From 0ef223db053750a4cf18b765d6ba888b5e6ce4b1 Mon Sep 17 00:00:00 2001 From: arukiidou Date: Wed, 2 Apr 2025 02:09:20 +0900 Subject: [PATCH 01/18] Remove github.com/zeebo/errs (#309) Signed-off-by: junya koyama --- v2/bundle/jwtbundle/bundle.go | 20 +++++++------ v2/bundle/jwtbundle/set.go | 3 +- v2/bundle/spiffebundle/bundle.go | 28 ++++++++++-------- v2/bundle/spiffebundle/set.go | 7 +++-- v2/bundle/x509bundle/bundle.go | 18 ++++++----- v2/bundle/x509bundle/set.go | 3 +- v2/federation/fetch.go | 19 +++++++----- v2/federation/watch.go | 3 +- v2/go.mod | 1 - v2/go.sum | 2 -- v2/spiffetls/dial.go | 17 ++++++----- v2/spiffetls/listen.go | 17 ++++++----- v2/spiffetls/option.go | 8 +++-- v2/spiffetls/peerid.go | 8 +++-- v2/svid/jwtsvid/svid.go | 33 +++++++++++---------- v2/svid/x509svid/svid.go | 51 ++++++++++++++++---------------- v2/svid/x509svid/verify.go | 31 ++++++++++--------- v2/workloadapi/bundlesource.go | 17 ++++++----- v2/workloadapi/jwtsource.go | 11 ++++--- v2/workloadapi/watcher.go | 4 +-- v2/workloadapi/x509source.go | 13 ++++---- 21 files changed, 173 insertions(+), 141 deletions(-) diff --git a/v2/bundle/jwtbundle/bundle.go b/v2/bundle/jwtbundle/bundle.go index ebd3cacd4..78cdaddfc 100644 --- a/v2/bundle/jwtbundle/bundle.go +++ b/v2/bundle/jwtbundle/bundle.go @@ -4,6 +4,7 @@ import ( "crypto" "encoding/json" "errors" + "fmt" "io" "os" "sync" @@ -11,11 +12,8 @@ import ( "github.com/go-jose/go-jose/v4" "github.com/spiffe/go-spiffe/v2/internal/jwtutil" "github.com/spiffe/go-spiffe/v2/spiffeid" - "github.com/zeebo/errs" ) -var jwtbundleErr = errs.Class("jwtbundle") - // Bundle is a collection of trusted JWT authorities for a trust domain. type Bundle struct { trustDomain spiffeid.TrustDomain @@ -44,7 +42,7 @@ func FromJWTAuthorities(trustDomain spiffeid.TrustDomain, jwtAuthorities map[str func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error) { bundleBytes, err := os.ReadFile(path) if err != nil { - return nil, jwtbundleErr.New("unable to read JWT bundle: %w", err) + return nil, wrapJwtbundleErr(fmt.Errorf("unable to read JWT bundle: %w", err)) } return Parse(trustDomain, bundleBytes) @@ -54,7 +52,7 @@ func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error) { func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error) { b, err := io.ReadAll(r) if err != nil { - return nil, jwtbundleErr.New("unable to read: %v", err) + return nil, wrapJwtbundleErr(fmt.Errorf("unable to read: %v", err)) } return Parse(trustDomain, b) @@ -64,13 +62,13 @@ func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error) { func Parse(trustDomain spiffeid.TrustDomain, bundleBytes []byte) (*Bundle, error) { jwks := new(jose.JSONWebKeySet) if err := json.Unmarshal(bundleBytes, jwks); err != nil { - return nil, jwtbundleErr.New("unable to parse JWKS: %v", err) + return nil, wrapJwtbundleErr(fmt.Errorf("unable to parse JWKS: %v", err)) } bundle := New(trustDomain) for i, key := range jwks.Keys { if err := bundle.AddJWTAuthority(key.KeyID, key.Key); err != nil { - return nil, jwtbundleErr.New("error adding authority %d of JWKS: %v", i, errors.Unwrap(err)) + return nil, wrapJwtbundleErr(fmt.Errorf("error adding authority %d of JWKS: %v", i, errors.Unwrap(err))) } } @@ -116,7 +114,7 @@ func (b *Bundle) HasJWTAuthority(keyID string) bool { // under the given key ID, it is replaced. A key ID must be specified. func (b *Bundle) AddJWTAuthority(keyID string, jwtAuthority crypto.PublicKey) error { if keyID == "" { - return jwtbundleErr.New("keyID cannot be empty") + return wrapJwtbundleErr(errors.New("keyID cannot be empty")) } b.mtx.Lock() @@ -193,8 +191,12 @@ func (b *Bundle) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (* defer b.mtx.RUnlock() if b.trustDomain != trustDomain { - return nil, jwtbundleErr.New("no JWT bundle for trust domain %q", trustDomain) + return nil, wrapJwtbundleErr(fmt.Errorf("no JWT bundle for trust domain %q", trustDomain)) } return b, nil } + +func wrapJwtbundleErr(err error) error { + return fmt.Errorf("jwtbundle: %w", err) +} diff --git a/v2/bundle/jwtbundle/set.go b/v2/bundle/jwtbundle/set.go index 048dd0d8a..ec0836ec7 100644 --- a/v2/bundle/jwtbundle/set.go +++ b/v2/bundle/jwtbundle/set.go @@ -1,6 +1,7 @@ package jwtbundle import ( + "fmt" "sort" "sync" @@ -98,7 +99,7 @@ func (s *Set) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bun bundle, ok := s.bundles[trustDomain] if !ok { - return nil, jwtbundleErr.New("no JWT bundle for trust domain %q", trustDomain) + return nil, wrapJwtbundleErr(fmt.Errorf("no JWT bundle for trust domain %q", trustDomain)) } return bundle, nil diff --git a/v2/bundle/spiffebundle/bundle.go b/v2/bundle/spiffebundle/bundle.go index 13b103e24..712ec636b 100644 --- a/v2/bundle/spiffebundle/bundle.go +++ b/v2/bundle/spiffebundle/bundle.go @@ -5,6 +5,7 @@ import ( "crypto/x509" "encoding/json" "errors" + "fmt" "io" "os" "sync" @@ -16,7 +17,6 @@ import ( "github.com/spiffe/go-spiffe/v2/internal/jwtutil" "github.com/spiffe/go-spiffe/v2/internal/x509util" "github.com/spiffe/go-spiffe/v2/spiffeid" - "github.com/zeebo/errs" ) const ( @@ -24,8 +24,6 @@ const ( jwtSVIDUse = "jwt-svid" ) -var spiffebundleErr = errs.Class("spiffebundle") - type bundleDoc struct { jose.JSONWebKeySet SequenceNumber *uint64 `json:"spiffe_sequence,omitempty"` @@ -59,7 +57,7 @@ func New(trustDomain spiffeid.TrustDomain) *Bundle { func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error) { bundleBytes, err := os.ReadFile(path) if err != nil { - return nil, spiffebundleErr.New("unable to read SPIFFE bundle: %w", err) + return nil, wrapSpiffebundleErr(fmt.Errorf("unable to read SPIFFE bundle: %w", err)) } return Parse(trustDomain, bundleBytes) @@ -70,7 +68,7 @@ func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error) { func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error) { b, err := io.ReadAll(r) if err != nil { - return nil, spiffebundleErr.New("unable to read: %v", err) + return nil, wrapSpiffebundleErr(fmt.Errorf("unable to read: %v", err)) } return Parse(trustDomain, b) @@ -81,7 +79,7 @@ func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error) { func Parse(trustDomain spiffeid.TrustDomain, bundleBytes []byte) (*Bundle, error) { jwks := &bundleDoc{} if err := json.Unmarshal(bundleBytes, jwks); err != nil { - return nil, spiffebundleErr.New("unable to parse JWKS: %v", err) + return nil, wrapSpiffebundleErr(fmt.Errorf("unable to parse JWKS: %v", err)) } bundle := New(trustDomain) @@ -95,19 +93,19 @@ func Parse(trustDomain spiffeid.TrustDomain, bundleBytes []byte) (*Bundle, error if jwks.Keys == nil { // The parameter keys MUST be present. // https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE_Trust_Domain_and_Bundle.md#413-keys - return nil, spiffebundleErr.New("no authorities found") + return nil, wrapSpiffebundleErr(errors.New("no authorities found")) } for i, key := range jwks.Keys { switch key.Use { // Two SVID types are supported: x509-svid and jwt-svid. case x509SVIDUse: if len(key.Certificates) != 1 { - return nil, spiffebundleErr.New("expected a single certificate in %s entry %d; got %d", x509SVIDUse, i, len(key.Certificates)) + return nil, wrapSpiffebundleErr(fmt.Errorf("expected a single certificate in %s entry %d; got %d", x509SVIDUse, i, len(key.Certificates))) } bundle.AddX509Authority(key.Certificates[0]) case jwtSVIDUse: if err := bundle.AddJWTAuthority(key.KeyID, key.Key); err != nil { - return nil, spiffebundleErr.New("error adding authority %d of JWKS: %v", i, errors.Unwrap(err)) + return nil, wrapSpiffebundleErr(fmt.Errorf("error adding authority %d of JWKS: %v", i, errors.Unwrap(err))) } } } @@ -239,7 +237,7 @@ func (b *Bundle) HasJWTAuthority(keyID string) bool { // under the given key ID, it is replaced. A key ID must be specified. func (b *Bundle) AddJWTAuthority(keyID string, jwtAuthority crypto.PublicKey) error { if keyID == "" { - return spiffebundleErr.New("keyID cannot be empty") + return wrapSpiffebundleErr(errors.New("keyID cannot be empty")) } b.mtx.Lock() @@ -405,7 +403,7 @@ func (b *Bundle) GetBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bun defer b.mtx.RUnlock() if b.trustDomain != trustDomain { - return nil, spiffebundleErr.New("no SPIFFE bundle for trust domain %q", trustDomain) + return nil, wrapSpiffebundleErr(fmt.Errorf("no SPIFFE bundle for trust domain %q", trustDomain)) } return b, nil @@ -419,7 +417,7 @@ func (b *Bundle) GetX509BundleForTrustDomain(trustDomain spiffeid.TrustDomain) ( defer b.mtx.RUnlock() if b.trustDomain != trustDomain { - return nil, spiffebundleErr.New("no X.509 bundle for trust domain %q", trustDomain) + return nil, wrapSpiffebundleErr(fmt.Errorf("no X.509 bundle for trust domain %q", trustDomain)) } return b.X509Bundle(), nil @@ -433,7 +431,7 @@ func (b *Bundle) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (* defer b.mtx.RUnlock() if b.trustDomain != trustDomain { - return nil, spiffebundleErr.New("no JWT bundle for trust domain %q", trustDomain) + return nil, wrapSpiffebundleErr(fmt.Errorf("no JWT bundle for trust domain %q", trustDomain)) } return b.JWTBundle(), nil @@ -483,3 +481,7 @@ func copySequenceNumber(sequenceNumber *uint64) *uint64 { copied := *sequenceNumber return &copied } + +func wrapSpiffebundleErr(err error) error { + return fmt.Errorf("spiffebundle: %w", err) +} diff --git a/v2/bundle/spiffebundle/set.go b/v2/bundle/spiffebundle/set.go index 2738135c0..e0d5d4568 100644 --- a/v2/bundle/spiffebundle/set.go +++ b/v2/bundle/spiffebundle/set.go @@ -1,6 +1,7 @@ package spiffebundle import ( + "fmt" "sort" "sync" @@ -100,7 +101,7 @@ func (s *Set) GetBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle bundle, ok := s.bundles[trustDomain] if !ok { - return nil, spiffebundleErr.New("no SPIFFE bundle for trust domain %q", trustDomain) + return nil, wrapSpiffebundleErr(fmt.Errorf("no SPIFFE bundle for trust domain %q", trustDomain)) } return bundle, nil @@ -114,7 +115,7 @@ func (s *Set) GetX509BundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*x5 bundle, ok := s.bundles[trustDomain] if !ok { - return nil, spiffebundleErr.New("no X.509 bundle for trust domain %q", trustDomain) + return nil, wrapSpiffebundleErr(fmt.Errorf("no X.509 bundle for trust domain %q", trustDomain)) } return bundle.X509Bundle(), nil @@ -128,7 +129,7 @@ func (s *Set) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*jwt bundle, ok := s.bundles[trustDomain] if !ok { - return nil, spiffebundleErr.New("no JWT bundle for trust domain %q", trustDomain) + return nil, wrapSpiffebundleErr(fmt.Errorf("no JWT bundle for trust domain %q", trustDomain)) } return bundle.JWTBundle(), nil diff --git a/v2/bundle/x509bundle/bundle.go b/v2/bundle/x509bundle/bundle.go index a70bb62fd..4cc816d24 100644 --- a/v2/bundle/x509bundle/bundle.go +++ b/v2/bundle/x509bundle/bundle.go @@ -2,6 +2,7 @@ package x509bundle import ( "crypto/x509" + "fmt" "io" "os" "sync" @@ -9,11 +10,8 @@ import ( "github.com/spiffe/go-spiffe/v2/internal/pemutil" "github.com/spiffe/go-spiffe/v2/internal/x509util" "github.com/spiffe/go-spiffe/v2/spiffeid" - "github.com/zeebo/errs" ) -var x509bundleErr = errs.Class("x509bundle") - // Bundle is a collection of trusted X.509 authorities for a trust domain. type Bundle struct { trustDomain spiffeid.TrustDomain @@ -42,7 +40,7 @@ func FromX509Authorities(trustDomain spiffeid.TrustDomain, authorities []*x509.C func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error) { fileBytes, err := os.ReadFile(path) if err != nil { - return nil, x509bundleErr.New("unable to load X.509 bundle file: %w", err) + return nil, wrapX509bundleErr(fmt.Errorf("unable to load X.509 bundle file: %w", err)) } return Parse(trustDomain, fileBytes) @@ -53,7 +51,7 @@ func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error) { func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error) { b, err := io.ReadAll(r) if err != nil { - return nil, x509bundleErr.New("unable to read X.509 bundle: %v", err) + return nil, wrapX509bundleErr(fmt.Errorf("unable to read X.509 bundle: %v", err)) } return Parse(trustDomain, b) @@ -69,7 +67,7 @@ func Parse(trustDomain spiffeid.TrustDomain, b []byte) (*Bundle, error) { certs, err := pemutil.ParseCertificates(b) if err != nil { - return nil, x509bundleErr.New("cannot parse certificate: %v", err) + return nil, wrapX509bundleErr(fmt.Errorf("cannot parse certificate: %v", err)) } for _, cert := range certs { bundle.AddX509Authority(cert) @@ -87,7 +85,7 @@ func ParseRaw(trustDomain spiffeid.TrustDomain, b []byte) (*Bundle, error) { certs, err := x509.ParseCertificates(b) if err != nil { - return nil, x509bundleErr.New("cannot parse certificate: %v", err) + return nil, wrapX509bundleErr(fmt.Errorf("cannot parse certificate: %v", err)) } for _, cert := range certs { bundle.AddX509Authority(cert) @@ -195,8 +193,12 @@ func (b *Bundle) Clone() *Bundle { // returned if the trust domain does not match that of the bundle. func (b *Bundle) GetX509BundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error) { if b.trustDomain != trustDomain { - return nil, x509bundleErr.New("no X.509 bundle found for trust domain: %q", trustDomain) + return nil, wrapX509bundleErr(fmt.Errorf("no X.509 bundle found for trust domain: %q", trustDomain)) } return b, nil } + +func wrapX509bundleErr(err error) error { + return fmt.Errorf("x509bundle: %w", err) +} diff --git a/v2/bundle/x509bundle/set.go b/v2/bundle/x509bundle/set.go index 522e24926..9a90d40e6 100644 --- a/v2/bundle/x509bundle/set.go +++ b/v2/bundle/x509bundle/set.go @@ -1,6 +1,7 @@ package x509bundle import ( + "fmt" "sort" "sync" @@ -98,7 +99,7 @@ func (s *Set) GetX509BundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bu bundle, ok := s.bundles[trustDomain] if !ok { - return nil, x509bundleErr.New("no X.509 bundle for trust domain %q", trustDomain) + return nil, wrapX509bundleErr(fmt.Errorf("no X.509 bundle for trust domain %q", trustDomain)) } return bundle, nil diff --git a/v2/federation/fetch.go b/v2/federation/fetch.go index 11349b0f2..505bf63c4 100644 --- a/v2/federation/fetch.go +++ b/v2/federation/fetch.go @@ -4,17 +4,16 @@ import ( "context" "crypto/tls" "crypto/x509" + "errors" + "fmt" "net/http" "github.com/spiffe/go-spiffe/v2/bundle/spiffebundle" "github.com/spiffe/go-spiffe/v2/bundle/x509bundle" "github.com/spiffe/go-spiffe/v2/spiffeid" "github.com/spiffe/go-spiffe/v2/spiffetls/tlsconfig" - "github.com/zeebo/errs" ) -var federationErr = errs.Class("federation") - // FetchOption is an option used when dialing the bundle endpoint. type FetchOption interface { apply(*fetchOptions) error @@ -32,7 +31,7 @@ type fetchOptions struct { func WithSPIFFEAuth(bundleSource x509bundle.Source, endpointID spiffeid.ID) FetchOption { return fetchOption(func(o *fetchOptions) error { if o.authMethod != authMethodDefault { - return federationErr.New("cannot use both SPIFFE and Web PKI authentication") + return wrapFederationErr(errors.New("cannot use both SPIFFE and Web PKI authentication")) } o.transport.TLSClientConfig = tlsconfig.TLSClientConfig(bundleSource, tlsconfig.AuthorizeID(endpointID)) o.authMethod = authMethodSPIFFE @@ -46,7 +45,7 @@ func WithSPIFFEAuth(bundleSource x509bundle.Source, endpointID spiffeid.ID) Fetc func WithWebPKIRoots(rootCAs *x509.CertPool) FetchOption { return fetchOption(func(o *fetchOptions) error { if o.authMethod != authMethodDefault { - return federationErr.New("cannot use both SPIFFE and Web PKI authentication") + return wrapFederationErr(errors.New("cannot use both SPIFFE and Web PKI authentication")) } o.transport.TLSClientConfig = &tls.Config{ RootCAs: rootCAs, @@ -73,22 +72,26 @@ func FetchBundle(ctx context.Context, trustDomain spiffeid.TrustDomain, url stri } request, err := http.NewRequestWithContext(ctx, http.MethodGet, url, http.NoBody) if err != nil { - return nil, federationErr.New("could not create request: %w", err) + return nil, wrapFederationErr(fmt.Errorf("could not create request: %w", err)) } response, err := client.Do(request) if err != nil { - return nil, federationErr.New("could not GET bundle: %w", err) + return nil, wrapFederationErr(fmt.Errorf("could not GET bundle: %w", err)) } defer response.Body.Close() bundle, err := spiffebundle.Read(trustDomain, response.Body) if err != nil { - return nil, federationErr.Wrap(err) + return nil, wrapFederationErr(err) } return bundle, nil } +func wrapFederationErr(err error) error { + return fmt.Errorf("federation: %w", err) +} + type fetchOption func(*fetchOptions) error func (fo fetchOption) apply(opts *fetchOptions) error { diff --git a/v2/federation/watch.go b/v2/federation/watch.go index 1afa18ef9..1c654ea3b 100644 --- a/v2/federation/watch.go +++ b/v2/federation/watch.go @@ -2,6 +2,7 @@ package federation import ( "context" + "errors" "time" "github.com/spiffe/go-spiffe/v2/bundle/spiffebundle" @@ -36,7 +37,7 @@ type BundleWatcher interface { // context is canceled, returning ctx.Err(). func WatchBundle(ctx context.Context, trustDomain spiffeid.TrustDomain, url string, watcher BundleWatcher, options ...FetchOption) error { if watcher == nil { - return federationErr.New("watcher cannot be nil") + return wrapFederationErr(errors.New("watcher cannot be nil")) } latestBundle := &spiffebundle.Bundle{} diff --git a/v2/go.mod b/v2/go.mod index 302b723a5..49d30204a 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -6,7 +6,6 @@ require ( github.com/Microsoft/go-winio v0.6.2 github.com/go-jose/go-jose/v4 v4.0.4 github.com/stretchr/testify v1.10.0 - github.com/zeebo/errs v1.4.0 google.golang.org/grpc v1.70.0 google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20 google.golang.org/protobuf v1.36.1 diff --git a/v2/go.sum b/v2/go.sum index db890fcdd..dfb14b3b0 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -23,8 +23,6 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/zeebo/errs v1.4.0 h1:XNdoD/RRMKP7HD0UhJnIzUy74ISdGGxURlYG8HSWSfM= -github.com/zeebo/errs v1.4.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U= go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M= diff --git a/v2/spiffetls/dial.go b/v2/spiffetls/dial.go index 1f0518366..fd8e41d7d 100644 --- a/v2/spiffetls/dial.go +++ b/v2/spiffetls/dial.go @@ -3,13 +3,14 @@ package spiffetls import ( "context" "crypto/tls" + "errors" + "fmt" "io" "net" "github.com/spiffe/go-spiffe/v2/spiffeid" "github.com/spiffe/go-spiffe/v2/spiffetls/tlsconfig" "github.com/spiffe/go-spiffe/v2/workloadapi" - "github.com/zeebo/errs" ) // Dial creates an mTLS connection using an X509-SVID obtained from the @@ -31,7 +32,7 @@ func DialWithMode(ctx context.Context, network, addr string, mode DialMode, opti if source == nil { source, err = workloadapi.NewX509Source(ctx, m.options...) if err != nil { - return nil, spiffetlsErr.New("cannot create X.509 source: %w", err) + return nil, wrapSpiffetlsErr(fmt.Errorf("cannot create X.509 source: %w", err)) } // Close source if there is a failure after this point defer func() { @@ -63,7 +64,7 @@ func DialWithMode(ctx context.Context, network, addr string, mode DialMode, opti case mtlsWebClientMode: tlsconfig.HookMTLSWebClientConfig(tlsConfig, m.svid, m.roots, opt.tlsOptions...) default: - return nil, spiffetlsErr.New("unknown client mode: %v", m.mode) + return nil, wrapSpiffetlsErr(fmt.Errorf("unknown client mode: %v", m.mode)) } var conn *tls.Conn @@ -73,7 +74,7 @@ func DialWithMode(ctx context.Context, network, addr string, mode DialMode, opti conn, err = tls.Dial(network, addr, tlsConfig) } if err != nil { - return nil, spiffetlsErr.New("unable to dial: %w", err) + return nil, wrapSpiffetlsErr(fmt.Errorf("unable to dial: %w", err)) } return &clientConn{ @@ -88,14 +89,14 @@ type clientConn struct { } func (c *clientConn) Close() error { - var group errs.Group + var group []error if c.sourceCloser != nil { - group.Add(c.sourceCloser.Close()) + group = append(group, c.sourceCloser.Close()) } if err := c.Conn.Close(); err != nil { - group.Add(spiffetlsErr.New("unable to close TLS connection: %w", err)) + group = append(group, wrapSpiffetlsErr(fmt.Errorf("unable to close TLS connection: %w", err))) } - return group.Err() + return errors.Join(group...) } // PeerID returns the peer SPIFFE ID on the connection. The handshake must have diff --git a/v2/spiffetls/listen.go b/v2/spiffetls/listen.go index 1edc961cc..149785ec4 100644 --- a/v2/spiffetls/listen.go +++ b/v2/spiffetls/listen.go @@ -3,13 +3,14 @@ package spiffetls import ( "context" "crypto/tls" + "errors" + "fmt" "io" "net" "github.com/spiffe/go-spiffe/v2/spiffeid" "github.com/spiffe/go-spiffe/v2/spiffetls/tlsconfig" "github.com/spiffe/go-spiffe/v2/workloadapi" - "github.com/zeebo/errs" ) // Listen creates an mTLS listener accepting connections on the given network @@ -63,7 +64,7 @@ func NewListenerWithMode(ctx context.Context, inner net.Listener, mode ListenMod if source == nil { source, err = workloadapi.NewX509Source(ctx, m.options...) if err != nil { - return nil, spiffetlsErr.New("cannot create X.509 source: %w", err) + return nil, wrapSpiffetlsErr(fmt.Errorf("cannot create X.509 source: %w", err)) } // Close source if there is a failure after this point defer func() { @@ -95,7 +96,7 @@ func NewListenerWithMode(ctx context.Context, inner net.Listener, mode ListenMod case mtlsWebServerMode: tlsconfig.HookMTLSWebServerConfig(tlsConfig, m.cert, m.bundle, m.authorizer) default: - return nil, spiffetlsErr.New("unknown server mode: %v", m.mode) + return nil, wrapSpiffetlsErr(fmt.Errorf("unknown server mode: %v", m.mode)) } return &listener{ @@ -118,7 +119,7 @@ func (l *listener) Accept() (net.Conn, error) { if !ok { // This is purely defensive. The TLS listeners return tls.Conn's by contract. conn.Close() - return nil, spiffetlsErr.New("unexpected conn type %T returned by TLS listener", conn) + return nil, wrapSpiffetlsErr(fmt.Errorf("unexpected conn type %T returned by TLS listener", conn)) } return &serverConn{Conn: tlsConn}, nil } @@ -128,14 +129,14 @@ func (l *listener) Addr() net.Addr { } func (l *listener) Close() error { - var group errs.Group + var group []error if l.sourceCloser != nil { - group.Add(l.sourceCloser.Close()) + group = append(group, l.sourceCloser.Close()) } if err := l.inner.Close(); err != nil { - group.Add(spiffetlsErr.New("unable to close TLS connection: %w", err)) + group = append(group, wrapSpiffetlsErr(fmt.Errorf("unable to close TLS connection: %w", err))) } - return group.Err() + return errors.Join(group...) } type serverConn struct { diff --git a/v2/spiffetls/option.go b/v2/spiffetls/option.go index 00e38d61a..f999b5b47 100644 --- a/v2/spiffetls/option.go +++ b/v2/spiffetls/option.go @@ -2,14 +2,12 @@ package spiffetls import ( "crypto/tls" + "fmt" "net" "github.com/spiffe/go-spiffe/v2/spiffetls/tlsconfig" - "github.com/zeebo/errs" ) -var spiffetlsErr = errs.Class("spiffetls") - // DialOption is an option for dialing. Option's are also DialOption's. type DialOption interface { apply(*dialConfig) @@ -82,3 +80,7 @@ func WithListenTLSOptions(opts ...tlsconfig.Option) ListenOption { c.tlsOptions = opts }) } + +func wrapSpiffetlsErr(err error) error { + return fmt.Errorf("spiffetls: %w", err) +} diff --git a/v2/spiffetls/peerid.go b/v2/spiffetls/peerid.go index 0c050d322..4f3ff52d1 100644 --- a/v2/spiffetls/peerid.go +++ b/v2/spiffetls/peerid.go @@ -2,6 +2,8 @@ package spiffetls import ( "crypto/tls" + "errors" + "fmt" "net" "github.com/spiffe/go-spiffe/v2/spiffeid" @@ -19,7 +21,7 @@ func PeerIDFromConn(conn net.Conn) (spiffeid.ID, error) { if getter, ok := conn.