github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
0cb15453dae92d8be66cf42e6c1b04e21a2d0fb6
kubernetes/staging/BUILD
Kubernetes Submit Queue cdbc4fbe20 Merge pull request #58544 from ericchiang/oidc-v2 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

oidc authentication: switch to v2 of coreos/go-oidc

Switch to v2 of [coreos/go-oidc](https://github.com/coreos/go-oidc), which uses square/go-jose to verify tokens and supports more signing algorithms.

Most of this PR removes dependencies used by the older version of github.com/coreos/go-oidc, and updates vendor files.

This PR has been tested against tokens issued by Okta, Google, and CoreOS's dex.

Closes https://github.com/kubernetes/kubernetes/issues/57806

```release-note
kube-apiserver: the OpenID Connect authenticator can now verify ID Tokens signed with JOSE algorithms other than RS256 through the --oidc-signing-algs flag.
kube-apiserver: the OpenID Connect authenticator no longer accepts tokens from the Google v3 token APIs, users must switch to the "https://www.googleapis.com/oauth2/v4/token" endpoint.
```

cc @rithujohn191 @liggitt 
cc @kubernetes/sig-auth-pr-reviews
2018-02-21 09:07:23 -08:00

221 lines
14 KiB
Python
Raw Blame History

package(default_visibility = ["//visibility:public"])
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [
":package-srcs",
"//staging/src/k8s.io/api/admission/v1beta1:all-srcs",
"//staging/src/k8s.io/api/admissionregistration/v1alpha1:all-srcs",
"//staging/src/k8s.io/api/admissionregistration/v1beta1:all-srcs",
"//staging/src/k8s.io/api/apps/v1:all-srcs",
"//staging/src/k8s.io/api/apps/v1beta1:all-srcs",
"//staging/src/k8s.io/api/apps/v1beta2:all-srcs",
"//staging/src/k8s.io/api/authentication/v1:all-srcs",
"//staging/src/k8s.io/api/authentication/v1beta1:all-srcs",
"//staging/src/k8s.io/api/authorization/v1:all-srcs",
"//staging/src/k8s.io/api/authorization/v1beta1:all-srcs",
"//staging/src/k8s.io/api/autoscaling/v1:all-srcs",
"//staging/src/k8s.io/api/autoscaling/v2beta1:all-srcs",
"//staging/src/k8s.io/api/batch/v1:all-srcs",
"//staging/src/k8s.io/api/batch/v1beta1:all-srcs",
"//staging/src/k8s.io/api/batch/v2alpha1:all-srcs",
"//staging/src/k8s.io/api/certificates/v1beta1:all-srcs",
"//staging/src/k8s.io/api/core/v1:all-srcs",
"//staging/src/k8s.io/api/events/v1beta1:all-srcs",
"//staging/src/k8s.io/api/extensions/v1beta1:all-srcs",
"//staging/src/k8s.io/api/imagepolicy/v1alpha1:all-srcs",
"//staging/src/k8s.io/api/networking/v1:all-srcs",
"//staging/src/k8s.io/api/policy/v1beta1:all-srcs",
"//staging/src/k8s.io/api/rbac/v1:all-srcs",
"//staging/src/k8s.io/api/rbac/v1alpha1:all-srcs",
"//staging/src/k8s.io/api/rbac/v1beta1:all-srcs",
"//staging/src/k8s.io/api/scheduling/v1alpha1:all-srcs",
"//staging/src/k8s.io/api/settings/v1alpha1:all-srcs",
"//staging/src/k8s.io/api/storage/v1:all-srcs",
"//staging/src/k8s.io/api/storage/v1alpha1:all-srcs",
"//staging/src/k8s.io/api/storage/v1beta1:all-srcs",
"//staging/src/k8s.io/apiextensions-apiserver:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/api/equality:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/api/errors:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/api/meta:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/api/resource:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/api/testing:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/api/validation:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/apimachinery:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/fuzzer:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/internalversion:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1beta1:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/apis/testapigroup:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/conversion:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/fields:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/labels:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/runtime:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/selection:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/test:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/types:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/cache:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/clock:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/diff:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/errors:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/framer:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/httpstream:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/initialization:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/intstr:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/json:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