Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: add CLI client IDs to default OIDC allowed audiences (#12170) #12179

Merged
merged 5 commits into from
Jan 27, 2023
Merged

fix: add CLI client IDs to default OIDC allowed audiences (#12170) #12179

merged 5 commits into from
Jan 27, 2023

Conversation

crenshaw-dev
Copy link
Member

@crenshaw-dev crenshaw-dev commented Jan 27, 2023
edited
Loading

Fixes #12170

@crenshaw-dev crenshaw-dev mentioned this pull request Jan 27, 2023
Closed
10 tasks
@crenshaw-dev
docs
a5cf19c 
Signed-off-by: Michael Crenshaw <[email protected]>
@crenshaw-dev
test
6ac3691 
Signed-off-by: Michael Crenshaw <[email protected]>
leoluz
leoluz approved these changes Jan 27, 2023
View reviewed changes
Copy link
Collaborator

@leoluz leoluz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@crenshaw-dev
handle expired token properly
f4db1b0 
Signed-off-by: Michael Crenshaw <[email protected]>
@codecov
Copy link

codecov bot commented Jan 27, 2023

Codecov Report

Base: 47.41% // Head: 47.43% // Increases project coverage by +0.02% 🎉

Coverage data is based on head (f4db1b0) compared to base (4610bc8).
Patch coverage: 50.00% of modified lines in pull request are covered.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #12179      +/-   ##
==========================================
+ Coverage   47.41%   47.43%   +0.02%     
==========================================
  Files         246      246              
  Lines       41815    41824       +9     
==========================================
+ Hits        19825    19838      +13     
+ Misses      19994    19990       -4     
  Partials     1996     1996
Impacted Files Coverage Δ
util/oidc/provider.go 34.42% <0.00%> (-1.79%) ⬇️
util/settings/settings.go 49.20% <100.00%> (+0.92%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@crenshaw-dev crenshaw-dev added cherry-pick/2.3 Candidate for cherry picking into the 2.3 release branch cherry-pick/2.4 Candidate for cherry picking into the 2.4 release branch cherry-pick/2.5 cherry-pick/2.6 labels Jan 27, 2023
@crenshaw-dev crenshaw-dev merged commit a825aad into argoproj:master Jan 27, 2023
@crenshaw-dev crenshaw-dev deleted the fix-cli-audience branch January 27, 2023 19:17
@crenshaw-dev
Copy link
Member Author

Cherry-picked onto release-2.6 for 2.6.0-rc6, release-2.5 for 2.5.9, release-2.4 for 2.4.21, and release-2.3 for 2.3.15.

crenshaw-dev added a commit that referenced this pull request Jan 27, 2023
@crenshaw-dev @yann-soubeyrand
fix: add CLI client IDs to default OIDC allowed audiences (#12170) (#…
5094ee9 
…12179)

* fix(settings): add CLI client ID in default OAuth2 allowed audiences

Signed-off-by: Yann Soubeyrand <[email protected]>

* fix: add CLI client IDs to default OIDC allowed audiences (#12170)

Signed-off-by: Michael Crenshaw <[email protected]>

* docs

Signed-off-by: Michael Crenshaw <[email protected]>

* test

Signed-off-by: Michael Crenshaw <[email protected]>

* handle expired token properly

Signed-off-by: Michael Crenshaw <[email protected]>

---------

Signed-off-by: Yann Soubeyrand <[email protected]>
Signed-off-by: Michael Crenshaw <[email protected]>
Co-authored-by: Yann Soubeyrand <[email protected]>
crenshaw-dev added a commit that referenced this pull request Jan 27, 2023
@crenshaw-dev @yann-soubeyrand
fix: add CLI client IDs to default OIDC allowed audiences (#12170) (#…
86f75b0 
…12179)

* fix(settings): add CLI client ID in default OAuth2 allowed audiences

Signed-off-by: Yann Soubeyrand <[email protected]>

* fix: add CLI client IDs to default OIDC allowed audiences (#12170)

