAuthProvider, error) { var idaas aliyunIDaaS if err := mapstructure.Decode(options, &idaas); err != nil { return nil, err } + idaas.Config = &oauth2.Config{ + ClientID: idaas.ClientID, + ClientSecret: idaas.ClientSecret, + Endpoint: oauth2.Endpoint{ + AuthURL: idaas.Endpoint.AuthURL, + TokenURL: idaas.Endpoint.TokenURL, + AuthStyle: oauth2.AuthStyleAutoDetect, + }, + RedirectURL: idaas.RedirectURL, + Scopes: idaas.Scopes, + } return &idaas, nil } @@ -105,28 +118,13 @@ func (a idaasIdentity) GetEmail() string { return a.Email } -func (a idaasIdentity) GetDisplayName() string { - return a.Nickname -} - func (a *aliyunIDaaS) IdentityExchange(code string) (identityprovider.Identity, error) { - config := oauth2.Config{ - ClientID: a.ClientID, - ClientSecret: a.ClientSecret, - Endpoint: oauth2.Endpoint{ - AuthURL: a.Endpoint.AuthURL, - TokenURL: a.Endpoint.TokenURL, - AuthStyle: oauth2.AuthStyleAutoDetect, - }, - RedirectURL: a.RedirectURL, - Scopes: a.Scopes, - } - token, err := config.Exchange(context.Background(), code) + token, err := a.Config.Exchange(context.TODO(), code) if err != nil { return nil, err } - resp, err := oauth2.NewClient(context.Background(), oauth2.StaticTokenSource(token)).Get(a.Endpoint.UserInfoURL) + resp, err := oauth2.NewClient(context.TODO(), oauth2.StaticTokenSource(token)).Get(a.Endpoint.UserInfoURL) if err != nil { return nil, err } diff --git a/pkg/apiserver/authentication/identityprovider/aliyunidaas/idaas_test.go b/pkg/apiserver/authentication/identityprovider/aliyunidaas/idaas_test.go new file mode 100644 index 000000000..12103d7ca --- /dev/null +++ b/pkg/apiserver/authentication/identityprovider/aliyunidaas/idaas_test.go @@ -0,0 +1,96 @@ +/* +Copyright 2020 The KubeSphere Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package aliyunidaas + +import ( + "golang.org/x/oauth2" + "gopkg.in/yaml.v3" + "kubesphere.io/kubesphere/pkg/apiserver/authentication/identityprovider" + "kubesphere.io/kubesphere/pkg/apiserver/authentication/oauth" + "reflect" + "testing" +) + +func Test_idaasProviderFactory_Create(t *testing.T) { + type args struct { + options oauth.DynamicOptions + } + + mustUnmarshalYAML := func(data string) oauth.DynamicOptions { + var dynamicOptions oauth.DynamicOptions + _ = yaml.Unmarshal([]byte(data), &dynamicOptions) + return dynamicOptions + } + + tests := []struct { + name string + args args + want identityprovider.OAuthProvider + wantErr bool + }{ + { + name: "should create successfully", + args: args{options: mustUnmarshalYAML(` +clientID: xxxx +clientSecret: xxxx +endpoint: + userInfoUrl: "https://xxxxx.login.aliyunidaas.com/api/bff/v1.2/oauth2/userinfo" + authURL: "https://xxxx.login.aliyunidaas.com/oauth/authorize" + tokenURL: "https://xxxx.login.aliyunidaas.com/oauth/token" +redirectURL: "http://ks-console/oauth/redirect" +scopes: +- read +`)}, + want: &aliyunIDaaS{ + ClientID: "xxxx", + ClientSecret: "xxxx", + Endpoint: endpoint{ + AuthURL: "https://xxxx.login.aliyunidaas.com/oauth/authorize", + TokenURL: "https://xxxx.login.aliyunidaas.com/oauth/token", + UserInfoURL: "https://xxxxx.login.aliyunidaas.com/api/bff/v1.2/oauth2/userinfo", + }, + RedirectURL: "http://ks-console/oauth/redirect", + Scopes: []string{"read"}, + Config: &oauth2.Config{ + ClientID: "xxxx", + ClientSecret: "xxxx", + Endpoint: oauth2.Endpoint{ + AuthURL: "https://xxxx.login.aliyunidaas.com/oauth/authorize", + TokenURL: "https://xxxx.login.aliyunidaas.com/oauth/token", + AuthStyle: oauth2.AuthStyleAutoDetect, + }, + RedirectURL: "http://ks-console/oauth/redirect", + Scopes: []string{"read"}, + }, + }, + wantErr: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + f := &idaasProviderFactory{} + got, err := f.Create(tt.args.options) + if (err != nil) != tt.wantErr { + t.Errorf("Create() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("Create() got = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/pkg/apiserver/authentication/identityprovider/generic_provider.go b/pkg/apiserver/authentication/identityprovider/generic_provider.go index d0a96cf65..bc3599f12 100644 --- a/pkg/apiserver/authentication/identityprovider/generic_provider.go +++ b/pkg/apiserver/authentication/identityprovider/generic_provider.go @@ -1,17 +1,19 @@ /* -Copyright 2020 The KubeSphere Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at + Copyright 2020 The KubeSphere Authors. - http://www.apache.org/licenses/LICENSE-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. */ package identityprovider @@ -20,10 +22,6 @@ import ( "kubesphere.io/kubesphere/pkg/apiserver/authentication/oauth" ) -var ( - builtinGenericProviders = make(map[string]GenericProviderFactory) -) - type GenericProvider interface { // Authenticate from remote server Authenticate(username string, password string) (Identity, error) @@ -33,16 +31,5 @@ type GenericProviderFactory interface { // Type unique type of the provider Type() string // Apply the dynamic options from kubesphere-config - Create(options *oauth.DynamicOptions) (GenericProvider, error) -} - -func CreateGenericProvider(providerType string, options *oauth.DynamicOptions) (GenericProvider, error) { - if factory, ok := builtinGenericProviders[providerType]; ok { - return factory.Create(options) - } - return nil, identityProviderNotFound -} - -func RegisterGenericProvider(factory GenericProviderFactory) { - builtinGenericProviders[factory.Type()] = factory + Create(options oauth.DynamicOptions) (GenericProvider, error) } diff --git a/pkg/apiserver/authentication/identityprovider/github/github.go b/pkg/apiserver/authentication/identityprovider/github/github.go index 5cf96c9cb..598f8d7a1 100644 --- a/pkg/apiserver/authentication/identityprovider/github/github.go +++ b/pkg/apiserver/authentication/identityprovider/github/github.go @@ -18,21 +18,25 @@ package github import ( "context" + "crypto/tls" "encoding/json" "github.com/mitchellh/mapstructure" "golang.org/x/oauth2" "io/ioutil" "kubesphere.io/kubesphere/pkg/apiserver/authentication/identityprovider" "kubesphere.io/kubesphere/pkg/apiserver/authentication/oauth" + "net/http" "time" ) const ( - UserInfoURL = "https://api.github.com/user" + userInfoURL = "https://api.github.com/user" + authURL = "https://github.com/login/oauth/authorize" + tokenURL = "https://github.com/login/oauth/access_token" ) func