From 711a4d684e7d69a6f0c91afffe0a6a5fe0ba131c Mon Sep 17 00:00:00 2001 From: beandrad Date: Thu, 8 Oct 2020 08:18:05 +0000 Subject: [PATCH] Fix error when creating security center contact This allows to create a new security center contact. The issue is that the Azure Rest API may return a 201 upon resource creation, however the API specs don't include this status code as successful, which causes the corresponding method from the Azure Go SDK to return an error. Fixes #8317 --- .../azuresdkhacks/security_center_contact.go | 56 +++++++++++++ .../resource_arm_security_center_contact.go | 5 +- go.mod | 3 +- go.sum | 8 -- .../go-autorest/autorest/adal/devicetoken.go | 4 - .../Azure/go-autorest/autorest/adal/go.mod | 6 +- .../Azure/go-autorest/autorest/adal/go.sum | 12 +-- .../go-autorest/autorest/adal/persist.go | 62 -------------- .../Azure/go-autorest/autorest/adal/token.go | 82 +++---------------- .../go-autorest/autorest/adal/token_1.13.go | 36 -------- .../go-autorest/autorest/adal/token_legacy.go | 36 -------- .../go-autorest/autorest/authorization.go | 17 +--- .../autorest/azure/environments.go | 15 ---- .../Azure/go-autorest/autorest/go.mod | 6 +- .../Azure/go-autorest/autorest/go.sum | 16 ++-- .../Azure/go-autorest/autorest/preparer.go | 29 ++++--- .../Azure/go-autorest/autorest/sender.go | 63 +++++--------- .../Azure/go-autorest/autorest/utility.go | 7 -- .../jwt-go/.gitignore | 1 - .../jwt-go/.travis.yml | 9 +- .../jwt-go/LICENSE | 0 .../jwt-go/MIGRATION_GUIDE.md | 0 .../jwt-go/README.md | 10 +-- .../jwt-go/VERSION_HISTORY.md | 0 .../jwt-go/claims.go | 16 ++-- .../jwt-go/doc.go | 0 .../jwt-go/ecdsa.go | 0 .../jwt-go/ecdsa_utils.go | 4 +- .../jwt-go/errors.go | 0 .../jwt-go/hmac.go | 0 .../jwt-go/map_claims.go | 10 +-- .../jwt-go/none.go | 0 .../jwt-go/parser.go | 0 .../jwt-go/rsa.go | 0 .../jwt-go/rsa_pss.go | 38 +++------ .../jwt-go/rsa_utils.go | 2 +- .../jwt-go/signing_method.go | 0 .../jwt-go/token.go | 0 vendor/modules.txt | 8 +- website/allowed-subcategories | 2 +- 40 files changed, 165 insertions(+), 398 deletions(-) create mode 100644 azurerm/internal/services/securitycenter/azuresdkhacks/security_center_contact.go delete mode 100644 vendor/github.com/Azure/go-autorest/autorest/adal/token_1.13.go delete mode 100644 vendor/github.com/Azure/go-autorest/autorest/adal/token_legacy.go rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/.gitignore (69%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/.travis.yml (65%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/LICENSE (100%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/MIGRATION_GUIDE.md (100%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/README.md (89%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/VERSION_HISTORY.md (100%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/claims.go (93%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/doc.go (100%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/ecdsa.go (100%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/ecdsa_utils.go (93%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/errors.go (100%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/hmac.go (100%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/map_claims.go (94%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/none.go (100%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/parser.go (100%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/rsa.go (100%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/rsa_pss.go (71%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/rsa_utils.go (95%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/signing_method.go (100%) rename vendor/github.com/{form3tech-oss => dgrijalva}/jwt-go/token.go (100%) diff --git a/azurerm/internal/services/securitycenter/azuresdkhacks/security_center_contact.go b/azurerm/internal/services/securitycenter/azuresdkhacks/security_center_contact.go new file mode 100644 index 0000000000000..fcb02ca0a57d3 --- /dev/null +++ b/azurerm/internal/services/securitycenter/azuresdkhacks/security_center_contact.go @@ -0,0 +1,56 @@ +package azuresdkhacks + +import ( + "context" + "net/http" + + "github.com/Azure/azure-sdk-for-go/services/preview/security/mgmt/v3.0/security" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" +) + +func CreateSecurityCenterContact(client *security.ContactsClient, ctx context.Context, securityContactName string, securityContact security.Contact) (result security.Contact, err error) { + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: securityContact, + Constraints: []validation.Constraint{{Target: "securityContact.ContactProperties", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "securityContact.ContactProperties.Email", Name: validation.Null, Rule: true, Chain: nil}}}}}}); err != nil { + return result, validation.NewError("security.ContactsClient", "Create", err.Error()) + } + + req, err := client.CreatePreparer(ctx, securityContactName, securityContact) + if err != nil { + err = autorest.NewErrorWithError(err, "security.ContactsClient", "Create", nil, "Failure preparing request") + return result, err + } + + resp, err := client.CreateSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "security.ContactsClient", "Create", resp, "Failure sending request") + return result, err + } + + result, err = createResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "security.ContactsClient", "Create", resp, "Failure responding to request") + return result, err + } + + return result, nil +} + +func createResponder(resp *http.Response) (result security.Contact, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + if err != nil { + return result, err + } + result.Response = autorest.Response{Response: resp} + return result, nil +} diff --git a/azurerm/internal/services/securitycenter/resource_arm_security_center_contact.go b/azurerm/internal/services/securitycenter/resource_arm_security_center_contact.go index 6b7d758f48fcd..660331daa5e2f 100644 --- a/azurerm/internal/services/securitycenter/resource_arm_security_center_contact.go +++ b/azurerm/internal/services/securitycenter/resource_arm_security_center_contact.