Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Bump dex to 2.27.0 #6371

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Jan 11, 2021
Merged

Bump dex to 2.27.0 #6371

merged 8 commits into from
Jan 11, 2021

Conversation

@taylorsilva
Copy link
Member

@taylorsilva taylorsilva commented Dec 17, 2020
edited by xtremerui
Loading

What does this PR accomplish?

Bug Fix | Feature | Documentation

closes # .

Changes proposed by this PR:

Same as #6370

Release Note

  • Bump Dex to 2.27.0 which fixes a vulnerability in the go XML library
  • This is only a breaking change for the OIDC connector when the downstream provider returns a preferred_username claim
    • Previously, the preferred_username claim would be ignored in favor of the --oidc-user-name-key concourse auth flag.
    • Now, the preferred_username claim takes precedence so its value will be used as concourse OIDC username.

Contributor Checklist

Reviewer Checklist

  • Code reviewed
  • Tests reviewed
  • Documentation reviewed
  • Release notes reviewed
  • PR acceptance performed
  • New config flags added? Ensure that they are added to the
    BOSH and
    Helm packaging; otherwise, ignored for
    the integration
    tests
    (for example, if they are Garden configs that are not displayed in the
    --help text).

@taylorsilva taylorsilva changed the title Bump dex [6.7.x] Bump dex to 2.27.0 Dec 17, 2020
@xtremerui
Copy link
Contributor

xtremerui commented Jan 4, 2021

do we care about the errors for the release pipeline?

@taylorsilva
Copy link
Member Author

taylorsilva commented Jan 4, 2021

@xtremerui I think the check don't work for the release branches :(

sadly I think there's more that needs to be done here. Got these errors locally when trying to compile the image:

# github.com/concourse/concourse/skymarshal/skycmd
skymarshal/skycmd/oauth_flags.go:85:3: unknown field 'GroupsKey' in struct literal of type oauth.Config
skymarshal/skycmd/oauth_flags.go:87:3: unknown field 'UserNameKey' in struct literal of type oauth.Config
skymarshal/skycmd/oidc_flags.go:73:3: unknown field 'GroupsKey' in struct literal of type oidc.Config
# github.com/concourse/concourse/skymarshal/storage
skymarshal/storage/storage.go:25:3: cannot use promoted field NetworkDB.Database in struct literal of type "github.com/concourse/dex/storage/sql".Postgres
skymarshal/storage/storage.go:26:3: cannot use promoted field NetworkDB.User in struct literal of type "github.com/concourse/dex/storage/sql".Postgres
skymarshal/storage/storage.go:27:3: cannot use promoted field NetworkDB.Password in struct literal of type "github.com/concourse/dex/storage/sql".Postgres
skymarshal/storage/storage.go:28:3: cannot use promoted field NetworkDB.Host in struct literal of type "github.com/concourse/dex/storage/sql".Postgres
skymarshal/storage/storage.go:29:3: cannot use promoted field NetworkDB.Port in struct literal of type "github.com/concourse/dex/storage/sql".Postgres
skymarshal/storage/storage.go:30:8: undefined: "github.com/concourse/dex/storage/sql".PostgresSSL
skymarshal/storage/storage.go:36:3: cannot use promoted field NetworkDB.ConnectionTimeout in struct literal of type "github.com/concourse/dex/storage/sql".Postgres

Looks like we should also back port #6195 first

@xtremerui
Copy link
Contributor

xtremerui commented Jan 5, 2021

right concourse needs to be updated to accommendate the dex changes from upstream.

@taylorsilva
Copy link
Member Author

taylorsilva commented Jan 5, 2021

@xtremerui I back-ported the changes yesterday. I ran some testflight tests locally to verify the fix.

Looks like all the checks passed except for watjs (I remember now, the upgrade and downgrade checks don't work for the release branches). Re-running watjs as it looks like a flake.

@xtremerui xtremerui added breaking and removed misc labels Jan 5, 2021
@xtremerui
Copy link
Contributor

xtremerui commented Jan 5, 2021
edited
Loading

updated the release note for the breaking changes of OIDC connector. @chenbh feel free to edit it if anything is missing. thx!

@taylorsilva taylorsilva added this to the v6.7.3 milestone Jan 7, 2021
Rui Yang and others added 7 commits January 11, 2021 10:25
@taylorsilva
skymarshal: dex: bump dex module to v0.2.0
01b1e51 
so it could get latest from upstream dex and the release of
concourse/dex in the future could be picked up by dependabot

Signed-off-by: Rui Yang <[email protected]>
@taylorsilva
sky: populate username from claims rather than federated claims
9a9d343 
Signed-off-by: Rui Yang <[email protected]>
@taylorsilva
commit pkger generated assets file
7043b79 
pkged.go contains assets file for Dex under skymarshal/web, which
will be accessed by Dex server during runtime.

Signed-off-by: Rui Yang <[email protected]>
@taylorsilva
atc:sky: populate preferredusername key from username key
7dcccad 
in oidc/oauth sky command configs for backward compatibility

Signed-off-by: Rui Yang <[email protected]>
@taylorsilva
bump dex to 0.2.1
bbe026e 
show error message on device auth flow template (this should never happen)

Co-authored-by: Daniel Chen <[email protected]>
Signed-off-by: Rui Yang <[email protected]>
@taylorsilva
Bump dex
48624b1 
Bumps dex to 2.27.0

Not sure if all the changes are necessary. Would happen every time I did
go mod download after only changing dex.

Signed-off-by: Taylor Silva <[email protected]>
@taylorsilva
Configure new HashClientSecret flag for dexserver
b45f9ee 
Signed-off-by: Taylor Silva <[email protected]>
@xtremerui
Copy link
Contributor

xtremerui commented Jan 11, 2021

@taylorsilva it shows some conflicts after merging of the underscore PR. Could you fix the conflicts? THx a lot.

@xtremerui xtremerui merged commit 83003b1 into release/6.7.x Jan 11, 2021
@xtremerui xtremerui deleted the 6.7.x-bump-dex branch January 11, 2021 21:07
@aoldershaw aoldershaw changed the title [6.7.x] Bump dex to 2.27.0 Bump dex to 2.27.0 Feb 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xtremerui xtremerui xtremerui approved these changes

Assignees

@xtremerui xtremerui

Labels

breaking

Projects

None yet

Milestone

v6.7.3

Development

Successfully merging this pull request may close these issues.

3 participants

@taylorsilva @xtremerui