(PeerIDGetter); ok { return getter.PeerID() } - return spiffeid.ID{}, spiffetlsErr.New("connection does not expose peer ID") + return spiffeid.ID{}, wrapSpiffetlsErr(errors.New("connection does not expose peer ID")) } func PeerIDFromConnectionState(state tls.ConnectionState) (spiffeid.ID, error) { @@ -28,11 +30,11 @@ func PeerIDFromConnectionState(state tls.ConnectionState) (spiffeid.ID, error) { // sets VerifiedChains if it is the one to verify the chain of trust. The // SPIFFE ID must be extracted from the peer certificates. if len(state.PeerCertificates) == 0 { - return spiffeid.ID{}, spiffetlsErr.New("no peer certificates") + return spiffeid.ID{}, wrapSpiffetlsErr(errors.New("no peer certificates")) } id, err := x509svid.IDFromCert(state.PeerCertificates[0]) if err != nil { - return spiffeid.ID{}, spiffetlsErr.New("invalid peer certificate: %w", err) + return spiffeid.ID{}, wrapSpiffetlsErr(fmt.Errorf("invalid peer certificate: %w", err)) } return id, nil } diff --git a/v2/svid/jwtsvid/svid.go b/v2/svid/jwtsvid/svid.go index d46f80035..ce320ed20 100644 --- a/v2/svid/jwtsvid/svid.go +++ b/v2/svid/jwtsvid/svid.go @@ -1,13 +1,14 @@ package jwtsvid import ( + "errors" + "fmt" "time" "github.com/go-jose/go-jose/v4" "github.com/go-jose/go-jose/v4/jwt" "github.com/spiffe/go-spiffe/v2/bundle/jwtbundle" "github.com/spiffe/go-spiffe/v2/spiffeid" - "github.com/zeebo/errs" ) var ( @@ -22,8 +23,6 @@ var ( jose.PS384, jose.PS512, } - - jwtsvidErr = errs.Class("jwtsvid") ) // tokenValidator validates the token and returns the claims @@ -54,25 +53,25 @@ func ParseAndValidate(token string, bundles jwtbundle.Source, audience []string) // Obtain the key ID from the header keyID := tok.Headers[0].KeyID if keyID == "" { - return nil, jwtsvidErr.New("token header missing key id") + return nil, wrapJwtsvidErr(errors.New("token header missing key id")) } // Get JWT Bundle bundle, err := bundles.GetJWTBundleForTrustDomain(trustDomain) if err != nil { - return nil, jwtsvidErr.New("no bundle found for trust domain %q", trustDomain) + return nil, wrapJwtsvidErr(fmt.Errorf("no bundle found for trust domain %q", trustDomain)) } // Find JWT authority using the key ID from the token header authority, ok := bundle.FindJWTAuthority(keyID) if !ok { - return nil, jwtsvidErr.New("no JWT authority %q found for trust domain %q", keyID, trustDomain) + return nil, wrapJwtsvidErr(fmt.Errorf("no JWT authority %q found for trust domain %q", keyID, trustDomain)) } // Obtain and verify the token claims using the obtained JWT authority claimsMap := make(map[string]interface{}) if err := tok.Claims(authority, &claimsMap); err != nil { - return nil, jwtsvidErr.New("unable to get claims from token: %v", err) + return nil, wrapJwtsvidErr(fmt.Errorf("unable to get claims from token: %v", err)) } return claimsMap, nil @@ -86,7 +85,7 @@ func ParseInsecure(token string, audience []string) (*SVID, error) { // Obtain the token claims insecurely, i.e. without signature verification claimsMap := make(map[string]interface{}) if err := tok.UnsafeClaimsWithoutVerification(&claimsMap); err != nil { - return nil, jwtsvidErr.New("unable to get claims from token: %v", err) + return nil, wrapJwtsvidErr(fmt.Errorf("unable to get claims from token: %v", err)) } return claimsMap, nil @@ -103,26 +102,26 @@ func parse(token string, audience []string, getClaims tokenValidator) (*SVID, er // Parse serialized token tok, err := jwt.ParseSigned(token, allowedSignatureAlgorithms) if err != nil { - return nil, jwtsvidErr.New("unable to parse JWT token") + return nil, wrapJwtsvidErr(errors.New("unable to parse JWT token")) } // Parse out the unverified claims. We need to look up the key by the trust // domain of the SPIFFE ID. var claims jwt.Claims if err := tok.UnsafeClaimsWithoutVerification(&claims); err != nil { - return nil, jwtsvidErr.New("unable to get claims from token: %v", err) + return nil, wrapJwtsvidErr(fmt.Errorf("unable to get claims from token: %v", err)) } switch { case claims.Subject == "": - return nil, jwtsvidErr.New("token missing subject claim") + return nil, wrapJwtsvidErr(errors.New("token missing subject claim")) case claims.Expiry == nil: - return nil, jwtsvidErr.New("token missing exp claim") + return nil, wrapJwtsvidErr(errors.New("token missing exp claim")) } spiffeID, err := spiffeid.FromString(claims.Subject) if err != nil { - return nil, jwtsvidErr.New("token has an invalid subject claim: %v", err) + return nil, wrapJwtsvidErr(fmt.Errorf("token has an invalid subject claim: %v", err)) } // Create generic map of claims @@ -139,9 +138,9 @@ func parse(token string, audience []string, getClaims tokenValidator) (*SVID, er // Convert expected validation errors for pretty errors switch err { case jwt.ErrExpired: - err = jwtsvidErr.New("token has expired") + err = wrapJwtsvidErr(errors.New("token has expired")) case jwt.ErrInvalidAudience: - err = jwtsvidErr.New("expected audience in %q (audience=%q)", audience, claims.Audience) + err = wrapJwtsvidErr(fmt.Errorf("expected audience in %q (audience=%q)", audience, claims.Audience)) } return nil, err } @@ -154,3 +153,7 @@ func parse(token string, audience []string, getClaims tokenValidator) (*SVID, er token: token, }, nil } + +func wrapJwtsvidErr(err error) error { + return fmt.Errorf("jwtsvid: %w", err) +} diff --git a/v2/svid/x509svid/svid.go b/v2/svid/x509svid/svid.go index 7302f3a57..c2e234d77 100644 --- a/v2/svid/x509svid/svid.go +++ b/v2/svid/x509svid/svid.go @@ -7,12 +7,13 @@ import ( "crypto/ed25519" "crypto/rsa" "crypto/x509" + "errors" + "fmt" "os" "github.com/spiffe/go-spiffe/v2/internal/pemutil" "github.com/spiffe/go-spiffe/v2/internal/x509util" "github.com/spiffe/go-spiffe/v2/spiffeid" - "github.com/zeebo/errs" ) // SVID represents a SPIFFE X509-SVID. @@ -39,12 +40,12 @@ type SVID struct { func Load(certFile, keyFile string) (*SVID, error) { certBytes, err := os.ReadFile(certFile) if err != nil { - return nil, x509svidErr.New("cannot read certificate file: %w", err) + return nil, wrapX509svidErr(fmt.Errorf("cannot read certificate file: %w", err)) } keyBytes, err := os.ReadFile(keyFile) if err != nil { - return nil, x509svidErr.New("cannot read key file: %w", err) + return nil, wrapX509svidErr(fmt.Errorf("cannot read key file: %w", err)) } return Parse(certBytes, keyBytes) @@ -56,12 +57,12 @@ func Load(certFile, keyFile string) (*SVID, error) { func Parse(certBytes, keyBytes []byte) (*SVID, error) { certs, err := pemutil.ParseCertificates(certBytes) if err != nil { - return nil, x509svidErr.New("cannot parse PEM encoded certificate: %v", err) + return nil, wrapX509svidErr(fmt.Errorf("cannot parse PEM encoded certificate: %v", err)) } privateKey, err := pemutil.ParsePrivateKey(keyBytes) if err != nil { - return nil, x509svidErr.New("cannot parse PEM encoded private key: %v", err) + return nil, wrapX509svidErr(fmt.Errorf("cannot parse PEM encoded private key: %v", err)) } return newSVID(certs, privateKey) @@ -74,12 +75,12 @@ func Parse(certBytes, keyBytes []byte) (*SVID, error) { func ParseRaw(certBytes, keyBytes []byte) (*SVID, error) { certificates, err := x509.ParseCertificates(certBytes) if err != nil { - return nil, x509svidErr.New("cannot parse DER encoded certificate: %v", err) + return nil, wrapX509svidErr(fmt.Errorf("cannot parse DER encoded certificate: %v", err)) } privateKey, err := x509.ParsePKCS8PrivateKey(keyBytes) if err != nil { - return nil, x509svidErr.New("cannot parse DER encoded private key: %v", err) + return nil, wrapX509svidErr(fmt.Errorf("cannot parse DER encoded private key: %v", err)) } return newSVID(certificates, privateKey) @@ -89,12 +90,12 @@ func ParseRaw(certBytes, keyBytes []byte) (*SVID, error) { // and private key. func (s *SVID) Marshal() ([]byte, []byte, error) { if len(s.Certificates) == 0 { - return nil, nil, x509svidErr.New("no certificates to marshal") + return nil, nil, wrapX509svidErr(errors.New("no certificates to marshal")) } certBytes := pemutil.EncodeCertificates(s.Certificates) keyBytes, err := pemutil.EncodePKCS8PrivateKey(s.PrivateKey) if err != nil { - return nil, nil, x509svidErr.New("cannot encode private key: %v", err) + return nil, nil, wrapX509svidErr(fmt.Errorf("cannot encode private key: %v", err)) } return certBytes, keyBytes, nil @@ -106,11 +107,11 @@ func (s *SVID) Marshal() ([]byte, []byte, error) { func (s *SVID) MarshalRaw() ([]byte, []byte, error) { key, err := x509.MarshalPKCS8PrivateKey(s.PrivateKey) if err != nil { - return nil, nil, x509svidErr.New("cannot marshal private key: %v", err) + return nil, nil, wrapX509svidErr(fmt.Errorf("cannot marshal private key: %v", err)) } if len(s.Certificates) == 0 { - return nil, nil, x509svidErr.New("no certificates to marshal") + return nil, nil, wrapX509svidErr(errors.New("no certificates to marshal")) } certs := x509util.ConcatRawCertsFromCerts(s.Certificates) @@ -125,12 +126,12 @@ func (s *SVID) GetX509SVID() (*SVID, error) { func newSVID(certificates []*x509.Certificate, privateKey crypto.PrivateKey) (*SVID, error) { spiffeID, err := validateCertificates(certificates) if err != nil { - return nil, x509svidErr.New("certificate validation failed: %v", err) + return nil, wrapX509svidErr(fmt.Errorf("certificate validation failed: %v", err)) } signer, err := validatePrivateKey(privateKey, certificates[0]) if err != nil { - return nil, x509svidErr.New("private key validation failed: %v", err) + return nil, wrapX509svidErr(fmt.Errorf("private key validation failed: %v", err)) } return &SVID{ @@ -144,7 +145,7 @@ func newSVID(certificates []*x509.Certificate, privateKey crypto.PrivateKey) (*S // to the spiffe standard and returns the spiffe id of the leaf certificate func validateCertificates(certificates []*x509.Certificate) (*spiffeid.ID, error) { if len(certificates) == 0 { - return nil, errs.New("no certificates found") + return nil, errors.New("no certificates found") } leafID, err := validateLeafCertificate(certificates[0]) @@ -163,10 +164,10 @@ func validateCertificates(certificates []*x509.Certificate) (*spiffeid.ID, error func validateLeafCertificate(leaf *x509.Certificate) (*spiffeid.ID, error) { leafID, err := IDFromCert(leaf) if err != nil { - return nil, errs.New("cannot get leaf certificate SPIFFE ID: %v", err) + return nil, fmt.Errorf("cannot get leaf certificate SPIFFE ID: %v", err) } if leaf.IsCA { - return nil, errs.New("leaf certificate must not have CA flag set to true") + return nil, errors.New("leaf certificate must not have CA flag set to true") } err = validateKeyUsage(leaf) @@ -180,10 +181,10 @@ func validateLeafCertificate(leaf *x509.Certificate) (*spiffeid.ID, error) { func validateSigningCertificates(signingCerts []*x509.Certificate) error { for _, cert := range signingCerts { if !cert.IsCA { - return errs.New("signing certificate must have CA flag set to true") + return errors.New("signing certificate must have CA flag set to true") } if cert.KeyUsage&x509.KeyUsageCertSign == 0 { - return errs.New("signing certificate must have 'keyCertSign' set as key usage") + return errors.New("signing certificate must have 'keyCertSign' set as key usage") } } @@ -193,18 +194,18 @@ func validateSigningCertificates(signingCerts []*x509.Certificate) error { func validateKeyUsage(leaf *x509.Certificate) error { switch { case leaf.KeyUsage&x509.KeyUsageDigitalSignature == 0: - return errs.New("leaf certificate must have 'digitalSignature' set as key usage") + return errors.New("leaf certificate must have 'digitalSignature' set as key usage") case leaf.KeyUsage&x509.KeyUsageCertSign > 0: - return errs.New("leaf certificate must not have 'keyCertSign' set as key usage") + return errors.New("leaf certificate must not have 'keyCertSign' set as key usage") case leaf.KeyUsage&x509.KeyUsageCRLSign > 0: - return errs.New("leaf certificate must not have 'cRLSign' set as key usage") + return errors.New("leaf certificate must not have 'cRLSign' set as key usage") } return nil } func validatePrivateKey(privateKey crypto.PrivateKey, leaf *x509.Certificate) (crypto.Signer, error) { if privateKey == nil { - return nil, errs.New("no private key found") + return nil, errors.New("no private key found") } matched, err := keyMatches(privateKey, leaf.PublicKey) @@ -212,12 +213,12 @@ func validatePrivateKey(privateKey crypto.PrivateKey, leaf *x509.Certificate) (c return nil, err } if !matched { - return nil, errs.New("leaf certificate does not match private key") + return nil, errors.New("leaf certificate does not match private key") } signer, ok := privateKey.(crypto.Signer) if !ok { - return nil, errs.New("expected crypto.Signer; got %T", privateKey) + return nil, fmt.Errorf("expected crypto.Signer; got %T", privateKey) } return signer, nil @@ -235,7 +236,7 @@ func keyMatches(privateKey crypto.PrivateKey, publicKey crypto.PublicKey) (bool, ed25519PublicKey, ok := publicKey.(ed25519.PublicKey) return ok && bytes.Equal(privateKey.Public().(ed25519.PublicKey), ed25519PublicKey), nil default: - return false, errs.New("unsupported private key type %T", privateKey) + return false, fmt.Errorf("unsupported private key type %T", privateKey) } } diff --git a/v2/svid/x509svid/verify.go b/v2/svid/x509svid/verify.go index 681d2844a..178450166 100644 --- a/v2/svid/x509svid/verify.go +++ b/v2/svid/x509svid/verify.go @@ -2,16 +2,15 @@ package x509svid import ( "crypto/x509" + "errors" + "fmt" "time" "github.com/spiffe/go-spiffe/v2/bundle/x509bundle" "github.com/spiffe/go-spiffe/v2/internal/x509util" "github.com/spiffe/go-spiffe/v2/spiffeid" - "github.com/zeebo/errs" ) -var x509svidErr = errs.Class("x509svid") - // VerifyOption is an option used when verifying X509-SVIDs. type VerifyOption interface { apply(config *verifyConfig) @@ -36,29 +35,29 @@ func Verify(certs []*x509.Certificate, bundleSource x509bundle.Source, opts ...V switch { case len(certs) == 0: - return spiffeid.ID{}, nil, x509svidErr.New("empty certificates chain") + return spiffeid.ID{}, nil, wrapX509svidErr(errors.New("empty certificates chain")) case bundleSource == nil: - return spiffeid.ID{}, nil, x509svidErr.New("bundleSource is required") + return spiffeid.ID{}, nil, wrapX509svidErr(errors.New("bundleSource is required")) } leaf := certs[0] id, err := IDFromCert(leaf) if err != nil { - return spiffeid.ID{}, nil, x509svidErr.New("could not get leaf SPIFFE ID: %w", err) + return spiffeid.ID{}, nil, wrapX509svidErr(fmt.Errorf("could not get leaf SPIFFE ID: %w", err)) } switch { case leaf.IsCA: - return id, nil, x509svidErr.New("leaf certificate with CA flag set to true") + return id, nil, wrapX509svidErr(errors.New("leaf certificate with CA flag set to true")) case leaf.KeyUsage&x509.KeyUsageCertSign > 0: - return id, nil, x509svidErr.New("leaf certificate with KeyCertSign key usage") + return id, nil, wrapX509svidErr(errors.New("leaf certificate with KeyCertSign key usage")) case leaf.KeyUsage&x509.KeyUsageCRLSign > 0: - return id, nil, x509svidErr.New("leaf certificate with KeyCrlSign key usage") + return id, nil, wrapX509svidErr(errors.New("leaf certificate with KeyCrlSign key usage")) } bundle, err := bundleSource.GetX509BundleForTrustDomain(id.TrustDomain()) if err != nil { - return id, nil, x509svidErr.New("could not get X509 bundle: %w", err) + return id, nil, wrapX509svidErr(fmt.Errorf("could not get X509 bundle: %w", err)) } verifiedChains, err := leaf.Verify(x509.VerifyOptions{ @@ -68,7 +67,7 @@ func Verify(certs []*x509.Certificate, bundleSource x509bundle.Source, opts ...V CurrentTime: config.now, }) if err != nil { - return id, nil, x509svidErr.New("could not verify leaf certificate: %w", err) + return id, nil, wrapX509svidErr(fmt.Errorf("could not verify leaf certificate: %w", err)) } return id, verifiedChains, nil @@ -82,7 +81,7 @@ func ParseAndVerify(rawCerts [][]byte, bundleSource x509bundle.Source, opts ...V for _, rawCert := range rawCerts { cert, err := x509.ParseCertificate(rawCert) if err != nil { - return spiffeid.ID{}, nil, x509svidErr.New("unable to parse certificate: %w", err) + return spiffeid.ID{}, nil, wrapX509svidErr(fmt.Errorf("unable to parse certificate: %w", err)) } certs = append(certs, cert) } @@ -95,9 +94,9 @@ func ParseAndVerify(rawCerts [][]byte, bundleSource x509bundle.Source, opts ...V func IDFromCert(cert *x509.Certificate) (spiffeid.ID, error) { switch { case len(cert.URIs) == 0: - return spiffeid.ID{}, errs.New("certificate contains no URI SAN") + return spiffeid.ID{}, errors.New("certificate contains no URI SAN") case len(cert.URIs) > 1: - return spiffeid.ID{}, errs.New("certificate contains more than one URI SAN") + return spiffeid.ID{}, errors.New("certificate contains more than one URI SAN") } return spiffeid.FromURI(cert.URIs[0]) } @@ -111,3 +110,7 @@ type verifyOption func(config *verifyConfig) func (fn verifyOption) apply(config *verifyConfig) { fn(config) } + +func wrapX509svidErr(err error) error { + return fmt.Errorf("x509svid: %w", err) +} diff --git a/v2/workloadapi/bundlesource.go b/v2/workloadapi/bundlesource.go index 2a253efc7..81c7de5cb 100644 --- a/v2/workloadapi/bundlesource.go +++ b/v2/workloadapi/bundlesource.go @@ -4,17 +4,16 @@ import ( "context" "crypto" "crypto/x509" + "errors" + "fmt" "sync" "github.com/spiffe/go-spiffe/v2/bundle/jwtbundle" "github.com/spiffe/go-spiffe/v2/bundle/spiffebundle" "github.com/spiffe/go-spiffe/v2/bundle/x509bundle" "github.com/spiffe/go-spiffe/v2/spiffeid" - "github.com/zeebo/errs" ) -var bundlesourceErr = errs.Class("bundlesource") - // BundleSource is a source of SPIFFE bundles maintained via the Workload API. type BundleSource struct { watcher *watcher @@ -73,7 +72,7 @@ func (s *BundleSource) GetBundleForTrustDomain(trustDomain spiffeid.TrustDomain) x509Authorities, hasX509Authorities := s.x509Authorities[trustDomain] jwtAuthorities, hasJWTAuthorities := s.jwtAuthorities[trustDomain] if !hasX509Authorities && !hasJWTAuthorities { - return nil, bundlesourceErr.New("no SPIFFE bundle for trust domain %q", trustDomain) + return nil, wrapBundlesourceErr(fmt.Errorf("no SPIFFE bundle for trust domain %q", trustDomain)) } bundle := spiffebundle.New(trustDomain) if hasX509Authorities { @@ -96,7 +95,7 @@ func (s *BundleSource) GetX509BundleForTrustDomain(trustDomain spiffeid.TrustDom x509Authorities, hasX509Authorities := s.x509Authorities[trustDomain] if !hasX509Authorities { - return nil, bundlesourceErr.New("no X.509 bundle for trust domain %q", trustDomain) + return nil, wrapBundlesourceErr(fmt.Errorf("no X.509 bundle for trust domain %q", trustDomain)) } return x509bundle.FromX509Authorities(trustDomain, x509Authorities), nil } @@ -112,7 +111,7 @@ func (s *BundleSource) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDoma jwtAuthorities, hasJWTAuthorities := s.jwtAuthorities[trustDomain] if !hasJWTAuthorities { - return nil, bundlesourceErr.New("no JWT bundle for trust domain %q", trustDomain) + return nil, wrapBundlesourceErr(fmt.Errorf("no JWT bundle for trust domain %q", trustDomain)) } return jwtbundle.FromJWTAuthorities(trustDomain, jwtAuthorities), nil } @@ -182,7 +181,11 @@ func (s *BundleSource) checkClosed() error { s.closeMtx.RLock() defer s.closeMtx.RUnlock() if s.closed { - return bundlesourceErr.New("source is closed") + return wrapBundlesourceErr(errors.New("source is closed")) } return nil } + +func wrapBundlesourceErr(err error) error { + return fmt.Errorf("bundlesource: %w", err) +} diff --git a/v2/workloadapi/jwtsource.go b/v2/workloadapi/jwtsource.go index 112235390..247f5cc6f 100644 --- a/v2/workloadapi/jwtsource.go +++ b/v2/workloadapi/jwtsource.go @@ -2,16 +2,15 @@ package workloadapi import ( "context" + "errors" + "fmt" "sync" "github.com/spiffe/go-spiffe/v2/bundle/jwtbundle" "github.com/spiffe/go-spiffe/v2/spiffeid" "github.com/spiffe/go-spiffe/v2/svid/jwtsvid" - "github.com/zeebo/errs" ) -var jwtsourceErr = errs.Class("jwtsource") - // JWTSource is a source of JWT-SVID and JWT bundles maintained via the // Workload API. type JWTSource struct { @@ -121,7 +120,11 @@ func (s *JWTSource) checkClosed() error { s.closeMtx.RLock() defer s.closeMtx.RUnlock() if s.closed { - return jwtsourceErr.New("source is closed") + return wrapJwtsourceErr(errors.New("source is closed")) } return nil } + +func wrapJwtsourceErr(err error) error { + return fmt.Errorf("jwtsource: %w", err) +} diff --git a/v2/workloadapi/watcher.go b/v2/workloadapi/watcher.go index a105a60d7..f72e03b2d 100644 --- a/v2/workloadapi/watcher.go +++ b/v2/workloadapi/watcher.go @@ -2,11 +2,11 @@ package workloadapi import ( "context" + "errors" "sync" "github.com/spiffe/go-spiffe/v2/bundle/jwtbundle" "github.com/spiffe/go-spiffe/v2/svid/jwtsvid" - "github.com/zeebo/errs" ) type sourceClient interface { @@ -58,7 +58,7 @@ func newWatcher(ctx context.Context, config watcherConfig, x509ContextFn func(*X // If this function fails, we need to clean up the source. defer func() { if err != nil { - err = errs.Combine(err, w.Close()) + err = errors.Join(err, w.Close()) } }() diff --git a/v2/workloadapi/x509source.go b/v2/workloadapi/x509source.go index 28287f68e..2a942a96e 100644 --- a/v2/workloadapi/x509source.go +++ b/v2/workloadapi/x509source.go @@ -2,16 +2,15 @@ package workloadapi import ( "context" + "errors" + "fmt" "sync" "github.com/spiffe/go-spiffe/v2/bundle/x509bundle" "github.com/spiffe/go-spiffe/v2/spiffeid" "github.com/spiffe/go-spiffe/v2/svid/x509svid" - "github.com/zeebo/errs" ) -var x509sourceErr = errs.Class("x509source") - // X509Source is a source of X509-SVIDs and X.509 bundles maintained via the // Workload API. type X509Source struct { @@ -74,7 +73,7 @@ func (s *X509Source) GetX509SVID() (*x509svid.SVID, error) { // This is a defensive check and should be unreachable since the source // waits for the initial Workload API update before returning from // New(). - return nil, x509sourceErr.New("missing X509-SVID") + return nil, wrapX509sourceErr(errors.New("missing X509-SVID")) } return svid, nil } @@ -118,7 +117,11 @@ func (s *X509Source) checkClosed() error { s.closeMtx.RLock() defer s.closeMtx.RUnlock() if s.closed { - return x509sourceErr.New("source is closed") + return wrapX509sourceErr(errors.New("source is closed")) } return nil } + +func wrapX509sourceErr(err error) error { + return fmt.Errorf("x509source: %w", err) +} From edb3ebf966962afe246522dd9a7de3ef913984a7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 3 Apr 2025 12:20:43 -0600 Subject: [PATCH 02/18] Bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in /v2 (#330) Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.0.4 to 4.0.5. - [Release notes](https://github.com/go-jose/go-jose/releases) - [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md) - [Commits](https://github.com/go-jose/go-jose/compare/v4.0.4...v4.0.5) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrew Harding --- v2/go.mod | 6 +++--- v2/go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/v2/go.mod b/v2/go.mod index 49d30204a..3aa0c8ace 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -4,7 +4,7 @@ go 1.22.11 require ( github.com/Microsoft/go-winio v0.6.2 - github.com/go-jose/go-jose/v4 v4.0.4 + github.com/go-jose/go-jose/v4 v4.0.5 github.com/stretchr/testify v1.10.0 google.golang.org/grpc v1.70.0 google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20 @@ -15,9 +15,9 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/kr/pretty v0.1.