init() { - identityprovider.RegisterOAuthProvider(&githubProviderFactory{}) + identityprovider.RegisterOAuthProvider(&ldapProviderFactory{}) } type github struct { @@ -52,15 +56,21 @@ type github struct { // the OAuth flow, after the resource owner's URLs. RedirectURL string `json:"redirectURL" yaml:"redirectURL"` + // Used to turn off TLS certificate checks + InsecureSkipVerify bool `json:"insecureSkipVerify" yaml:"insecureSkipVerify"` + // Scope specifies optional requested permissions. Scopes []string `json:"scopes" yaml:"scopes"` + + Config *oauth2.Config `json:"-" yaml:"-"` } // endpoint represents an OAuth 2.0 provider's authorization and token // endpoint URLs. type endpoint struct { - AuthURL string `json:"authURL" yaml:"authURL"` - TokenURL string `json:"tokenURL" yaml:"tokenURL"` + AuthURL string `json:"authURL" yaml:"authURL"` + TokenURL string `json:"tokenURL" yaml:"tokenURL"` + UserInfoURL string `json:"userInfoURL" yaml:"userInfoURL"` } type githubIdentity struct { @@ -102,18 +112,44 @@ type githubIdentity struct { Collaborators int `json:"collaborators"` } -type githubProviderFactory struct { +type ldapProviderFactory struct { } -func (g *githubProviderFactory) Type() string { +func (g *ldapProviderFactory) Type() string { return "GitHubIdentityProvider" } -func (g *githubProviderFactory) Create(options *oauth.DynamicOptions) (identityprovider.OAuthProvider, error) { +func (g *ldapProviderFactory) Create(options oauth.DynamicOptions) (identityprovider.OAuthProvider, error) { var github github if err := mapstructure.Decode(options, &github); err != nil { return nil, err } + + if github.Endpoint.AuthURL == "" { + github.Endpoint.AuthURL = authURL + } + if github.Endpoint.TokenURL == "" { + github.Endpoint.TokenURL = tokenURL + } + if github.Endpoint.UserInfoURL == "" { + github.Endpoint.UserInfoURL = userInfoURL + } + // fixed options + options["endpoint"] = oauth.DynamicOptions{ + "authURL": github.Endpoint.AuthURL, + "tokenURL": github.Endpoint.TokenURL, + "userInfoURL": github.Endpoint.UserInfoURL, + } + github.Config = &oauth2.Config{ + ClientID: github.ClientID, + ClientSecret: github.ClientSecret, + Endpoint: oauth2.Endpoint{ + AuthURL: github.Endpoint.AuthURL, + TokenURL: github.Endpoint.TokenURL, + }, + RedirectURL: github.RedirectURL, + Scopes: github.Scopes, + } return &github, nil } @@ -129,29 +165,23 @@ func (g githubIdentity) GetEmail() string { return g.Email } -func (g githubIdentity) GetDisplayName() string { - return "" -} - func (g *github) IdentityExchange(code string) (identityprovider.Identity, error) { - config := oauth2.Config{ - ClientID: g.ClientID, - ClientSecret: g.ClientSecret, - Endpoint: oauth2.Endpoint{ - AuthURL: g.Endpoint.AuthURL, - TokenURL: g.Endpoint.TokenURL, - AuthStyle: oauth2.AuthStyleAutoDetect, - }, - RedirectURL: g.RedirectURL, - Scopes: g.Scopes, + ctx := context.TODO() + if g.InsecureSkipVerify { + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + }, + }, + } + ctx = context.WithValue(ctx, oauth2.HTTPClient, client) } - - token, err := config.Exchange(context.Background(), code) + token, err := g.Config.Exchange(ctx, code) if err != nil { return nil, err } - - resp, err := oauth2.NewClient(context.Background(), oauth2.StaticTokenSource(token)).Get(UserInfoURL) + resp, err := oauth2.NewClient(ctx, oauth2.StaticTokenSource(token)).Get(g.Endpoint.UserInfoURL) if err != nil { return nil, err } diff --git a/pkg/apiserver/authentication/identityprovider/github/github_test.go b/pkg/apiserver/authentication/identityprovider/github/github_test.go new file mode 100644 index 000000000..0fe19f1a4 --- /dev/null +++ b/pkg/apiserver/authentication/identityprovider/github/github_test.go @@ -0,0 +1,160 @@ +/* + + Copyright 2020 The KubeSphere Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/ + +package github + +import ( + "encoding/json" + "fmt" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + "github.com/onsi/gomega/gexec" + "golang.org/x/oauth2" + "gopkg.in/yaml.v3" + "kubesphere.io/kubesphere/pkg/apiserver/authentication/identityprovider" + "kubesphere.io/kubesphere/pkg/apiserver/authentication/oauth" + "net/http" + "net/http/httptest" + "testing" + "time" +) + +var githubServer *httptest.Server + +func TestGithub(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "GitHub Identity Provider Suite") +} + +var _ = BeforeSuite(func(done Done) { + githubServer = httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + var data map[string]interface{} + switch r.RequestURI { + case "/login/oauth/access_token": + data = map[string]interface{}{ + "access_token": "e72e16c7e42f292c6912e7710c838347ae178b4a", + "scope": "user,repo,gist", + "token_type": "bearer", + } + case "/user": + data = map[string]interface{}{ + "login": "test", + "email": "test@kubesphere.io", + } + default: + w.WriteHeader(http.StatusInternalServerError) + w.Write([]byte("not implemented")) + return + } + + w.Header().Add("Content-Type", "application/json") + json.NewEncoder(w).Encode(data) + })) + close(done) +}, 60) + +var _ = AfterSuite(func() { + By("tearing down the test environment") + gexec.KillAndWait(5 * time.Second) + githubServer.Close() +}) + +var _ = Describe("GitHub", func() { + Context("GitHub", func() { + var ( + provider identityprovider.OAuthProvider + err error + ) + It("should configure successfully", func() { + configYAML := ` +clientID: de6ff8bed0304e487b6e +clientSecret: 2b70536f79ec8d2939863509d05e2a71c268b9af +redirectURL: "http://ks-console/oauth/redirect" +scopes: +- user +` + config := mustUnmarshalYAML(configYAML) + factory := ldapProviderFactory{} + provider, err = factory.Create(config) + Expect(err).Should(BeNil()) + expected := &github{ + ClientID: "de6ff8bed0304e487b6e", + ClientSecret: "2b70536f79ec8d2939863509d05e2a71c268b9af", + Endpoint: endpoint{ + AuthURL: authURL, + TokenURL: tokenURL, + UserInfoURL: userInfoURL, + }, + RedirectURL: "http://ks-console/oauth/redirect", + Scopes: []string{"user"}, + Config: &oauth2.Config{ + ClientID: "de6ff8bed0304e487b6e", + ClientSecret: "2b70536f79ec8d2939863509d05e2a71c268b9af", + Endpoint: oauth2.Endpoint{ + AuthURL: authURL, + TokenURL: tokenURL, + }, + RedirectURL: "http://ks-console/oauth/redirect", + Scopes: []string{"user"}, + }, + } + Expect(provider).Should(Equal(expected)) + }) + It("should configure successfully", func() { + config := oauth.DynamicOptions{ + "clientID": "de6ff8bed0304e487b6e", + "clientSecret": "2b70536f79ec8d2939863509d05e2a71c268b9af", + "redirectURL": "http://ks-console/oauth/redirect", + "insecureSkipVerify": true, + "endpoint": oauth.DynamicOptions{ + "authURL": fmt.Sprintf("%s/login/oauth/authorize", githubServer.URL), + "tokenURL": fmt.Sprintf("%s/login/oauth/access_token", githubServer.URL), + "userInfoURL": fmt.Sprintf("%s/user", githubServer.URL), + }, + } + factory := ldapProviderFactory{} + provider, err = factory.Create(config) + Expect(err).Should(BeNil()) + expected := oauth.DynamicOptions{ + "clientID": "de6ff8bed0304e487b6e", + "clientSecret": "2b70536f79ec8d2939863509d05e2a71c268b9af", + "redirectURL": "http://ks-console/oauth/redirect", + "insecureSkipVerify": true, + "endpoint": oauth.DynamicOptions{ + "authURL": fmt.Sprintf("%s/login/oauth/authorize", githubServer.URL), + "tokenURL": fmt.Sprintf("%s/login/oauth/access_token", githubServer.URL), + "userInfoURL": fmt.Sprintf("%s/user", githubServer.URL), + }, + } + Expect(config).Should(Equal(expected)) + }) + It("should login successfully", func() { + identity, err := provider.IdentityExchange("3389") + Expect(err).Should(BeNil()) + Expect(identity.GetUserID()).Should(Equal("test")) + Expect(identity.GetUsername()).Should(Equal("test")) + Expect(identity.GetEmail()).Should(Equal("test@kubesphere.io")) + }) + }) +}) + +func mustUnmarshalYAML(data string) oauth.DynamicOptions { + var dynamicOptions oauth.DynamicOptions + _ = yaml.Unmarshal([]byte(data), &dynamicOptions) + return dynamicOptions +} diff --git a/pkg/apiserver/authentication/identityprovider/identity.go b/pkg/apiserver/authentication/identityprovider/identity.go deleted file mode 100644 index 858e1f357..000000000 --- a/pkg/apiserver/authentication/identityprovider/identity.go +++ /dev/null @@ -1,28 +0,0 @@ -/* -Copyright 2020 The KubeSphere Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package identityprovider - -type Identity interface { - // required - GetUserID() string - // optional - GetUsername() string - // optional - GetDisplayName() string - // optional - GetEmail() string -} diff --git a/pkg/apiserver/authentication/identityprovider/identity_provider.go b/pkg/apiserver/authentication/identityprovider/identity_provider.go new file mode 100644 index 000000000..123073746 --- /dev/null +++ b/pkg/apiserver/authentication/identityprovider/identity_provider.go @@ -0,0 +1,104 @@ +/* +Copyright 2020 The KubeSphere Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package identityprovider + +import ( + "errors" + "fmt" + "k8s.io/klog" + "kubesphere.io/kubesphere/pkg/apiserver/authentication/oauth" +) + +var ( + oauthProviderFactories = make(map[string]OAuthProviderFactory) + genericProviderFactories = make(map[string]GenericProviderFactory) + identityProviderNotFound = errors.New("identity provider not found") + oauthProviders = make(map[string]OAuthProvider) + genericProviders = make(map[string]GenericProvider) +) + +// Identity represents the account mapped to kubesphere +type Identity interface { + // required + // Identifier for the End-User at the Issuer. + GetUserID() string + // optional + // The username which the End-User wishes to be referred to kubesphere. + GetUsername() string + // optional + GetEmail() string +} + +// SetupWithOptions will verify the configuration and initialize the identityProviders +func SetupWithOptions(options []oauth.IdentityProviderOptions) error { + for _, o := range options { + if oauthProviders[o.Name] != nil || genericProviders[o.Name] != nil { + err := fmt.Errorf("duplicate identity provider found: %s, name must be unique", o.Name) + klog.Error(err) + return err + } + if genericProviderFactories[o.Type] == nil && oauthProviderFactories[o.Type] == nil { + err := fmt.Errorf("identity provider %s with type %s is not supported", o.Name, o.Type) + klog.Error(err) + return err + } + if factory, ok := oauthProviderFactories[o.Type]; ok { + if provider, err := factory.Create(o.Provider); err != nil { + // don’t return errors, decoupling external dependencies + klog.Error(fmt.Sprintf("failed to create identity provider %s: %s", o.Name, err)) + } else { + oauthProviders[o.Name] = provider + klog.V(4).Infof("create identity provider %s successfully", o.Name) + } + } + if factory, ok := genericProviderFactories[o.Type]; ok { + if provider, err := factory.Create(o.Provider); err != nil { + klog.Error(fmt.Sprintf("failed to create identity provider %s: %s", o.Name, err)) + } else { + genericProviders[o.Name] = provider + klog.V(4).Infof("create identity provider %s successfully", o.Name) + } + } + } + return nil +} + +// GetGenericProvider returns GenericProvider with given name +func GetGenericProvider(providerName string) (GenericProvider, error) { + if provider, ok := genericProviders[providerName]; ok { + return provider, nil + } + return nil, identityProviderNotFound +} + +// GetGenericProvider returns OAuthProvider with given name +func GetOAuthProvider(providerName string) (OAuthProvider, error) { + if provider, ok := oauthProviders[providerName]; ok { + return provider, nil + } + return nil, identityProviderNotFound +} + +// RegisterOAuthProvider register OAuthProviderFactory with the specified type +func RegisterOAuthProvider(factory OAuthProviderFactory) { + oauthProviderFactories[factory.Type()] = factory +} + +// RegisterOAuthProvider register GenericProviderFactory with the specified type +func RegisterGenericProvider(factory GenericProviderFactory) { + genericProviderFactories[factory.Type()] = factory +} diff --git a/pkg/apiserver/authentication/identityprovider/identity_provider_test.go b/pkg/apiserver/authentication/identityprovider/identity_provider_test.go new file mode 100644 index 000000000..368972515 --- /dev/null +++ b/pkg/apiserver/authentication/identityprovider/identity_provider_test.go @@ -0,0 +1,135 @@ +/* + + Copyright 2020 The KubeSphere Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/ + +package identityprovider + +import ( + "kubesphere.io/kubesphere/pkg/apiserver/authentication/oauth" + "testing" +) + +type emptyOAuthProviderFactory struct { + typeName string +} + +func (e emptyOAuthProviderFactory) Type() string { + return e.typeName +} + +type emptyOAuthProvider struct { +} + +type emptyIdentity struct { +} + +func (e emptyIdentity) GetUserID() string { + return "test" +} + +func (e emptyIdentity) GetUsername() string { + return "test" +} + +func (e emptyIdentity) GetEmail() string { + return "test@test.com" +} + +func (e emptyOAuthProvider) IdentityExchange(code string) (Identity, error) { + return emptyIdentity{}, nil +} + +func (e emptyOAuthProviderFactory) Create(options oauth.DynamicOptions) (OAuthProvider, error) { + return emptyOAuthProvider{}, nil +} + +type emptyGenericProviderFactory struct { + typeName string +} + +func (e emptyGenericProviderFactory) Type() string { + return e.typeName +} + +type emptyGenericProvider struct { +} + +func (e emptyGenericProvider) Authenticate(username string, password string) (Identity, error) { + return emptyIdentity{}, nil +} + +func (e emptyGenericProviderFactory) Create(options oauth.DynamicOptions) (GenericProvider, error) { + return emptyGenericProvider{}, nil +} + +func TestSetupWith(t *testing.T) { + RegisterOAuthProvider(emptyOAuthProviderFactory{typeName: "GitHubIdentityProvider"}) + RegisterOAuthProvider(emptyOAuthProviderFactory{typeName: "OIDCIdentityProvider"}) + RegisterGenericProvider(emptyGenericProviderFactory{typeName: "LDAPIdentityProvider"}) + type args struct { + options []oauth.IdentityProviderOptions + } + tests := []struct { + name string + args args + wantErr bool + }{ + { + name: "ldap", + args: args{options: []oauth.IdentityProviderOptions{ + { + Name: "ldap", + MappingMethod: "auto", + Type: "LDAPIdentityProvider", + Provider: oauth.DynamicOptions{}, + }, + }}, + wantErr: false, + }, + { + name: "conflict", + args: args{options: []oauth.IdentityProviderOptions{ + { + Name: "ldap", + MappingMethod: "auto", + Type: "LDAPIdentityProvider", + Provider: oauth.DynamicOptions{}, + }, + }}, + wantErr: true, + }, + { + name: "not supported", + args: args{options: []oauth.IdentityProviderOptions{ + { + Name: "test", + MappingMethod: "auto", + Type: "NotSupported", + Provider: oauth.DynamicOptions{}, + }, + }}, + wantErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if err := SetupWithOptions(tt.args.options); (err != nil) != tt.wantErr { + t.Errorf("SetupWithOptions() error = %v, wantErr %v", err, tt.wantErr) + } + }) + } +} diff --git a/pkg/apiserver/authentication/identityprovider/ldap/ldap_provider.go b/pkg/apiserver/authentication/identityprovider/ldap/ldap.go similarity index 89% rename from pkg/apiserver/authentication/identityprovider/ldap/ldap_provider.go rename to pkg/apiserver/authentication/identityprovider/ldap/ldap.go index af13892c2..2bd5df527 100644 --- a/pkg/apiserver/authentication/identityprovider/ldap/ldap_provider.go +++ b/pkg/apiserver/authentication/identityprovider/ldap/ldap.go @@ -72,9 +72,8 @@ type ldapProvider struct { GroupMemberAttribute string `json:"groupMemberAttribute,omitempty" yaml:"groupMemberAttribute"` // The following three fields are direct mappings of attributes on the user entry. // login attribute used for comparing user entries. - LoginAttribute string `json:"loginAttribute" yaml:"loginAttribute"` - MailAttribute string `json:"mailAttribute" yaml:"mailAttribute"` - DisplayNameAttribute string `json:"displayNameAttribute" yaml:"displayNameAttribute"` + LoginAttribute string `json:"loginAttribute" yaml:"loginAttribute"` + MailAttribute string `json:"mailAttribute" yaml:"mailAttribute"` } type ldapProviderFactory struct { @@ -84,7 +83,7 @@ func (l *ldapProviderFactory) Type() string { return ldapIdentityProvider } -func (l *ldapProviderFactory) Create(options *oauth.DynamicOptions) (identityprovider.GenericProvider, error) { +func (l *ldapProviderFactory) Create(options oauth.DynamicOptions) (identityprovider.GenericProvider, error) { var ldapProvider ldapProvider if err := mapstructure.Decode(options, &ldapProvider); err != nil { return nil, err @@ -96,9 +95,8 @@ func (l *ldapProviderFactory) Create(options *oauth.DynamicOptions) (identitypro } type ldapIdentity struct { - Username string - Email string - DisplayName string + Username string + Email string } func (l *ldapIdentity) GetUserID() string { @@ -113,10 +111,6 @@ func (l *ldapIdentity) GetEmail() string { return l.Email } -func (l *ldapIdentity) GetDisplayName() string { - return l.DisplayName -} - func (l ldapProvider) Authenticate(username string, password string) (identityprovider.Identity, error) { conn, err := l.newConn() if err != nil { @@ -141,7 +135,7 @@ func (l ldapProvider) Authenticate(username string, password string) (identitypr TimeLimit: 0, TypesOnly: false, Filter: filter, - Attributes: []string{l.LoginAttribute, l.MailAttribute, l.DisplayNameAttribute}, + Attributes: []string{l.LoginAttribute, l.MailAttribute}, }) if err != nil { klog.Error(err) @@ -161,11 +155,9 @@ func (l ldapProvider) Authenticate(username string, password string) (identitypr return nil, err } email := entry.GetAttributeValue(l.MailAttribute) - displayName := entry.GetAttributeValue(l.DisplayNameAttribute) return &ldapIdentity{ - Username: username, - DisplayName: displayName, - Email: email, + Username: username, + Email: email, }, nil } diff --git a/pkg/apiserver/authentication/identityprovider/ldap/ldap_provider_test.go b/pkg/apiserver/authentication/identityprovider/ldap/ldap_test.go similarity index 93% rename from pkg/apiserver/authentication/identityprovider/ldap/ldap_provider_test.go rename to pkg/apiserver/authentication/identityprovider/ldap/ldap_test.go index f32bae4da..0ce91b015 100644 --- a/pkg/apiserver/authentication/identityprovider/ldap/ldap_provider_test.go +++ b/pkg/apiserver/authentication/identityprovider/ldap/ldap_test.go @@ -40,7 +40,7 @@ mailAttribute: mail if err != nil { t.Fatal(err) } - got, err := new(ldapProviderFactory).Create(&dynamicOptions) + got, err := new(ldapProviderFactory).Create(dynamicOptions) if err != nil { t.Fatal(err) } @@ -61,7 +61,6 @@ mailAttribute: mail GroupMemberAttribute: "", LoginAttribute: "uid", MailAttribute: "mail", - DisplayNameAttribute: "", } if diff := cmp.Diff(got, expected); diff != "" { t.Errorf("%T differ (-got, +want): %s", expected, diff) @@ -81,7 +80,7 @@ func TestLdapProvider_Authenticate(t *testing.T) { if err = yaml.Unmarshal(options, &dynamicOptions); err != nil { t.Fatal(err) } - ldapProvider, err := new(ldapProviderFactory).Create(&dynamicOptions) + ldapProvider, err := new(ldapProviderFactory).Create(dynamicOptions) if err != nil { t.Fatal(err) } diff --git a/pkg/apiserver/authentication/identityprovider/oauth_provider.go b/pkg/apiserver/authentication/identityprovider/oauth_provider.go index eb7e051cd..12efc0ae1 100644 --- a/pkg/apiserver/authentication/identityprovider/oauth_provider.go +++ b/pkg/apiserver/authentication/identityprovider/oauth_provider.go @@ -16,15 +16,9 @@ limitations under the License. package identityprovider import ( - "errors" "kubesphere.io/kubesphere/pkg/apiserver/authentication/oauth" ) -var ( - builtinOAuthProviders = make(map[string]OAuthProviderFactory) - identityProviderNotFound = errors.New("identity provider not found") -) - type OAuthProvider interface { // IdentityExchange exchange identity from remote server IdentityExchange(code string) (Identity, error) @@ -34,16 +28,5 @@ type OAuthProviderFactory interface { // Type unique type of the provider Type() string // Apply the dynamic options from kubesphere-config - Create(options *oauth.DynamicOptions) (OAuthProvider, error) -} - -func CreateOAuthProvider(providerType string, options *oauth.DynamicOptions) (OAuthProvider, error) { - if provider, ok := builtinOAuthProviders[providerType]; ok { - return provider.Create(options) - } - return nil, identityProviderNotFound -} - -func RegisterOAuthProvider(factory OAuthProviderFactory) { - builtinOAuthProviders[factory.Type()] = factory + Create(options oauth.DynamicOptions) (OAuthProvider, error) } diff --git a/pkg/apiserver/authentication/identityprovider/oidc/oidc.go b/pkg/apiserver/authentication/identityprovider/oidc/oidc.go new file mode 100644 index 000000000..cd3c190c8 --- /dev/null +++ b/pkg/apiserver/authentication/identityprovider/oidc/oidc.go @@ -0,0 +1,282 @@ +/* +Copyright 2020 The KubeSphere Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package oidc + +import ( + "context" + "crypto/tls" + "encoding/json" + "errors" + "fmt" + "github.com/coreos/go-oidc" + "github.com/dgrijalva/jwt-go" + "github.com/mitchellh/mapstructure" + "golang.org/x/oauth2" + "io/ioutil" + "kubesphere.io/kubesphere/pkg/apiserver/authentication/identityprovider" + "kubesphere.io/kubesphere/pkg/apiserver/authentication/oauth" + "net/http" +) + +func init() { + identityprovider.RegisterOAuthProvider(&oidcProviderFactory{}) +} + +type oidcProvider struct { + // Defines how Clients dynamically discover information about OpenID Providers + // See also, https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig + Issuer string `json:"issuer,omitempty" yaml:"issuer,omitempty"` + + // ClientID is the application's ID. + ClientID string `json:"clientID" yaml:"clientID"` + + // ClientSecret is the application's secret. + ClientSecret string `json:"-" yaml:"clientSecret"` + + // Endpoint contains the resource server's token endpoint URLs. + // These are constants specific to each server and are often available via site-specific packages, + // such as google.Endpoint or github.Endpoint. + Endpoint endpoint `json:"endpoint" yaml:"endpoint"` + + // RedirectURL is the URL to redirect users going through + // the OAuth flow, after the resource owner's URLs. + RedirectURL string `json:"redirectURL" yaml:"redirectURL"` + + // Scope specifies optional requested permissions. + Scopes []string `json:"scopes" yaml:"scopes"` + + // GetUserInfo uses the userinfo endpoint to get additional claims for the token. + // This is especially useful where upstreams return "thin" id tokens + // See also, https://openid.net/specs/openid-connect-core-1_0.html#UserInfo + GetUserInfo bool `json:"getUserInfo" yaml:"getUserInfo"` + + // Used to turn off TLS certificate checks + InsecureSkipVerify bool `json:"insecureSkipVerify" yaml:"insecureSkipVerify"` + + // Configurable key which contains the email claims + EmailKey string `json:"emailKey" yaml:"emailKey"` + + // Configurable key which contains the preferred username claims + PreferredUsernameKey string `json:"preferredUsernameKey" yaml:"preferredUsernameKey"` + + Provider *oidc.Provider `json:"-" yaml:"-"` + OAuth2Config *oauth2.Config `json:"-" yaml:"-"` + Verifier *oidc.IDTokenVerifier `json:"-" yaml:"-"` +} + +// endpoint represents an OAuth 2.0 provider's authorization and token +// endpoint URLs. +type endpoint struct { + // URL of the OP's OAuth 2.0 Authorization Endpoint [OpenID.Core](https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Core). + AuthURL string `json:"authURL" yaml:"authURL"` + // URL of the OP's OAuth 2.0 Token Endpoint [OpenID.Core](https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Core). + // This is REQUIRED unless only the Implicit Flow is used. + TokenURL string `json:"tokenURL" yaml:"tokenURL"` + // URL of the OP's UserInfo Endpoint [OpenID.Core](https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Core). + // This URL MUST use the https scheme and MAY contain port, path, and query parameter components. + UserInfoURL string `json:"userInfoURL" yaml:"userInfoURL"` + // URL of the OP's JSON Web Key Set [JWK](https://openid.net/specs/openid-connect-discovery-1_0.html#JWK) document. + JWKSURL string `json:"jwksURL"` +} + +type oidcIdentity struct { + // Subject - Identifier for the End-User at the Issuer. + Sub string `json:"sub"` + // Shorthand name by which the End-User wishes to be referred to at the RP, + // such as janedoe or j.doe. This value MAY be any valid JSON string including special characters such as @, /, or whitespace. + // The RP MUST NOT rely upon this value being unique + PreferredUsername string `json:"preferred_username"` + // End-User's preferred e-mail address. + // Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax. + // The RP MUST NOT rely upon this value being unique. + Email string `json:"email"` +} + +func (o oidcIdentity) GetUserID() string { + return o.Sub +} + +func (o oidcIdentity) GetUsername() string { + return o.PreferredUsername +} + +func (o oidcIdentity) GetEmail() string { + return o.Email +} + +type oidcProviderFactory struct { +} + +func (f *oidcProviderFactory) Type() string { + return "OIDCIdentityProvider" +} + +func (f *oidcProviderFactory) Create(options oauth.DynamicOptions) (identityprovider.OAuthProvider, error) { + var oidcProvider oidcProvider + if err := mapstructure.Decode(options, &oidcProvider); err != nil { + return nil, err + } + // dynamically discover + if oidcProvider.Issuer != "" { + ctx := context.TODO() + if oidcProvider.InsecureSkipVerify { + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + }, + }, + } + ctx = oidc.ClientContext(ctx, client) + } + provider, err := oidc.NewProvider(ctx, oidcProvider.Issuer) + if err != nil { + return nil, fmt.Errorf("failed to create oidc provider: %v", err) + } + var providerJSON map[string]interface{} + if err = provider.Claims(&providerJSON); err != nil { + return nil, fmt.Errorf("failed to decode oidc provider claims: %v", err) + } + oidcProvider.Endpoint.AuthURL, _ = providerJSON["authorization_endpoint"].