Skip to content

Commit c1d3e17

Browse files
chore(deps/gomod): update module github.com/golang-jwt/jwt/v4 to v5 (#12691)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [github.com/golang-jwt/jwt/v4](https://redirect.github.com/golang-jwt/jwt) | `v4.5.1` -> `v5.2.1` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgolang-jwt%2fjwt%2fv4/v5.2.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgolang-jwt%2fjwt%2fv4/v5.2.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgolang-jwt%2fjwt%2fv4/v4.5.1/v5.2.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgolang-jwt%2fjwt%2fv4/v4.5.1/v5.2.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --------- Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bart Smykla <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Bart Smykla <[email protected]>
1 parent e70ee3e commit c1d3e17

File tree

16 files changed

+44
-34
lines changed

16 files changed

+44
-34
lines changed

app/kuma-dp/pkg/config/validate.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ import (
55
"strings"
66

77
"github.com/asaskevich/govalidator"
8-
"github.com/golang-jwt/jwt/v4"
8+
"github.com/golang-jwt/jwt/v5"
99
"github.com/pkg/errors"
1010

1111
util_files "github.com/kumahq/kuma/pkg/util/files"

app/kuma-dp/pkg/config/validate_test.go

+2-2
Original file line numberDiff line numberDiff line change
@@ -58,11 +58,11 @@ var _ = Describe("ValidateTokenPath", func() {
5858
}),
5959
Entry("can't parse token", testCase{
6060
token: "yJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJOYW1lIjoidGVzdCIsIk1lc2giOiJkZWZhdWx0IiwiVGFncyI6e30sIlR5cGUiOiIifQ.rdQ6l_6hzT93Kbk9kO-kZYY7BaexUH8QknvbdRy_f6s",
61-
expectedError: "not valid JWT token. Can't parse it.: invalid character 'È' looking for beginning of value",
61+
expectedError: "not valid JWT token. Can't parse it.: token is malformed: could not JSON decode header: invalid character 'È' looking for beginning of value",
6262
}),
6363
Entry("need 3 segments", testCase{
6464
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJOYW1lIjoidGVzdCIsIk1lc2giOiJkZWZhdWx0IiwiVGFncyI6e30sIlR5cGUiOiIifQ",
65-
expectedError: "not valid JWT token. Can't parse it.: token contains an invalid number of segments",
65+
expectedError: "not valid JWT token. Can't parse it.: token is malformed: token contains an invalid number of segments",
6666
}),
6767
Entry("new line in the end", testCase{
6868
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJOYW1lIjoidGVzdCIsIk1lc2giOiJkZWZhdWx0IiwiVGFncyI6e30sIlR5cGUiOiIifQ.rdQ6l_6hzT93Kbk9kO-kZYY7BaexUH8QknvbdRy_f6s\n",

app/kumactl/cmd/generate/generate_dataplane_token_test.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ import (
77
"path/filepath"
88
"time"
99

10-
"github.com/golang-jwt/jwt/v4"
10+
"github.com/golang-jwt/jwt/v5"
1111
. "github.com/onsi/ginkgo/v2"
1212
. "github.com/onsi/gomega"
1313
"github.com/spf13/cobra"

app/kumactl/cmd/generate/generate_user_token_test.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ import (
66
"strings"
77
"time"
88

9-
"github.com/golang-jwt/jwt/v4"
9+
"github.com/golang-jwt/jwt/v5"
1010
. "github.com/onsi/ginkgo/v2"
1111
. "github.com/onsi/gomega"
1212

app/kumactl/cmd/generate/generate_zone_token_test.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ import (
77
"path/filepath"
88
"time"
99

10-
"github.com/golang-jwt/jwt/v4"
10+
"github.com/golang-jwt/jwt/v5"
1111
. "github.com/onsi/ginkgo/v2"
1212
. "github.com/onsi/gomega"
1313
"github.com/spf13/cobra"

go.mod

+1-1
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ require (
2323
github.com/go-logr/logr v1.4.2
2424
github.com/go-logr/zapr v1.3.0
2525
github.com/goburrow/cache v0.1.4
26-
github.com/golang-jwt/jwt/v4 v4.5.1
26+
github.com/golang-jwt/jwt/v5 v5.2.1
2727
github.com/golang-migrate/migrate/v4 v4.18.2
2828
github.com/golang/protobuf v1.5.4
2929
github.com/google/go-cmp v0.7.0