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/helper/validation" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/securitycenter/azuresdkhacks" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" ) @@ -104,7 +105,9 @@ func resourceArmSecurityCenterContactCreateUpdate(d *schema.ResourceData, meta i } if d.IsNewResource() { - if _, err := client.Create(ctx, name, contact); err != nil { + // TODO: switch back when the Swagger/API bug has been fixed: + // https://github.com/Azure/azure-rest-api-specs/issues/10717 (an undefined 201) + if _, err := azuresdkhacks.CreateSecurityCenterContact(client, ctx, name, contact); err != nil { return fmt.Errorf("Creating Security Center Contact: %+v", err) } diff --git a/go.mod b/go.mod index 729da623cc767..6c1eb8436f6b8 100644 --- a/go.mod +++ b/go.mod @@ -2,8 +2,9 @@ module github.com/terraform-providers/terraform-provider-azurerm require ( github.com/Azure/azure-sdk-for-go v46.4.0+incompatible - github.com/Azure/go-autorest/autorest v0.11.10 + github.com/Azure/go-autorest/autorest v0.11.3 github.com/Azure/go-autorest/autorest/date v0.3.0 + github.com/Azure/go-autorest/autorest/validation v0.3.0 github.com/btubbs/datetime v0.1.0 github.com/davecgh/go-spew v1.1.1 github.com/google/uuid v1.1.1 diff --git a/go.sum b/go.sum index 1d989ad798cd5..88f692c36df84 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,6 @@ github.com/Azure/go-autorest/autorest v0.9.2/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+B github.com/Azure/go-autorest/autorest v0.10.0/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630= github.com/Azure/go-autorest/autorest v0.11.3 h1:fyYnmYujkIXUgv88D9/Wo2ybE4Zwd/TmQd5sSI5u2Ws= github.com/Azure/go-autorest/autorest v0.11.3/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= -github.com/Azure/go-autorest/autorest v0.11.10 h1:j5sGbX7uj1ieYYkQ3Mpvewd4DCsEQ+ZeJpqnSM9pjnM= -github.com/Azure/go-autorest/autorest v0.11.10/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= github.com/Azure/go-autorest/autorest/adal v0.8.1-0.20191028180845-3492b2aff503 h1:Hxqlh1uAA8aGpa1dFhDNhll7U/rkWtG8ZItFvRMr7l0= @@ -30,8 +28,6 @@ github.com/Azure/go-autorest/autorest/adal v0.8.2 h1:O1X4oexUxnZCaEUGsvMnr8ZGj8H github.com/Azure/go-autorest/autorest/adal v0.8.2/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q= github.com/Azure/go-autorest/autorest/adal v0.9.0 h1:SigMbuFNuKgc1xcGhaeapbh+8fgsu+GxgDRFyg7f5lM= github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= -github.com/Azure/go-autorest/autorest/adal v0.9.5 h1:Y3bBUV4rTuxenJJs41HU3qmqsb+auo+a3Lz+PlJPpL0= -github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= github.com/Azure/go-autorest/autorest/azure/cli v0.2.0/go.mod h1:WWTbGPvkAg3I4ms2j2s+Zr5xCGwGqTQh+6M2ZqOczkE= github.com/Azure/go-autorest/autorest/azure/cli v0.4.0 h1:Ml+UCrnlKD+cJmSzrZ/RDcDw86NjkRUpnFh7V5JUhzU= github.com/Azure/go-autorest/autorest/azure/cli v0.4.0/go.mod h1:JljT387FplPzBA31vUcvsetLKF3pec5bdAxjVU4kI2s= @@ -46,8 +42,6 @@ github.com/Azure/go-autorest/autorest/mocks v0.3.0 h1:qJumjCaCudz+OcqE9/XtEPfvtO github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM= github.com/Azure/go-autorest/autorest/mocks v0.4.0 h1:z20OWOSG5aCye0HEkDp6TPmP17ZcfeMxPi6HnSALa8c= github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= -github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk= -github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/to v0.3.0 h1:zebkZaadz7+wIQYgC7GXaz3Wb28yKYfVkkBKwc38VF8= github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA= github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk= @@ -103,8 +97,6 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= diff --git a/vendor/github.com/Azure/go-autorest/autorest/adal/devicetoken.go b/vendor/github.com/Azure/go-autorest/autorest/adal/devicetoken.go index 9daa4b58b881e..914f8af5e4eab 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/adal/devicetoken.go +++ b/vendor/github.com/Azure/go-autorest/autorest/adal/devicetoken.go @@ -222,10 +222,6 @@ func CheckForUserCompletionWithContext(ctx context.Context, sender Sender, code case "code_expired": return nil, ErrDeviceCodeExpired default: - // return a more meaningful error message if available - if token.ErrorDescription != nil { - return nil, fmt.Errorf("%s %s: %s", logPrefix, *token.Error, *token.ErrorDescription) - } return nil, ErrDeviceGeneric } } diff --git a/vendor/github.com/Azure/go-autorest/autorest/adal/go.mod b/vendor/github.com/Azure/go-autorest/autorest/adal/go.mod index abcc27d4cc90b..02a3d39ff4b2d 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/adal/go.mod +++ b/vendor/github.com/Azure/go-autorest/autorest/adal/go.mod @@ -5,8 +5,8 @@ go 1.12 require ( github.com/Azure/go-autorest v14.2.0+incompatible github.com/Azure/go-autorest/autorest/date v0.3.0 - github.com/Azure/go-autorest/autorest/mocks v0.4.1 + github.com/Azure/go-autorest/autorest/mocks v0.4.0 github.com/Azure/go-autorest/tracing v0.6.0 - github.com/form3tech-oss/jwt-go v3.2.2+incompatible - golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0 + github.com/dgrijalva/jwt-go v3.2.0+incompatible + golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 ) diff --git a/vendor/github.com/Azure/go-autorest/autorest/adal/go.sum b/vendor/github.com/Azure/go-autorest/autorest/adal/go.sum index 9d55b0f59611e..bbda1a9a98913 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/adal/go.sum +++ b/vendor/github.com/Azure/go-autorest/autorest/adal/go.sum @@ -2,16 +2,16 @@ github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= -github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk= -github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/mocks v0.4.0 h1:z20OWOSG5aCye0HEkDp6TPmP17ZcfeMxPi6HnSALa8c= +github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= +github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0 h1:hb9wdF1z5waM+dSIICn1l0DkLVDT3hqhhQsDNUmHPRE= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= diff --git a/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go b/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go index 2a974a39b3cd4..9e15f2751f27c 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go +++ b/vendor/github.com/Azure/go-autorest/autorest/adal/persist.go @@ -15,24 +15,11 @@ package adal // limitations under the License. import ( - "crypto/rsa" - "crypto/x509" "encoding/json" - "errors" "fmt" "io/ioutil" "os" "path/filepath" - - "golang.org/x/crypto/pkcs12" -) - -var ( - // ErrMissingCertificate is returned when no local certificate is found in the provided PFX data. - ErrMissingCertificate = errors.New("adal: certificate missing") - - // ErrMissingPrivateKey is returned when no private key is found in the provided PFX data. - ErrMissingPrivateKey = errors.New("adal: private key missing") ) // LoadToken restores a Token object from a file located at 'path'. @@ -84,52 +71,3 @@ func SaveToken(path string, mode os.FileMode, token Token) error { } return nil } - -// DecodePfxCertificateData extracts the x509 certificate and RSA private key from the provided PFX data. -// The PFX data must contain a private key along with a certificate whose public key matches that of the -// private key or an error is returned. -// If the private key is not password protected pass the empty string for password. -func DecodePfxCertificateData(pfxData []byte, password string) (*x509.Certificate, *rsa.PrivateKey, error) { - blocks, err := pkcs12.ToPEM(pfxData, password) - if err != nil { - return nil, nil, err - } - // first extract the private key - var priv *rsa.PrivateKey - for _, block := range blocks { - if block.Type == "PRIVATE KEY" { - priv, err = x509.ParsePKCS1PrivateKey(block.Bytes) - if err != nil { - return nil, nil, err - } - break - } - } - if priv == nil { - return nil, nil, ErrMissingPrivateKey - } - // now find the certificate with the matching public key of our private key - var cert *x509.Certificate - for _, block := range blocks { - if block.Type == "CERTIFICATE" { - pcert, err := x509.ParseCertificate(block.Bytes) - if err != nil { - return nil, nil, err - } - certKey, ok := pcert.PublicKey.