/jsonmergepatch:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/mergepatch:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/net:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/proxy:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/rand:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/remotecommand:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/runtime:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/sets:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/strategicpatch:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/uuid:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/validation:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/wait:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/waitgroup:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/util/yaml:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/version:all-srcs",
"//staging/src/k8s.io/apimachinery/pkg/watch:all-srcs",
"//staging/src/k8s.io/apimachinery/third_party/forked/golang/json:all-srcs",
"//staging/src/k8s.io/apimachinery/third_party/forked/golang/netutil:all-srcs",
"//staging/src/k8s.io/apimachinery/third_party/forked/golang/reflect:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/admission:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/apis/apiserver:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/apis/audit:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/apis/example:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/apis/example2:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/audit:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/authentication/authenticatorfactory:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/authentication/group:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/authentication/request/anonymous:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/authentication/request/bearertoken:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/authentication/request/headerrequest:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/authentication/request/union:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/authentication/request/websocket:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/authentication/request/x509:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/authentication/serviceaccount:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/authentication/token/cache:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/authentication/token/tokenfile:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/authentication/token/union:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/authentication/user:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/authorization/authorizer:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/authorization/authorizerfactory:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/authorization/union:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/endpoints:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/features:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/registry:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/server:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/storage:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/util/feature:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/util/flag:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/util/flushwriter:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/util/logs:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/util/proxy:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/util/trace:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/util/webhook:all-srcs",
"//staging/src/k8s.io/apiserver/pkg/util/wsstream:all-srcs",
"//staging/src/k8s.io/apiserver/plugin/pkg/audit:all-srcs",
"//staging/src/k8s.io/apiserver/plugin/pkg/authenticator:all-srcs",
"//staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook:all-srcs",
"//staging/src/k8s.io/client-go/discovery:all-srcs",
"//staging/src/k8s.io/client-go/dynamic:all-srcs",
"//staging/src/k8s.io/client-go/examples/create-update-delete-deployment:all-srcs",
"//staging/src/k8s.io/client-go/examples/in-cluster-client-configuration:all-srcs",
"//staging/src/k8s.io/client-go/examples/out-of-cluster-client-configuration:all-srcs",
"//staging/src/k8s.io/client-go/examples/workqueue:all-srcs",
"//staging/src/k8s.io/client-go/informers:all-srcs",
"//staging/src/k8s.io/client-go/kubernetes:all-srcs",
"//staging/src/k8s.io/client-go/listers/admissionregistration/v1alpha1:all-srcs",
"//staging/src/k8s.io/client-go/listers/admissionregistration/v1beta1:all-srcs",
"//staging/src/k8s.io/client-go/listers/apps/v1:all-srcs",
"//staging/src/k8s.io/client-go/listers/apps/v1beta1:all-srcs",