Signed-off-by: Michael Crenshaw <[email protected]>

* docs

Signed-off-by: Michael Crenshaw <[email protected]>

* test

Signed-off-by: Michael Crenshaw <[email protected]>

* handle expired token properly

Signed-off-by: Michael Crenshaw <[email protected]>

---------

Signed-off-by: Yann Soubeyrand <[email protected]>
Signed-off-by: Michael Crenshaw <[email protected]>
Co-authored-by: Yann Soubeyrand <[email protected]>
crenshaw-dev added a commit that referenced this pull request Jan 27, 2023
@crenshaw-dev @yann-soubeyrand
fix: add CLI client IDs to default OIDC allowed audiences (#12170) (#…
11ba483 
…12179)

* fix(settings): add CLI client ID in default OAuth2 allowed audiences

Signed-off-by: Yann Soubeyrand <[email protected]>

* fix: add CLI client IDs to default OIDC allowed audiences (#12170)

Signed-off-by: Michael Crenshaw <[email protected]>

* docs

Signed-off-by: Michael Crenshaw <[email protected]>

* test

Signed-off-by: Michael Crenshaw <[email protected]>

* handle expired token properly

Signed-off-by: Michael Crenshaw <[email protected]>

---------

Signed-off-by: Yann Soubeyrand <[email protected]>
Signed-off-by: Michael Crenshaw <[email protected]>
Co-authored-by: Yann Soubeyrand <[email protected]>
crenshaw-dev added a commit that referenced this pull request Jan 27, 2023
@crenshaw-dev @yann-soubeyrand
fix: add CLI client IDs to default OIDC allowed audiences (#12170) (#…
d143571 
…12179)

* fix(settings): add CLI client ID in default OAuth2 allowed audiences

Signed-off-by: Yann Soubeyrand <[email protected]>

* fix: add CLI client IDs to default OIDC allowed audiences (#12170)

Signed-off-by: Michael Crenshaw <[email protected]>

* docs

Signed-off-by: Michael Crenshaw <[email protected]>

* test

Signed-off-by: Michael Crenshaw <[email protected]>

* handle expired token properly

Signed-off-by: Michael Crenshaw <[email protected]>

---------

Signed-off-by: Yann Soubeyrand <[email protected]>
Signed-off-by: Michael Crenshaw <[email protected]>
Co-authored-by: Yann Soubeyrand <[email protected]>
emirot pushed a commit to emirot/argo-cd that referenced this pull request Jan 27, 2023
@crenshaw-dev @yann-soubeyrand @emirot
fix: add CLI client IDs to default OIDC allowed audiences (argoproj#1…
21f75a8 
…2170) (argoproj#12179)

* fix(settings): add CLI client ID in default OAuth2 allowed audiences

Signed-off-by: Yann Soubeyrand <[email protected]>

* fix: add CLI client IDs to default OIDC allowed audiences (argoproj#12170)

Signed-off-by: Michael Crenshaw <[email protected]>

* docs

Signed-off-by: Michael Crenshaw <[email protected]>

* test

Signed-off-by: Michael Crenshaw <[email protected]>

* handle expired token properly

Signed-off-by: Michael Crenshaw <[email protected]>

---------

Signed-off-by: Yann Soubeyrand <[email protected]>
Signed-off-by: Michael Crenshaw <[email protected]>
Co-authored-by: Yann Soubeyrand <[email protected]>
Signed-off-by: emirot <[email protected]>
todaywasawesome pushed a commit to codefresh-io/argo-cd that referenced this pull request Feb 6, 2023
@crenshaw-dev @yann-soubeyrand @todaywasawesome
fix: add CLI client IDs to default OIDC allowed audiences (argoproj#1…
061c048 
…2170) (argoproj#12179)

* fix(settings): add CLI client ID in default OAuth2 allowed audiences

Signed-off-by: Yann Soubeyrand <[email protected]>

* fix: add CLI client IDs to default OIDC allowed audiences (argoproj#12170)