(*rsa.PublicKey) - if !ok { - // keep looking - continue - } - if priv.E == certKey.E && priv.N.Cmp(certKey.N) == 0 { - // found a match - cert = pcert - break - } - } - } - if cert == nil { - return nil, nil, ErrMissingCertificate - } - return cert, priv, nil -} diff --git a/vendor/github.com/Azure/go-autorest/autorest/adal/token.go b/vendor/github.com/Azure/go-autorest/autorest/adal/token.go index b83f16a49a1f2..c026f7d1239d5 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/adal/token.go +++ b/vendor/github.com/Azure/go-autorest/autorest/adal/token.go @@ -35,7 +35,7 @@ import ( "time" "github.com/Azure/go-autorest/autorest/date" - "github.com/form3tech-oss/jwt-go" + "github.com/dgrijalva/jwt-go" ) const ( @@ -62,9 +62,6 @@ const ( // msiEndpoint is the well known endpoint for getting MSI authentications tokens msiEndpoint = "http://169.254.169.254/metadata/identity/oauth2/token" - // the API version to use for the MSI endpoint - msiAPIVersion = "2018-02-01" - // the default number of attempts to refresh an MSI authentication token defaultMaxMSIRefreshAttempts = 5 @@ -73,9 +70,6 @@ const ( // asMSISecretEnv is the environment variable used to store the request secret on App Service and Functions asMSISecretEnv = "MSI_SECRET" - - // the API version to use for the App Service MSI endpoint - appServiceAPIVersion = "2017-09-01" ) // OAuthTokenProvider is an interface which should be implemented by an access token retriever @@ -360,7 +354,6 @@ type ServicePrincipalToken struct { customRefreshFunc TokenRefresh refreshCallbacks []TokenRefreshCallback // MaxMSIRefreshAttempts is the maximum number of attempts to refresh an MSI token. - // Settings this to a value less than 1 will use the default value. MaxMSIRefreshAttempts int } @@ -657,8 +650,6 @@ func GetMSIVMEndpoint() (string, error) { return msiEndpoint, nil } -// NOTE: this only indicates if the ASE environment credentials have been set -// which does not necessarily mean that the caller is authenticating via ASE! func isAppService() bool { _, asMSIEndpointEnvExists := os.LookupEnv(asMSIEndpointEnv) _, asMSISecretEnvExists := os.LookupEnv(asMSISecretEnv) @@ -687,22 +678,16 @@ func GetMSIEndpoint() (string, error) { // NewServicePrincipalTokenFromMSI creates a ServicePrincipalToken via the MSI VM Extension. // It will use the system assigned identity when creating the token. func NewServicePrincipalTokenFromMSI(msiEndpoint, resource string, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error) { - return newServicePrincipalTokenFromMSI(msiEndpoint, resource, nil, nil, callbacks...) + return newServicePrincipalTokenFromMSI(msiEndpoint, resource, nil, callbacks...) } // NewServicePrincipalTokenFromMSIWithUserAssignedID creates a ServicePrincipalToken via the MSI VM Extension. -// It will use the clientID of specified user assigned identity when creating the token. +// It will use the specified user assigned identity when creating the token. func NewServicePrincipalTokenFromMSIWithUserAssignedID(msiEndpoint, resource string, userAssignedID string, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error) { - return newServicePrincipalTokenFromMSI(msiEndpoint, resource, &userAssignedID, nil, callbacks...) -} - -// NewServicePrincipalTokenFromMSIWithIdentityResourceID creates a ServicePrincipalToken via the MSI VM Extension. -// It will use the azure resource id of user assigned identity when creating the token. -func NewServicePrincipalTokenFromMSIWithIdentityResourceID(msiEndpoint, resource string, identityResourceID string, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error) { - return newServicePrincipalTokenFromMSI(msiEndpoint, resource, nil, &identityResourceID, callbacks...) + return newServicePrincipalTokenFromMSI(msiEndpoint, resource, &userAssignedID, callbacks...) } -func newServicePrincipalTokenFromMSI(msiEndpoint, resource string, userAssignedID *string, identityResourceID *string, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error) { +func newServicePrincipalTokenFromMSI(msiEndpoint, resource string, userAssignedID *string, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error) { if err := validateStringParam(msiEndpoint, "msiEndpoint"); err != nil { return nil, err } @@ -714,11 +699,6 @@ func newServicePrincipalTokenFromMSI(msiEndpoint, resource string, userAssignedI return nil, err } } - if identityResourceID != nil { - if err := validateStringParam(*identityResourceID, "identityResourceID"); err != nil { - return nil, err - } - } // We set the oauth config token endpoint to be MSI's endpoint msiEndpointURL, err := url.Parse(msiEndpoint) if err != nil { @@ -729,16 +709,13 @@ func newServicePrincipalTokenFromMSI(msiEndpoint, resource string, userAssignedI v.Set("resource", resource) // App Service MSI currently only supports token API version 2017-09-01 if isAppService() { - v.Set("api-version", appServiceAPIVersion) + v.Set("api-version", "2017-09-01") } else { - v.Set("api-version", msiAPIVersion) + v.Set("api-version", "2018-02-01") } if userAssignedID != nil { v.Set("client_id", *userAssignedID) } - if identityResourceID != nil { - v.Set("mi_res_id", *identityResourceID) - } msiEndpointURL.RawQuery = v.Encode() spt := &ServicePrincipalToken{ @@ -859,28 +836,11 @@ func (spt *ServicePrincipalToken) getGrantType() string { } func isIMDS(u url.URL) bool { - return isMSIEndpoint(u) == true || isASEEndpoint(u) == true -} - -func isMSIEndpoint(endpoint url.URL) bool { - msi, err := url.Parse(msiEndpoint) + imds, err := url.Parse(msiEndpoint) if err != nil { return false } - return endpoint.Host == msi.Host && endpoint.Path == msi.Path -} - -func isASEEndpoint(endpoint url.URL) bool { - aseEndpoint, err := GetMSIAppServiceEndpoint() - if err != nil { - // app service environment isn't enabled - return false - } - ase, err := url.Parse(aseEndpoint) - if err != nil { - return false - } - return endpoint.Host == ase.Host && endpoint.Path == ase.Path + return (u.Host == imds.Host && u.Path == imds.Path) || isAppService() } func (spt *ServicePrincipalToken) refreshInternal(ctx context.Context, resource string) error { @@ -899,7 +859,7 @@ func (spt *ServicePrincipalToken) refreshInternal(ctx context.Context, resource } req.Header.Add("User-Agent", UserAgent()) // Add header when runtime is on App Service or Functions - if isASEEndpoint(spt.inner.OauthConfig.TokenEndpoint) { + if isAppService() { asMSISecret, _ := os.LookupEnv(asMSISecretEnv) req.Header.Add("Secret", asMSISecret) } @@ -941,14 +901,6 @@ func (spt *ServicePrincipalToken) refreshInternal(ctx context.Context, resource } var resp *http.Response - if isMSIEndpoint(spt.inner.OauthConfig.TokenEndpoint) { - resp, err = getMSIEndpoint(ctx, spt.sender) - if err != nil { - // return a TokenRefreshError here so that we don't keep retrying - return newTokenRefreshError(fmt.Sprintf("the MSI endpoint is not available. Failed HTTP request to MSI endpoint: %v", err), nil) - } - resp.Body.Close() - } if isIMDS(spt.inner.OauthConfig.TokenEndpoint) { resp, err = retryForIMDS(spt.sender, req, spt.MaxMSIRefreshAttempts) } else { @@ -1021,11 +973,6 @@ func retryForIMDS(sender Sender, req *http.Request, maxAttempts int) (resp *http attempt := 0 delay := time.Duration(0) - // maxAttempts is user-specified, ensure that its value is greater than zero else no request will be made - if maxAttempts < 1 { - maxAttempts = defaultMaxMSIRefreshAttempts - } - for attempt < maxAttempts { if resp != nil && resp.Body != nil { io.Copy(ioutil.Discard, resp.Body) @@ -1187,12 +1134,3 @@ func NewMultiTenantServicePrincipalToken(multiTenantCfg MultiTenantOAuthConfig, } return &m, nil } - -// MSIAvailable returns true if the MSI endpoint is available for authentication. -func MSIAvailable(ctx context.Context, sender Sender) bool { - resp, err := getMSIEndpoint(ctx, sender) - if err == nil { - resp.Body.Close() - } - return err == nil -} diff --git a/vendor/github.com/Azure/go-autorest/autorest/adal/token_1.13.go b/vendor/github.com/Azure/go-autorest/autorest/adal/token_1.13.go deleted file mode 100644 index 45e01a7eee8dd..0000000000000 --- a/vendor/github.com/Azure/go-autorest/autorest/adal/token_1.13.go +++ /dev/null @@ -1,36 +0,0 @@ -// +build go1.13 - -// Copyright 2017 Microsoft Corporation -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package adal - -import ( - "context" - "net/http" - "time" -) - -func getMSIEndpoint(ctx context.Context, sender Sender) (*http.Response, error) { - // this cannot fail, the return sig is due to legacy reasons - msiEndpoint, _ := GetMSIVMEndpoint() - tempCtx, cancel := context.WithTimeout(ctx, 500*time.Millisecond) - defer cancel() - // http.NewRequestWithContext() was added in Go 1.13 - req, _ := http.NewRequestWithContext(tempCtx, http.MethodGet, msiEndpoint, nil) - q := req.URL.Query() - q.Add("api-version", msiAPIVersion) - req.URL.RawQuery = q.Encode() - return sender.Do(req) -} diff --git a/vendor/github.com/Azure/go-autorest/autorest/adal/token_legacy.go b/vendor/github.com/Azure/go-autorest/autorest/adal/token_legacy.go deleted file mode 100644 index 6f7ad8078c155..0000000000000 --- a/vendor/github.com/Azure/go-autorest/autorest/adal/token_legacy.go +++ /dev/null @@ -1,36 +0,0 @@ -// +build !go1.13 - -// Copyright 2017 Microsoft Corporation -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package adal - -import ( - "context" - "net/http" - "time" -) - -func getMSIEndpoint(ctx context.Context, sender Sender) (*http.Response, error) { - // this cannot fail, the return sig is due to legacy reasons - msiEndpoint, _ := GetMSIVMEndpoint() - tempCtx, cancel := context.WithTimeout(ctx, 500*time.Millisecond) - defer cancel() - req, _ := http.NewRequest(http.MethodGet, msiEndpoint, nil) - req = req.WithContext(tempCtx) - q := req.URL.Query() - q.Add("api-version", msiAPIVersion) - req.URL.RawQuery = q.Encode() - return sender.Do(req) -} diff --git a/vendor/github.com/Azure/go-autorest/autorest/authorization.go b/vendor/github.com/Azure/go-autorest/autorest/authorization.go index 1226c4111509c..15138b642f2e1 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/authorization.go +++ b/vendor/github.com/Azure/go-autorest/autorest/authorization.go @@ -299,24 +299,18 @@ type MultiTenantServicePrincipalTokenAuthorizer interface { // NewMultiTenantServicePrincipalTokenAuthorizer crates a BearerAuthorizer using the given token provider func NewMultiTenantServicePrincipalTokenAuthorizer(tp adal.MultitenantOAuthTokenProvider) MultiTenantServicePrincipalTokenAuthorizer { - return NewMultiTenantBearerAuthorizer(tp) + return &multiTenantSPTAuthorizer{tp: tp} } -// MultiTenantBearerAuthorizer implements bearer authorization across multiple tenants. -type MultiTenantBearerAuthorizer struct { +type multiTenantSPTAuthorizer struct { tp adal.MultitenantOAuthTokenProvider } -// NewMultiTenantBearerAuthorizer creates a MultiTenantBearerAuthorizer using the given token provider. -func NewMultiTenantBearerAuthorizer(tp adal.MultitenantOAuthTokenProvider) *MultiTenantBearerAuthorizer { - return &MultiTenantBearerAuthorizer{tp: tp} -} - // WithAuthorization returns a PrepareDecorator that adds an HTTP Authorization header using the // primary token along with the auxiliary authorization header using the auxiliary tokens. // // By default, the token will be automatically refreshed through the Refresher interface. -func (mt *MultiTenantBearerAuthorizer) WithAuthorization() PrepareDecorator { +func (mt multiTenantSPTAuthorizer) WithAuthorization() PrepareDecorator { return func(p Preparer) Preparer { return PreparerFunc(func(r *http.Request) (*http.Request, error) { r, err := p.Prepare(r) @@ -346,8 +340,3 @@ func (mt *MultiTenantBearerAuthorizer) WithAuthorization() PrepareDecorator { }) } } - -// TokenProvider returns the underlying MultitenantOAuthTokenProvider for this authorizer. -func (mt *MultiTenantBearerAuthorizer) TokenProvider() adal.MultitenantOAuthTokenProvider { - return mt.tp -} diff --git a/vendor/github.com/Azure/go-autorest/autorest/azure/environments.go b/vendor/github.com/Azure/go-autorest/autorest/azure/environments.go index 9bbc0899e4ce4..3e9f74aa319a5 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/azure/environments.go +++ b/vendor/github.com/Azure/go-autorest/autorest/azure/environments.go @@ -46,8 +46,6 @@ type ResourceIdentifier struct { Batch string `json:"batch"` OperationalInsights string `json:"operationalInsights"` Storage string `json:"storage"` - Synapse string `json:"synapse"` - ServiceBus string `json:"serviceBus"` } // Environment represents a set of endpoints for each of Azure's Clouds. @@ -74,7 +72,6 @@ type Environment struct { CosmosDBDNSSuffix string `json:"cosmosDBDNSSuffix"` TokenAudience string `json:"tokenAudience"` APIManagementHostNameSuffix string `json:"apiManagementHostNameSuffix"` - SynapseEndpointSuffix string `json:"synapseEndpointSuffix"` ResourceIdentifiers ResourceIdentifier `json:"resourceIdentifiers"` } @@ -103,7 +100,6 @@ var ( CosmosDBDNSSuffix: "documents.azure.com", TokenAudience: "https://management.azure.com/", APIManagementHostNameSuffix: "azure-api.net", - SynapseEndpointSuffix: "dev.azuresynapse.net", ResourceIdentifiers: ResourceIdentifier{ Graph: "https://graph.windows.net/", KeyVault: "https://vault.azure.net", @@ -111,8 +107,6 @@ var ( Batch: "https://batch.core.windows.net/", OperationalInsights: "https://api.loganalytics.io", Storage: "https://storage.azure.com/", - Synapse: "https://dev.azuresynapse.net", - ServiceBus: "https://servicebus.azure.net/", }, } @@ -140,7 +134,6 @@ var ( CosmosDBDNSSuffix: "documents.azure.us", TokenAudience: "https://management.usgovcloudapi.net/", APIManagementHostNameSuffix: "azure-api.us", - SynapseEndpointSuffix: NotAvailable, ResourceIdentifiers: ResourceIdentifier{ Graph: "https://graph.windows.net/", KeyVault: "https://vault.usgovcloudapi.net", @@ -148,8 +141,6 @@ var ( Batch: "https://batch.core.usgovcloudapi.net/", OperationalInsights: "https://api.loganalytics.us", Storage: "https://storage.azure.com/", - Synapse: NotAvailable, - ServiceBus: "https://servicebus.azure.net/", }, } @@ -177,7 +168,6 @@ var ( CosmosDBDNSSuffix: "documents.azure.cn", TokenAudience: "https://management.chinacloudapi.cn/", APIManagementHostNameSuffix: "azure-api.cn", - SynapseEndpointSuffix: "dev.azuresynapse.azure.cn", ResourceIdentifiers: ResourceIdentifier{ Graph: "https://graph.chinacloudapi.cn/", KeyVault: "https://vault.azure.cn", @@ -185,8 +175,6 @@ var ( Batch: "https://batch.chinacloudapi.cn/", OperationalInsights: NotAvailable, Storage: "https://storage.azure.com/", - Synapse: "https://dev.azuresynapse.net", - ServiceBus: "https://servicebus.azure.net/", }, } @@ -214,7 +202,6 @@ var ( CosmosDBDNSSuffix: "documents.microsoftazure.de", TokenAudience: "https://management.microsoftazure.de/", APIManagementHostNameSuffix: NotAvailable, - SynapseEndpointSuffix: NotAvailable, ResourceIdentifiers: ResourceIdentifier{ Graph: "https://graph.cloudapi.de/", KeyVault: "https://vault.microsoftazure.de", @@ -222,8 +209,6 @@ var ( Batch: "https://batch.cloudapi.de/", OperationalInsights: NotAvailable, Storage: "https://storage.azure.com/", - Synapse: NotAvailable, - ServiceBus: "https://servicebus.azure.net/", }, } ) diff --git a/vendor/github.com/Azure/go-autorest/autorest/go.mod b/vendor/github.com/Azure/go-autorest/autorest/go.mod index 75a534f108915..b66c78da2ccf4 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/go.mod +++ b/vendor/github.com/Azure/go-autorest/autorest/go.mod @@ -4,9 +4,9 @@ go 1.12 require ( github.com/Azure/go-autorest v14.2.0+incompatible - github.com/Azure/go-autorest/autorest/adal v0.9.5 - github.com/Azure/go-autorest/autorest/mocks v0.4.1 + github.com/Azure/go-autorest/autorest/adal v0.9.0 + github.com/Azure/go-autorest/autorest/mocks v0.4.0 github.com/Azure/go-autorest/logger v0.2.0 github.com/Azure/go-autorest/tracing v0.6.0 - golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0 + golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 ) diff --git a/vendor/github.com/Azure/go-autorest/autorest/go.sum b/vendor/github.com/Azure/go-autorest/autorest/go.sum index fa27c68d10511..96d2ad0fcd860 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/go.sum +++ b/vendor/github.com/Azure/go-autorest/autorest/go.sum @@ -1,21 +1,21 @@ github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest/adal v0.9.5 h1:Y3bBUV4rTuxenJJs41HU3qmqsb+auo+a3Lz+PlJPpL0= -github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= +github.com/Azure/go-autorest/autorest/adal v0.9.0 h1:SigMbuFNuKgc1xcGhaeapbh+8fgsu+GxgDRFyg7f5lM= +github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= -github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk= -github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/mocks v0.4.0 h1:z20OWOSG5aCye0HEkDp6TPmP17ZcfeMxPi6HnSALa8c= +github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/logger v0.2.0 h1:e4RVHVZKC5p6UANLJHkM4OfR1UKZPj8Wt8Pcx+3oqrE= github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= +github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0 h1:hb9wdF1z5waM+dSIICn1l0DkLVDT3hqhhQsDNUmHPRE= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= diff --git a/vendor/github.com/Azure/go-autorest/autorest/preparer.go b/vendor/github.com/Azure/go-autorest/autorest/preparer.go index 98574a4155fc9..6e8ed64eba1cf 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/preparer.go +++ b/vendor/github.com/Azure/go-autorest/autorest/preparer.go @@ -127,7 +127,10 @@ func WithHeader(header string, value string) PrepareDecorator { return PreparerFunc(func(r *http.Request) (*http.Request, error) { r, err := p.Prepare(r) if err == nil { - setHeader(r, http.CanonicalHeaderKey(header), value) + if r.Header == nil { + r.Header = make(http.Header) + } + r.Header.Set(http.CanonicalHeaderKey(header), value) } return r, err }) @@ -227,7 +230,7 @@ func AsPost() PrepareDecorator { return WithMethod("POST") } func AsPut() PrepareDecorator { return WithMethod("PUT") } // WithBaseURL returns a PrepareDecorator that populates the http.Request with a url.URL constructed -// from the supplied baseUrl. Query parameters will be encoded as required. +// from the supplied baseUrl. func WithBaseURL(baseURL string) PrepareDecorator { return func(p Preparer) Preparer { return PreparerFunc(func(r *http.Request) (*http.Request, error) { @@ -238,16 +241,11 @@ func WithBaseURL(baseURL string) PrepareDecorator { return r, err } if u.Scheme == "" { - return r, fmt.Errorf("autorest: No scheme detected in URL %s", baseURL) + err = fmt.Errorf("autorest: No scheme detected in URL %s", baseURL) } - if u.RawQuery != "" { - q, err := url.ParseQuery(u.RawQuery) - if err != nil { - return r, err - } - u.RawQuery = q.Encode() + if err == nil { + r.URL = u } - r.URL = u } return r, err }) @@ -292,7 +290,10 @@ func WithFormData(v url.Values) PrepareDecorator { if err == nil { s := v.Encode() - setHeader(r, http.CanonicalHeaderKey(headerContentType), mimeTypeFormPost) + if r.Header == nil { + r.Header = make(http.Header) + } + r.Header.Set(http.CanonicalHeaderKey(headerContentType), mimeTypeFormPost) r.ContentLength = int64(len(s)) r.Body = ioutil.NopCloser(strings.NewReader(s)) } @@ -328,7 +329,10 @@ func WithMultiPartFormData(formDataParameters map[string]interface{}) PrepareDec if err = writer.Close(); err != nil { return r, err } - setHeader(r, http.CanonicalHeaderKey(headerContentType), writer.FormDataContentType()) + if r.Header == nil { + r.Header = make(http.Header) + } + r.Header.Set(http.CanonicalHeaderKey(headerContentType), writer.FormDataContentType()) r.Body = ioutil.NopCloser(bytes.NewReader(body.Bytes())) r.ContentLength = int64(body.Len()) return r, err @@ -433,7 +437,6 @@ func WithXML(v interface{}) PrepareDecorator { bytesWithHeader := []byte(withHeader) r.ContentLength = int64(len(bytesWithHeader)) - setHeader(r, headerContentLength, fmt.Sprintf("%d", len(bytesWithHeader))) r.Body = ioutil.NopCloser(bytes.NewReader(bytesWithHeader)) } } diff --git a/vendor/github.com/Azure/go-autorest/autorest/sender.go b/vendor/github.com/Azure/go-autorest/autorest/sender.go index 78610ef204410..704f3e55e0840 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/sender.go +++ b/vendor/github.com/Azure/go-autorest/autorest/sender.go @@ -23,29 +23,11 @@ import ( "net/http" "net/http/cookiejar" "strconv" - "sync" "time" "github.com/Azure/go-autorest/tracing" ) -// there is one sender per TLS renegotiation type, i.e. count of tls.RenegotiationSupport enums -const defaultSendersCount = 3 - -type defaultSender struct { - sender Sender - init *sync.Once -} - -// each type of sender will be created on demand in sender() -var defaultSenders [defaultSendersCount]defaultSender - -func init() { - for i := 0; i < defaultSendersCount; i++ { - defaultSenders[i].init = &sync.Once{} - } -} - // used as a key type in context.WithValue() type ctxSendDecorators struct{} @@ -125,31 +107,26 @@ func SendWithSender(s Sender, r *http.Request, decorators ...SendDecorator) (*ht } func sender(renengotiation tls.RenegotiationSupport) Sender { - // note that we can't init defaultSenders in init() since it will - // execute before calling code has had a chance to enable tracing - defaultSenders[renengotiation].init.Do(func() { - // Use behaviour compatible with DefaultTransport, but require TLS minimum version. - defaultTransport := http.DefaultTransport.(*http.Transport) - transport := &http.Transport{ - Proxy: defaultTransport.Proxy, - DialContext: defaultTransport.DialContext, - MaxIdleConns: defaultTransport.MaxIdleConns, - IdleConnTimeout: defaultTransport.IdleConnTimeout, - TLSHandshakeTimeout: defaultTransport.TLSHandshakeTimeout, - ExpectContinueTimeout: defaultTransport.ExpectContinueTimeout, - TLSClientConfig: &tls.Config{ - MinVersion: tls.VersionTLS12, - Renegotiation: renengotiation, - }, - } - var roundTripper http.RoundTripper = transport - if tracing.IsEnabled() { - roundTripper = tracing.NewTransport(transport) - } - j, _ := cookiejar.New(nil) - defaultSenders[renengotiation].sender = &http.Client{Jar: j, Transport: roundTripper} - }) - return defaultSenders[renengotiation].sender + // Use behaviour compatible with DefaultTransport, but require TLS minimum version. + defaultTransport := http.DefaultTransport.(*http.Transport) + transport := &http.Transport{ + Proxy: defaultTransport.Proxy, + DialContext: defaultTransport.DialContext, + MaxIdleConns: defaultTransport.MaxIdleConns, + IdleConnTimeout: defaultTransport.IdleConnTimeout, + TLSHandshakeTimeout: defaultTransport.TLSHandshakeTimeout, + ExpectContinueTimeout: defaultTransport.ExpectContinueTimeout, + TLSClientConfig: &tls.Config{ + MinVersion: tls.VersionTLS12, + Renegotiation: renengotiation, + }, + } + var roundTripper http.RoundTripper = transport + if tracing.IsEnabled() { + roundTripper = tracing.NewTransport(transport) + } + j, _ := cookiejar.New(nil) + return &http.Client{Jar: j, Transport: roundTripper} } // AfterDelay returns a SendDecorator that delays for the passed time.Duration before diff --git a/vendor/github.com/Azure/go-autorest/autorest/utility.go b/vendor/github.com/Azure/go-autorest/autorest/utility.go index 416041c3f3339..67baab2cee24c 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/utility.go +++ b/vendor/github.com/Azure/go-autorest/autorest/utility.go @@ -237,10 +237,3 @@ func DrainResponseBody(resp *http.Response) error { } return nil } - -func setHeader(r *http.Request, key, value string) { - if r.Header == nil { - r.Header = make(http.Header) - } - r.Header.Set(key, value) -} diff --git a/vendor/github.com/form3tech-oss/jwt-go/.gitignore b/vendor/github.com/dgrijalva/jwt-go/.gitignore similarity index 69% rename from vendor/github.com/form3tech-oss/jwt-go/.gitignore rename to vendor/github.com/dgrijalva/jwt-go/.gitignore index c0e81a8d92674..80bed650ec039 100644 --- a/vendor/github.com/form3tech-oss/jwt-go/.gitignore +++ b/vendor/github.com/dgrijalva/jwt-go/.gitignore @@ -1,5 +1,4 @@ .DS_Store bin -.idea/ diff --git a/vendor/github.com/form3tech-oss/jwt-go/.travis.yml b/vendor/github.com/dgrijalva/jwt-go/.travis.yml similarity index 65% rename from vendor/github.com/form3tech-oss/jwt-go/.travis.yml rename to vendor/github.com/dgrijalva/jwt-go/.travis.yml index 3c7fb7e1ae644..1027f56cd94db 100644 --- a/vendor/github.com/form3tech-oss/jwt-go/.travis.yml +++ b/vendor/github.com/dgrijalva/jwt-go/.travis.yml @@ -5,8 +5,9 @@ script: - go test -v ./... go: - - 1.12 - - 1.13 - - 1.14 - - 1.15 + - 1.3 + - 1.4 + - 1.5 + - 1.6 + - 1.7 - tip diff --git a/vendor/github.com/form3tech-oss/jwt-go/LICENSE b/vendor/github.com/dgrijalva/jwt-go/LICENSE similarity index 100% rename from vendor/github.com/form3tech-oss/jwt-go/LICENSE rename to vendor/github.com/dgrijalva/jwt-go/LICENSE diff --git a/vendor/github.com/form3tech-oss/jwt-go/MIGRATION_GUIDE.md b/vendor/github.com/dgrijalva/jwt-go/MIGRATION_GUIDE.md similarity index 100% rename from vendor/github.com/form3tech-oss/jwt-go/MIGRATION_GUIDE.md rename to vendor/github.com/dgrijalva/jwt-go/MIGRATION_GUIDE.md diff --git a/vendor/github.com/form3tech-oss/jwt-go/README.md b/vendor/github.com/dgrijalva/jwt-go/README.md similarity index 89% rename from vendor/github.com/form3tech-oss/jwt-go/README.md rename to vendor/github.com/dgrijalva/jwt-go/README.md index d7749077fde68..d358d881b8dde 100644 --- a/vendor/github.com/form3tech-oss/jwt-go/README.md +++ b/vendor/github.com/dgrijalva/jwt-go/README.md @@ -9,7 +9,7 @@ A [go](http://www.golang.org) (or 'golang' for search engine friendliness) imple **SECURITY NOTICE:** Some older versions of Go have a security issue in the cryotp/elliptic. Recommendation is to upgrade to at least 1.8.3. See issue #216 for more detail. -**SECURITY NOTICE:** It's important that you [validate the `alg` presented is what you expect](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/). This library attempts to make it easy to do the right thing by requiring key types match the expected alg, but you should take the extra step to verify it in your usage. See the examples provided. +**SECURITY NOTICE:** It's important that you [validate the `alg` presented is what you expect](https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/). This