(string) + oidcProvider.Endpoint.TokenURL, _ = providerJSON["token_endpoint"].(string) + oidcProvider.Endpoint.UserInfoURL, _ = providerJSON["userinfo_endpoint"].(string) + oidcProvider.Endpoint.JWKSURL, _ = providerJSON["jwks_uri"].(string) + oidcProvider.Provider = provider + oidcProvider.Verifier = provider.Verifier(&oidc.Config{ + // TODO: support HS256 + ClientID: oidcProvider.ClientID, + }) + options["endpoint"] = oauth.DynamicOptions{ + "authURL": oidcProvider.Endpoint.AuthURL, + "tokenURL": oidcProvider.Endpoint.TokenURL, + "userInfoURL": oidcProvider.Endpoint.UserInfoURL, + "jwksURL": oidcProvider.Endpoint.JWKSURL, + } + } + scopes := []string{oidc.ScopeOpenID} + if len(oidcProvider.Scopes) > 0 { + scopes = append(scopes, oidcProvider.Scopes...) + } else { + scopes = append(scopes, "openid", "profile", "email") + } + oidcProvider.Scopes = scopes + oidcProvider.OAuth2Config = &oauth2.Config{ + ClientID: oidcProvider.ClientID, + ClientSecret: oidcProvider.ClientSecret, + Endpoint: oauth2.Endpoint{ + TokenURL: oidcProvider.Endpoint.TokenURL, + AuthURL: oidcProvider.Endpoint.AuthURL, + }, + RedirectURL: oidcProvider.RedirectURL, + Scopes: oidcProvider.Scopes, + } + + return &oidcProvider, nil +} + +func (o *oidcProvider) IdentityExchange(code string) (identityprovider.Identity, error) { + ctx := context.TODO() + if o.InsecureSkipVerify { + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + }, + }, + } + ctx = context.WithValue(ctx, oauth2.HTTPClient, client) + } + token, err := o.OAuth2Config.Exchange(ctx, code) + if err != nil { + return nil, fmt.Errorf("oidc: failed to get token: %v", err) + } + rawIDToken, ok := token.Extra("id_token").(string) + if !ok { + return nil, errors.New("no id_token in token response") + } + var claims jwt.MapClaims + if o.Verifier != nil { + idToken, err := o.Verifier.Verify(ctx, rawIDToken) + if err != nil { + return nil, fmt.Errorf("failed to verify id token: %v", err) + } + if err := idToken.Claims(&claims); err != nil { + return nil, fmt.Errorf("failed to decode id token claims: %v", err) + } + } else { + _, _, err := new(jwt.Parser).ParseUnverified(rawIDToken, &claims) + if err != nil { + return nil, fmt.Errorf("failed to decode id token claims: %v", err) + } + if err := claims.Valid(); err != nil { + return nil, fmt.Errorf("failed to verify id token: %v", err) + } + } + if o.GetUserInfo { + if o.Provider != nil { + userInfo, err := o.Provider.UserInfo(ctx, oauth2.StaticTokenSource(token)) + if err != nil { + return nil, fmt.Errorf("failed to fetch userinfo: %v", err) + } + if err := userInfo.Claims(&claims); err != nil { + return nil, fmt.Errorf("failed to decode userinfo claims: %v", err) + } + } else { + resp, err := oauth2.NewClient(ctx, oauth2.StaticTokenSource(token)).Get(o.Endpoint.UserInfoURL) + if err != nil { + return nil, fmt.Errorf("failed to fetch userinfo: %v", err) + } + data, err := ioutil.ReadAll(resp.Body) + if err != nil { + return nil, fmt.Errorf("failed to fetch userinfo: %v", err) + } + _ = resp.Body.Close() + if err := json.Unmarshal(data, &claims); err != nil { + return nil, fmt.Errorf("failed to decode userinfo claims: %v", err) + } + } + } + + subject, ok := claims["sub"].(string) + if !ok { + return nil, errors.New("missing required claim \"sub\"") + } + + var email string + emailKey := "email" + if o.EmailKey != "" { + emailKey = o.EmailKey + } + email, _ = claims[emailKey].(string) + + var preferredUsername string + preferredUsernameKey := "preferred_username" + if o.PreferredUsernameKey != "" { + preferredUsernameKey = o.PreferredUsernameKey + } + preferredUsername, _ = claims[preferredUsernameKey].(string) + + if preferredUsername == "" { + preferredUsername, _ = claims["name"].(string) + } + + return &oidcIdentity{ + Sub: subject, + PreferredUsername: preferredUsername, + Email: email, + }, nil +} diff --git a/pkg/apiserver/authentication/identityprovider/oidc/oidc_test.go b/pkg/apiserver/authentication/identityprovider/oidc/oidc_test.go new file mode 100644 index 000000000..876dfaf00 --- /dev/null +++ b/pkg/apiserver/authentication/identityprovider/oidc/oidc_test.go @@ -0,0 +1,214 @@ +/* + + Copyright 2020 The KubeSphere Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/ + +package oidc + +import ( + "bytes" + cryptorand "crypto/rand" + "crypto/rsa" + "encoding/base64" + "encoding/binary" + "encoding/json" + "fmt" + "github.com/dgrijalva/jwt-go" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + "github.com/onsi/gomega/gexec" + "gopkg.in/square/go-jose.v2" + "kubesphere.io/kubesphere/pkg/apiserver/authentication/identityprovider" + "kubesphere.io/kubesphere/pkg/apiserver/authentication/oauth" + "net/http" + "net/http/httptest" + "strings" + "testing" + "time" +) + +var ( + oidcServer *httptest.Server +) + +func TestOIDC(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "OIDC Identity Provider Suite") +} + +var _ = BeforeSuite(func(done Done) { + privateKey, err := rsa.GenerateKey(cryptorand.Reader, 2048) + Expect(err).Should(BeNil()) + jwk := jose.JSONWebKey{ + Key: privateKey, + KeyID: "keyID", + Algorithm: "RSA", + } + oidcServer = httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + var data interface{} + switch r.RequestURI { + case "/.well-known/openid-configuration": + data = map[string]interface{}{ + "issuer": oidcServer.URL, + "token_endpoint": fmt.Sprintf("%s/token", oidcServer.URL), + "authorization_endpoint": fmt.Sprintf("%s/authorize", oidcServer.URL), + "userinfo_endpoint": fmt.Sprintf("%s/userinfo", oidcServer.URL), + "jwks_uri": fmt.Sprintf("%s/keys", oidcServer.URL), + "response_types_supported": []string{ + "code", + "token", + "id_token", + "none", + }, + "id_token_signing_alg_values_supported": []string{ + "RS256", + }, + "scopes_supported": []string{ + "openid", + "email", + "profile", + }, + "token_endpoint_auth_methods_supported": []string{ + "client_secret_post", + "client_secret_basic", + }, + "claims_supported": []string{ + "aud", + "email", + "email_verified", + "exp", + "iat", + "iss", + "name", + "sub", + }, + "code_challenge_methods_supported": []string{ + "plain", + "S256", + }, + "grant_types_supported": []string{ + "authorization_code", + "refresh_token", + }, + } + case "/user": + data = map[string]interface{}{ + "login": "test", + "email": "test@kubesphere.io", + } + case "/keys": + data = map[string]interface{}{ + "keys": []map[string]interface{}{{ + "alg": jwk.Algorithm, + "kty": jwk.Algorithm, + "kid": jwk.KeyID, + "n": n(&privateKey.PublicKey), + "e": e(&privateKey.PublicKey), + }}, + } + case "/token": + claims := jwt.MapClaims{ + "iss": oidcServer.URL, + "sub": "110169484474386276334", + "aud": "kubesphere", + "email": "test@kubesphere.io", + "email_verified": "true", + "name": "test", + "iat": time.Now().Unix(), + "exp": time.Now().Add(10 * time.Hour).Unix(), + } + idToken, _ := jwt.NewWithClaims(jwt.SigningMethodRS256, claims).SignedString(privateKey) + data = map[string]interface{}{ + "access_token": "e72e16c7e42f292c6912e7710c838347ae178b4a", + "id_token": idToken, + "token_type": "Bearer", + "expires_in": 3600, + } + default: + fmt.Println(r.URL) + w.WriteHeader(http.StatusInternalServerError) + w.Write([]byte("not implemented")) + return + } + + w.Header().Add("Content-Type", "application/json") + json.NewEncoder(w).Encode(data) + })) + close(done) +}, 60) + +var _ = AfterSuite(func() { + By("tearing down the test environment") + gexec.KillAndWait(5 * time.Second) + oidcServer.Close() +}) + +var _ = Describe("OIDC", func() { + Context("OIDC", func() { + var ( + provider identityprovider.OAuthProvider + err error + ) + It("should configure successfully", func() { + config := oauth.DynamicOptions{ + "issuer": oidcServer.URL, + "clientID": "kubesphere", + "clientSecret": "c53e80ab92d48ab12f4e7f1f6976d1bdc996e0d7", + "redirectURL": "http://ks-console/oauth/redirect", + "insecureSkipVerify": true, + } + factory := oidcProviderFactory{} + provider, err = factory.Create(config) + Expect(err).Should(BeNil()) + expected := oauth.DynamicOptions{ + "issuer": oidcServer.URL, + "clientID": "kubesphere", + "clientSecret": "c53e80ab92d48ab12f4e7f1f6976d1bdc996e0d7", + "redirectURL": "http://ks-console/oauth/redirect", + "insecureSkipVerify": true, + "endpoint": oauth.DynamicOptions{ + "authURL": fmt.Sprintf("%s/authorize", oidcServer.URL), + "tokenURL": fmt.Sprintf("%s/token", oidcServer.URL), + "userInfoURL": fmt.Sprintf("%s/userinfo", oidcServer.URL), + "jwksURL": fmt.Sprintf("%s/keys", oidcServer.URL), + }, + } + Expect(config).Should(Equal(expected)) + }) + It("should login successfully", func() { + identity, err := provider.IdentityExchange("3389") + Expect(err).Should(BeNil()) + Expect(identity.GetUserID()).Should(Equal("110169484474386276334")) + Expect(identity.GetUsername()).Should(Equal("test")) + Expect(identity.GetEmail()).Should(Equal("test@kubesphere.io")) + }) + }) +}) + +func n(pub *rsa.PublicKey) string { + return encode(pub.N.Bytes()) +} + +func e(pub *rsa.PublicKey) string { + data := make([]byte, 8) + binary.BigEndian.PutUint64(data, uint64(pub.E)) + return encode(bytes.TrimLeft(data, "\x00")) +} + +func encode(payload []byte) string { + result := base64.URLEncoding.EncodeToString(payload) + return strings.TrimRight(result, "=") +} diff --git a/pkg/apiserver/authentication/oauth/oauth_options.go b/pkg/apiserver/authentication/oauth/oauth_options.go index 02dd6e387..7c13a20f5 100644 --- a/pkg/apiserver/authentication/oauth/oauth_options.go +++ b/pkg/apiserver/authentication/oauth/oauth_options.go @@ -145,7 +145,7 @@ type IdentityProviderOptions struct { Type string `json:"type" yaml:"type"` // The options of identify provider - Provider *DynamicOptions `json:"provider" yaml:"provider"` + Provider DynamicOptions `json:"provider" yaml:"provider"` } type Token struct { @@ -231,6 +231,7 @@ func (o *Options) OAuthClient(name string) (Client, error) { } return Client{}, ErrorClientNotFound } + func (o *Options) IdentityProviderOptions(name string) (*IdentityProviderOptions, error) { for _, found := range o.IdentityProviders { if found.Name == name { diff --git a/pkg/apiserver/authentication/oauth/oauth_options_test.go b/pkg/apiserver/authentication/oauth/oauth_options_test.go index b8b11b592..527c4b263 100644 --- a/pkg/apiserver/authentication/oauth/oauth_options_test.go +++ b/pkg/apiserver/authentication/oauth/oauth_options_test.go @@ -49,7 +49,6 @@ func TestDefaultAuthOptions(t *testing.T) { } func TestClientResolveRedirectURL(t *testing.T) { - options := NewOptions() defaultClient, err := options.OAuthClient("default") if err != nil { diff --git a/pkg/apiserver/authentication/options/authenticate_options.go b/pkg/apiserver/authentication/options/authenticate_options.go index 5994b5a78..06c300ddd 100644 --- a/pkg/apiserver/authentication/options/authenticate_options.go +++ b/pkg/apiserver/authentication/options/authenticate_options.go @@ -19,9 +19,11 @@ package options import ( "fmt" "github.com/spf13/pflag" + "kubesphere.io/kubesphere/pkg/apiserver/authentication/identityprovider" _ "kubesphere.io/kubesphere/pkg/apiserver/authentication/identityprovider/aliyunidaas" _ "kubesphere.io/kubesphere/pkg/apiserver/authentication/identityprovider/github" _ "kubesphere.io/kubesphere/pkg/apiserver/authentication/identityprovider/ldap" + _ "kubesphere.io/kubesphere/pkg/apiserver/authentication/identityprovider/oidc" "kubesphere.io/kubesphere/pkg/apiserver/authentication/oauth" "time" ) @@ -67,6 +69,9 @@ func (options *AuthenticationOptions) Validate() []error { if len(options.JwtSecret) == 0 { errs = append(errs, fmt.Errorf("jwt secret is empty")) } + if err := identityprovider.SetupWithOptions(options.OAuthOptions.IdentityProviders); err != nil { + errs = append(errs, err) + } return errs } diff --git a/pkg/apiserver/authorization/options/authorization_options.go b/pkg/apiserver/authorization/options/authorization_options.go index 39c04a682..dca2f8f04 100644 --- a/pkg/apiserver/authorization/options/authorization_options.go +++ b/pkg/apiserver/authorization/options/authorization_options.go @@ -41,7 +41,7 @@ func (o *AuthorizationOptions) AddFlags(fs *pflag.FlagSet, s *AuthorizationOptio fs.StringVar(&o.Mode, "authorization", s.Mode, "Authorization setting, allowed values: AlwaysDeny, AlwaysAllow, RBAC.") } -func (o AuthorizationOptions) Validate() []error { +func (o *AuthorizationOptions) Validate() []error { errs := make([]error, 0) if !sliceutil.HasString([]string{AlwaysAllow, AlwaysDeny, RBAC}, o.Mode) { err := fmt.Errorf("authorization mode %s not support", o.Mode) diff --git a/pkg/kapis/oauth/handler.go b/pkg/kapis/oauth/handler.go index 48a2b241e..978d74d84 100644 --- a/pkg/kapis/oauth/handler.go +++ b/pkg/kapis/oauth/handler.go @@ -171,7 +171,7 @@ func (h *handler) Authorize(req *restful.Request, resp *restful.Response) { http.Redirect(resp, req.Request, redirectURL, http.StatusFound) } -func (h *handler) oauthCallBack(req *restful.Request, resp *restful.Response) { +func (h *handler) oauthCallback(req *restful.Request, resp *restful.Response) { code := req.QueryParameter("code") provider := req.PathParameter("callback") diff --git a/pkg/kapis/oauth/register.go b/pkg/kapis/oauth/register.go index 23d0ab6bc..9b55fc606 100644 --- a/pkg/kapis/oauth/register.go +++ b/pkg/kapis/oauth/register.go @@ -104,7 +104,7 @@ func AddToContainer(c *restful.Container, im im.IdentityManagementInterface, "otherwise, REQUIRED. The scope of the access token as described by [RFC6479] Section 3.3.").Required(false)). Param(ws.QueryParameter("state", "if the \"state\" parameter was present in the client authorization request."+ "The exact value received from the client.").Required(true)). - To(handler.oauthCallBack). + To(handler.oauthCallback). Returns(http.StatusOK, api.StatusOK, oauth.Token{}). Metadata(restfulspec.KeyOpenAPITags, []string{constants.AuthenticationTag})) diff --git a/pkg/models/auth/authenticator.go b/pkg/models/auth/authenticator.go index 82e0eb942..820e395bc 100644 --- a/pkg/models/auth/authenticator.go +++ b/pkg/models/auth/authenticator.go @@ -99,7 +99,7 @@ func (p *passwordAuthenticator) Authenticate(username, password string) (authuse if username == constants.AdminUserName { break } - if genericProvider, _ := identityprovider.CreateGenericProvider(providerOptions.Type, providerOptions.Provider); genericProvider != nil { + if genericProvider, _ := identityprovider.GetGenericProvider(providerOptions.Name); genericProvider != nil { authenticated, err := genericProvider.Authenticate(username, password) if err != nil { if errors.IsUnauthorized(err) { @@ -173,7 +173,6 @@ func preRegistrationUser(idp string, identity identityprovider.Identity) authuse iamv1alpha2.ExtraUID: {identity.GetUserID()}, iamv1alpha2.ExtraUsername: {identity.GetUsername()}, iamv1alpha2.ExtraEmail: {identity.GetEmail()}, - iamv1alpha2.ExtraDisplayName: {identity.GetDisplayName()}, }, Groups: []string{iamv1alpha2.PreRegistrationUserGroup}, } @@ -186,7 +185,7 @@ func (o oauth2Authenticator) Authenticate(provider, code string) (authuser.Info, klog.Error(err) return nil, "", err } - oauthIdentityProvider, err := identityprovider.CreateOAuthProvider(providerOptions.Type, providerOptions.Provider) + oauthIdentityProvider, err := identityprovider.GetOAuthProvider(providerOptions.Name) if err != nil { klog.Error(err) return nil, "", err diff --git a/vendor/github.com/coreos/go-oidc/.gitignore b/vendor/github.com/coreos/go-oidc/.gitignore new file mode 100644 index 000000000..c96f2f47b --- /dev/null +++ b/vendor/github.com/coreos/go-oidc/.gitignore @@ -0,0 +1,2 @@ +/bin +/gopath diff --git a/vendor/github.com/coreos/go-oidc/.travis.yml b/vendor/github.com/coreos/go-oidc/.travis.yml new file mode 100644 index 000000000..6ff9dd965 --- /dev/null +++ b/vendor/github.com/coreos/go-oidc/.travis.yml @@ -0,0 +1,16 @@ +language: go + +go: + - "1.9" + - "1.10" + +install: + - go get -v -t github.com/coreos/go-oidc/... + - go get golang.org/x/tools/cmd/cover + - go get github.com/golang/lint/golint + +script: + - ./test + +notifications: + email: false diff --git a/vendor/github.com/coreos/go-oidc/CONTRIBUTING.md b/vendor/github.com/coreos/go-oidc/CONTRIBUTING.md new file mode 100644 index 000000000..6662073a8 --- /dev/null +++ b/vendor/github.com/coreos/go-oidc/CONTRIBUTING.md @@ -0,0 +1,71 @@ +# How to Contribute + +CoreOS projects are [Apache 2.0 licensed](LICENSE) and accept contributions via +GitHub pull requests. This document outlines some of the conventions on +development workflow, commit message formatting, contact points and other +resources to make it easier to get your contribution accepted. + +# Certificate of Origin + +By contributing to this project you agree to the Developer Certificate of +Origin (DCO). This document was created by the Linux Kernel community and is a +simple statement that you, as a contributor, have the legal right to make the +contribution. See the [DCO](DCO) file for details. + +# Email and Chat + +The project currently uses the general CoreOS email list and IRC channel: +- Email: [coreos-dev](https://groups.google.com/forum/#!forum/coreos-dev) +- IRC: #[coreos](irc://irc.freenode.org:6667/#coreos) IRC channel on freenode.org + +Please avoid emailing maintainers found in the MAINTAINERS file directly. They +are very busy and read the mailing lists. + +## Getting Started + +- Fork the repository on GitHub +- Read the [README](README.md) for build and test instructions +- Play with the project, submit bugs, submit patches! + +## Contribution Flow + +This is a rough outline of what a contributor's workflow looks like: + +- Create a topic branch from where you want to base your work (usually master). +- Make commits of logical units. +- Make sure your commit messages are in the proper format (see below). +- Push your changes to a topic branch in your fork of the repository. +- Make sure the tests pass, and add any new tests as appropriate. +- Submit a pull request to the original repository. + +Thanks for your contributions! + +### Format of the Commit Message + +We follow a rough convention for commit messages that is designed to answer two +questions: what changed and why. The subject line should feature the what and +the body of the commit should describe the why. + +``` +scripts: add the test-cluster command + +this uses tmux to setup a test cluster that you can easily kill and +start for debugging. + +Fixes #38 +``` + +The format can be described more formally as follows: + +``` +: + + + +