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - golang.org/x/crypto v0.31.0 // indirect + golang.org/x/crypto v0.32.0 // indirect golang.org/x/net v0.33.0 // indirect - golang.org/x/sys v0.28.0 // indirect + golang.org/x/sys v0.29.0 // indirect golang.org/x/text v0.21.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20241202173237-19429a94021a // indirect gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect diff --git a/v2/go.sum b/v2/go.sum index dfb14b3b0..5d168ffab 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -2,8 +2,8 @@ github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERo github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= -github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= +github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE= +github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= @@ -33,12 +33,12 @@ go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiy go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ= go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= -golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= -golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= google.golang.org/genproto/googleapis/rpc v0.0.0-20241202173237-19429a94021a h1:hgh8P4EuoxpsuKMXX/To36nOFD7vixReXgn8lPGnt+o= From 4a740a1748f4f57e449222ef587a4713d34f001b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 3 Apr 2025 12:30:10 -0600 Subject: [PATCH 03/18] Bump google.golang.org/protobuf from 1.36.1 to 1.36.6 in /v2 (#333) Bumps google.golang.org/protobuf from 1.36.1 to 1.36.6. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- v2/go.mod | 3 +-- v2/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/v2/go.mod b/v2/go.mod index 3aa0c8ace..e963c4471 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -1,14 +1,13 @@ module github.com/spiffe/go-spiffe/v2 go 1.22.11 - require ( github.com/Microsoft/go-winio v0.6.2 github.com/go-jose/go-jose/v4 v4.0.5 github.com/stretchr/testify v1.10.0 google.golang.org/grpc v1.70.0 google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20 - google.golang.org/protobuf v1.36.1 + google.golang.org/protobuf v1.36.6 ) require ( diff --git a/v2/go.sum b/v2/go.sum index 5d168ffab..dad59bfec 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -47,8 +47,8 @@ google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ= google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw= google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20 h1:MLBCGN1O7GzIx+cBiwfYPwtmZ41U3Mn/cotLJciaArI= google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20/go.mod h1:Nr5H8+MlGWr5+xX/STzdoEqJrO+YteqFbMyCsrb6mH0= -google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= -google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= +google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 9df97cf13cdd6164426e4e94d422a0465e7e75b9 Mon Sep 17 00:00:00 2001 From: Andrew Harding Date: Mon, 7 Apr 2025 08:37:37 -0600 Subject: [PATCH 04/18] Bump go to 1.23 and update tools (#335) * bump go to 1.23 and update tools Signed-off-by: Andrew Harding --- Makefile | 8 +- v2/.golangci.yml | 69 ++- v2/federation/handler_test.go | 4 +- v2/go.mod | 17 +- v2/go.sum | 50 +- v2/proto/spiffe/workload/workload.pb.go | 525 ++++++------------- v2/proto/spiffe/workload/workload_grpc.pb.go | 192 +++---- v2/spiffetls/dial.go | 2 +- v2/spiffetls/examples_test.go | 4 +- v2/spiffetls/listen.go | 2 +- 10 files changed, 304 insertions(+), 569 deletions(-) diff --git a/Makefile b/Makefile index 41bb4fe00..d9c747e40 100644 --- a/Makefile +++ b/Makefile @@ -51,9 +51,11 @@ endif build_dir := ${CURDIR}/.build/$(os1)-$(arch1) -protoc_version = 3.14.0 +protoc_version = 30.2 ifeq ($(os1),windows) protoc_url = https://github.com/protocolbuffers/protobuf/releases/download/v$(protoc_version)/protoc-$(protoc_version)-win64.zip +else ifeq ($(arch1),arm64) +protoc_url = https://github.com/protocolbuffers/protobuf/releases/download/v$(protoc_version)/protoc-$(protoc_version)-$(os2)-aarch_64.zip else ifeq ($(arch1),aarch64) protoc_url = https://github.com/protocolbuffers/protobuf/releases/download/v$(protoc_version)/protoc-$(protoc_version)-$(os2)-aarch_64.zip else @@ -67,12 +69,12 @@ protoc_gen_go_base_dir := $(build_dir)/protoc-gen-go protoc_gen_go_dir := $(protoc_gen_go_base_dir)/$(protoc_gen_go_version)-go$(go_version) protoc_gen_go_bin := $(protoc_gen_go_dir)/protoc-gen-go -protoc_gen_go_grpc_version := v1.0.1 +protoc_gen_go_grpc_version := v1.5.1 protoc_gen_go_grpc_base_dir := $(build_dir)/protoc-gen-go-grpc protoc_gen_go_grpc_dir := $(protoc_gen_go_grpc_base_dir)/$(protoc_gen_go_grpc_version)-go$(go_version) protoc_gen_go_grpc_bin := $(protoc_gen_go_grpc_dir)/protoc-gen-go-grpc -golangci_lint_version = v1.63.4 +golangci_lint_version = v2.0.2 golangci_lint_dir = $(build_dir)/golangci_lint/$(golangci_lint_version) golangci_lint_bin = $(golangci_lint_dir)/golangci-lint diff --git a/v2/.golangci.yml b/v2/.golangci.yml index b80a116ca..a592d5fa3 100644 --- a/v2/.golangci.yml +++ b/v2/.golangci.yml @@ -1,45 +1,44 @@ -run: - # timeout for analysis, e.g. 30s, 5m, default is 1m - deadline: 10m - +version: "2" linters: enable: - bodyclose - - goimports - - revive + - copyloopvar + - gocritic - gosec - misspell - nakedret - - copyloopvar + - revive - unconvert - unparam - whitespace - - gocritic - -issues: - # include examples - exclude-dirs-use-default: false - - exclude-dirs: - - testdata$ - - test/mock - - exclude-files: - - ".*\\.pb\\.go" - - exclude-rules: - # exclude some lints from examples test files - - path: examples_test.go - linters: - - staticcheck - - ineffassign - - govet - -linters-settings: - golint: - # minimal confidence for issues, default is 0.8 - min-confidence: 0.0 - revive: + settings: + revive: + rules: + - name: unused-parameter + disabled: true + exclusions: + generated: lax + presets: + - comments + - common-false-positives + - legacy + - std-error-handling rules: - - name: unused-parameter - disabled: true # It's useful to name parameters in library code for better readability + - linters: + - govet + - ineffassign + - staticcheck + path: examples_test.go + paths: + - .*\.pb\.go + - testdata$ + - test/mock +formatters: + enable: + - goimports + exclusions: + generated: lax + paths: + - .*\.pb\.go + - testdata$ + - test/mock diff --git a/v2/federation/handler_test.go b/v2/federation/handler_test.go index cd7d4f863..ac32bbebb 100644 --- a/v2/federation/handler_test.go +++ b/v2/federation/handler_test.go @@ -128,8 +128,8 @@ func TestHandler(t *testing.T) { actual, err := io.ReadAll(res.Body) require.NoError(t, err) - switch { - case res.StatusCode == http.StatusOK: + switch res.StatusCode { + case http.StatusOK: require.Equal(t, []string{"application/json"}, res.Header["Content-Type"]) require.JSONEq(t, testCase.response, string(actual)) default: diff --git a/v2/go.mod b/v2/go.mod index e963c4471..0ec094f43 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -1,12 +1,13 @@ module github.com/spiffe/go-spiffe/v2 -go 1.22.11 +go 1.23.0 + require ( github.com/Microsoft/go-winio v0.6.2 github.com/go-jose/go-jose/v4 v4.0.5 github.com/stretchr/testify v1.10.0 - google.golang.org/grpc v1.70.0 - google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20 + google.golang.org/grpc v1.71.1 + google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6 google.golang.org/protobuf v1.36.6 ) @@ -14,11 +15,11 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/kr/pretty v0.1.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - golang.org/x/crypto v0.32.0 // indirect - golang.org/x/net v0.33.0 // indirect - golang.org/x/sys v0.29.0 // indirect - golang.org/x/text v0.21.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241202173237-19429a94021a // indirect + golang.org/x/crypto v0.37.0 // indirect + golang.org/x/net v0.38.0 // indirect + golang.org/x/sys v0.32.0 // indirect + golang.org/x/text v0.24.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250404141209-ee84b53bf3d0 // indirect gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/v2/go.sum b/v2/go.sum index dad59bfec..5b5463a68 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -23,30 +23,32 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U= -go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= -go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M= -go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= -go.opentelemetry.io/otel/sdk v1.32.0 h1:RNxepc9vK59A8XsgZQouW8ue8Gkb4jpWtJm9ge5lEG4= -go.opentelemetry.io/otel/sdk v1.32.0/go.mod h1:LqgegDBjKMmb2GC6/PrTnteJG39I8/vJCAP9LlJXEjU= -go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU= -go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ= -go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= -go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= -golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= -golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= -golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= -golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= -golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= -golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= -golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241202173237-19429a94021a h1:hgh8P4EuoxpsuKMXX/To36nOFD7vixReXgn8lPGnt+o= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241202173237-19429a94021a/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= -google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ= -google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw= -google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20 h1:MLBCGN1O7GzIx+cBiwfYPwtmZ41U3Mn/cotLJciaArI= -google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20/go.mod h1:Nr5H8+MlGWr5+xX/STzdoEqJrO+YteqFbMyCsrb6mH0= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ= +go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y= +go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M= +go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE= +go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY= +go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg= +go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o= +go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w= +go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs= +go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc= +golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE= +golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc= +golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= +golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20= +golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0= +golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250404141209-ee84b53bf3d0 h1:0K7wTWyzxZ7J+L47+LbFogJW1nn/gnnMCN0vGXNYtTI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250404141209-ee84b53bf3d0/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/grpc v1.71.1 h1:ffsFWr7ygTUscGPI0KKK6TLrGz0476KUvvsbqWK0rPI= +google.golang.org/grpc v1.71.1/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec= +google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6 h1:ExN12ndbJ608cboPYflpTny6mXSzPrDLh0iTaVrRrds= +google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6/go.mod h1:6ytKWczdvnpnO+m+JiG9NjEDzR1FJfsnmJdG7B8QVZ8= google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/v2/proto/spiffe/workload/workload.pb.go b/v2/proto/spiffe/workload/workload.pb.go index d5fd87acf..46f425119 100644 --- a/v2/proto/spiffe/workload/workload.pb.go +++ b/v2/proto/spiffe/workload/workload.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.14.0 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: workload.proto package workload @@ -12,6 +12,7 @@ import ( structpb "google.golang.org/protobuf/types/known/structpb" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -24,18 +25,16 @@ const ( // The X509SVIDRequest message conveys parameters for requesting an X.509-SVID. // There are currently no request parameters. type X509SVIDRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *X509SVIDRequest) Reset() { *x = X509SVIDRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *X509SVIDRequest) String() string { @@ -46,7 +45,7 @@ func (*X509SVIDRequest) ProtoMessage() {} func (x *X509SVIDRequest) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -65,10 +64,7 @@ func (*X509SVIDRequest) Descriptor() ([]byte, []int) { // including a set of global CRLs and a list of bundles the workload may use // for federating with foreign trust domains. type X509SVIDResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. A list of X509SVID messages, each of which includes a single // X.509-SVID, its private key, and the bundle for the trust domain. Svids []*X509SVID `protobuf:"bytes,1,rep,name=svids,proto3" json:"svids,omitempty"` @@ -77,16 +73,16 @@ type X509SVIDResponse struct { // Optional. CA certificate bundles belonging to foreign trust domains that // the workload should trust, keyed by the SPIFFE ID of the foreign trust // domain. Bundles are ASN.1 DER encoded. - FederatedBundles map[string][]byte `protobuf:"bytes,3,rep,name=federated_bundles,json=federatedBundles,proto3" json:"federated_bundles,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + FederatedBundles map[string][]byte `protobuf:"bytes,3,rep,name=federated_bundles,json=federatedBundles,proto3" json:"federated_bundles,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *X509SVIDResponse) Reset() { *x = X509SVIDResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *X509SVIDResponse) String() string { @@ -97,7 +93,7 @@ func (*X509SVIDResponse) ProtoMessage() {} func (x *X509SVIDResponse) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -136,10 +132,7 @@ func (x *X509SVIDResponse) GetFederatedBundles() map[string][]byte { // The X509SVID message carries a single SVID and all associated information, // including the X.509 bundle for the trust domain. type X509SVID struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The SPIFFE ID of the SVID in this entry SpiffeId string `protobuf:"bytes,1,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"` // Required. ASN.1 DER encoded certificate chain. MAY include @@ -153,16 +146,16 @@ type X509SVID struct { // identity should be used by a workload when more than one SVID is returned. // For example, `internal` and `external` to indicate an SVID for internal or // external use, respectively. - Hint string `protobuf:"bytes,5,opt,name=hint,proto3" json:"hint,omitempty"` + Hint string `protobuf:"bytes,5,opt,name=hint,proto3" json:"hint,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *X509SVID) Reset() { *x = X509SVID{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *X509SVID) String() string { @@ -173,7 +166,7 @@ func (*X509SVID) ProtoMessage() {} func (x *X509SVID) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -226,18 +219,16 @@ func (x *X509SVID) GetHint() string { // The X509BundlesRequest message conveys parameters for requesting X.509 // bundles. There are currently no such parameters. type X509BundlesRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *X509BundlesRequest) Reset() { *x = X509BundlesRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *X509BundlesRequest) String() string { @@ -248,7 +239,7 @@ func (*X509BundlesRequest) ProtoMessage() {} func (x *X509BundlesRequest) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -266,25 +257,22 @@ func (*X509BundlesRequest) Descriptor() ([]byte, []int) { // The X509BundlesResponse message carries a set of global CRLs and a map of // trust bundles the workload should trust. type X509BundlesResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Optional. ASN.1 DER encoded certificate revocation lists. Crl [][]byte `protobuf:"bytes,1,rep,name=crl,proto3" json:"crl,omitempty"` // Required. CA certificate bundles belonging to trust domains that the // workload should trust, keyed by the SPIFFE ID of the trust domain. // Bundles are ASN.1 DER encoded. - Bundles map[string][]byte `protobuf:"bytes,2,rep,name=bundles,proto3" json:"bundles,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Bundles map[string][]byte `protobuf:"bytes,2,rep,name=bundles,proto3" json:"bundles,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *X509BundlesResponse) Reset() { *x = X509BundlesResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *X509BundlesResponse) String() string { @@ -295,7 +283,7 @@ func (*X509BundlesResponse) ProtoMessage() {} func (x *X509BundlesResponse) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -325,24 +313,21 @@ func (x *X509BundlesResponse) GetBundles() map[string][]byte { } type JWTSVIDRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The audience(s) the workload intends to authenticate against. Audience []string `protobuf:"bytes,1,rep,name=audience,proto3" json:"audience,omitempty"` // Optional. The requested SPIFFE ID for the JWT-SVID. If unset, all // JWT-SVIDs to which the workload is entitled are requested. - SpiffeId string `protobuf:"bytes,2,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"` + SpiffeId string `protobuf:"bytes,2,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *JWTSVIDRequest) Reset() { *x = JWTSVIDRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *JWTSVIDRequest) String() string { @@ -353,7 +338,7 @@ func (*JWTSVIDRequest) ProtoMessage() {} func (x *JWTSVIDRequest) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -384,21 +369,18 @@ func (x *JWTSVIDRequest) GetSpiffeId() string { // The JWTSVIDResponse message conveys JWT-SVIDs. type JWTSVIDResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The list of returned JWT-SVIDs. - Svids []*JWTSVID `protobuf:"bytes,1,rep,name=svids,proto3" json:"svids,omitempty"` + Svids []*JWTSVID `protobuf:"bytes,1,rep,name=svids,proto3" json:"svids,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *JWTSVIDResponse) Reset() { *x = JWTSVIDResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *JWTSVIDResponse) String() string { @@ -409,7 +391,7 @@ func (*JWTSVIDResponse) ProtoMessage() {} func (x *JWTSVIDResponse) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -433,10 +415,7 @@ func (x *JWTSVIDResponse) GetSvids() []*JWTSVID { // The JWTSVID message carries the JWT-SVID token and associated metadata. type JWTSVID struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The SPIFFE ID of the JWT-SVID. SpiffeId string `protobuf:"bytes,1,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"` // Required. Encoded JWT using JWS Compact Serialization. @@ -445,16 +424,16 @@ type JWTSVID struct { // identity should be used by a workload when more than one SVID is returned. // For example, `internal` and `external` to indicate an SVID for internal or // external use, respectively. - Hint string `protobuf:"bytes,3,opt,name=hint,proto3" json:"hint,omitempty"` + Hint string `protobuf:"bytes,3,opt,name=hint,proto3" json:"hint,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *JWTSVID) Reset() { *x = JWTSVID{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *JWTSVID) String() string { @@ -465,7 +444,7 @@ func (*JWTSVID) ProtoMessage() {} func (x *JWTSVID) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -504,18 +483,16 @@ func (x *JWTSVID) GetHint() string { // The JWTBundlesRequest message conveys parameters for requesting JWT bundles. // There are currently no such parameters. type JWTBundlesRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *JWTBundlesRequest) Reset() { *x = JWTBundlesRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *JWTBundlesRequest) String() string { @@ -526,7 +503,7 @@ func (*JWTBundlesRequest) ProtoMessage() {} func (x *JWTBundlesRequest) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -543,22 +520,19 @@ func (*JWTBundlesRequest) Descriptor() ([]byte, []int) { // The JWTBundlesReponse conveys JWT bundles. type JWTBundlesResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. JWK encoded JWT bundles, keyed by the SPIFFE ID of the trust // domain. - Bundles map[string][]byte `protobuf:"bytes,1,rep,name=bundles,proto3" json:"bundles,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Bundles map[string][]byte `protobuf:"bytes,1,rep,name=bundles,proto3" json:"bundles,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *JWTBundlesResponse) Reset() { *x = JWTBundlesResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *JWTBundlesResponse) String() string { @@ -569,7 +543,7 @@ func (*JWTBundlesResponse) ProtoMessage() {} func (x *JWTBundlesResponse) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -594,26 +568,23 @@ func (x *JWTBundlesResponse) GetBundles() map[string][]byte { // The ValidateJWTSVIDRequest