"//staging/src/k8s.io/client-go/listers/apps/v1beta2:all-srcs",
"//staging/src/k8s.io/client-go/listers/authentication/v1:all-srcs",
"//staging/src/k8s.io/client-go/listers/authentication/v1beta1:all-srcs",
"//staging/src/k8s.io/client-go/listers/authorization/v1:all-srcs",
"//staging/src/k8s.io/client-go/listers/authorization/v1beta1:all-srcs",
"//staging/src/k8s.io/client-go/listers/autoscaling/v1:all-srcs",
"//staging/src/k8s.io/client-go/listers/autoscaling/v2beta1:all-srcs",
"//staging/src/k8s.io/client-go/listers/batch/v1:all-srcs",
"//staging/src/k8s.io/client-go/listers/batch/v1beta1:all-srcs",
"//staging/src/k8s.io/client-go/listers/batch/v2alpha1:all-srcs",
"//staging/src/k8s.io/client-go/listers/certificates/v1beta1:all-srcs",
"//staging/src/k8s.io/client-go/listers/core/v1:all-srcs",
"//staging/src/k8s.io/client-go/listers/events/v1beta1:all-srcs",
"//staging/src/k8s.io/client-go/listers/extensions/v1beta1:all-srcs",
"//staging/src/k8s.io/client-go/listers/imagepolicy/v1alpha1:all-srcs",
"//staging/src/k8s.io/client-go/listers/networking/v1:all-srcs",
"//staging/src/k8s.io/client-go/listers/policy/v1beta1:all-srcs",
"//staging/src/k8s.io/client-go/listers/rbac/v1:all-srcs",
"//staging/src/k8s.io/client-go/listers/rbac/v1alpha1:all-srcs",
"//staging/src/k8s.io/client-go/listers/rbac/v1beta1:all-srcs",
"//staging/src/k8s.io/client-go/listers/scheduling/v1alpha1:all-srcs",
"//staging/src/k8s.io/client-go/listers/settings/v1alpha1:all-srcs",
"//staging/src/k8s.io/client-go/listers/storage/v1:all-srcs",
"//staging/src/k8s.io/client-go/listers/storage/v1alpha1:all-srcs",
"//staging/src/k8s.io/client-go/listers/storage/v1beta1:all-srcs",
"//staging/src/k8s.io/client-go/pkg/version:all-srcs",
"//staging/src/k8s.io/client-go/plugin/pkg/client/auth:all-srcs",
"//staging/src/k8s.io/client-go/rest:all-srcs",
"//staging/src/k8s.io/client-go/scale:all-srcs",
"//staging/src/k8s.io/client-go/testing:all-srcs",
"//staging/src/k8s.io/client-go/third_party/forked/golang/template:all-srcs",
"//staging/src/k8s.io/client-go/tools/auth:all-srcs",
"//staging/src/k8s.io/client-go/tools/bootstrap/token/api:all-srcs",
"//staging/src/k8s.io/client-go/tools/bootstrap/token/util:all-srcs",
"//staging/src/k8s.io/client-go/tools/cache:all-srcs",
"//staging/src/k8s.io/client-go/tools/clientcmd:all-srcs",
"//staging/src/k8s.io/client-go/tools/leaderelection:all-srcs",
"//staging/src/k8s.io/client-go/tools/metrics:all-srcs",
"//staging/src/k8s.io/client-go/tools/pager:all-srcs",
"//staging/src/k8s.io/client-go/tools/portforward:all-srcs",
"//staging/src/k8s.io/client-go/tools/record:all-srcs",
"//staging/src/k8s.io/client-go/tools/reference:all-srcs",
"//staging/src/k8s.io/client-go/tools/remotecommand:all-srcs",
"//staging/src/k8s.io/client-go/transport:all-srcs",
"//staging/src/k8s.io/client-go/util/buffer:all-srcs",
"//staging/src/k8s.io/client-go/util/cert:all-srcs",
"//staging/src/k8s.io/client-go/util/certificate:all-srcs",
"//staging/src/k8s.io/client-go/util/exec:all-srcs",
"//staging/src/k8s.io/client-go/util/flowcontrol:all-srcs",
"//staging/src/k8s.io/client-go/util/homedir:all-srcs",
"//staging/src/k8s.io/client-go/util/integer:all-srcs",
"//staging/src/k8s.io/client-go/util/jsonpath:all-srcs",
"//staging/src/k8s.io/client-go/util/retry:all-srcs",
"//staging/src/k8s.io/client-go/util/testing:all-srcs",
"//staging/src/k8s.io/client-go/util/workqueue:all-srcs",
"//staging/src/k8s.io/code-generator/cmd/client-gen:all-srcs",
"//staging/src/k8s.io/code-generator/cmd/conversion-gen:all-srcs",
"//staging/src/k8s.io/code-generator/cmd/deepcopy-gen:all-srcs",
"//staging/src/k8s.io/code-generator/cmd/defaulter-gen:all-srcs",
"//staging/src/k8s.io/code-generator/cmd/go-to-protobuf:all-srcs",
"//staging/src/k8s.io/code-generator/cmd/import-boss:all-srcs",
"//staging/src/k8s.io/code-generator/cmd/informer-gen:all-srcs",
"//staging/src/k8s.io/code-generator/cmd/lister-gen:all-srcs",
"//staging/src/k8s.io/code-generator/cmd/openapi-gen:all-srcs",
"//staging/src/k8s.io/code-generator/cmd/set-gen:all-srcs",
"//staging/src/k8s.io/code-generator/hack:all-srcs",
"//staging/src/k8s.io/code-generator/pkg/util:all-srcs",
"//staging/src/k8s.io/code-generator/third_party/forked/golang/reflect:all-srcs",
"//staging/src/k8s.io/kube-aggregator:all-srcs",
"//staging/src/k8s.io/metrics/pkg/apis/custom_metrics:all-srcs",
"//staging/src/k8s.io/metrics/pkg/apis/metrics:all-srcs",
"//staging/src/k8s.io/metrics/pkg/client/clientset_generated/clientset:all-srcs",
"//staging/src/k8s.io/metrics/pkg/client/custom_metrics:all-srcs",
"//staging/src/k8s.io/sample-apiserver:all-srcs",
"//staging/src/k8s.io/sample-controller:all-srcs",
],
tags = ["automanaged"],
)
Reference in New Issue View Git Blame Copy Permalink