go.sum

+2-2
Original file line numberDiff line numberDiff line change
@@ -216,8 +216,8 @@ github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
216216
github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
217217
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
218218
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
219-
github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
220-
github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
219+
github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
220+
github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
221221
github.com/golang-migrate/migrate/v4 v4.18.2 h1:2VSCMz7x7mjyTXx3m2zPokOY82LTRgxK1yQYKo6wWQ8=
222222
github.com/golang-migrate/migrate/v4 v4.18.2/go.mod h1:2CM6tJvn2kqPXwnXO/d3rAQYiyoIm180VsO8PRX6Rpk=
223223
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=

pkg/core/tokens/issuer.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ import (
44
"context"
55
"time"
66

7-
"github.com/golang-jwt/jwt/v4"
7+
"github.com/golang-jwt/jwt/v5"
88
"github.com/pkg/errors"
99

1010
"github.com/kumahq/kuma/pkg/core"

pkg/core/tokens/issuer_test.go

+7-5
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ import (
44
"context"
55
"time"
66

7-
"github.com/golang-jwt/jwt/v4"
7+
"github.com/golang-jwt/jwt/v5"
88
. "github.com/onsi/ginkgo/v2"
99
. "github.com/onsi/gomega"
1010
"google.golang.org/protobuf/types/known/wrapperspb"
@@ -66,14 +66,10 @@ var _ = Describe("Token issuer", func() {
6666
core.Now = func() time.Time {
6767
return now
6868
}
69-
jwt.TimeFunc = func() time.Time {
70-
return now
71-
}
7269
})
7370

7471
AfterEach(func() {
7572
core.Now = time.Now
76-
jwt.TimeFunc = time.Now
7773
})
7874

7975
Context("Global Scoped tokens", func() {
@@ -89,6 +85,9 @@ var _ = Describe("Token issuer", func() {
8985
},
9086
tokens.NewRevocations(secretManager, TokenRevocationsGlobalSecretKey),
9187
store_config.MemoryStore,
88+
jwt.WithTimeFunc(func() time.Time {
89+
return now
90+
}),
9291
)
9392

9493
Expect(signingKeyManager.CreateDefaultSigningKey(ctx)).To(Succeed())
@@ -190,6 +189,9 @@ var _ = Describe("Token issuer", func() {
190189
},
191190
tokens.NewRevocations(secretManager, TokenRevocationsSecretKey(core_model.DefaultMesh)),
192191
store_config.MemoryStore,
192+
jwt.WithTimeFunc(func() time.Time {
193+
return now
194+
}),
193195
)
194196

195197
Expect(secretManager.Create(ctx, mesh.NewMeshResource(), core_store.CreateByKey(core_model.DefaultMesh, core_model.NoMesh))).To(Succeed())

pkg/core/tokens/token.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
package tokens
22

3-
import "github.com/golang-jwt/jwt/v4"
3+
import "github.com/golang-jwt/jwt/v5"
44

55
type Token = string
66

pkg/core/tokens/validator.go

+19-11
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ import (
77
"fmt"
88

99
"github.com/go-logr/logr"
10-
"github.com/golang-jwt/jwt/v4"
10+
"github.com/golang-jwt/jwt/v5"
1111
"github.com/pkg/errors"
1212

1313
store_config "github.com/kumahq/kuma/pkg/config/core/resources/store"
@@ -19,18 +19,26 @@ type Validator interface {
1919
}
2020

2121
type jwtTokenValidator struct {
22-
keyAccessors []SigningKeyAccessor
23-
revocations Revocations
24-
storeType store_config.StoreType
25-
log logr.Logger
22+
keyAccessors []SigningKeyAccessor
23+
revocations Revocations
24+
storeType store_config.StoreType
25+
log logr.Logger
26+
parserOptions []jwt.ParserOption
2627
}
2728