library attempts to make it easy to do the right thing by requiring key types match the expected alg, but you should take the extra step to verify it in your usage. See the examples provided. ## What the heck is a JWT? @@ -19,7 +19,7 @@ In short, it's a signed JSON object that does something useful (for example, aut The first part is called the header. It contains the necessary information for verifying the last part, the signature. For example, which encryption method was used for signing and what key was used. -The part in the middle is the interesting bit. It's called the Claims and contains the actual stuff you care about. Refer to [the RFC](http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html) for information about reserved keys and the proper way to add your own. +The part in the middle is the interesting bit. It's called the Claims and contains the actual stuff you care about. Refer to [the RFC](http://self-issued.info/docs/draft-jones-json-web-token.html) for information about reserved keys and the proper way to add your own. ## What's in the box? @@ -37,7 +37,7 @@ See [the project documentation](https://godoc.org/github.com/dgrijalva/jwt-go) f This library publishes all the necessary components for adding your own signing methods. Simply implement the `SigningMethod` interface and register a factory method using `RegisterSigningMethod`. -Here's an example of an extension that integrates with multiple Google Cloud Platform signing tools (AppEngine, IAM API, Cloud KMS): https://github.com/someone1/gcp-jwt-go +Here's an example of an extension that integrates with the Google App Engine signing tools: https://github.com/someone1/gcp-jwt-go ## Compliance @@ -93,10 +93,6 @@ Without going too far down the rabbit hole, here's a description of the interact * OAuth defines several options for passing around authentication data. One popular method is called a "bearer token". A bearer token is simply a string that _should_ only be held by an authenticated user. Thus, simply presenting this token proves your identity. You can probably derive from here why a JWT might make a good bearer token. * Because bearer tokens are used for authentication, it's important they're kept secret. This is why transactions that use bearer tokens typically happen over SSL. -### Troubleshooting - -This library uses descriptive error messages whenever possible. If you are not getting the expected result, have a look at the errors. The most common place people get stuck is providing the correct type of key to the parser. See the above section on signing methods and key types. - ## More Documentation can be found [on godoc.org](http://godoc.org/github.com/dgrijalva/jwt-go). diff --git a/vendor/github.com/form3tech-oss/jwt-go/VERSION_HISTORY.md b/vendor/github.com/dgrijalva/jwt-go/VERSION_HISTORY.md similarity index 100% rename from vendor/github.com/form3tech-oss/jwt-go/VERSION_HISTORY.md rename to vendor/github.com/dgrijalva/jwt-go/VERSION_HISTORY.md diff --git a/vendor/github.com/form3tech-oss/jwt-go/claims.go b/vendor/github.com/dgrijalva/jwt-go/claims.go similarity index 93% rename from vendor/github.com/form3tech-oss/jwt-go/claims.go rename to vendor/github.com/dgrijalva/jwt-go/claims.go index 624890666c660..f0228f02e0337 100644 --- a/vendor/github.com/form3tech-oss/jwt-go/claims.go +++ b/vendor/github.com/dgrijalva/jwt-go/claims.go @@ -16,7 +16,7 @@ type Claims interface { // https://tools.ietf.org/html/rfc7519#section-4.1 // See examples for how to use this with your own claim types type StandardClaims struct { - Audience []string `json:"aud,omitempty"` + Audience string `json:"aud,omitempty"` ExpiresAt int64 `json:"exp,omitempty"` Id string `json:"jti,omitempty"` IssuedAt int64 `json:"iat,omitempty"` @@ -90,17 +90,15 @@ func (c *StandardClaims) VerifyNotBefore(cmp int64, req bool) bool { // ----- helpers -func verifyAud(aud []string, cmp string, required bool) bool { - if len(aud) == 0 { +func verifyAud(aud string, cmp string, required bool) bool { + if aud == "" { return !required } - - for _, a := range aud { - if subtle.ConstantTimeCompare([]byte(a), []byte(cmp)) != 0 { - return true - } + if subtle.ConstantTimeCompare([]byte(aud), []byte(cmp)) != 0 { + return true + } else { + return false } - return false } func verifyExp(exp int64, now int64, required bool) bool { diff --git a/vendor/github.com/form3tech-oss/jwt-go/doc.go b/vendor/github.com/dgrijalva/jwt-go/doc.go similarity index 100% rename from vendor/github.com/form3tech-oss/jwt-go/doc.go rename to vendor/github.com/dgrijalva/jwt-go/doc.go diff --git a/vendor/github.com/form3tech-oss/jwt-go/ecdsa.go b/vendor/github.com/dgrijalva/jwt-go/ecdsa.go similarity index 100% rename from vendor/github.com/form3tech-oss/jwt-go/ecdsa.go rename to vendor/github.com/dgrijalva/jwt-go/ecdsa.go diff --git a/vendor/github.com/form3tech-oss/jwt-go/ecdsa_utils.go b/vendor/github.com/dgrijalva/jwt-go/ecdsa_utils.go similarity index 93% rename from vendor/github.com/form3tech-oss/jwt-go/ecdsa_utils.go rename to vendor/github.com/dgrijalva/jwt-go/ecdsa_utils.go index db9f4be7d8ea5..d19624b7264fb 100644 --- a/vendor/github.com/form3tech-oss/jwt-go/ecdsa_utils.go +++ b/vendor/github.com/dgrijalva/jwt-go/ecdsa_utils.go @@ -25,9 +25,7 @@ func ParseECPrivateKeyFromPEM(key []byte) (*ecdsa.PrivateKey, error) { // Parse the key var parsedKey interface{} if parsedKey, err = x509.ParseECPrivateKey(block.Bytes); err != nil { - if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil { - return nil, err - } + return nil, err } var pkey *ecdsa.PrivateKey diff --git a/vendor/github.com/form3tech-oss/jwt-go/errors.go b/vendor/github.com/dgrijalva/jwt-go/errors.go similarity index 100% rename from vendor/github.com/form3tech-oss/jwt-go/errors.go rename to vendor/github.com/dgrijalva/jwt-go/errors.go diff --git a/vendor/github.com/form3tech-oss/jwt-go/hmac.go b/vendor/github.com/dgrijalva/jwt-go/hmac.go similarity index 100% rename from vendor/github.com/form3tech-oss/jwt-go/hmac.go rename to vendor/github.com/dgrijalva/jwt-go/hmac.go diff --git a/vendor/github.com/form3tech-oss/jwt-go/map_claims.go b/vendor/github.com/dgrijalva/jwt-go/map_claims.go similarity index 94% rename from vendor/github.com/form3tech-oss/jwt-go/map_claims.go rename to vendor/github.com/dgrijalva/jwt-go/map_claims.go index 90ab6bea350a6..291213c460d45 100644 --- a/vendor/github.com/form3tech-oss/jwt-go/map_claims.go +++ b/vendor/github.com/dgrijalva/jwt-go/map_claims.go @@ -13,15 +13,7 @@ type MapClaims map[string]interface{} // Compares the aud claim against cmp. // If required is false, this method will return true if the value matches or is unset func (m MapClaims) VerifyAudience(cmp string, req bool) bool { - aud, ok := m["aud"].