Signed-off-by: Michael Crenshaw <[email protected]>

* docs

Signed-off-by: Michael Crenshaw <[email protected]>

* test

Signed-off-by: Michael Crenshaw <[email protected]>

* handle expired token properly

Signed-off-by: Michael Crenshaw <[email protected]>

---------

Signed-off-by: Yann Soubeyrand <[email protected]>
Signed-off-by: Michael Crenshaw <[email protected]>
Co-authored-by: Yann Soubeyrand <[email protected]>
pasha-codefresh added a commit to codefresh-io/argo-cd that referenced this pull request Feb 7, 2023
@todaywasawesome @crenshaw-dev
@farcaller @pasha-codefresh @yann-soubeyrand
Verify aud claim cf (#202)
107ab62 
* fix: verify audience claim

Co-Authored-By: Vladimir Pouzanov <[email protected]>
Signed-off-by: CI <[email protected]>

* fix unit tests

Signed-off-by: Michael Crenshaw <[email protected]>

* handle single aud claim marshaled as a string

Signed-off-by: Michael Crenshaw <[email protected]>

* fix dependencies

* fix: add CLI client IDs to default OIDC allowed audiences (argoproj#12170) (argoproj#12179)

* fix(settings): add CLI client ID in default OAuth2 allowed audiences

Signed-off-by: Yann Soubeyrand <[email protected]>

* fix: add CLI client IDs to default OIDC allowed audiences (argoproj#12170)

Signed-off-by: Michael Crenshaw <[email protected]>

* docs

Signed-off-by: Michael Crenshaw <[email protected]>

* test

Signed-off-by: Michael Crenshaw <[email protected]>

* handle expired token properly

Signed-off-by: Michael Crenshaw <[email protected]>

---------

Signed-off-by: Yann Soubeyrand <[email protected]>
Signed-off-by: Michael Crenshaw <[email protected]>
Co-authored-by: Yann Soubeyrand <[email protected]>

* fix dependencies

* update version

* update version

* update version

* fix linter

* fix linter

---------

Signed-off-by: CI <[email protected]>
Signed-off-by: Michael Crenshaw <[email protected]>
Signed-off-by: Yann Soubeyrand <[email protected]>
Co-authored-by: CI <[email protected]>
Co-authored-by: Vladimir Pouzanov <[email protected]>
Co-authored-by: pashakostohrys <[email protected]>
Co-authored-by: Yann Soubeyrand <[email protected]>
schakrad pushed a commit to schakrad/argo-cd that referenced this pull request Mar 14, 2023
@crenshaw-dev @yann-soubeyrand @schakrad
fix: add CLI client IDs to default OIDC allowed audiences (argoproj#1…
96ec8ea 
…2170) (argoproj#12179)

* fix(settings): add CLI client ID in default OAuth2 allowed audiences

Signed-off-by: Yann Soubeyrand <[email protected]>

* fix: add CLI client IDs to default OIDC allowed audiences (argoproj#12170)

Signed-off-by: Michael Crenshaw <[email protected]>

* docs

Signed-off-by: Michael Crenshaw <[email protected]>

* test

Signed-off-by: Michael Crenshaw <[email protected]>

* handle expired token properly

Signed-off-by: Michael Crenshaw <[email protected]>

---------

Signed-off-by: Yann Soubeyrand <[email protected]>
Signed-off-by: Michael Crenshaw <[email protected]>
Co-authored-by: Yann Soubeyrand <[email protected]>
Signed-off-by: schakrad <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leoluz leoluz leoluz approved these changes

Assignees
No one assigned
Labels
cherry-pick/2.3 Candidate for cherry picking into the 2.3 release branch cherry-pick/2.4 Candidate for cherry picking into the 2.4 release branch cherry-pick/2.5 cherry-pick/2.6
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Failed to verify token: failed to verify token: oidc: expected audience "argo-cd" got "argo-cd-cli"
3 participants
@crenshaw-dev @leoluz @yann-soubeyrand