28-
func NewValidator(log logr.Logger, keyAccessors []SigningKeyAccessor, revocations Revocations, storeType store_config.StoreType) Validator {
29+
func NewValidator(
30+
log logr.Logger,
31+
keyAccessors []SigningKeyAccessor,
32+
revocations Revocations,
33+
storeType store_config.StoreType,
34+
parserOptions ...jwt.ParserOption,
35+
) Validator {
2936
return &jwtTokenValidator{
30-
log: log,
31-
keyAccessors: keyAccessors,
32-
revocations: revocations,
33-
storeType: storeType,
37+
log: log,
38+
keyAccessors: keyAccessors,
39+
revocations: revocations,
40+
storeType: storeType,
41+
parserOptions: parserOptions,
3442
}
3543
}
3644

@@ -69,7 +77,7 @@ func (j *jwtTokenValidator) ParseWithValidation(ctx context.Context, rawToken To
6977
default:
7078
return nil, fmt.Errorf("unsupported token alg %s. Allowed algorithms are %s and %s", token.Method.Alg(), jwt.SigningMethodRS256.Name, jwt.SigningMethodHS256)
7179
}
72-
})
80+
}, j.parserOptions...)
7381
if err != nil {
7482
signingKeyError := &SigningKeyNotFound{}
7583
if errors2.As(err, &signingKeyError) {

pkg/plugins/authn/api-server/tokens/issuer/token.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
package issuer
22

33
import (
4-
"github.com/golang-jwt/jwt/v4"
4+
"github.com/golang-jwt/jwt/v5"
55

66
"github.com/kumahq/kuma/pkg/core/tokens"
77
"github.com/kumahq/kuma/pkg/core/user"

pkg/tokens/builtin/issuer/issuer.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ import (
44
"context"
55
"time"
66

7-
"github.com/golang-jwt/jwt/v4"
7+
"github.com/golang-jwt/jwt/v5"
88

99
"github.com/kumahq/kuma/pkg/core/tokens"
1010
)

pkg/tokens/builtin/issuer/token.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
package issuer
22

33
import (
4-
"github.com/golang-jwt/jwt/v4"
4+
"github.com/golang-jwt/jwt/v5"
55

66
mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1"
77
"github.com/kumahq/kuma/pkg/core/tokens"

pkg/tokens/builtin/zone/token.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
package zone
22

33
import (
4-
"github.com/golang-jwt/jwt/v4"
4+
"github.com/golang-jwt/jwt/v5"
55

66
core_tokens "github.com/kumahq/kuma/pkg/core/tokens"
77
)

pkg/xds/auth/universal/auth_test.go

+3-3
Original file line numberDiff line numberDiff line change
@@ -141,7 +141,7 @@ var _ = Describe("Authentication flow", func() {
141141
Name: "dp-1",
142142
},
143143
dpRes: &dpRes,
144-
err: "could not parse token. kuma-cp runs with an in-memory database and its state isn't preserved between restarts. Keep in mind that an in-memory database cannot be used with multiple instances of the control plane: crypto/rsa: verification error",
144+
err: "could not parse token. kuma-cp runs with an in-memory database and its state isn't preserved between restarts. Keep in mind that an in-memory database cannot be used with multiple instances of the control plane: token signature is invalid: crypto/rsa: verification error",
145145
}),
146146
Entry("on token with different tags", testCase{
147147
id: builtin_issuer.DataplaneIdentity{
@@ -188,7 +188,7 @@ var _ = Describe("Authentication flow", func() {
188188

189189
// then
190190
Expect(err.Error()).To(ContainSubstring("could not parse token. kuma-cp runs with an in-memory database and its state isn't preserved between restarts." +
191-
" Keep in mind that an in-memory database cannot be used with multiple instances of the control plane: token contains an invalid number of segments"))
191+
" Keep in mind that an in-memory database cannot be used with multiple instances of the control plane: token is malformed: token contains an invalid number of segments"))
192192
})
193193

194194
It("should throw an error when signing key used for validation is different than for generation", func() {
@@ -209,7 +209,7 @@ var _ = Describe("Authentication flow", func() {
209209

210210
// then
211211
Expect(err.Error()).To(ContainSubstring("could not parse token. kuma-cp runs with an in-memory database and its state isn't preserved between restarts." +
212-
" Keep in mind that an in-memory database cannot be used with multiple instances of the control plane: crypto/rsa: verification error"))
212+
" Keep in mind that an in-memory database cannot be used with multiple instances of the control plane: token signature is invalid: crypto/rsa: verification error"))
213213
})
214214

215215
It("should throw an error when signing key is not found", func() {

0 commit comments

Comments
 (0)