([]string) - if !ok { - strAud, ok := m["aud"].(string) - if !ok { - return false - } - aud = append(aud, strAud) - } - + aud, _ := m["aud"].(string) return verifyAud(aud, cmp, req) } diff --git a/vendor/github.com/form3tech-oss/jwt-go/none.go b/vendor/github.com/dgrijalva/jwt-go/none.go similarity index 100% rename from vendor/github.com/form3tech-oss/jwt-go/none.go rename to vendor/github.com/dgrijalva/jwt-go/none.go diff --git a/vendor/github.com/form3tech-oss/jwt-go/parser.go b/vendor/github.com/dgrijalva/jwt-go/parser.go similarity index 100% rename from vendor/github.com/form3tech-oss/jwt-go/parser.go rename to vendor/github.com/dgrijalva/jwt-go/parser.go diff --git a/vendor/github.com/form3tech-oss/jwt-go/rsa.go b/vendor/github.com/dgrijalva/jwt-go/rsa.go similarity index 100% rename from vendor/github.com/form3tech-oss/jwt-go/rsa.go rename to vendor/github.com/dgrijalva/jwt-go/rsa.go diff --git a/vendor/github.com/form3tech-oss/jwt-go/rsa_pss.go b/vendor/github.com/dgrijalva/jwt-go/rsa_pss.go similarity index 71% rename from vendor/github.com/form3tech-oss/jwt-go/rsa_pss.go rename to vendor/github.com/dgrijalva/jwt-go/rsa_pss.go index c01470864803b..10ee9db8a4ed6 100644 --- a/vendor/github.com/form3tech-oss/jwt-go/rsa_pss.go +++ b/vendor/github.com/dgrijalva/jwt-go/rsa_pss.go @@ -12,14 +12,9 @@ import ( type SigningMethodRSAPSS struct { *SigningMethodRSA Options *rsa.PSSOptions - // VerifyOptions is optional. If set overrides Options for rsa.VerifyPPS. - // Used to accept tokens signed with rsa.PSSSaltLengthAuto, what doesn't follow - // https://tools.ietf.org/html/rfc7518#section-3.5 but was used previously. - // See https://github.com/dgrijalva/jwt-go/issues/285#issuecomment-437451244 for details. - VerifyOptions *rsa.PSSOptions } -// Specific instances for RS/PS and company. +// Specific instances for RS/PS and company var ( SigningMethodPS256 *SigningMethodRSAPSS SigningMethodPS384 *SigningMethodRSAPSS @@ -29,15 +24,13 @@ var ( func init() { // PS256 SigningMethodPS256 = &SigningMethodRSAPSS{ - SigningMethodRSA: &SigningMethodRSA{ + &SigningMethodRSA{ Name: "PS256", Hash: crypto.SHA256, }, - Options: &rsa.PSSOptions{ - SaltLength: rsa.PSSSaltLengthEqualsHash, - }, - VerifyOptions: &rsa.PSSOptions{ + &rsa.PSSOptions{ SaltLength: rsa.PSSSaltLengthAuto, + Hash: crypto.SHA256, }, } RegisterSigningMethod(SigningMethodPS256.Alg(), func() SigningMethod { @@ -46,15 +39,13 @@ func init() { // PS384 SigningMethodPS384 = &SigningMethodRSAPSS{ - SigningMethodRSA: &SigningMethodRSA{ + &SigningMethodRSA{ Name: "PS384", Hash: crypto.SHA384, }, - Options: &rsa.PSSOptions{ - SaltLength: rsa.PSSSaltLengthEqualsHash, - }, - VerifyOptions: &rsa.PSSOptions{ + &rsa.PSSOptions{ SaltLength: rsa.PSSSaltLengthAuto, + Hash: crypto.SHA384, }, } RegisterSigningMethod(SigningMethodPS384.Alg(), func() SigningMethod { @@ -63,15 +54,13 @@ func init() { // PS512 SigningMethodPS512 = &SigningMethodRSAPSS{ - SigningMethodRSA: &SigningMethodRSA{ + &SigningMethodRSA{ Name: "PS512", Hash: crypto.SHA512, }, - Options: &rsa.PSSOptions{ - SaltLength: rsa.PSSSaltLengthEqualsHash, - }, - VerifyOptions: &rsa.PSSOptions{ + &rsa.PSSOptions{ SaltLength: rsa.PSSSaltLengthAuto, + Hash: crypto.SHA512, }, } RegisterSigningMethod(SigningMethodPS512.Alg(), func() SigningMethod { @@ -105,12 +94,7 @@ func (m *SigningMethodRSAPSS) Verify(signingString, signature string, key interf hasher := m.Hash.New() hasher.Write([]byte(signingString)) - opts := m.Options - if m.VerifyOptions != nil { - opts = m.VerifyOptions - } - - return rsa.VerifyPSS(rsaKey, m.Hash, hasher.Sum(nil), sig, opts) + return rsa.VerifyPSS(rsaKey, m.Hash, hasher.Sum(nil), sig, m.Options) } // Implements the Sign method from SigningMethod diff --git a/vendor/github.com/form3tech-oss/jwt-go/rsa_utils.go b/vendor/github.com/dgrijalva/jwt-go/rsa_utils.go similarity index 95% rename from vendor/github.com/form3tech-oss/jwt-go/rsa_utils.go rename to vendor/github.com/dgrijalva/jwt-go/rsa_utils.go index 14c78c292a94f..a5ababf956c4f 100644 --- a/vendor/github.com/form3tech-oss/jwt-go/rsa_utils.go +++ b/vendor/github.com/dgrijalva/jwt-go/rsa_utils.go @@ -8,7 +8,7 @@ import ( ) var ( - ErrKeyMustBePEMEncoded = errors.New("Invalid Key: Key must be a PEM encoded PKCS1 or PKCS8 key") + ErrKeyMustBePEMEncoded = errors.New("Invalid Key: Key must be PEM encoded PKCS1 or PKCS8 private key") ErrNotRSAPrivateKey = errors.New("Key is not a valid RSA private key") ErrNotRSAPublicKey = errors.New("Key is not a valid RSA public key") ) diff --git a/vendor/github.com/form3tech-oss/jwt-go/signing_method.go b/vendor/github.com/dgrijalva/jwt-go/signing_method.go similarity index 100% rename from vendor/github.com/form3tech-oss/jwt-go/signing_method.go rename to vendor/github.com/dgrijalva/jwt-go/signing_method.go diff --git a/vendor/github.com/form3tech-oss/jwt-go/token.go b/vendor/github.com/dgrijalva/jwt-go/token.go similarity index 100% rename from vendor/github.com/form3tech-oss/jwt-go/token.go rename to vendor/github.com/dgrijalva/jwt-go/token.go diff --git a/vendor/modules.txt b/vendor/modules.txt index 2d9d9f8d81c77..b075dc7ec8be9 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -111,10 +111,10 @@ github.com/Azure/azure-sdk-for-go/services/web/mgmt/2019-08-01/web github.com/Azure/azure-sdk-for-go/version # github.com/Azure/go-autorest v14.2.0+incompatible github.com/Azure/go-autorest -# github.com/Azure/go-autorest/autorest v0.11.10 +# github.com/Azure/go-autorest/autorest v0.11.3 github.com/Azure/go-autorest/autorest github.com/Azure/go-autorest/autorest/azure -# github.com/Azure/go-autorest/autorest/adal v0.9.5 +# github.com/Azure/go-autorest/autorest/adal v0.9.0 github.com/Azure/go-autorest/autorest/adal # github.com/Azure/go-autorest/autorest/azure/cli v0.4.0 github.com/Azure/go-autorest/autorest/azure/cli @@ -182,12 +182,12 @@ github.com/bgentry/speakeasy github.com/btubbs/datetime # github.com/davecgh/go-spew v1.1.1 github.com/davecgh/go-spew/spew +# github.com/dgrijalva/jwt-go v3.2.0+incompatible +github.com/dgrijalva/jwt-go # github.com/dimchansky/utfbom v1.1.0 github.com/dimchansky/utfbom # github.com/fatih/color v1.7.0 github.com/fatih/color -# github.com/form3tech-oss/jwt-go v3.2.2+incompatible -github.com/form3tech-oss/jwt-go # github.com/golang/protobuf v1.3.4 github.com/golang/protobuf/proto github.com/golang/protobuf/protoc-gen-go/descriptor diff --git a/website/allowed-subcategories b/website/allowed-subcategories index 3bd6f9ea178ab..8b9011f49b6ff 100644 --- a/website/allowed-subcategories +++ b/website/allowed-subcategories @@ -26,7 +26,7 @@ Data Share Database Database Migration Databricks -Desktop Virtualization +DesktopVirtualization Dev Test DevSpace HDInsight