message conveys request parameters for // JWT-SVID validation. type ValidateJWTSVIDRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The audience of the validating party. The JWT-SVID must // contain an audience claim which contains this value in order to // succesfully validate. Audience string `protobuf:"bytes,1,opt,name=audience,proto3" json:"audience,omitempty"` // Required. The JWT-SVID to validate, encoded using JWS Compact // Serialization. - Svid string `protobuf:"bytes,2,opt,name=svid,proto3" json:"svid,omitempty"` + Svid string `protobuf:"bytes,2,opt,name=svid,proto3" json:"svid,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *ValidateJWTSVIDRequest) Reset() { *x = ValidateJWTSVIDRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ValidateJWTSVIDRequest) String() string { @@ -624,7 +595,7 @@ func (*ValidateJWTSVIDRequest) ProtoMessage() {} func (x *ValidateJWTSVIDRequest) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -655,24 +626,21 @@ func (x *ValidateJWTSVIDRequest) GetSvid() string { // The ValidateJWTSVIDReponse message conveys the JWT-SVID validation results. type ValidateJWTSVIDResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The SPIFFE ID of the validated JWT-SVID. SpiffeId string `protobuf:"bytes,1,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"` // Optional. Arbitrary claims contained within the payload of the validated // JWT-SVID. - Claims *structpb.Struct `protobuf:"bytes,2,opt,name=claims,proto3" json:"claims,omitempty"` + Claims *structpb.Struct `protobuf:"bytes,2,opt,name=claims,proto3" json:"claims,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *ValidateJWTSVIDResponse) Reset() { *x = ValidateJWTSVIDResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_workload_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_workload_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ValidateJWTSVIDResponse) String() string { @@ -683,7 +651,7 @@ func (*ValidateJWTSVIDResponse) ProtoMessage() {} func (x *ValidateJWTSVIDResponse) ProtoReflect() protoreflect.Message { mi := &file_workload_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -714,122 +682,72 @@ func (x *ValidateJWTSVIDResponse) GetClaims() *structpb.Struct { var File_workload_proto protoreflect.FileDescriptor -var file_workload_proto_rawDesc = []byte{ - 0x0a, 0x0e, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x11, - 0x0a, 0x0f, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x22, 0xe0, 0x01, 0x0a, 0x10, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1f, 0x0a, 0x05, 0x73, 0x76, 0x69, 0x64, 0x73, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, - 0x52, 0x05, 0x73, 0x76, 0x69, 0x64, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x72, 0x6c, 0x18, 0x02, - 0x20, 0x03, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x72, 0x6c, 0x12, 0x54, 0x0a, 0x11, 0x66, 0x65, 0x64, - 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x46, 0x65, 0x64, 0x65, 0x72, 0x61, 0x74, 0x65, - 0x64, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x10, 0x66, - 0x65, 0x64, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x1a, - 0x43, 0x0a, 0x15, 0x46, 0x65, 0x64, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x42, 0x75, 0x6e, 0x64, - 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x3a, 0x02, 0x38, 0x01, 0x22, 0x94, 0x01, 0x0a, 0x08, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, - 0x44, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49, 0x64, 0x12, 0x1b, - 0x0a, 0x09, 0x78, 0x35, 0x30, 0x39, 0x5f, 0x73, 0x76, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x08, 0x78, 0x35, 0x30, 0x39, 0x53, 0x76, 0x69, 0x64, 0x12, 0x22, 0x0a, 0x0d, 0x78, - 0x35, 0x30, 0x39, 0x5f, 0x73, 0x76, 0x69, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0c, 0x52, 0x0b, 0x78, 0x35, 0x30, 0x39, 0x53, 0x76, 0x69, 0x64, 0x4b, 0x65, 0x79, 0x12, - 0x16, 0x0a, 0x06, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, - 0x06, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x69, 0x6e, 0x74, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x69, 0x6e, 0x74, 0x22, 0x14, 0x0a, 0x12, 0x58, - 0x35, 0x30, 0x39, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x22, 0xa0, 0x01, 0x0a, 0x13, 0x58, 0x35, 0x30, 0x39, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, - 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x72, 0x6c, - 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x72, 0x6c, 0x12, 0x3b, 0x0a, 0x07, 0x62, - 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x58, - 0x35, 0x30, 0x39, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x2e, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x07, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x1a, 0x3a, 0x0a, 0x0c, 0x42, 0x75, 0x6e, 0x64, - 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x3a, 0x02, 0x38, 0x01, 0x22, 0x49, 0x0a, 0x0e, 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x61, 0x75, 0x64, 0x69, 0x65, 0x6e, - 0x63, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x61, 0x75, 0x64, 0x69, 0x65, 0x6e, - 0x63, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x5f, 0x69, 0x64, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49, 0x64, 0x22, - 0x31, 0x0a, 0x0f, 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x1e, 0x0a, 0x05, 0x73, 0x76, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x08, 0x2e, 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x52, 0x05, 0x73, 0x76, 0x69, - 0x64, 0x73, 0x22, 0x4e, 0x0a, 0x07, 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x12, 0x1b, 0x0a, - 0x09, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x76, - 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x73, 0x76, 0x69, 0x64, 0x12, 0x12, - 0x0a, 0x04, 0x68, 0x69, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x69, - 0x6e, 0x74, 0x22, 0x13, 0x0a, 0x11, 0x4a, 0x57, 0x54, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x8c, 0x01, 0x0a, 0x12, 0x4a, 0x57, 0x54, 0x42, - 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3a, - 0x0a, 0x07, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x20, 0x2e, 0x4a, 0x57, 0x54, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x07, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x1a, 0x3a, 0x0a, 0x0c, 0x42, 0x75, - 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, - 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x48, 0x0a, 0x16, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, - 0x74, 0x65, 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x12, 0x1a, 0x0a, 0x08, 0x61, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x08, 0x61, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, - 0x73, 0x76, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x73, 0x76, 0x69, 0x64, - 0x22, 0x67, 0x0a, 0x17, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x53, - 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x73, - 0x70, 0x69, 0x66, 0x66, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, - 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49, 0x64, 0x12, 0x2f, 0x0a, 0x06, 0x63, 0x6c, 0x61, 0x69, - 0x6d, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, - 0x74, 0x52, 0x06, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x32, 0xc3, 0x02, 0x0a, 0x11, 0x53, 0x70, - 0x69, 0x66, 0x66, 0x65, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x41, 0x50, 0x49, 0x12, - 0x36, 0x0a, 0x0d, 0x46, 0x65, 0x74, 0x63, 0x68, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, - 0x12, 0x10, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x11, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x30, 0x01, 0x12, 0x3f, 0x0a, 0x10, 0x46, 0x65, 0x74, 0x63, 0x68, - 0x58, 0x35, 0x30, 0x39, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x12, 0x13, 0x2e, 0x58, 0x35, - 0x30, 0x39, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x14, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x30, 0x01, 0x12, 0x31, 0x0a, 0x0c, 0x46, 0x65, 0x74, 0x63, - 0x68, 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x12, 0x0f, 0x2e, 0x4a, 0x57, 0x54, 0x53, 0x56, - 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x4a, 0x57, 0x54, 0x53, - 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3c, 0x0a, 0x0f, 0x46, - 0x65, 0x74, 0x63, 0x68, 0x4a, 0x57, 0x54, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x12, 0x12, - 0x2e, 0x4a, 0x57, 0x54, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x4a, 0x57, 0x54, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x30, 0x01, 0x12, 0x44, 0x0a, 0x0f, 0x56, 0x61, 0x6c, - 0x69, 0x64, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x12, 0x17, 0x2e, 0x56, - 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, - 0x4a, 0x57, 0x54, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, - 0x3f, 0x5a, 0x3d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, - 0x69, 0x66, 0x66, 0x65, 0x2f, 0x67, 0x6f, 0x2d, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x76, - 0x32, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x77, - 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x3b, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +const file_workload_proto_rawDesc = "" + + "\n" + + "\x0eworkload.proto\x1a\x1cgoogle/protobuf/struct.proto\"\x11\n" + + "\x0fX509SVIDRequest\"\xe0\x01\n" + + "\x10X509SVIDResponse\x12\x1f\n" + + "\x05svids\x18\x01 \x03(\v2\t.X509SVIDR\x05svids\x12\x10\n" + + "\x03crl\x18\x02 \x03(\fR\x03crl\x12T\n" + + "\x11federated_bundles\x18\x03 \x03(\v2'.X509SVIDResponse.FederatedBundlesEntryR\x10federatedBundles\x1aC\n" + + "\x15FederatedBundlesEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\fR\x05value:\x028\x01\"\x94\x01\n" + + "\bX509SVID\x12\x1b\n" + + "\tspiffe_id\x18\x01 \x01(\tR\bspiffeId\x12\x1b\n" + + "\tx509_svid\x18\x02 \x01(\fR\bx509Svid\x12\"\n" + + "\rx509_svid_key\x18\x03 \x01(\fR\vx509SvidKey\x12\x16\n" + + "\x06bundle\x18\x04 \x01(\fR\x06bundle\x12\x12\n" + + "\x04hint\x18\x05 \x01(\tR\x04hint\"\x14\n" + + "\x12X509BundlesRequest\"\xa0\x01\n" + + "\x13X509BundlesResponse\x12\x10\n" + + "\x03crl\x18\x01 \x03(\fR\x03crl\x12;\n" + + "\abundles\x18\x02 \x03(\v2!.X509BundlesResponse.BundlesEntryR\abundles\x1a:\n" + + "\fBundlesEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\fR\x05value:\x028\x01\"I\n" + + "\x0eJWTSVIDRequest\x12\x1a\n" + + "\baudience\x18\x01 \x03(\tR\baudience\x12\x1b\n" + + "\tspiffe_id\x18\x02 \x01(\tR\bspiffeId\"1\n" + + "\x0fJWTSVIDResponse\x12\x1e\n" + + "\x05svids\x18\x01 \x03(\v2\b.JWTSVIDR\x05svids\"N\n" + + "\aJWTSVID\x12\x1b\n" + + "\tspiffe_id\x18\x01 \x01(\tR\bspiffeId\x12\x12\n" + + "\x04svid\x18\x02 \x01(\tR\x04svid\x12\x12\n" + + "\x04hint\x18\x03 \x01(\tR\x04hint\"\x13\n" + + "\x11JWTBundlesRequest\"\x8c\x01\n" + + "\x12JWTBundlesResponse\x12:\n" + + "\abundles\x18\x01 \x03(\v2 .JWTBundlesResponse.BundlesEntryR\abundles\x1a:\n" + + "\fBundlesEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\fR\x05value:\x028\x01\"H\n" + + "\x16ValidateJWTSVIDRequest\x12\x1a\n" + + "\baudience\x18\x01 \x01(\tR\baudience\x12\x12\n" + + "\x04svid\x18\x02 \x01(\tR\x04svid\"g\n" + + "\x17ValidateJWTSVIDResponse\x12\x1b\n" + + "\tspiffe_id\x18\x01 \x01(\tR\bspiffeId\x12/\n" + + "\x06claims\x18\x02 \x01(\v2\x17.google.protobuf.StructR\x06claims2\xc3\x02\n" + + "\x11SpiffeWorkloadAPI\x126\n" + + "\rFetchX509SVID\x12\x10.X509SVIDRequest\x1a\x11.X509SVIDResponse0\x01\x12?\n" + + "\x10FetchX509Bundles\x12\x13.X509BundlesRequest\x1a\x14.X509BundlesResponse0\x01\x121\n" + + "\fFetchJWTSVID\x12\x0f.JWTSVIDRequest\x1a\x10.JWTSVIDResponse\x12<\n" + + "\x0fFetchJWTBundles\x12\x12.JWTBundlesRequest\x1a\x13.JWTBundlesResponse0\x01\x12D\n" + + "\x0fValidateJWTSVID\x12\x17.ValidateJWTSVIDRequest\x1a\x18.ValidateJWTSVIDResponseB?Z=github.com/spiffe/go-spiffe/v2/proto/spiffe/workload;workloadb\x06proto3" var ( file_workload_proto_rawDescOnce sync.Once - file_workload_proto_rawDescData = file_workload_proto_rawDesc + file_workload_proto_rawDescData []byte ) func file_workload_proto_rawDescGZIP() []byte { file_workload_proto_rawDescOnce.Do(func() { - file_workload_proto_rawDescData = protoimpl.X.CompressGZIP(file_workload_proto_rawDescData) + file_workload_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_workload_proto_rawDesc), len(file_workload_proto_rawDesc))) }) return file_workload_proto_rawDescData } var file_workload_proto_msgTypes = make([]protoimpl.MessageInfo, 15) -var file_workload_proto_goTypes = []interface{}{ +var file_workload_proto_goTypes = []any{ (*X509SVIDRequest)(nil), // 0: X509SVIDRequest (*X509SVIDResponse)(nil), // 1: X509SVIDResponse (*X509SVID)(nil), // 2: X509SVID @@ -876,157 +794,11 @@ func file_workload_proto_init() { if File_workload_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_workload_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*X509SVIDRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*X509SVIDResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*X509SVID); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*X509BundlesRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*X509BundlesResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*JWTSVIDRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*JWTSVIDResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*JWTSVID); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*JWTBundlesRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*JWTBundlesResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ValidateJWTSVIDRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_workload_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ValidateJWTSVIDResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_workload_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_workload_proto_rawDesc), len(file_workload_proto_rawDesc)), NumEnums: 0, NumMessages: 15, NumExtensions: 0, @@ -1037,7 +809,6 @@ func file_workload_proto_init() { MessageInfos: file_workload_proto_msgTypes, }.Build() File_workload_proto = out.File - file_workload_proto_rawDesc = nil file_workload_proto_goTypes = nil file_workload_proto_depIdxs = nil } diff --git a/v2/proto/spiffe/workload/workload_grpc.pb.go b/v2/proto/spiffe/workload/workload_grpc.pb.go index 4dcb38736..0203d5f7a 100644 --- a/v2/proto/spiffe/workload/workload_grpc.pb.go +++ b/v2/proto/spiffe/workload/workload_grpc.pb.go @@ -1,4 +1,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: workload.proto package workload @@ -11,7 +15,16 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + SpiffeWorkloadAPI_FetchX509SVID_FullMethodName = "/SpiffeWorkloadAPI/FetchX509SVID" + SpiffeWorkloadAPI_FetchX509Bundles_FullMethodName = "/SpiffeWorkloadAPI/FetchX509Bundles" + SpiffeWorkloadAPI_FetchJWTSVID_FullMethodName = "/SpiffeWorkloadAPI/FetchJWTSVID" + SpiffeWorkloadAPI_FetchJWTBundles_FullMethodName = "/SpiffeWorkloadAPI/FetchJWTBundles" + SpiffeWorkloadAPI_ValidateJWTSVID_FullMethodName = "/SpiffeWorkloadAPI/ValidateJWTSVID" +) // SpiffeWorkloadAPIClient is the client API for SpiffeWorkloadAPI service. // @@ -21,12 +34,12 @@ type SpiffeWorkloadAPIClient interface { // as well as related information like trust bundles and CRLs. As this // information changes, subsequent messages will be streamed from the // server. - FetchX509SVID(ctx context.Context, in *X509SVIDRequest, opts ...grpc.CallOption) (SpiffeWorkloadAPI_FetchX509SVIDClient, error) + FetchX509SVID(ctx context.Context, in *X509SVIDRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[X509SVIDResponse], error) // Fetch trust bundles and CRLs. Useful for clients that only need to // validate SVIDs without obtaining an SVID for themself. As this // information changes, subsequent messages will be streamed from the // server. - FetchX509Bundles(ctx context.Context, in *X509BundlesRequest, opts ...grpc.CallOption) (SpiffeWorkloadAPI_FetchX509BundlesClient, error) + FetchX509Bundles(ctx context.Context, in *X509BundlesRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[X509BundlesResponse], error) // Fetch JWT-SVIDs for all SPIFFE identities the workload is entitled to, // for the requested audience. If an optional SPIFFE ID is requested, only // the JWT-SVID for that SPIFFE ID is returned. @@ -34,7 +47,7 @@ type SpiffeWorkloadAPIClient interface { // Fetches the JWT bundles, formatted as JWKS documents, keyed by the // SPIFFE ID of the trust domain. As this information changes, subsequent // messages will be streamed from the server. - FetchJWTBundles(ctx context.Context, in *JWTBundlesRequest, opts ...grpc.CallOption) (SpiffeWorkloadAPI_FetchJWTBundlesClient, error) + FetchJWTBundles(ctx context.Context, in *JWTBundlesRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[JWTBundlesResponse], error) // Validates a JWT-SVID against the requested audience. Returns the SPIFFE // ID of the JWT-SVID and JWT claims. ValidateJWTSVID(ctx context.Context, in *ValidateJWTSVIDRequest, opts ...grpc.CallOption) (*ValidateJWTSVIDResponse, error) @@ -48,12 +61,13 @@ func NewSpiffeWorkloadAPIClient(cc grpc.ClientConnInterface) SpiffeWorkloadAPICl return &spiffeWorkloadAPIClient{cc} } -func (c *spiffeWorkloadAPIClient) FetchX509SVID(ctx context.Context, in *X509SVIDRequest, opts ...grpc.CallOption) (SpiffeWorkloadAPI_FetchX509SVIDClient, error) { - stream, err := c.cc.NewStream(ctx, &_SpiffeWorkloadAPI_serviceDesc.Streams[0], "/SpiffeWorkloadAPI/FetchX509SVID", opts...) +func (c *spiffeWorkloadAPIClient) FetchX509SVID(ctx context.Context, in *X509SVIDRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[X509SVIDResponse], error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + stream, err := c.cc.NewStream(ctx, &SpiffeWorkloadAPI_ServiceDesc.Streams[0], SpiffeWorkloadAPI_FetchX509SVID_FullMethodName, cOpts...) if err != nil { return nil, err } - x := &spiffeWorkloadAPIFetchX509SVIDClient{stream} + x := &grpc.GenericClientStream[X509SVIDRequest, X509SVIDResponse]{ClientStream: stream} if err := x.ClientStream.SendMsg(in); err != nil { return nil, err } @@ -63,29 +77,16 @@ func (c *spiffeWorkloadAPIClient) FetchX509SVID(ctx context.Context, in *X509SVI return x, nil } -type SpiffeWorkloadAPI_FetchX509SVIDClient interface { - Recv() (*X509SVIDResponse, error) - grpc.ClientStream -} - -type spiffeWorkloadAPIFetchX509SVIDClient struct { - grpc.ClientStream -} - -func (x *spiffeWorkloadAPIFetchX509SVIDClient) Recv() (*X509SVIDResponse, error) { - m := new(X509SVIDResponse) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type SpiffeWorkloadAPI_FetchX509SVIDClient = grpc.ServerStreamingClient[X509SVIDResponse] -func (c *spiffeWorkloadAPIClient) FetchX509Bundles(ctx context.Context, in *X509BundlesRequest, opts ...grpc.CallOption) (SpiffeWorkloadAPI_FetchX509BundlesClient, error) { - stream, err := c.cc.NewStream(ctx, &_SpiffeWorkloadAPI_serviceDesc.Streams[1], "/SpiffeWorkloadAPI/FetchX509Bundles", opts...) +func (c *spiffeWorkloadAPIClient) FetchX509Bundles(ctx context.Context, in *X509BundlesRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[X509BundlesResponse], error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + stream, err := c.cc.NewStream(ctx, &SpiffeWorkloadAPI_ServiceDesc.Streams[1], SpiffeWorkloadAPI_FetchX509Bundles_FullMethodName, cOpts...) if err != nil { return nil, err } - x := &spiffeWorkloadAPIFetchX509BundlesClient{stream} + x := &grpc.GenericClientStream[X509BundlesRequest, X509BundlesResponse]{ClientStream: stream} if err := x.ClientStream.SendMsg(in); err != nil { return nil, err } @@ -95,38 +96,26 @@ func (c *spiffeWorkloadAPIClient) FetchX509Bundles(ctx context.Context, in *X509 return x, nil } -type SpiffeWorkloadAPI_FetchX509BundlesClient interface { - Recv() (*X509BundlesResponse, error) - grpc.ClientStream -} - -type spiffeWorkloadAPIFetchX509BundlesClient struct { - grpc.ClientStream -} - -func (x *spiffeWorkloadAPIFetchX509BundlesClient) Recv() (*X509BundlesResponse, error) { - m := new(X509BundlesResponse) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type SpiffeWorkloadAPI_FetchX509BundlesClient = grpc.ServerStreamingClient[X509BundlesResponse] func (c *spiffeWorkloadAPIClient) FetchJWTSVID(ctx context.Context, in *JWTSVIDRequest, opts ...grpc.CallOption) (*JWTSVIDResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(JWTSVIDResponse) - err := c.cc.Invoke(ctx, "/SpiffeWorkloadAPI/FetchJWTSVID", in, out, opts...) + err := c.cc.Invoke(ctx, SpiffeWorkloadAPI_FetchJWTSVID_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } return out, nil } -func (c *spiffeWorkloadAPIClient) FetchJWTBundles(ctx context.Context, in *JWTBundlesRequest, opts ...grpc.CallOption) (SpiffeWorkloadAPI_FetchJWTBundlesClient, error) { - stream, err := c.cc.NewStream(ctx, &_SpiffeWorkloadAPI_serviceDesc.Streams[2], "/SpiffeWorkloadAPI/FetchJWTBundles", opts...) +func (c *spiffeWorkloadAPIClient) FetchJWTBundles(ctx context.Context, in *JWTBundlesRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[JWTBundlesResponse], error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + stream, err := c.cc.NewStream(ctx, &SpiffeWorkloadAPI_ServiceDesc.Streams[2], SpiffeWorkloadAPI_FetchJWTBundles_FullMethodName, cOpts...) if err != nil { return nil, err } - x := &spiffeWorkloadAPIFetchJWTBundlesClient{stream} + x := &grpc.GenericClientStream[JWTBundlesRequest, JWTBundlesResponse]{ClientStream: stream} if err := x.ClientStream.SendMsg(in); err != nil { return nil, err } @@ -136,26 +125,13 @@ func (c *spiffeWorkloadAPIClient) FetchJWTBundles(ctx context.Context, in *JWTBu return x, nil } -type SpiffeWorkloadAPI_FetchJWTBundlesClient interface { - Recv() (*JWTBundlesResponse, error) - grpc.ClientStream -} - -type spiffeWorkloadAPIFetchJWTBundlesClient struct { - grpc.ClientStream -} - -func (x *spiffeWorkloadAPIFetchJWTBundlesClient) Recv() (*JWTBundlesResponse, error) { - m := new(JWTBundlesResponse) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type SpiffeWorkloadAPI_FetchJWTBundlesClient = grpc.ServerStreamingClient[JWTBundlesResponse] func (c *spiffeWorkloadAPIClient) ValidateJWTSVID(ctx context.Context, in *ValidateJWTSVIDRequest, opts ...grpc.CallOption) (*ValidateJWTSVIDResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(ValidateJWTSVIDResponse) - err := c.cc.Invoke(ctx, "/SpiffeWorkloadAPI/ValidateJWTSVID", in, out, opts...) + err := c.cc.Invoke(ctx, SpiffeWorkloadAPI_ValidateJWTSVID_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -164,18 +140,18 @@ func (c *spiffeWorkloadAPIClient) ValidateJWTSVID(ctx context.Context, in *Valid // SpiffeWorkloadAPIServer is the server API for SpiffeWorkloadAPI service. // All implementations must embed UnimplementedSpiffeWorkloadAPIServer -// for forward compatibility +// for forward compatibility. type SpiffeWorkloadAPIServer interface { // Fetch X.509-SVIDs for all SPIFFE identities the workload is entitled to, // as well as related information like trust bundles and CRLs. As this // information changes, subsequent messages will be streamed from the // server. - FetchX509SVID(*X509SVIDRequest, SpiffeWorkloadAPI_FetchX509SVIDServer) error + FetchX509SVID(*X509SVIDRequest, grpc.ServerStreamingServer[X509SVIDResponse]) error // Fetch trust bundles and CRLs. Useful for clients that only need to // validate SVIDs without obtaining an SVID for themself. As this // information changes, subsequent messages will be streamed from the // server. - FetchX509Bundles(*X509BundlesRequest, SpiffeWorkloadAPI_FetchX509BundlesServer) error + FetchX509Bundles(*X509BundlesRequest, grpc.ServerStreamingServer[X509BundlesResponse]) error // Fetch JWT-SVIDs for all SPIFFE identities the workload is entitled to, // for the requested audience. If an optional SPIFFE ID is requested, only // the JWT-SVID for that SPIFFE ID is returned. @@ -183,33 +159,37 @@ type SpiffeWorkloadAPIServer interface { // Fetches the JWT bundles, formatted as JWKS documents, keyed by the // SPIFFE ID of the trust domain. As this information changes, subsequent // messages will be streamed from the server. - FetchJWTBundles(*JWTBundlesRequest, SpiffeWorkloadAPI_FetchJWTBundlesServer) error + FetchJWTBundles(*JWTBundlesRequest, grpc.ServerStreamingServer[JWTBundlesResponse]) error // Validates a JWT-SVID against the requested audience. Returns the SPIFFE // ID of the JWT-SVID and JWT claims. ValidateJWTSVID(context.Context, *ValidateJWTSVIDRequest) (*ValidateJWTSVIDResponse, error) mustEmbedUnimplementedSpiffeWorkloadAPIServer() } -// UnimplementedSpiffeWorkloadAPIServer must be embedded to have forward compatible implementations. -type UnimplementedSpiffeWorkloadAPIServer struct { -} +// UnimplementedSpiffeWorkloadAPIServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedSpiffeWorkloadAPIServer struct{} -func (UnimplementedSpiffeWorkloadAPIServer) FetchX509SVID(*X509SVIDRequest, SpiffeWorkloadAPI_FetchX509SVIDServer) error { +func (UnimplementedSpiffeWorkloadAPIServer) FetchX509SVID(*X509SVIDRequest, grpc.ServerStreamingServer[X509SVIDResponse]) error { return status.Errorf(codes.Unimplemented, "method FetchX509SVID not implemented") } -func (UnimplementedSpiffeWorkloadAPIServer) FetchX509Bundles(*X509BundlesRequest, SpiffeWorkloadAPI_FetchX509BundlesServer) error { +func (UnimplementedSpiffeWorkloadAPIServer) FetchX509Bundles(*X509BundlesRequest, grpc.ServerStreamingServer[X509BundlesResponse]) error { return status.Errorf(codes.Unimplemented, "method FetchX509Bundles not implemented") } func (UnimplementedSpiffeWorkloadAPIServer) FetchJWTSVID(context.Context, *JWTSVIDRequest) (*JWTSVIDResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method FetchJWTSVID not implemented") } -func (UnimplementedSpiffeWorkloadAPIServer) FetchJWTBundles(*JWTBundlesRequest, SpiffeWorkloadAPI_FetchJWTBundlesServer) error { +func (UnimplementedSpiffeWorkloadAPIServer) FetchJWTBundles(*JWTBundlesRequest, grpc.ServerStreamingServer[JWTBundlesResponse]) error { return status.Errorf(codes.Unimplemented, "method FetchJWTBundles not implemented") } func (UnimplementedSpiffeWorkloadAPIServer) ValidateJWTSVID(context.Context, *ValidateJWTSVIDRequest) (*ValidateJWTSVIDResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method ValidateJWTSVID not implemented") } func (UnimplementedSpiffeWorkloadAPIServer) mustEmbedUnimplementedSpiffeWorkloadAPIServer() {} +func (UnimplementedSpiffeWorkloadAPIServer) testEmbeddedByValue() {} // UnsafeSpiffeWorkloadAPIServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to SpiffeWorkloadAPIServer will @@ -219,7 +199,14 @@ type UnsafeSpiffeWorkloadAPIServer interface { } func RegisterSpiffeWorkloadAPIServer(s grpc.ServiceRegistrar, srv SpiffeWorkloadAPIServer) { - s.RegisterService(&_SpiffeWorkloadAPI_serviceDesc, srv) + // If the following call pancis, it indicates UnimplementedSpiffeWorkloadAPIServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } + s.RegisterService(&SpiffeWorkloadAPI_ServiceDesc, srv) } func _SpiffeWorkloadAPI_FetchX509SVID_Handler(srv interface{}, stream grpc.ServerStream) error { @@ -227,42 +214,22 @@ func _SpiffeWorkloadAPI_FetchX509SVID_Handler(srv interface{}, stream grpc.Serve if err := stream.RecvMsg(m); err != nil { return err } - return srv.(SpiffeWorkloadAPIServer).FetchX509SVID(m, &spiffeWorkloadAPIFetchX509SVIDServer{stream}) + return srv.(SpiffeWorkloadAPIServer).FetchX509SVID(m, &grpc.GenericServerStream[X509SVIDRequest, X509SVIDResponse]{ServerStream: stream}) } -type SpiffeWorkloadAPI_FetchX509SVIDServer interface { - Send(*X509SVIDResponse) error - grpc.ServerStream -} - -type spiffeWorkloadAPIFetchX509SVIDServer struct { - grpc.ServerStream -} - -func (x *spiffeWorkloadAPIFetchX509SVIDServer) Send(m *X509SVIDResponse) error { - return x.ServerStream.SendMsg(m) -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type SpiffeWorkloadAPI_FetchX509SVIDServer = grpc.ServerStreamingServer[X509SVIDResponse] func _SpiffeWorkloadAPI_FetchX509Bundles_Handler(srv interface{}, stream grpc.ServerStream) error { m := new(X509BundlesRequest) if err := stream.RecvMsg(m); err != nil { return err } - return srv.(SpiffeWorkloadAPIServer).FetchX509Bundles(m, &spiffeWorkloadAPIFetchX509BundlesServer{stream}) + return srv.(SpiffeWorkloadAPIServer).FetchX509Bundles(m, &grpc.GenericServerStream[X509BundlesRequest, X509BundlesResponse]{ServerStream: stream}) } -type SpiffeWorkloadAPI_FetchX509BundlesServer interface { - Send(*X509BundlesResponse) error - grpc.ServerStream -} - -type spiffeWorkloadAPIFetchX509BundlesServer struct { - grpc.ServerStream -} - -func (x *spiffeWorkloadAPIFetchX509BundlesServer) Send(m *X509BundlesResponse) error { - return x.ServerStream.SendMsg(m) -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type SpiffeWorkloadAPI_FetchX509BundlesServer = grpc.ServerStreamingServer[X509BundlesResponse] func _SpiffeWorkloadAPI_FetchJWTSVID_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(JWTSVIDRequest) @@ -274,7 +241,7 @@ func _SpiffeWorkloadAPI_FetchJWTSVID_Handler(srv interface{}, ctx context.Contex } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/SpiffeWorkloadAPI/FetchJWTSVID", + FullMethod: SpiffeWorkloadAPI_FetchJWTSVID_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(SpiffeWorkloadAPIServer).FetchJWTSVID(ctx, req.(*JWTSVIDRequest)) @@ -287,21 +254,11 @@ func _SpiffeWorkloadAPI_FetchJWTBundles_Handler(srv interface{}, stream grpc.Ser if err := stream.RecvMsg(m); err != nil { return err } - return srv.(SpiffeWorkloadAPIServer).FetchJWTBundles(m, &spiffeWorkloadAPIFetchJWTBundlesServer{stream}) + return srv.(SpiffeWorkloadAPIServer).FetchJWTBundles(m, &grpc.GenericServerStream[JWTBundlesRequest, JWTBundlesResponse]{ServerStream: stream}) } -type SpiffeWorkloadAPI_FetchJWTBundlesServer interface { - Send(*JWTBundlesResponse) error - grpc.ServerStream -} - -type spiffeWorkloadAPIFetchJWTBundlesServer struct { - grpc.ServerStream -} - -func (x *spiffeWorkloadAPIFetchJWTBundlesServer) Send(m *JWTBundlesResponse) error { - return x.ServerStream.SendMsg(m) -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type SpiffeWorkloadAPI_FetchJWTBundlesServer = grpc.ServerStreamingServer[JWTBundlesResponse] func _SpiffeWorkloadAPI_ValidateJWTSVID_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(ValidateJWTSVIDRequest) @@ -313,7 +270,7 @@ func _SpiffeWorkloadAPI_ValidateJWTSVID_Handler(srv interface{}, ctx context.Con } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/SpiffeWorkloadAPI/ValidateJWTSVID", + FullMethod: SpiffeWorkloadAPI_ValidateJWTSVID_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(SpiffeWorkloadAPIServer).ValidateJWTSVID(ctx, req.(*ValidateJWTSVIDRequest)) @@ -321,7 +278,10 @@ func _SpiffeWorkloadAPI_ValidateJWTSVID_Handler(srv interface{}, ctx context.Con return interceptor(ctx, in, info, handler) } -var _SpiffeWorkloadAPI_serviceDesc = grpc.ServiceDesc{ +// SpiffeWorkloadAPI_ServiceDesc is the grpc.ServiceDesc for SpiffeWorkloadAPI service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var SpiffeWorkloadAPI_ServiceDesc = grpc.ServiceDesc{ ServiceName: "SpiffeWorkloadAPI", HandlerType: (*SpiffeWorkloadAPIServer)(nil), Methods: []grpc.MethodDesc{ diff --git a/v2/spiffetls/dial.go b/v2/spiffetls/dial.go index fd8e41d7d..0b31030d9 100644 --- a/v2/spiffetls/dial.go +++ b/v2/spiffetls/dial.go @@ -103,5 +103,5 @@ func (c *clientConn) Close() error { // been completed. Note that in Go's TLS stack, the TLS 1.3 handshake may not // complete until the first read from the connection. func (c *clientConn) PeerID() (spiffeid.ID, error) { - return PeerIDFromConnectionState(c.Conn.ConnectionState()) + return PeerIDFromConnectionState(c.ConnectionState()) } diff --git a/v2/spiffetls/examples_test.go b/v2/spiffetls/examples_test.go index ba7bf8283..260c54658 100644 --- a/v2/spiffetls/examples_test.go +++ b/v2/spiffetls/examples_test.go @@ -9,7 +9,7 @@ import ( "github.com/spiffe/go-spiffe/v2/spiffetls/tlsconfig" ) -func ExampleListenMTLS() { +func ExampleListen_mTLS() { td := spiffeid.RequireTrustDomainFromString("example.org") listener, err := spiffetls.Listen(context.TODO(), "tcp", ":8443", tlsconfig.AuthorizeMemberOf(td)) @@ -19,7 +19,7 @@ func ExampleListenMTLS() { defer listener.Close() } -func ExampleListenMTLS_customTLSConfigBase() { +func ExampleListen_mTLSCustomTLSConfigBase() { td := spiffeid.RequireTrustDomainFromString("example.org") baseConfig := &tls.Config{ diff --git a/v2/spiffetls/listen.go b/v2/spiffetls/listen.go index 149785ec4..f9bcc5db2 100644 --- a/v2/spiffetls/listen.go +++ b/v2/spiffetls/listen.go @@ -147,5 +147,5 @@ type serverConn struct { // been completed. Note that in Go's TLS stack, the TLS 1.3 handshake may not // complete until the first read from the connection. func (c *serverConn) PeerID() (spiffeid.ID, error) { - return PeerIDFromConnectionState(c.Conn.ConnectionState()) + return PeerIDFromConnectionState(c.ConnectionState()) } From fa9279088d5dad6fdf44a6aaa35e86cd5f1cb01b Mon Sep 17 00:00:00 2001 From: Andrew Harding Date: Mon, 7 Apr 2025 11:55:28 -0600 Subject: [PATCH 05/18] Avoid certificate re-parse on TLS handshake (#336) * Avoid certificate re-parse on TLS handshake Fixes: #299 Signed-off-by: Andrew Harding --- v2/spiffetls/tlsconfig/config.go | 1 + 1 file changed, 1 insertion(+) diff --git a/v2/spiffetls/tlsconfig/config.go b/v2/spiffetls/tlsconfig/config.go index 0ef3969a0..0331fc198 100644 --- a/v2/spiffetls/tlsconfig/config.go +++ b/v2/spiffetls/tlsconfig/config.go @@ -221,6 +221,7 @@ func getTLSCertificate(svid x509svid.Source, trace Trace) (*tls.Certificate, err cert := &tls.Certificate{ Certificate: make([][]byte, 0, len(s.Certificates)), PrivateKey: s.PrivateKey, + Leaf: s.Certificates[0], } for _, svidCert := range s.Certificates { From 364a7942465f11b5fe3e16406006dd3ceca773df Mon Sep 17 00:00:00 2001 From: Nick Stott Date: Wed, 9 Apr 2025 07:07:38 -0400 Subject: [PATCH 06/18] chore: check for invalid 'typ' headers (#307) Signed-off-by: Nick Stott Signed-off-by: Andrew Harding Co-authored-by: Andrew Harding --- v2/svid/jwtsvid/svid.go | 5 +++ v2/svid/jwtsvid/svid_test.go | 74 +++++++++++++++++++++++++++--------- 2 files changed, 60 insertions(+), 19 deletions(-) diff --git a/v2/svid/jwtsvid/svid.go b/v2/svid/jwtsvid/svid.go index ce320ed20..15aabc532 100644 --- a/v2/svid/jwtsvid/svid.go +++ b/v2/svid/jwtsvid/svid.go @@ -105,6 +105,11 @@ func parse(token string, audience []string, getClaims tokenValidator) (*SVID, er return nil, wrapJwtsvidErr(errors.New("unable to parse JWT token")) } + // forbid tokens which have the `typ` header, which is not either "JOSE" or "JWT" + if typ, present := tok.Headers[0].ExtraHeaders[jose.HeaderType]; present && typ != "JOSE" && typ != "JWT" { + return nil, wrapJwtsvidErr(errors.New("token header type not equal to either JWT or JOSE")) + } + // Parse out the unverified claims. We need to look up the key by the trust // domain of the SPIFFE ID. var claims jwt.Claims diff --git a/v2/svid/jwtsvid/svid_test.go b/v2/svid/jwtsvid/svid_test.go index cfdded5b5..0b12dfe00 100644 --- a/v2/svid/jwtsvid/svid_test.go +++ b/v2/svid/jwtsvid/svid_test.go @@ -75,7 +75,7 @@ func TestParseAndValidate(t *testing.T) { IssuedAt: issuedAt, } - return generateToken(tb, claims, key1, "authority1") + return generateToken(tb, claims, key1, "authority1", "") }, svid: &jwtsvid.SVID{ ID: spiffeid.RequireFromPath(trustDomain1, "/host"), @@ -110,7 +110,7 @@ func TestParseAndValidate(t *testing.T) { IssuedAt: issuedAt, } - return generateToken(tb, claims, key1, "authority1") + return generateToken(tb, claims, key1, "authority1", "") }, err: "jwtsvid: token missing subject claim", }, @@ -125,7 +125,7 @@ func TestParseAndValidate(t *testing.T) { IssuedAt: issuedAt, } - return generateToken(tb, claims, key1, "authority1") + return generateToken(tb, claims, key1, "authority1", "") }, err: "jwtsvid: token missing exp claim", }, @@ -142,7 +142,7 @@ func TestParseAndValidate(t *testing.T) { IssuedAt: issuedAt, } - return generateToken(tb, claims, key1, "authority1") + return generateToken(tb, claims, key1, "authority1", "") }, err: "jwtsvid: token has expired", }, @@ -159,7 +159,7 @@ func TestParseAndValidate(t *testing.T) { IssuedAt: issuedAt, } - return generateToken(tb, claims, key1, "authority1") + return generateToken(tb, claims, key1, "authority1", "") }, err: `jwtsvid: expected audience in ["another"] (audience=["audience"])`, }, @@ -176,7 +176,7 @@ func TestParseAndValidate(t *testing.T) { IssuedAt: issuedAt, } - return generateToken(tb, claims, key1, "authority1") + return generateToken(tb, claims, key1, "authority1", "") }, err: `jwtsvid: token has an invalid subject claim: scheme is missing or invalid`, }, @@ -193,7 +193,7 @@ func TestParseAndValidate(t *testing.T) { IssuedAt: issuedAt, } - return generateToken(tb, claims, key1, "") + return generateToken(tb, claims, key1, "", "") }, err: "jwtsvid: token header missing key id", }, @@ -210,7 +210,7 @@ func TestParseAndValidate(t *testing.T) { IssuedAt: issuedAt, } - return generateToken(tb, claims, key1, "noAuthority") + return generateToken(tb, claims, key1, "noAuthority", "") }, err: `jwtsvid: no bundle found for trust domain "another.domain"`, }, @@ -227,7 +227,7 @@ func TestParseAndValidate(t *testing.T) { IssuedAt: issuedAt, } - return generateToken(tb, claims, key1, "noKey") + return generateToken(tb, claims, key1, "noKey", "") }, err: `jwtsvid: no JWT authority "noKey" found for trust domain "trustdomain"`, }, @@ -244,10 +244,26 @@ func TestParseAndValidate(t *testing.T) { IssuedAt: issuedAt, } - return generateToken(tb, claims, key2, "authority1") + return generateToken(tb, claims, key2, "authority1", "") }, err: "jwtsvid: unable to get claims from token: go-jose/go-jose: error in cryptographic primitive", }, + { + name: "invalid typ", + bundle: bundle1, + generateToken: func(tb testing.TB) string { + claims := jwt.Claims{ + Subject: spiffeid.RequireFromPath(trustDomain1, "/host").String(), + Issuer: "issuer", + Expiry: expires, + Audience: []string{"audience"}, + IssuedAt: issuedAt, + } + + return generateToken(tb, claims, key1, "authority1", "invalid") + }, + err: "jwtsvid: token header type not equal to either JWT or JOSE", + }, } for _, testCase := range testCases { @@ -303,7 +319,7 @@ func TestParseInsecure(t *testing.T) { IssuedAt: issuedAt, } - return generateToken(tb, claims, key1, "key1") + return generateToken(tb, claims, key1, "key1", "") }, svid: &jwtsvid.SVID{ ID: spiffeid.RequireFromPath(trustDomain1, "/host"), @@ -335,7 +351,7 @@ func TestParseInsecure(t *testing.T) { IssuedAt: issuedAt, } - return generateToken(tb, claims, key1, "key1") + return generateToken(tb, claims, key1, "key1", "") }, err: "jwtsvid: token missing subject claim", }, @@ -349,7 +365,7 @@ func TestParseInsecure(t *testing.T) { IssuedAt: issuedAt, } - return generateToken(tb, claims, key1, "key1") + return generateToken(tb, claims, key1, "key1", "") }, err: "jwtsvid: token missing exp claim", }, @@ -365,7 +381,7 @@ func TestParseInsecure(t *testing.T) { IssuedAt: issuedAt, } - return generateToken(tb, claims, key1, "key1") + return generateToken(tb, claims, key1, "key1", "") }, err: "jwtsvid: token has expired", }, @@ -381,7 +397,7 @@ func TestParseInsecure(t *testing.T) { IssuedAt: issuedAt, } - return generateToken(tb, claims, key1, "key1") + return generateToken(tb, claims, key1, "key1", "") }, err: `jwtsvid: expected audience in ["another"] (audience=["audience"])`, }, @@ -397,10 +413,25 @@ func TestParseInsecure(t *testing.T) { IssuedAt: issuedAt, } - return generateToken(tb, claims, key1, "key1") + return generateToken(tb, claims, key1, "key1", "") }, err: `jwtsvid: token has an invalid subject claim: scheme is missing or invalid`, }, + { + name: "success", + generateToken: func(tb testing.TB) string { + claims := jwt.Claims{ + Subject: spiffeid.RequireFromPath(trustDomain1, "/host").String(), + Issuer: "issuer", + Expiry: expires, + Audience: []string{"audience"}, + IssuedAt: issuedAt, + } + + return generateToken(tb, claims, key1, "key1", "invalid") + }, + err: `jwtsvid: token header type not equal to either JWT or JOSE`, + }, } for _, testCase := range testCases { @@ -441,7 +472,7 @@ func TestMarshal(t *testing.T) { Audience: []string{"audience"}, IssuedAt: jwt.NewNumericDate(time.Now().Add(time.Minute)), } - token := generateToken(t, claims, key1, "key1") + token := generateToken(t, claims, key1, "key1", "") // Create SVID svid, err := jwtsvid.ParseInsecure(token, []string{"audience"}) @@ -468,11 +499,16 @@ func parseToken(t testing.TB, token string) map[string]interface{} { } // Generate generates a signed string token -func generateToken(tb testing.TB, claims jwt.Claims, signer crypto.Signer, keyID string) string { +func generateToken(tb testing.TB, claims jwt.Claims, signer crypto.Signer, keyID string, typ string) string { // Get signer algorithm alg, err := getSignerAlgorithm(signer) require.NoError(tb, err) + options := new(jose.SignerOptions).WithType("JWT") + if typ != "" { + options = options.WithHeader(jose.HeaderType, typ) + } + // Create signer using crypto.Signer and its algorithm along with provided key ID jwtSigner, err := jose.NewSigner( jose.SigningKey{ @@ -482,7 +518,7 @@ func generateToken(tb testing.TB, claims jwt.Claims, signer crypto.Signer, keyID KeyID: keyID, }, }, - new(jose.SignerOptions).WithType("JWT"), + options, ) require.NoError(tb, err) From ea1a845a92a59152208062c595f7364d6ddb416d Mon Sep 17 00:00:00 2001 From: Andrew Harding Date: Wed, 9 Apr 2025 06:03:49 -0600 Subject: [PATCH 07/18] Move code out of v2 directory (#337) When this library first went to v2, the old v1 code was kept around so we opted to put all of the v2 code into a v2 directory. The v1 code was eventually removed because it was (1) no longer developed, (2) still available at the old tag, and (3) because its presence was confusing library consumers. Now that the v1 code is long gone, there is no reason to have all v2 related materials in a v2 directory. Signed-off-by: Andrew Harding --- .github/dependabot.yml | 2 +- .github/workflows/pr_build.yaml | 16 ++++++++-------- v2/.golangci.yml => .golangci.yml | 0 Makefile | 12 ++++++------ {v2/bundle => bundle}/jwtbundle/bundle.go | 0 {v2/bundle => bundle}/jwtbundle/bundle_test.go | 0 {v2/bundle => bundle}/jwtbundle/doc.go | 0 {v2/bundle => bundle}/jwtbundle/set.go | 0 {v2/bundle => bundle}/jwtbundle/set_test.go | 0 {v2/bundle => bundle}/jwtbundle/source.go | 0 .../jwtbundle/testdata/jwks_missing_kid.json | 0 .../jwtbundle/testdata/jwks_valid_1.json | 0 .../jwtbundle/testdata/jwks_valid_2.json | 0 {v2/bundle => bundle}/spiffebundle/bundle.go | 0 .../spiffebundle/bundle_test.go | 0 {v2/bundle => bundle}/spiffebundle/doc.go | 0 {v2/bundle => bundle}/spiffebundle/set.go | 0 {v2/bundle => bundle}/spiffebundle/set_test.go | 0 {v2/bundle => bundle}/spiffebundle/source.go | 0 .../testdata/spiffebundle_missing_kid.json | 0 .../testdata/spiffebundle_multiple_x509.json | 0 .../testdata/spiffebundle_no_keys.json | 0 .../testdata/spiffebundle_valid_1.json | 0 .../testdata/spiffebundle_valid_2.json | 0 {v2/bundle => bundle}/x509bundle/bundle.go | 0 {v2/bundle => bundle}/x509bundle/bundle_test.go | 0 {v2/bundle => bundle}/x509bundle/doc.go | 0 {v2/bundle => bundle}/x509bundle/set.go | 0 {v2/bundle => bundle}/x509bundle/set_test.go | 0 {v2/bundle => bundle}/x509bundle/source.go | 0 .../x509bundle/testdata/cert.pem | 0 .../x509bundle/testdata/certs.pem | 0 .../x509bundle/testdata/corrupted.pem | 0 .../x509bundle/testdata/empty.pem | 0 .../x509bundle/testdata/key.pem | 0 .../x509bundle/testdata/not-pem.pem | 0 {v2/examples => examples}/README.md | 0 {v2/examples => examples}/spiffe-grpc/README.md | 0 .../spiffe-grpc/client/main.go | 0 .../spiffe-grpc/server/main.go | 0 {v2/examples => examples}/spiffe-http/README.md | 0 .../spiffe-http/client/main.go | 0 .../spiffe-http/server/main.go | 0 .../spiffe-jwt-using-proxy/README.md | 0 .../spiffe-jwt-using-proxy/client/main.go | 0 .../spiffe-jwt-using-proxy/proxy/main.go | 0 .../spiffe-jwt-using-proxy/server/main.go | 0 {v2/examples => examples}/spiffe-jwt/README.md | 0 .../spiffe-jwt/client/main.go | 0 .../spiffe-jwt/server/main.go | 0 {v2/examples => examples}/spiffe-tls/README.md | 0 .../spiffe-tls/client/main.go | 0 .../spiffe-tls/server/main.go | 0 .../spiffe-watcher/README.md | 0 {v2/examples => examples}/spiffe-watcher/main.go | 0 {v2/federation => federation}/examples_test.go | 0 {v2/federation => federation}/fetch.go | 0 {v2/federation => federation}/fetch_test.go | 0 {v2/federation => federation}/handler.go | 0 {v2/federation => federation}/handler_test.go | 0 {v2/federation => federation}/watch.go | 0 {v2/federation => federation}/watch_test.go | 0 v2/go.mod => go.mod | 0 v2/go.sum => go.sum | 0 {v2/internal => internal}/cryptoutil/keys.go | 0 {v2/internal => internal}/jwtutil/util.go | 0 {v2/internal => internal}/pemutil/pem.go | 0 {v2/internal => internal}/pemutil/pem_test.go | 0 {v2/internal => internal}/test/ca.go | 0 .../test/errstrings/err_posix.go | 0 .../test/errstrings/err_windows.go | 0 .../test/fakebundleendpoint/server.go | 0 .../test/fakeworkloadapi/workload_api.go | 0 .../test/fakeworkloadapi/workload_api_posix.go | 0 .../test/fakeworkloadapi/workload_api_windows.go | 0 {v2/internal => internal}/test/keys.go | 0 {v2/internal => internal}/x509util/util.go | 0 {v2/logger => logger}/logger.go | 0 {v2/logger => logger}/null.go | 0 {v2/logger => logger}/std.go | 0 {v2/logger => logger}/std_test.go | 0 {v2/logger => logger}/writer.go | 0 {v2/logger => logger}/writer_test.go | 0 .../spiffe/workload/workload.pb.go | 0 .../spiffe/workload/workload.proto | 0 .../spiffe/workload/workload_grpc.pb.go | 0 .../grpccredentials/credentials.go | 0 .../grpccredentials/credentials_test.go | 0 .../charset_backcompat_allow.go | 0 .../charset_backcompat_deny.go | 0 {v2/spiffeid => spiffeid}/errors.go | 0 {v2/spiffeid => spiffeid}/id.go | 0 {v2/spiffeid => spiffeid}/id_test.go | 0 {v2/spiffeid => spiffeid}/match.go | 0 {v2/spiffeid => spiffeid}/match_test.go | 0 {v2/spiffeid => spiffeid}/path.go | 0 {v2/spiffeid => spiffeid}/path_test.go | 0 {v2/spiffeid => spiffeid}/require.go | 0 {v2/spiffeid => spiffeid}/require_test.go | 0 {v2/spiffeid => spiffeid}/trustdomain.go | 0 {v2/spiffeid => spiffeid}/trustdomain_test.go | 0 {v2/spiffetls => spiffetls}/dial.go | 0 {v2/spiffetls => spiffetls}/examples_test.go | 0 {v2/spiffetls => spiffetls}/listen.go | 0 {v2/spiffetls => spiffetls}/mode.go | 0 {v2/spiffetls => spiffetls}/option.go | 0 {v2/spiffetls => spiffetls}/peerid.go | 0 .../spiffetls_posix_test.go | 0 {v2/spiffetls => spiffetls}/spiffetls_test.go | 0 .../spiffetls_windows_test.go | 0 .../tlsconfig/authorizer.go | 0 {v2/spiffetls => spiffetls}/tlsconfig/config.go | 0 .../tlsconfig/config_test.go | 0 .../tlsconfig/examples_test.go | 0 {v2/spiffetls => spiffetls}/tlsconfig/trace.go | 0 {v2/svid => svid}/jwtsvid/examples_test.go | 0 {v2/svid => svid}/jwtsvid/source.go | 0 {v2/svid => svid}/jwtsvid/svid.go | 0 {v2/svid => svid}/jwtsvid/svid_test.go | 0 {v2/svid => svid}/x509svid/source.go | 0 {v2/svid => svid}/x509svid/svid.go | 0 {v2/svid => svid}/x509svid/svid_test.go | 0 .../x509svid/testdata/corrupt-cert.pem | 0 .../x509svid/testdata/corrupt-key.pem | 0 .../x509svid/testdata/good-cert-and-key.pem | 0 .../x509svid/testdata/good-key-and-cert.pem | 0 .../testdata/good-leaf-and-intermediate.pem | 0 .../x509svid/testdata/good-leaf-only.pem | 0 .../x509svid/testdata/key-pkcs8-ecdsa.pem | 0 .../x509svid/testdata/key-pkcs8-rsa.pem | 0 {v2/svid => svid}/x509svid/testdata/not-pem | 0 .../testdata/wrong-intermediate-no-ca.pem | 0 .../wrong-intermediate-no-key-cert-sign.pem | 0 .../x509svid/testdata/wrong-leaf-ca-true.pem | 0 .../x509svid/testdata/wrong-leaf-cert-sign.pem | 0 .../x509svid/testdata/wrong-leaf-crl-sign.pem | 0 .../x509svid/testdata/wrong-leaf-empty-id.pem | 0 .../testdata/wrong-leaf-no-digital-signature.pem | 0 {v2/svid => svid}/x509svid/verify.go | 0 {v2/svid => svid}/x509svid/verify_test.go | 0 {v2/workloadapi => workloadapi}/addr.go | 0 {v2/workloadapi => workloadapi}/addr_posix.go | 0 .../addr_posix_test.go | 0 {v2/workloadapi => workloadapi}/addr_test.go | 0 {v2/workloadapi => workloadapi}/addr_windows.go | 0 .../addr_windows_test.go | 0 {v2/workloadapi => workloadapi}/backoff.go | 0 {v2/workloadapi => workloadapi}/backoff_test.go | 0 {v2/workloadapi => workloadapi}/bundlesource.go | 0 .../bundlesource_test.go | 0 {v2/workloadapi => workloadapi}/client.go | 0 {v2/workloadapi => workloadapi}/client_posix.go | 0 {v2/workloadapi => workloadapi}/client_test.go | 0 .../client_windows.go | 0 .../client_windows_test.go | 0 {v2/workloadapi => workloadapi}/common_test.go | 0 {v2/workloadapi => workloadapi}/convenience.go | 0 {v2/workloadapi => workloadapi}/examples_test.go | 0 {v2/workloadapi => workloadapi}/jwtsource.go | 0 .../jwtsource_test.go | 0 {v2/workloadapi => workloadapi}/option.go | 0 .../option_windows.go | 0 {v2/workloadapi => workloadapi}/watcher.go | 0 {v2/workloadapi => workloadapi}/x509context.go | 0 {v2/workloadapi => workloadapi}/x509source.go | 0 .../x509source_test.go | 0 166 files changed, 15 insertions(+), 15 deletions(-) rename v2/.golangci.yml => .golangci.yml (100%) rename {v2/bundle => bundle}/jwtbundle/bundle.go (100%) rename {v2/bundle => bundle}/jwtbundle/bundle_test.go (100%) rename {v2/bundle => bundle}/jwtbundle/doc.go (100%) rename {v2/bundle => bundle}/jwtbundle/set.go (100%) rename {v2/bundle => bundle}/jwtbundle/set_test.go (100%) rename {v2/bundle => bundle}/jwtbundle/source.go (100%) rename {v2/bundle => bundle}/jwtbundle/testdata/jwks_missing_kid.json (100%) rename {v2/bundle => bundle}/jwtbundle/testdata/jwks_valid_1.json (100%) rename {v2/bundle => bundle}/jwtbundle/testdata/jwks_valid_2.json (100%) rename {v2/bundle => bundle}/spiffebundle/bundle.go (100%) rename {v2/bundle => bundle}/spiffebundle/bundle_test.go (100%) rename {v2/bundle => bundle}/spiffebundle/doc.go (100%) rename {v2/bundle => bundle}/spiffebundle/set.go (100%) rename {v2/bundle => bundle}/spiffebundle/set_test.go (100%) rename {v2/bundle => bundle}/spiffebundle/source.go (100%) rename {v2/bundle => bundle}/spiffebundle/testdata/spiffebundle_missing_kid.json (100%) rename {v2/bundle => bundle}/spiffebundle/testdata/spiffebundle_multiple_x509.json (100%) rename {v2/bundle => bundle}/spiffebundle/testdata/spiffebundle_no_keys.json (100%) rename {v2/bundle => bundle}/spiffebundle/testdata/spiffebundle_valid_1.json (100%) rename {v2/bundle => bundle}/spiffebundle/testdata/spiffebundle_valid_2.json (100%) rename {v2/bundle => bundle}/x509bundle/bundle.go (100%) rename {v2/bundle => bundle}/x509bundle/bundle_test.go (100%) rename {v2/bundle => bundle}/x509bundle/doc.go (100%) rename {v2/bundle => bundle}/x509bundle/set.go (100%) rename {v2/bundle => bundle}/x509bundle/set_test.go (100%) rename {v2/bundle => bundle}/x509bundle/source.go (100%) rename {v2/bundle => bundle}/x509bundle/testdata/cert.pem (100%) rename {v2/bundle => bundle}/x509bundle/testdata/certs.pem (100%) rename {v2/bundle => bundle}/x509bundle/testdata/corrupted.pem (100%) rename {v2/bundle => bundle}/x509bundle/testdata/empty.pem (100%) rename {v2/bundle => bundle}/x509bundle/testdata/key.pem (100%) rename {v2/bundle => bundle}/x509bundle/testdata/not-pem.pem (100%) rename {v2/examples => examples}/README.md (100%) rename {v2/examples => examples}/spiffe-grpc/README.md (100%) rename {v2/examples => examples}/spiffe-grpc/client/main.go (100%) rename {v2/examples => examples}/spiffe-grpc/server/main.go (100%) rename {v2/examples => examples}/spiffe-http/README.md (100%) rename {v2/examples => examples}/spiffe-http/client/main.go (100%) rename {v2/examples => examples}/spiffe-http/server/main.go (100%) rename {v2/examples => examples}/spiffe-jwt-using-proxy/README.md (100%) rename {v2/examples => examples}/spiffe-jwt-using-proxy/client/main.go (100%) rename {v2/examples => examples}/spiffe-jwt-using-proxy/proxy/main.go (100%) rename {v2/examples => examples}/spiffe-jwt-using-proxy/server/main.go (100%) rename {v2/examples => examples}/spiffe-jwt/README.md (100%) rename {v2/examples => examples}/spiffe-jwt/client/main.go (100%) rename {v2/examples => examples}/spiffe-jwt/server/main.go (100%) rename {v2/examples => examples}/spiffe-tls/README.md (100%) rename {v2/examples => examples}/spiffe-tls/client/main.go (100%) rename {v2/examples => examples}/spiffe-tls/server/main.go (100%) rename {v2/examples => examples}/spiffe-watcher/README.md (100%) rename {v2/examples => examples}/spiffe-watcher/main.go (100%) rename {v2/federation => federation}/examples_test.go (100%) rename {v2/federation => federation}/fetch.go (100%) rename {v2/federation => federation}/fetch_test.go (100%) rename {v2/federation => federation}/handler.go (100%) rename {v2/federation => federation}/handler_test.go (100%) rename {v2/federation => federation}/watch.go (100%) rename {v2/federation => federation}/watch_test.go (100%) rename v2/go.mod => go.mod (100%) rename v2/go.sum => go.sum (100%) rename {v2/internal => internal}/cryptoutil/keys.go (100%) rename {v2/internal => internal}/jwtutil/util.go (100%) rename {v2/internal => internal}/pemutil/pem.go (100%) rename {v2/internal => internal}/pemutil/pem_test.go (100%) rename {v2/internal => internal}/test/ca.go (100%) rename {v2/internal => internal}/test/errstrings/err_posix.go (100%) rename {v2/internal => internal}/test/errstrings/err_windows.go (100%) rename {v2/internal => internal}/test/fakebundleendpoint/server.go (100%) rename {v2/internal => internal}/test/fakeworkloadapi/workload_api.go (100%) rename {v2/internal => internal}/test/fakeworkloadapi/workload_api_posix.go (100%) rename {v2/internal => internal}/test/fakeworkloadapi/workload_api_windows.go (100%) rename {v2/internal => internal}/test/keys.go (100%) rename {v2/internal => internal}/x509util/util.go (100%) rename {v2/logger => logger}/logger.go (100%) rename {v2/logger => logger}/null.go (100%) rename {v2/logger => logger}/std.go (100%) rename {v2/logger => logger}/std_test.go (100%) rename {v2/logger => logger}/writer.go (100%) rename {v2/logger => logger}/writer_test.go (100%) rename {v2/proto => proto}/spiffe/workload/workload.pb.go (100%) rename {v2/proto => proto}/spiffe/workload/workload.proto (100%) rename {v2/proto => proto}/spiffe/workload/workload_grpc.pb.go (100%) rename {v2/spiffegrpc => spiffegrpc}/grpccredentials/credentials.go (100%) rename {v2/spiffegrpc => spiffegrpc}/grpccredentials/credentials_test.go (100%) rename {v2/spiffeid => spiffeid}/charset_backcompat_allow.go (100%) rename {v2/spiffeid => spiffeid}/charset_backcompat_deny.go (100%) rename {v2/spiffeid => spiffeid}/errors.go (100%) rename {v2/spiffeid => spiffeid}/id.go (100%) rename {v2/spiffeid => spiffeid}/id_test.go (100%) rename {v2/spiffeid => spiffeid}/match.go (100%) rename {v2/spiffeid => spiffeid}/match_test.go (100%) rename {v2/spiffeid => spiffeid}/path.go (100%) rename {v2/spiffeid => spiffeid}/path_test.go (100%) rename {v2/spiffeid => spiffeid}/require.go (100%) rename {v2/spiffeid => spiffeid}/require_test.go (100%) rename {v2/spiffeid => spiffeid}/trustdomain.go (100%) rename {v2/spiffeid => spiffeid}/trustdomain_test.go (100%) rename {v2/spiffetls => spiffetls}/dial.go (100%) rename {v2/spiffetls => spiffetls}/examples_test.go (100%) rename {v2/spiffetls => spiffetls}/listen.go (100%) rename {v2/spiffetls => spiffetls}/mode.go (100%) rename {v2/spiffetls => spiffetls}/option.go (100%) rename {v2/spiffetls => spiffetls}/peerid.go (100%) rename {v2/spiffetls => spiffetls}/spiffetls_posix_test.go (100%) rename {v2/spiffetls => spiffetls}/spiffetls_test.go (100%) rename {v2/spiffetls => spiffetls}/spiffetls_windows_test.go (100%) rename {v2/spiffetls => spiffetls}/tlsconfig/authorizer.go (100%) rename {v2/spiffetls => spiffetls}/tlsconfig/config.go (100%) rename {v2/spiffetls => spiffetls}/tlsconfig/config_test.go (100%) rename {v2/spiffetls => spiffetls}/tlsconfig/examples_test.go (100%) rename {v2/spiffetls => spiffetls}/tlsconfig/trace.go (100%) rename {v2/svid => svid}/jwtsvid/examples_test.go (100%) rename {v2/svid => svid}/jwtsvid/source.go (100%) rename {v2/svid => svid}/jwtsvid/svid.go (100%) rename {v2/svid => svid}/jwtsvid/svid_test.go (100%) rename {v2/svid => svid}/x509svid/source.go (100%) rename {v2/svid => svid}/x509svid/svid.go (100%) rename {v2/svid => svid}/x509svid/svid_test.go (100%) rename {v2/svid => svid}/x509svid/testdata/corrupt-cert.pem (100%) rename {v2/svid => svid}/x509svid/testdata/corrupt-key.pem (100%) rename {v2/svid => svid}/x509svid/testdata/good-cert-and-key.pem (100%) rename {v2/svid => svid}/x509svid/testdata/good-key-and-cert.pem (100%) rename {v2/svid => svid}/x509svid/testdata/good-leaf-and-intermediate.pem (100%) rename {v2/svid => svid}/x509svid/testdata/good-leaf-only.pem (100%) rename {v2/svid => svid}/x509svid/testdata/key-pkcs8-ecdsa.pem (100%) rename {v2/svid => svid}/x509svid/testdata/key-pkcs8-rsa.pem (100%) rename {v2/svid => svid}/x509svid/testdata/not-pem (100%) rename {v2/svid => svid}/x509svid/testdata/wrong-intermediate-no-ca.pem (100%) rename {v2/svid => svid}/x509svid/testdata/wrong-intermediate-no-key-cert-sign.pem (100%) rename {v2/svid => svid}/x509svid/testdata/wrong-leaf-ca-true.pem (100%) rename {v2/svid => svid}/x509svid/testdata/wrong-leaf-cert-sign.pem (100%) rename {v2/svid => svid}/x509svid/testdata/wrong-leaf-crl-sign.pem (100%) rename {v2/svid => svid}/x509svid/testdata/wrong-leaf-empty-id.pem (100%) rename {v2/svid => svid}/x509svid/testdata/wrong-leaf-no-digital-signature.pem (100%) rename {v2/svid => svid}/x509svid/verify.go (100%) rename {v2/svid => svid}/x509svid/verify_test.go (100%) rename {v2/workloadapi => workloadapi}/addr.go (100%) rename {v2/workloadapi => workloadapi}/addr_posix.go (100%) rename {v2/workloadapi => workloadapi}/addr_posix_test.go (100%) rename {v2/workloadapi => workloadapi}/addr_test.go (100%) rename {v2/workloadapi => workloadapi}/addr_windows.go (100%) rename {v2/workloadapi => workloadapi}/addr_windows_test.go (100%) rename {v2/workloadapi => workloadapi}/backoff.go (100%) rename {v2/workloadapi => workloadapi}/backoff_test.go (100%) rename {v2/workloadapi => workloadapi}/bundlesource.go (100%) rename {v2/workloadapi => workloadapi}/bundlesource_test.go (100%) rename {v2/workloadapi => workloadapi}/client.go (100%) rename {v2/workloadapi => workloadapi}/client_posix.go (100%) rename {v2/workloadapi => workloadapi}/client_test.go (100%) rename {v2/workloadapi => workloadapi}/client_windows.go (100%) rename {v2/workloadapi => workloadapi}/client_windows_test.go (100%) rename {v2/workloadapi => workloadapi}/common_test.go (100%) rename {v2/workloadapi => workloadapi}/convenience.go (100%) rename {v2/workloadapi => workloadapi}/examples_test.go (100%) rename {v2/workloadapi => workloadapi}/jwtsource.go (100%) rename {v2/workloadapi => workloadapi}/jwtsource_test.go (100%) rename {v2/workloadapi => workloadapi}/option.go (100%) rename {v2/workloadapi => workloadapi}/option_windows.go (100%) rename {v2/workloadapi => workloadapi}/watcher.go (100%) rename {v2/workloadapi => workloadapi}/x509context.go (100%) rename {v2/workloadapi => workloadapi}/x509source.go (100%) rename {v2/workloadapi => workloadapi}/x509source_test.go (100%) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c006f3031..632e8eb25 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,6 +5,6 @@ updates: schedule: interval: weekly - package-ecosystem: gomod - directory: /v2 + directory: / schedule: interval: weekly diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 0ee7a2c09..fc36985d4 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -12,8 +12,8 @@ jobs: uses: actions/setup-go@v5 with: cache: true - cache-dependency-path: v2/go.sum - go-version-file: v2/go.mod + cache-dependency-path: go.sum + go-version-file: go.mod - name: Lint run: make lint @@ -26,8 +26,8 @@ jobs: uses: actions/setup-go@v5 with: cache: true - cache-dependency-path: v2/go.sum - go-version-file: v2/go.mod + cache-dependency-path: go.sum + go-version-file: go.mod - name: Test run: make test @@ -43,8 +43,8 @@ jobs: uses: actions/setup-go@v5 with: cache: true - cache-dependency-path: v2/go.sum - go-version-file: v2/go.mod + cache-dependency-path: go.sum + go-version-file: go.mod - name: Install msys2 uses: msys2/setup-msys2@v2 with: @@ -70,8 +70,8 @@ jobs: uses: actions/setup-go@v5 with: cache: true - cache-dependency-path: v2/go.sum - go-version-file: v2/go.mod + cache-dependency-path: go.sum + go-version-file: go.mod - name: Install msys2 uses: msys2/setup-msys2@v2 with: diff --git a/v2/.golangci.yml b/.golangci.yml similarity index 100% rename from v2/.golangci.yml rename to .golangci.yml diff --git a/Makefile b/Makefile index d9c747e40..d1002bd78 100644 --- a/Makefile +++ b/Makefile @@ -64,7 +64,7 @@ endif protoc_dir = $(build_dir)/protoc/$(protoc_version) protoc_bin = $(protoc_dir)/bin/protoc -protoc_gen_go_version := $(shell grep google.golang.org/protobuf v2/go.mod | awk '{print $$2}') +protoc_gen_go_version := $(shell grep google.golang.org/protobuf go.mod | awk '{print $$2}') protoc_gen_go_base_dir := $(build_dir)/protoc-gen-go protoc_gen_go_dir := $(protoc_gen_go_base_dir)/$(protoc_gen_go_version)-go$(go_version) protoc_gen_go_bin := $(protoc_gen_go_dir)/protoc-gen-go @@ -79,13 +79,13 @@ golangci_lint_dir = $(build_dir)/golangci_lint/$(golangci_lint_version) golangci_lint_bin = $(golangci_lint_dir)/golangci-lint apiprotos := \ - v2/proto/spiffe/workload/workload.proto \ + proto/spiffe/workload/workload.proto \ ############################################################################# # Toolchain ############################################################################# -go_version_full := 1.21.8 +go_version_full := 1.23.8 go_version := $(go_version_full:.0=) go_dir := $(build_dir)/go/$(go_version) @@ -123,7 +123,7 @@ endif .PHONY: lint lint: $(golangci_lint_bin) | go-check - @cd ./v2; PATH="$(go_bin_dir):$(PATH)" $(golangci_lint_bin) run ./... + @PATH="$(go_bin_dir):$(PATH)" $(golangci_lint_bin) run ./... $(golangci_lint_bin): @echo "Installing golangci-lint $(golangci_lint_version)..." @@ -137,7 +137,7 @@ $(golangci_lint_bin): .PHONY: test tidy: | go-check - @cd ./v2; $(go_path) go mod tidy + @$(go_path) go mod tidy ############################################################################# # Testing @@ -145,7 +145,7 @@ tidy: | go-check .PHONY: test test: | go-check - @cd ./v2; $(go_path) go test -race ./... + @$(go_path) go test -race ./... ############################################################################# # Code Generation diff --git a/v2/bundle/jwtbundle/bundle.go b/bundle/jwtbundle/bundle.go similarity index 100% rename from v2/bundle/jwtbundle/bundle.go rename to bundle/jwtbundle/bundle.go diff --git a/v2/bundle/jwtbundle/bundle_test.go b/bundle/jwtbundle/bundle_test.go similarity index 100% rename from v2/bundle/jwtbundle/bundle_test.go rename to bundle/jwtbundle/bundle_test.go diff --git a/v2/bundle/jwtbundle/doc.go b/bundle/jwtbundle/doc.go similarity index 100% rename from v2/bundle/jwtbundle/doc.go rename to bundle/jwtbundle/doc.go diff --git a/v2/bundle/jwtbundle/set.go b/bundle/jwtbundle/set.go similarity index 100% rename from v2/bundle/jwtbundle/set.go rename to bundle/jwtbundle/set.go diff --git a/v2/bundle/jwtbundle/set_test.go b/bundle/jwtbundle/set_test.go similarity index 100% rename from v2/bundle/jwtbundle/set_test.go rename to bundle/jwtbundle/set_test.go diff --git a/v2/bundle/jwtbundle/source.go b/bundle/jwtbundle/source.go similarity index 100% rename from v2/bundle/jwtbundle/source.go rename to bundle/jwtbundle/source.go diff --git a/v2/bundle/jwtbundle/testdata/jwks_missing_kid.json b/bundle/jwtbundle/testdata/jwks_missing_kid.json similarity index 100% rename from v2/bundle/jwtbundle/testdata/jwks_missing_kid.json rename to bundle/jwtbundle/testdata/jwks_missing_kid.json diff --git a/v2/bundle/jwtbundle/testdata/jwks_valid_1.json b/bundle/jwtbundle/testdata/jwks_valid_1.json similarity index 100% rename from v2/bundle/jwtbundle/testdata/jwks_valid_1.json rename to bundle/jwtbundle/testdata/jwks_valid_1.json diff --git a/v2/bundle/jwtbundle/testdata/jwks_valid_2.json b/bundle/jwtbundle/testdata/jwks_valid_2.json similarity index 100% rename from v2/bundle/jwtbundle/testdata/jwks_valid_2.json rename to bundle/jwtbundle/testdata/jwks_valid_2.json diff --git a/v2/bundle/spiffebundle/bundle.go b/bundle/spiffebundle/bundle.go similarity index 100% rename from v2/bundle/spiffebundle/bundle.go rename to bundle/spiffebundle/bundle.go diff --git a/v2/bundle/spiffebundle/bundle_test.go b/bundle/spiffebundle/bundle_test.go similarity index 100% rename from v2/bundle/spiffebundle/bundle_test.go rename to bundle/spiffebundle/bundle_test.go diff --git a/v2/bundle/spiffebundle/doc.go b/bundle/spiffebundle/doc.go similarity index 100% rename from v2/bundle/spiffebundle/doc.go rename to bundle/spiffebundle/doc.go diff --git a/v2/bundle/spiffebundle/set.go b/bundle/spiffebundle/set.go similarity index 100% rename from v2/bundle/spiffebundle/set.go rename to bundle/spiffebundle/set.go diff --git a/v2/bundle/spiffebundle/set_test.go b/bundle/spiffebundle/set_test.go similarity index 100% rename from v2/bundle/spiffebundle/set_test.go rename to bundle/spiffebundle/set_test.go diff --git a/v2/bundle/spiffebundle/source.go b/bundle/spiffebundle/source.go similarity index 100% rename from v2/bundle/spiffebundle/source.go rename to bundle/spiffebundle/source.go diff --git a/v2/bundle/spiffebundle/testdata/spiffebundle_missing_kid.json b/bundle/spiffebundle/testdata/spiffebundle_missing_kid.json similarity index 100% rename from v2/bundle/spiffebundle/testdata/spiffebundle_missing_kid.json rename to bundle/spiffebundle/testdata/spiffebundle_missing_kid.json diff --git a/v2/bundle/spiffebundle/testdata/spiffebundle_multiple_x509.json b/bundle/spiffebundle/testdata/spiffebundle_multiple_x509.json similarity index 100% rename from v2/bundle/spiffebundle/testdata/spiffebundle_multiple_x509.json rename to bundle/spiffebundle/testdata/spiffebundle_multiple_x509.json diff --git a/v2/bundle/spiffebundle/testdata/spiffebundle_no_keys.json b/bundle/spiffebundle/testdata/spiffebundle_no_keys.json similarity index 100% rename from v2/bundle/spiffebundle/testdata/spiffebundle_no_keys.json rename to bundle/spiffebundle/testdata/spiffebundle_no_keys.json diff --git a/v2/bundle/spiffebundle/testdata/spiffebundle_valid_1.json b/bundle/spiffebundle/testdata/spiffebundle_valid_1.json similarity index 100% rename from v2/bundle/spiffebundle/testdata/spiffebundle_valid_1.json rename to bundle/spiffebundle/testdata/spiffebundle_valid_1.json diff --git a/v2/bundle/spiffebundle/testdata/spiffebundle_valid_2.json b/bundle/spiffebundle/testdata/spiffebundle_valid_2.json similarity index 100% rename from v2/bundle/spiffebundle/testdata/spiffebundle_valid_2.json rename to bundle/spiffebundle/testdata/spiffebundle_valid_2.json diff --git a/v2/bundle/x509bundle/bundle.go b/bundle/x509bundle/bundle.go similarity index 100% rename from v2/bundle/x509bundle/bundle.go rename to bundle/x509bundle/bundle.go diff --git a/v2/bundle/x509bundle/bundle_test.go b/bundle/x509bundle/bundle_test.go similarity index 100% rename from v2/bundle/x509bundle/bundle_test.go rename to bundle/x509bundle/bundle_test.go diff --git a/v2/bundle/x509bundle/doc.go b/bundle/x509bundle/doc.go similarity index 100% rename from v2/bundle/x509bundle/doc.go rename to bundle/x509bundle/doc.go diff --git a/v2/bundle/x509bundle/set.go b/bundle/x509bundle/set.go similarity index 100% rename from v2/bundle/x509bundle/set.go rename