Skip to content

Commit

Permalink
upgrade to latest dependencies (#623)
Browse files Browse the repository at this point in the history
Signed-off-by: Knative Automation <[email protected]>
  • Loading branch information
knative-automation authored Aug 13, 2024
1 parent 5005f9b commit 5295156
Show file tree
Hide file tree
Showing 4 changed files with 28 additions and 5 deletions.
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ require (
k8s.io/api v0.30.3
k8s.io/apimachinery v0.30.3
k8s.io/client-go v0.30.3
knative.dev/eventing v0.42.1-0.20240809140631-c521efb66dc2
knative.dev/eventing v0.42.1-0.20240812175435-7a90257edb04
knative.dev/hack v0.0.0-20240808014239-452e340cbb4b
knative.dev/pkg v0.0.0-20240812053209-cd3311cbab65
)
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -702,8 +702,8 @@ k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 h1:1Wof1cGQgA5pqgo8MxKPtf
k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8/go.mod h1:Os6V6dZwLNii3vxFpxcNaTmH8LJJBkOTg1N0tOA0fvA=
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
knative.dev/eventing v0.42.1-0.20240809140631-c521efb66dc2 h1:bDcuAW1YnJgF4R5UlfHga8Q+JbXTyjwcNsiZNErcROs=
knative.dev/eventing v0.42.1-0.20240809140631-c521efb66dc2/go.mod h1:sW8btFd57JF2hS2T92Jh/k1PgSOVTQdPzZODXaQs54E=
knative.dev/eventing v0.42.1-0.20240812175435-7a90257edb04 h1:OFdDY9UvmJvZMDPW1hbzHG8EL+4eIGaK2l8xRl35rxU=
knative.dev/eventing v0.42.1-0.20240812175435-7a90257edb04/go.mod h1:ys++jt+DbovXKZ23cWDZRcaQM1KG9mfNnt+tBL9IQ3w=
knative.dev/hack v0.0.0-20240808014239-452e340cbb4b h1:pDzlX6d8cCbp5PDU9BdEIPJVI/4HLTM4mV2gMN1bKlk=
knative.dev/hack v0.0.0-20240808014239-452e340cbb4b/go.mod h1:R0ritgYtjLDO9527h5vb5X6gfvt5LCrJ55BNbVDsWiY=
knative.dev/pkg v0.0.0-20240812053209-cd3311cbab65 h1:9r795uNPp2f/dIUzHlJW4Prz3U+8+1ZpW4z6EBUxpwc=
Expand Down
23 changes: 23 additions & 0 deletions vendor/knative.dev/eventing/pkg/auth/token_verifier.go
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,29 @@ func (v *OIDCTokenVerifier) VerifyRequest(ctx context.Context, features feature.
return nil
}

// VerifyRequestFromSubject verifies AuthN and AuthZ in the request.
// In the AuthZ part it checks if the request comes from the given allowedSubject.
// On verification errors, it sets the responses HTTP status and returns an error.
// This method is similar to VerifyRequest() except that VerifyRequestFromSubject()
// verifies in the AuthZ part that the request comes from a given subject.
func (v *OIDCTokenVerifier) VerifyRequestFromSubject(ctx context.Context, features feature.Flags, requiredOIDCAudience *string, allowedSubject string, req *http.Request, resp http.ResponseWriter) error {
if !features.IsOIDCAuthentication() {
return nil
}

idToken, err := v.verifyAuthN(ctx, requiredOIDCAudience, req, resp)
if err != nil {
return fmt.Errorf("authentication of request could not be verified: %w", err)
}

if idToken.Subject != allowedSubject {
resp.WriteHeader(http.StatusForbidden)
return fmt.Errorf("token is from subject %q, but only %q is allowed", idToken.Subject, allowedSubject)
}

return nil
}

// verifyAuthN verifies if the incoming request contains a correct JWT token
func (v *OIDCTokenVerifier) verifyAuthN(ctx context.Context, audience *string, req *http.Request, resp http.ResponseWriter) (*IDToken, error) {
token := GetJWTFromHeader(req.Header)
Expand Down
4 changes: 2 additions & 2 deletions vendor/modules.txt
Original file line number Diff line number Diff line change
Expand Up @@ -955,8 +955,8 @@ k8s.io/utils/pointer
k8s.io/utils/ptr
k8s.io/utils/strings/slices
k8s.io/utils/trace
# knative.dev/eventing v0.42.1-0.20240809140631-c521efb66dc2
## explicit; go 1.22
# knative.dev/eventing v0.42.1-0.20240812175435-7a90257edb04
## explicit; go 1.22.0
knative.dev/eventing/pkg/adapter/v2
knative.dev/eventing/pkg/adapter/v2/util/crstatusevent
knative.dev/eventing/pkg/apis
Expand Down

0 comments on commit 5295156

Please sign in to comment.