to bundle/x509bundle/set.go diff --git a/v2/bundle/x509bundle/set_test.go b/bundle/x509bundle/set_test.go similarity index 100% rename from v2/bundle/x509bundle/set_test.go rename to bundle/x509bundle/set_test.go diff --git a/v2/bundle/x509bundle/source.go b/bundle/x509bundle/source.go similarity index 100% rename from v2/bundle/x509bundle/source.go rename to bundle/x509bundle/source.go diff --git a/v2/bundle/x509bundle/testdata/cert.pem b/bundle/x509bundle/testdata/cert.pem similarity index 100% rename from v2/bundle/x509bundle/testdata/cert.pem rename to bundle/x509bundle/testdata/cert.pem diff --git a/v2/bundle/x509bundle/testdata/certs.pem b/bundle/x509bundle/testdata/certs.pem similarity index 100% rename from v2/bundle/x509bundle/testdata/certs.pem rename to bundle/x509bundle/testdata/certs.pem diff --git a/v2/bundle/x509bundle/testdata/corrupted.pem b/bundle/x509bundle/testdata/corrupted.pem similarity index 100% rename from v2/bundle/x509bundle/testdata/corrupted.pem rename to bundle/x509bundle/testdata/corrupted.pem diff --git a/v2/bundle/x509bundle/testdata/empty.pem b/bundle/x509bundle/testdata/empty.pem similarity index 100% rename from v2/bundle/x509bundle/testdata/empty.pem rename to bundle/x509bundle/testdata/empty.pem diff --git a/v2/bundle/x509bundle/testdata/key.pem b/bundle/x509bundle/testdata/key.pem similarity index 100% rename from v2/bundle/x509bundle/testdata/key.pem rename to bundle/x509bundle/testdata/key.pem diff --git a/v2/bundle/x509bundle/testdata/not-pem.pem b/bundle/x509bundle/testdata/not-pem.pem similarity index 100% rename from v2/bundle/x509bundle/testdata/not-pem.pem rename to bundle/x509bundle/testdata/not-pem.pem diff --git a/v2/examples/README.md b/examples/README.md similarity index 100% rename from v2/examples/README.md rename to examples/README.md diff --git a/v2/examples/spiffe-grpc/README.md b/examples/spiffe-grpc/README.md similarity index 100% rename from v2/examples/spiffe-grpc/README.md rename to examples/spiffe-grpc/README.md diff --git a/v2/examples/spiffe-grpc/client/main.go b/examples/spiffe-grpc/client/main.go similarity index 100% rename from v2/examples/spiffe-grpc/client/main.go rename to examples/spiffe-grpc/client/main.go diff --git a/v2/examples/spiffe-grpc/server/main.go b/examples/spiffe-grpc/server/main.go similarity index 100% rename from v2/examples/spiffe-grpc/server/main.go rename to examples/spiffe-grpc/server/main.go diff --git a/v2/examples/spiffe-http/README.md b/examples/spiffe-http/README.md similarity index 100% rename from v2/examples/spiffe-http/README.md rename to examples/spiffe-http/README.md diff --git a/v2/examples/spiffe-http/client/main.go b/examples/spiffe-http/client/main.go similarity index 100% rename from v2/examples/spiffe-http/client/main.go rename to examples/spiffe-http/client/main.go diff --git a/v2/examples/spiffe-http/server/main.go b/examples/spiffe-http/server/main.go similarity index 100% rename from v2/examples/spiffe-http/server/main.go rename to examples/spiffe-http/server/main.go diff --git a/v2/examples/spiffe-jwt-using-proxy/README.md b/examples/spiffe-jwt-using-proxy/README.md similarity index 100% rename from v2/examples/spiffe-jwt-using-proxy/README.md rename to examples/spiffe-jwt-using-proxy/README.md diff --git a/v2/examples/spiffe-jwt-using-proxy/client/main.go b/examples/spiffe-jwt-using-proxy/client/main.go similarity index 100% rename from v2/examples/spiffe-jwt-using-proxy/client/main.go rename to examples/spiffe-jwt-using-proxy/client/main.go diff --git a/v2/examples/spiffe-jwt-using-proxy/proxy/main.go b/examples/spiffe-jwt-using-proxy/proxy/main.go similarity index 100% rename from v2/examples/spiffe-jwt-using-proxy/proxy/main.go rename to examples/spiffe-jwt-using-proxy/proxy/main.go diff --git a/v2/examples/spiffe-jwt-using-proxy/server/main.go b/examples/spiffe-jwt-using-proxy/server/main.go similarity index 100% rename from v2/examples/spiffe-jwt-using-proxy/server/main.go rename to examples/spiffe-jwt-using-proxy/server/main.go diff --git a/v2/examples/spiffe-jwt/README.md b/examples/spiffe-jwt/README.md similarity index 100% rename from v2/examples/spiffe-jwt/README.md rename to examples/spiffe-jwt/README.md diff --git a/v2/examples/spiffe-jwt/client/main.go b/examples/spiffe-jwt/client/main.go similarity index 100% rename from v2/examples/spiffe-jwt/client/main.go rename to examples/spiffe-jwt/client/main.go diff --git a/v2/examples/spiffe-jwt/server/main.go b/examples/spiffe-jwt/server/main.go similarity index 100% rename from v2/examples/spiffe-jwt/server/main.go rename to examples/spiffe-jwt/server/main.go diff --git a/v2/examples/spiffe-tls/README.md b/examples/spiffe-tls/README.md similarity index 100% rename from v2/examples/spiffe-tls/README.md rename to examples/spiffe-tls/README.md diff --git a/v2/examples/spiffe-tls/client/main.go b/examples/spiffe-tls/client/main.go similarity index 100% rename from v2/examples/spiffe-tls/client/main.go rename to examples/spiffe-tls/client/main.go diff --git a/v2/examples/spiffe-tls/server/main.go b/examples/spiffe-tls/server/main.go similarity index 100% rename from v2/examples/spiffe-tls/server/main.go rename to examples/spiffe-tls/server/main.go diff --git a/v2/examples/spiffe-watcher/README.md b/examples/spiffe-watcher/README.md similarity index 100% rename from v2/examples/spiffe-watcher/README.md rename to examples/spiffe-watcher/README.md diff --git a/v2/examples/spiffe-watcher/main.go b/examples/spiffe-watcher/main.go similarity index 100% rename from v2/examples/spiffe-watcher/main.go rename to examples/spiffe-watcher/main.go diff --git a/v2/federation/examples_test.go b/federation/examples_test.go similarity index 100% rename from v2/federation/examples_test.go rename to federation/examples_test.go diff --git a/v2/federation/fetch.go b/federation/fetch.go similarity index 100% rename from v2/federation/fetch.go rename to federation/fetch.go diff --git a/v2/federation/fetch_test.go b/federation/fetch_test.go similarity index 100% rename from v2/federation/fetch_test.go rename to federation/fetch_test.go diff --git a/v2/federation/handler.go b/federation/handler.go similarity index 100% rename from v2/federation/handler.go rename to federation/handler.go diff --git a/v2/federation/handler_test.go b/federation/handler_test.go similarity index 100% rename from v2/federation/handler_test.go rename to federation/handler_test.go diff --git a/v2/federation/watch.go b/federation/watch.go similarity index 100% rename from v2/federation/watch.go rename to federation/watch.go diff --git a/v2/federation/watch_test.go b/federation/watch_test.go similarity index 100% rename from v2/federation/watch_test.go rename to federation/watch_test.go diff --git a/v2/go.mod b/go.mod similarity index 100% rename from v2/go.mod rename to go.mod diff --git a/v2/go.sum b/go.sum similarity index 100% rename from v2/go.sum rename to go.sum diff --git a/v2/internal/cryptoutil/keys.go b/internal/cryptoutil/keys.go similarity index 100% rename from v2/internal/cryptoutil/keys.go rename to internal/cryptoutil/keys.go diff --git a/v2/internal/jwtutil/util.go b/internal/jwtutil/util.go similarity index 100% rename from v2/internal/jwtutil/util.go rename to internal/jwtutil/util.go diff --git a/v2/internal/pemutil/pem.go b/internal/pemutil/pem.go similarity index 100% rename from v2/internal/pemutil/pem.go rename to internal/pemutil/pem.go diff --git a/v2/internal/pemutil/pem_test.go b/internal/pemutil/pem_test.go similarity index 100% rename from v2/internal/pemutil/pem_test.go rename to internal/pemutil/pem_test.go diff --git a/v2/internal/test/ca.go b/internal/test/ca.go similarity index 100% rename from v2/internal/test/ca.go rename to internal/test/ca.go diff --git a/v2/internal/test/errstrings/err_posix.go b/internal/test/errstrings/err_posix.go similarity index 100% rename from v2/internal/test/errstrings/err_posix.go rename to internal/test/errstrings/err_posix.go diff --git a/v2/internal/test/errstrings/err_windows.go b/internal/test/errstrings/err_windows.go similarity index 100% rename from v2/internal/test/errstrings/err_windows.go rename to internal/test/errstrings/err_windows.go diff --git a/v2/internal/test/fakebundleendpoint/server.go b/internal/test/fakebundleendpoint/server.go similarity index 100% rename from v2/internal/test/fakebundleendpoint/server.go rename to internal/test/fakebundleendpoint/server.go diff --git a/v2/internal/test/fakeworkloadapi/workload_api.go b/internal/test/fakeworkloadapi/workload_api.go similarity index 100% rename from v2/internal/test/fakeworkloadapi/workload_api.go rename to internal/test/fakeworkloadapi/workload_api.go diff --git a/v2/internal/test/fakeworkloadapi/workload_api_posix.go b/internal/test/fakeworkloadapi/workload_api_posix.go similarity index 100% rename from v2/internal/test/fakeworkloadapi/workload_api_posix.go rename to internal/test/fakeworkloadapi/workload_api_posix.go diff --git a/v2/internal/test/fakeworkloadapi/workload_api_windows.go b/internal/test/fakeworkloadapi/workload_api_windows.go similarity index 100% rename from v2/internal/test/fakeworkloadapi/workload_api_windows.go rename to internal/test/fakeworkloadapi/workload_api_windows.go diff --git a/v2/internal/test/keys.go b/internal/test/keys.go similarity index 100% rename from v2/internal/test/keys.go rename to internal/test/keys.go diff --git a/v2/internal/x509util/util.go b/internal/x509util/util.go similarity index 100% rename from v2/internal/x509util/util.go rename to internal/x509util/util.go diff --git a/v2/logger/logger.go b/logger/logger.go similarity index 100% rename from v2/logger/logger.go rename to logger/logger.go diff --git a/v2/logger/null.go b/logger/null.go similarity index 100% rename from v2/logger/null.go rename to logger/null.go diff --git a/v2/logger/std.go b/logger/std.go similarity index 100% rename from v2/logger/std.go rename to logger/std.go diff --git a/v2/logger/std_test.go b/logger/std_test.go similarity index 100% rename from v2/logger/std_test.go rename to logger/std_test.go diff --git a/v2/logger/writer.go b/logger/writer.go similarity index 100% rename from v2/logger/writer.go rename to logger/writer.go diff --git a/v2/logger/writer_test.go b/logger/writer_test.go similarity index 100% rename from v2/logger/writer_test.go rename to logger/writer_test.go diff --git a/v2/proto/spiffe/workload/workload.pb.go b/proto/spiffe/workload/workload.pb.go similarity index 100% rename from v2/proto/spiffe/workload/workload.pb.go rename to proto/spiffe/workload/workload.pb.go diff --git a/v2/proto/spiffe/workload/workload.proto b/proto/spiffe/workload/workload.proto similarity index 100% rename from v2/proto/spiffe/workload/workload.proto rename to proto/spiffe/workload/workload.proto diff --git a/v2/proto/spiffe/workload/workload_grpc.pb.go b/proto/spiffe/workload/workload_grpc.pb.go similarity index 100% rename from v2/proto/spiffe/workload/workload_grpc.pb.go rename to proto/spiffe/workload/workload_grpc.pb.go diff --git a/v2/spiffegrpc/grpccredentials/credentials.go b/spiffegrpc/grpccredentials/credentials.go similarity index 100% rename from v2/spiffegrpc/grpccredentials/credentials.go rename to spiffegrpc/grpccredentials/credentials.go diff --git a/v2/spiffegrpc/grpccredentials/credentials_test.go b/spiffegrpc/grpccredentials/credentials_test.go similarity index 100% rename from v2/spiffegrpc/grpccredentials/credentials_test.go rename to spiffegrpc/grpccredentials/credentials_test.go diff --git a/v2/spiffeid/charset_backcompat_allow.go b/spiffeid/charset_backcompat_allow.go similarity index 100% rename from v2/spiffeid/charset_backcompat_allow.go rename to spiffeid/charset_backcompat_allow.go diff --git a/v2/spiffeid/charset_backcompat_deny.go b/spiffeid/charset_backcompat_deny.go similarity index 100% rename from v2/spiffeid/charset_backcompat_deny.go rename to spiffeid/charset_backcompat_deny.go diff --git a/v2/spiffeid/errors.go b/spiffeid/errors.go similarity index 100% rename from v2/spiffeid/errors.go rename to spiffeid/errors.go diff --git a/v2/spiffeid/id.go b/spiffeid/id.go similarity index 100% rename from v2/spiffeid/id.go rename to spiffeid/id.go diff --git a/v2/spiffeid/id_test.go b/spiffeid/id_test.go similarity index 100% rename from v2/spiffeid/id_test.go rename to spiffeid/id_test.go diff --git a/v2/spiffeid/match.go b/spiffeid/match.go similarity index 100% rename from v2/spiffeid/match.go rename to spiffeid/match.go diff --git a/v2/spiffeid/match_test.go b/spiffeid/match_test.go similarity index 100% rename from v2/spiffeid/match_test.go rename to spiffeid/match_test.go diff --git a/v2/spiffeid/path.go b/spiffeid/path.go similarity index 100% rename from v2/spiffeid/path.go rename to spiffeid/path.go diff --git a/v2/spiffeid/path_test.go b/spiffeid/path_test.go similarity index 100% rename from v2/spiffeid/path_test.go rename to spiffeid/path_test.go diff --git a/v2/spiffeid/require.go b/spiffeid/require.go similarity index 100% rename from v2/spiffeid/require.go rename to spiffeid/require.go diff --git a/v2/spiffeid/require_test.go b/spiffeid/require_test.go similarity index 100% rename from v2/spiffeid/require_test.go rename to spiffeid/require_test.go diff --git a/v2/spiffeid/trustdomain.go b/spiffeid/trustdomain.go similarity index 100% rename from v2/spiffeid/trustdomain.go rename to spiffeid/trustdomain.go diff --git a/v2/spiffeid/trustdomain_test.go b/spiffeid/trustdomain_test.go similarity index 100% rename from v2/spiffeid/trustdomain_test.go rename to spiffeid/trustdomain_test.go diff --git a/v2/spiffetls/dial.go b/spiffetls/dial.go similarity index 100% rename from v2/spiffetls/dial.go rename to spiffetls/dial.go diff --git a/v2/spiffetls/examples_test.go b/spiffetls/examples_test.go similarity index 100% rename from v2/spiffetls/examples_test.go rename to spiffetls/examples_test.go diff --git a/v2/spiffetls/listen.go b/spiffetls/listen.go similarity index 100% rename from v2/spiffetls/listen.go rename to spiffetls/listen.go diff --git a/v2/spiffetls/mode.go b/spiffetls/mode.go similarity index 100% rename from v2/spiffetls/mode.go rename to spiffetls/mode.go diff --git a/v2/spiffetls/option.go b/spiffetls/option.go similarity index 100% rename from v2/spiffetls/option.go rename to spiffetls/option.go diff --git a/v2/spiffetls/peerid.go b/spiffetls/peerid.go similarity index 100% rename from v2/spiffetls/peerid.go rename to spiffetls/peerid.go diff --git a/v2/spiffetls/spiffetls_posix_test.go b/spiffetls/spiffetls_posix_test.go similarity index 100% rename from v2/spiffetls/spiffetls_posix_test.go rename to spiffetls/spiffetls_posix_test.go diff --git a/v2/spiffetls/spiffetls_test.go b/spiffetls/spiffetls_test.go similarity index 100% rename from v2/spiffetls/spiffetls_test.go rename to spiffetls/spiffetls_test.go diff --git a/v2/spiffetls/spiffetls_windows_test.go b/spiffetls/spiffetls_windows_test.go similarity index 100% rename from v2/spiffetls/spiffetls_windows_test.go rename to spiffetls/spiffetls_windows_test.go diff --git a/v2/spiffetls/tlsconfig/authorizer.go b/spiffetls/tlsconfig/authorizer.go similarity index 100% rename from v2/spiffetls/tlsconfig/authorizer.go rename to spiffetls/tlsconfig/authorizer.go diff --git a/v2/spiffetls/tlsconfig/config.go b/spiffetls/tlsconfig/config.go similarity index 100% rename from v2/spiffetls/tlsconfig/config.go rename to spiffetls/tlsconfig/config.go diff --git a/v2/spiffetls/tlsconfig/config_test.go b/spiffetls/tlsconfig/config_test.go similarity index 100% rename from v2/spiffetls/tlsconfig/config_test.go rename to spiffetls/tlsconfig/config_test.go diff --git a/v2/spiffetls/tlsconfig/examples_test.go b/spiffetls/tlsconfig/examples_test.go similarity index 100% rename from v2/spiffetls/tlsconfig/examples_test.go rename to spiffetls/tlsconfig/examples_test.go diff --git a/v2/spiffetls/tlsconfig/trace.go b/spiffetls/tlsconfig/trace.go similarity index 100% rename from v2/spiffetls/tlsconfig/trace.go rename to spiffetls/tlsconfig/trace.go diff --git a/v2/svid/jwtsvid/examples_test.go b/svid/jwtsvid/examples_test.go similarity index 100% rename from v2/svid/jwtsvid/examples_test.go rename to svid/jwtsvid/examples_test.go diff --git a/v2/svid/jwtsvid/source.go b/svid/jwtsvid/source.go similarity index 100% rename from v2/svid/jwtsvid/source.go rename to svid/jwtsvid/source.go diff --git a/v2/svid/jwtsvid/svid.go b/svid/jwtsvid/svid.go similarity index 100% rename from v2/svid/jwtsvid/svid.go rename to svid/jwtsvid/svid.go diff --git a/v2/svid/jwtsvid/svid_test.go b/svid/jwtsvid/svid_test.go similarity index 100% rename from v2/svid/jwtsvid/svid_test.go rename to svid/jwtsvid/svid_test.go diff --git a/v2/svid/x509svid/source.go b/svid/x509svid/source.go similarity index 100% rename from v2/svid/x509svid/source.go rename to svid/x509svid/source.go diff --git a/v2/svid/x509svid/svid.go b/svid/x509svid/svid.go similarity index 100% rename from v2/svid/x509svid/svid.go rename to svid/x509svid/svid.go diff --git a/v2/svid/x509svid/svid_test.go b/svid/x509svid/svid_test.go similarity index 100% rename from v2/svid/x509svid/svid_test.go rename to svid/x509svid/svid_test.go diff --git a/v2/svid/x509svid/testdata/corrupt-cert.pem b/svid/x509svid/testdata/corrupt-cert.pem similarity index 100% rename from v2/svid/x509svid/testdata/corrupt-cert.pem rename to svid/x509svid/testdata/corrupt-cert.pem diff --git a/v2/svid/x509svid/testdata/corrupt-key.pem b/svid/x509svid/testdata/corrupt-key.pem similarity index 100% rename from v2/svid/x509svid/testdata/corrupt-key.pem rename to svid/x509svid/testdata/corrupt-key.pem diff --git a/v2/svid/x509svid/testdata/good-cert-and-key.pem b/svid/x509svid/testdata/good-cert-and-key.pem similarity index 100% rename from v2/svid/x509svid/testdata/good-cert-and-key.pem rename to svid/x509svid/testdata/good-cert-and-key.pem diff --git a/v2/svid/x509svid/testdata/good-key-and-cert.pem b/svid/x509svid/testdata/good-key-and-cert.pem similarity index 100% rename from v2/svid/x509svid/testdata/good-key-and-cert.pem rename to svid/x509svid/testdata/good-key-and-cert.pem diff --git a/v2/svid/x509svid/testdata/good-leaf-and-intermediate.pem b/svid/x509svid/testdata/good-leaf-and-intermediate.pem similarity index 100% rename from v2/svid/x509svid/testdata/good-leaf-and-intermediate.pem rename to svid/x509svid/testdata/good-leaf-and-intermediate.pem diff --git a/v2/svid/x509svid/testdata/good-leaf-only.pem b/svid/x509svid/testdata/good-leaf-only.pem similarity index 100% rename from v2/svid/x509svid/testdata/good-leaf-only.pem rename to svid/x509svid/testdata/good-leaf-only.pem diff --git a/v2/svid/x509svid/testdata/key-pkcs8-ecdsa.pem b/svid/x509svid/testdata/key-pkcs8-ecdsa.pem similarity index 100% rename from v2/svid/x509svid/testdata/key-pkcs8-ecdsa.pem rename to svid/x509svid/testdata/key-pkcs8-ecdsa.pem diff --git a/v2/svid/x509svid/testdata/key-pkcs8-rsa.pem b/svid/x509svid/testdata/key-pkcs8-rsa.pem similarity index 100% rename from v2/svid/x509svid/testdata/key-pkcs8-rsa.pem rename to svid/x509svid/testdata/key-pkcs8-rsa.pem diff --git a/v2/svid/x509svid/testdata/not-pem b/svid/x509svid/testdata/not-pem similarity index 100% rename from v2/svid/x509svid/testdata/not-pem rename to svid/x509svid/testdata/not-pem diff --git a/v2/svid/x509svid/testdata/wrong-intermediate-no-ca.pem b/svid/x509svid/testdata/wrong-intermediate-no-ca.pem similarity index 100% rename from v2/svid/x509svid/testdata/wrong-intermediate-no-ca.pem rename to svid/x509svid/testdata/wrong-intermediate-no-ca.pem diff --git a/v2/svid/x509svid/testdata/wrong-intermediate-no-key-cert-sign.pem b/svid/x509svid/testdata/wrong-intermediate-no-key-cert-sign.pem similarity index 100% rename from v2/svid/x509svid/testdata/wrong-intermediate-no-key-cert-sign.pem rename to svid/x509svid/testdata/wrong-intermediate-no-key-cert-sign.pem diff --git a/v2/svid/x509svid/testdata/wrong-leaf-ca-true.pem b/svid/x509svid/testdata/wrong-leaf-ca-true.pem similarity index 100% rename from v2/svid/x509svid/testdata/wrong-leaf-ca-true.pem rename to svid/x509svid/testdata/wrong-leaf-ca-true.pem diff --git a/v2/svid/x509svid/testdata/wrong-leaf-cert-sign.pem b/svid/x509svid/testdata/wrong-leaf-cert-sign.pem similarity index 100% rename from v2/svid/x509svid/testdata/wrong-leaf-cert-sign.pem rename to svid/x509svid/testdata/wrong-leaf-cert-sign.pem diff --git a/v2/svid/x509svid/testdata/wrong-leaf-crl-sign.pem b/svid/x509svid/testdata/wrong-leaf-crl-sign.pem similarity index 100% rename from v2/svid/x509svid/testdata/wrong-leaf-crl-sign.pem rename to svid/x509svid/testdata/wrong-leaf-crl-sign.pem diff --git a/v2/svid/x509svid/testdata/wrong-leaf-empty-id.pem b/svid/x509svid/testdata/wrong-leaf-empty-id.pem similarity index 100% rename from v2/svid/x509svid/testdata/wrong-leaf-empty-id.pem rename to svid/x509svid/testdata/wrong-leaf-empty-id.pem diff --git a/v2/svid/x509svid/testdata/wrong-leaf-no-digital-signature.pem b/svid/x509svid/testdata/wrong-leaf-no-digital-signature.pem similarity index 100% rename from v2/svid/x509svid/testdata/wrong-leaf-no-digital-signature.pem rename to svid/x509svid/testdata/wrong-leaf-no-digital-signature.pem diff --git a/v2/svid/x509svid/verify.go b/svid/x509svid/verify.go similarity index 100% rename from v2/svid/x509svid/verify.go rename to svid/x509svid/verify.go diff --git a/v2/svid/x509svid/verify_test.go b/svid/x509svid/verify_test.go similarity index 100% rename from v2/svid/x509svid/verify_test.go rename to svid/x509svid/verify_test.go diff --git a/v2/workloadapi/addr.go b/workloadapi/addr.go similarity index 100% rename from v2/workloadapi/addr.go rename to workloadapi/addr.go diff --git a/v2/workloadapi/addr_posix.go b/workloadapi/addr_posix.go similarity index 100% rename from v2/workloadapi/addr_posix.go rename to workloadapi/addr_posix.go diff --git a/v2/workloadapi/addr_posix_test.go b/workloadapi/addr_posix_test.go similarity index 100% rename from v2/workloadapi/addr_posix_test.go rename to workloadapi/addr_posix_test.go diff --git a/v2/workloadapi/addr_test.go b/workloadapi/addr_test.go similarity index 100% rename from v2/workloadapi/addr_test.go rename to workloadapi/addr_test.go diff --git a/v2/workloadapi/addr_windows.go b/workloadapi/addr_windows.go similarity index 100% rename from v2/workloadapi/addr_windows.go rename to workloadapi/addr_windows.go diff --git a/v2/workloadapi/addr_windows_test.go b/workloadapi/addr_windows_test.go similarity index 100% rename from v2/workloadapi/addr_windows_test.go rename to workloadapi/addr_windows_test.go diff --git a/v2/workloadapi/backoff.go b/workloadapi/backoff.go similarity index 100% rename from v2/workloadapi/backoff.go rename to workloadapi/backoff.go diff --git a/v2/workloadapi/backoff_test.go b/workloadapi/backoff_test.go similarity index 100% rename from v2/workloadapi/backoff_test.go rename to workloadapi/backoff_test.go diff --git a/v2/workloadapi/bundlesource.go b/workloadapi/bundlesource.go similarity index 100% rename from v2/workloadapi/bundlesource.go rename to workloadapi/bundlesource.go diff --git a/v2/workloadapi/bundlesource_test.go b/workloadapi/bundlesource_test.go similarity index 100% rename from v2/workloadapi/bundlesource_test.go rename to workloadapi/bundlesource_test.go diff --git a/v2/workloadapi/client.go b/workloadapi/client.go similarity index 100% rename from v2/workloadapi/client.go rename to workloadapi/client.go diff --git a/v2/workloadapi/client_posix.go b/workloadapi/client_posix.go similarity index 100% rename from v2/workloadapi/client_posix.go rename to workloadapi/client_posix.go diff --git a/v2/workloadapi/client_test.go b/workloadapi/client_test.go similarity index 100% rename from v2/workloadapi/client_test.go rename to workloadapi/client_test.go diff --git a/v2/workloadapi/client_windows.go b/workloadapi/client_windows.go similarity index 100% rename from v2/workloadapi/client_windows.go rename to workloadapi/client_windows.go diff --git a/v2/workloadapi/client_windows_test.go b/workloadapi/client_windows_test.go similarity index 100% rename from v2/workloadapi/client_windows_test.go rename to workloadapi/client_windows_test.go diff --git a/v2/workloadapi/common_test.go b/workloadapi/common_test.go similarity index 100% rename from v2/workloadapi/common_test.go rename to workloadapi/common_test.go diff --git a/v2/workloadapi/convenience.go b/workloadapi/convenience.go similarity index 100% rename from v2/workloadapi/convenience.go rename to workloadapi/convenience.go diff --git a/v2/workloadapi/examples_test.go b/workloadapi/examples_test.go similarity index 100% rename from v2/workloadapi/examples_test.go rename to workloadapi/examples_test.go diff --git a/v2/workloadapi/jwtsource.go b/workloadapi/jwtsource.go similarity index 100% rename from v2/workloadapi/jwtsource.go rename to workloadapi/jwtsource.go diff --git a/v2/workloadapi/jwtsource_test.go b/workloadapi/jwtsource_test.go similarity index 100% rename from v2/workloadapi/jwtsource_test.go rename to workloadapi/jwtsource_test.go diff --git a/v2/workloadapi/option.go b/workloadapi/option.go similarity index 100% rename from v2/workloadapi/option.go rename to workloadapi/option.go diff --git a/v2/workloadapi/option_windows.go b/workloadapi/option_windows.go similarity index 100% rename from v2/workloadapi/option_windows.go rename to workloadapi/option_windows.go diff --git a/v2/workloadapi/watcher.go b/workloadapi/watcher.go similarity index 100% rename from v2/workloadapi/watcher.go rename to workloadapi/watcher.go diff --git a/v2/workloadapi/x509context.go b/workloadapi/x509context.go similarity index 100% rename from v2/workloadapi/x509context.go rename to workloadapi/x509context.go diff --git a/v2/workloadapi/x509source.go b/workloadapi/x509source.go similarity index 100% rename from v2/workloadapi/x509source.go rename to workloadapi/x509source.go diff --git a/v2/workloadapi/x509source_test.go b/workloadapi/x509source_test.go similarity index 100% rename from v2/workloadapi/x509source_test.go rename to workloadapi/x509source_test.go From 1c8e5b16f153334d59245ae62fc0e9f51353aa14 Mon Sep 17 00:00:00 2001 From: Andrew Harding Date: Wed, 9 Apr 2025 06:30:37 -0600 Subject: [PATCH 08/18] Prepare to use GH merge queue (#339) - adds merge_group dispatch on the PR build workflow - adds the dco-check workflow (to replace DCOBot, which doesn't work with merge queues) Signed-off-by: Andrew Harding --- .github/workflows/dco.yaml | 17 +++++++++++++++++ .github/workflows/pr_build.yaml | 5 +++-- 2 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/dco.yaml diff --git a/.github/workflows/dco.yaml b/.github/workflows/dco.yaml new file mode 100644 index 000000000..491d20ff5 --- /dev/null +++ b/.github/workflows/dco.yaml @@ -0,0 +1,17 @@ +name: DCO +on: + pull_request: + merge_group: +jobs: + check_dco: + runs-on: ubuntu-latest + permissions: + contents: read + name: Check DCO + steps: + - name: Run dco-check + uses: christophebedard/dco-check@7b0205d25ead0f898e0b706b58227dd5fa7e3f55 # 0.5.0 + with: + args: --exclude-pattern 'dependabot\[bot\]@users\.noreply\.github\.com' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index fc36985d4..7d3f53b1e 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -1,7 +1,8 @@ name: PR Build on: - pull_request: {} - workflow_dispatch: {} + pull_request: + merge_group: + workflow_dispatch: jobs: lint-linux: runs-on: ubuntu-latest From 14db48a51bc713a3a4bb92bfa30dbbead99bcb09 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 May 2025 07:40:22 -0600 Subject: [PATCH 09/18] Bump google.golang.org/grpc from 1.71.1 to 1.72.0 (#340) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.71.1 to 1.72.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.71.1...v1.72.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.72.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0ec094f43..09daeffca 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Microsoft/go-winio v0.6.2 github.com/go-jose/go-jose/v4 v4.0.5 github.com/stretchr/testify v1.10.0 - google.golang.org/grpc v1.71.1 + google.golang.org/grpc v1.72.0 google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6 google.golang.org/protobuf v1.36.6 ) diff --git a/go.sum b/go.sum index 5b5463a68..e3f54acd9 100644 --- a/go.sum +++ b/go.sum @@ -45,8 +45,8 @@ golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0= golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU= google.golang.org/genproto/googleapis/rpc v0.0.0-20250404141209-ee84b53bf3d0 h1:0K7wTWyzxZ7J+L47+LbFogJW1nn/gnnMCN0vGXNYtTI= google.golang.org/genproto/googleapis/rpc v0.0.0-20250404141209-ee84b53bf3d0/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/grpc v1.71.1 h1:ffsFWr7ygTUscGPI0KKK6TLrGz0476KUvvsbqWK0rPI= -google.golang.org/grpc v1.71.1/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec= +google.golang.org/grpc v1.72.0 h1:S7UkcVa60b5AAQTaO6ZKamFp1zMZSU0fGDK2WZLbBnM= +google.golang.org/grpc v1.72.0/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM= google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6 h1:ExN12ndbJ608cboPYflpTny6mXSzPrDLh0iTaVrRrds= google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6/go.mod h1:6ytKWczdvnpnO+m+JiG9NjEDzR1FJfsnmJdG7B8QVZ8= google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= From 20a1a110fafae4e3705c3a90cde458d8027e4fb1 Mon Sep 17 00:00:00 2001 From: Lillie Rugtveit <126776478+LillieEntur@users.noreply.github.com> Date: Thu, 8 May 2025 15:43:28 +0200 Subject: [PATCH 10/18] Fix invalid examples link in README.md (#342) Signed-off-by: Lillie Rugtveit <126776478+LillieEntur@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8de3cbf35..6611b97c7 100644 --- a/README.md +++ b/README.md @@ -43,4 +43,4 @@ streamed from the Workload API (e.g. secret rotation). ## Examples -The [examples](./v2/examples) directory contains rich examples for a variety of circumstances. +The [examples](./examples) directory contains rich examples for a variety of circumstances. From 42bdd19b38cf7234c881fa00e6ba33e1f4195e9a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Jul 2025 09:41:28 -0600 Subject: [PATCH 11/18] Bump github.com/go-jose/go-jose/v4 from 4.0.5 to 4.1.1 (#347) Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.0.5 to 4.1.1. - [Release notes](https://github.com/go-jose/go-jose/releases) - [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md) - [Commits](https://github.com/go-jose/go-jose/compare/v4.0.5...v4.1.1) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v4 dependency-version: 4.1.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 09daeffca..0cfe18f57 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.23.0 require ( github.com/Microsoft/go-winio v0.6.2 - github.com/go-jose/go-jose/v4 v4.0.5 + github.com/go-jose/go-jose/v4 v4.1.1 github.com/stretchr/testify v1.10.0 google.golang.org/grpc v1.72.0 google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6 @@ -15,10 +15,10 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/kr/pretty v0.1.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - golang.org/x/crypto v0.37.0 // indirect + golang.org/x/crypto v0.39.0 // indirect golang.org/x/net v0.38.0 // indirect - golang.org/x/sys v0.32.0 // indirect - golang.org/x/text v0.24.0 // indirect + golang.org/x/sys v0.33.0 // indirect + golang.org/x/text v0.26.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250404141209-ee84b53bf3d0 // indirect gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index e3f54acd9..48a7b0795 100644 --- a/go.sum +++ b/go.sum @@ -2,8 +2,8 @@ github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERo github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE= -github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA= +github.com/go-jose/go-jose/v4 v4.1.1 h1:JYhSgy4mXXzAdF3nUx3ygx347LRXJRrpgyU3adRmkAI= +github.com/go-jose/go-jose/v4 v4.1.1/go.mod h1:BdsZGqgdO3b6tTc6LSE56wcDbMMLuPsw5d4ZD5f94kA= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= @@ -35,14 +35,14 @@ go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5J go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w= go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs= go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc= -golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE= -golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc= +golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM= +golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= -golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20= -golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0= -golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU= +golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= +golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= +golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= google.golang.org/genproto/googleapis/rpc v0.0.0-20250404141209-ee84b53bf3d0 h1:0K7wTWyzxZ7J+L47+LbFogJW1nn/gnnMCN0vGXNYtTI= google.golang.org/genproto/googleapis/rpc v0.0.0-20250404141209-ee84b53bf3d0/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/grpc v1.72.0 h1:S7UkcVa60b5AAQTaO6ZKamFp1zMZSU0fGDK2WZLbBnM= From 84a48c0bf4d245dedbfa97f156043a15e5139799 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Jul 2025 09:41:41 -0600 Subject: [PATCH 12/18] Bump google.golang.org/grpc from 1.72.0 to 1.73.0 (#345) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.72.0 to 1.73.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.72.0...v1.73.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.73.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 0cfe18f57..f4dab2771 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Microsoft/go-winio v0.6.2 github.com/go-jose/go-jose/v4 v4.1.1 github.com/stretchr/testify v1.10.0 - google.golang.org/grpc v1.72.0 + google.golang.org/grpc v1.73.0 google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6 google.golang.org/protobuf v1.36.6 ) diff --git a/go.sum b/go.sum index 48a7b0795..fc9b13075 100644 --- a/go.sum +++ b/go.sum @@ -10,8 +10,8 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= @@ -45,8 +45,8 @@ golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= google.golang.org/genproto/googleapis/rpc v0.0.0-20250404141209-ee84b53bf3d0 h1:0K7wTWyzxZ7J+L47+LbFogJW1nn/gnnMCN0vGXNYtTI= google.golang.org/genproto/googleapis/rpc v0.0.0-20250404141209-ee84b53bf3d0/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/grpc v1.72.0 h1:S7UkcVa60b5AAQTaO6ZKamFp1zMZSU0fGDK2WZLbBnM= -google.golang.org/grpc v1.72.0/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM= +google.golang.org/grpc v1.73.0 h1:VIWSmpI2MegBtTuFt5/JWy2oXxtjJ/e89Z70ImfD2ok= +google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc= google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6 h1:ExN12ndbJ608cboPYflpTny6mXSzPrDLh0iTaVrRrds= google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6/go.mod h1:6ytKWczdvnpnO+m+JiG9NjEDzR1FJfsnmJdG7B8QVZ8= google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= From 7cfd523ba73156fb29b12d696d200a88460ce322 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Aug 2025 08:05:38 -0600 Subject: [PATCH 13/18] Bump actions/checkout from 4 to 5 (#351) Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pr_build.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 7d3f53b1e..f2c142761 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Setup go uses: actions/setup-go@v5 with: @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Setup go uses: actions/setup-go@v5 with: @@ -39,7 +39,7 @@ jobs: shell: msys2 {0} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Setup go uses: actions/setup-go@v5 with: @@ -66,7 +66,7 @@ jobs: shell: msys2 {0} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Setup go uses: actions/setup-go@v5 with: From 237e1a99e4c9685b39aa6b25eb45e17ac459048a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Aug 2025 08:05:59 -0600 Subject: [PATCH 14/18] Bump github.com/go-jose/go-jose/v4 from 4.1.1 to 4.1.2 (#349) Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.1.1 to 4.1.2. - [Release notes](https://github.com/go-jose/go-jose/releases) - [Commits](https://github.com/go-jose/go-jose/compare/v4.1.1...v4.1.2) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v4 dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f4dab2771..36b5f52be 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.23.0 require ( github.com/Microsoft/go-winio v0.6.2 - github.com/go-jose/go-jose/v4 v4.1.1 + github.com/go-jose/go-jose/v4 v4.1.2 github.com/stretchr/testify v1.10.0 google.golang.org/grpc v1.73.0 google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6 diff --git a/go.sum b/go.sum index fc9b13075..edf59855b 100644 --- a/go.sum +++ b/go.sum @@ -2,8 +2,8 @@ github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERo github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/go-jose/go-jose/v4 v4.1.1 h1:JYhSgy4mXXzAdF3nUx3ygx347LRXJRrpgyU3adRmkAI= -github.com/go-jose/go-jose/v4 v4.1.1/go.mod h1:BdsZGqgdO3b6tTc6LSE56wcDbMMLuPsw5d4ZD5f94kA= +github.com/go-jose/go-jose/v4 v4.1.2 h1:TK/7NqRQZfgAh+Td8AlsrvtPoUyiHh0LqVvokh+1vHI= +github.com/go-jose/go-jose/v4 v4.1.2/go.mod h1:22cg9HWM1pOlnRiY+9cQYJ9XHmya1bYW8OeDM6Ku6Oo= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= From f8be7ff7bb747555676ac88cb645ff66f92f4980 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Aug 2025 08:06:13 -0600 Subject: [PATCH 15/18] Bump google.golang.org/protobuf from 1.36.6 to 1.36.7 (#350) Bumps google.golang.org/protobuf from 1.36.6 to 1.36.7. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-version: 1.36.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 36b5f52be..635941b05 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/stretchr/testify v1.10.0 google.golang.org/grpc v1.73.0 google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6 - google.golang.org/protobuf v1.36.6 + google.golang.org/protobuf v1.36.7 ) require ( diff --git a/go.sum b/go.sum index edf59855b..e5017eb7d 100644 --- a/go.sum +++ b/go.sum @@ -49,8 +49,8 @@ google.golang.org/grpc v1.73.0 h1:VIWSmpI2MegBtTuFt5/JWy2oXxtjJ/e89Z70ImfD2ok= google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc= google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6 h1:ExN12ndbJ608cboPYflpTny6mXSzPrDLh0iTaVrRrds= google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6/go.mod h1:6ytKWczdvnpnO+m+JiG9NjEDzR1FJfsnmJdG7B8QVZ8= -google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= -google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= +google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= +google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From d49b642c8ca4a1b6c0a76de153511df860949fb3 Mon Sep 17 00:00:00 2001 From: Andrew Harding Date: Thu, 21 Aug 2025 08:39:14 -0600 Subject: [PATCH 16/18] Bump supported Go version and add policy (#352) Signed-off-by: Andrew Harding --- Makefile | 2 +- README.md | 12 ++++++++++++ go.mod | 2 +- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index d1002bd78..6275fe9c1 100644 --- a/Makefile +++ b/Makefile @@ -85,7 +85,7 @@ apiprotos := \ # Toolchain ############################################################################# -go_version_full := 1.23.8 +go_version_full := 1.24.6 go_version := $(go_version_full:.0=) go_dir := $(build_dir)/go/$(go_version) diff --git a/README.md b/README.md index 6611b97c7..baa72fc31 100644 --- a/README.md +++ b/README.md @@ -44,3 +44,15 @@ streamed from the Workload API (e.g. secret rotation). ## Examples The [examples](./examples) directory contains rich examples for a variety of circumstances. + +## Supported Go Versions + +This library tracks the minimum officially supported Go version (i.e. N-1). The +only exception to this policy will be in response to a security issue affecting +a dependency that forces a premature upgrade. This action is expected to be rare, +will not be taken lightly, and not until reasonable efforts to mitigate the +security issue while maintaining this policy are pursued. + +## Reporting Security Vulnerabilities + +If you've found a vulnerability or a potential vulnerability in go-spiffe, please let us know at . We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively. diff --git a/go.mod b/go.mod index 635941b05..cec3d9339 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/spiffe/go-spiffe/v2 -go 1.23.0 +go 1.24.0 require ( github.com/Microsoft/go-winio v0.6.2 From 57dee7055dbd5006e4de7514cb1857622e347ccf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Aug 2025 14:39:53 +0000 Subject: [PATCH 17/18] Bump google.golang.org/grpc from 1.73.0 to 1.74.2 (#348) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.73.0 to 1.74.2. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.73.0...v1.74.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.74.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 38 ++++++++++++++++++++------------------ 2 files changed, 23 insertions(+), 21 deletions(-) diff --git a/go.mod b/go.mod index cec3d9339..a564dca01 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Microsoft/go-winio v0.6.2 github.com/go-jose/go-jose/v4 v4.1.2 github.com/stretchr/testify v1.10.0 - google.golang.org/grpc v1.73.0 + google.golang.org/grpc v1.75.0 google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6 google.golang.org/protobuf v1.36.7 ) @@ -16,10 +16,10 @@ require ( github.com/kr/pretty v0.1.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect golang.org/x/crypto v0.39.0 // indirect - golang.org/x/net v0.38.0 // indirect + golang.org/x/net v0.41.0 // indirect golang.org/x/sys v0.33.0 // indirect golang.org/x/text v0.26.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250404141209-ee84b53bf3d0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index e5017eb7d..e291e8596 100644 --- a/go.sum +++ b/go.sum @@ -4,8 +4,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/go-jose/go-jose/v4 v4.1.2 h1:TK/7NqRQZfgAh+Td8AlsrvtPoUyiHh0LqVvokh+1vHI= github.com/go-jose/go-jose/v4 v4.1.2/go.mod h1:22cg9HWM1pOlnRiY+9cQYJ9XHmya1bYW8OeDM6Ku6Oo= -github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= -github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= @@ -25,28 +25,30 @@ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOf github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ= -go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y= -go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M= -go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE= -go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY= -go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg= -go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o= -go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w= -go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs= -go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc= +go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= +go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= +go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= +go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= +go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= +go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= +go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= +go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= +go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= +go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM= golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= -golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= -golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= +golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250404141209-ee84b53bf3d0 h1:0K7wTWyzxZ7J+L47+LbFogJW1nn/gnnMCN0vGXNYtTI= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250404141209-ee84b53bf3d0/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/grpc v1.73.0 h1:VIWSmpI2MegBtTuFt5/JWy2oXxtjJ/e89Z70ImfD2ok= -google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc= +gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= +gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 h1:pFyd6EwwL2TqFf8emdthzeX+gZE1ElRq3iM8pui4KBY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4= +google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6 h1:ExN12ndbJ608cboPYflpTny6mXSzPrDLh0iTaVrRrds= google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6/go.mod h1:6ytKWczdvnpnO+m+JiG9NjEDzR1FJfsnmJdG7B8QVZ8= google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= From c6d0af3a4780fcc69132bb8bc5d2bdfcbe5ea42b Mon Sep 17 00:00:00 2001 From: Andrew Harding Date: Thu, 21 Aug 2025 08:57:50 -0600 Subject: [PATCH 18/18] v2.6.0 changelog (#353) Signed-off-by: Andrew Harding --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 95f1b474f..6be77a0be 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## [2.6.0] - 2025-08-21 + +### Changed + +- Minimum Go version is now go1.24.0, following our support policy. +- Other dependency updates. + + ## [2.5.0] - 2025-01-31 ### Added