Hello community,
here is the log from the commit of package caasp-cli for openSUSE:Factory
checked in at 2018-02-15 13:27:32
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/caasp-cli (Old)
and /work/SRC/openSUSE:Factory/.caasp-cli.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "caasp-cli"
Thu Feb 15 13:27:32 2018 rev:2 rq:576831 version:0.0.1+20180207.git_r35_7606f5c
Changes:
--------
--- /work/SRC/openSUSE:Factory/caasp-cli/caasp-cli.changes 2017-10-07
17:50:39.919304594 +0200
+++ /work/SRC/openSUSE:Factory/.caasp-cli.new/caasp-cli.changes 2018-02-15
13:27:34.439469656 +0100
@@ -1,0 +2,18 @@
+Wed Feb 7 17:24:43 UTC 2018 - containers-bugow...@suse.de
+
+- Commit 15bb48e by Kiall Mac Innes ki...@macinnes.ie
+ Switch to using the RFC defined OOB redirect URL
+
+ CaaSP CLI shouldn't be "fake" redirect URL, instead, use the oauth RFC
+ defined out of band redirect URL.
+
+ Commit 08bd81a by Kiall Mac Innes ki...@macinnes.ie
+ Use separate Dex clients for each actual client
+
+ Previously Velum, CaaSP CLI, and Kubernetes all shared a single Dex client.
+ From a security perspective, this was far from ideal.
+
+ Update CaaSP CLI to request a token which is valid for the Kubernetes client.
+
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ caasp-cli.spec ++++++
--- /var/tmp/diff_new_pack.p2qQ31/_old 2018-02-15 13:27:35.703423748 +0100
+++ /var/tmp/diff_new_pack.p2qQ31/_new 2018-02-15 13:27:35.711423456 +0100
@@ -1,7 +1,7 @@
#
# spec file for package caasp-cli
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: caasp-cli
-Version: 0.0.1+20170929.git_r32_b195256
+Version: 0.0.1+20180207.git_r35_7606f5c
Release: 0
Summary: CLI for interacting with SUSE CaaS Platform Clusters
License: Apache-2.0
++++++ master.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/caasp-cli-master/cmd/auth.go
new/caasp-cli-master/cmd/auth.go
--- old/caasp-cli-master/cmd/auth.go 2017-09-29 22:20:36.000000000 +0200
+++ new/caasp-cli-master/cmd/auth.go 2018-02-07 18:23:45.000000000 +0100
@@ -26,6 +26,8 @@
"net/url"
"strings"
"time"
+ "io/ioutil"
+ "regexp"
"github.com/coreos/go-oidc"
"golang.org/x/net/html"
@@ -34,7 +36,7 @@
// Simulate a OAuth2 Web Flow in a command line app
-const redirectURL = "http://127.0.0.1";
+const redirectURL = "urn:ietf:wg:oauth:2.0:oob"
// AuthRequest represents an OAuth2 auth request flow
type AuthRequest struct {
@@ -210,7 +212,7 @@
authRequest.verifier = provider.Verifier(&oidc.Config{ClientID:
authRequest.ClientID})
// Setup complete, start the actual auth
- authRequest.scopes = []string{"openid", "profile", "email",
"offline_access", "groups"}
+ authRequest.scopes = []string{"openid", "profile", "email",
"offline_access", "groups", "audience:server:client_id:kubernetes"}
authCodeURL := oauth2Config(authRequest).AuthCodeURL("",
oauth2.AccessTypeOffline)
resp, err := client.Get(authCodeURL)
@@ -278,13 +280,21 @@
}
defer resp.Body.Close()
-
- callbackLocation, err := resp.Location()
+ body, err := ioutil.ReadAll(resp.Body)
if err != nil {
return AuthResponse{}, err
}
- code := callbackLocation.Query().Get("code")
+ r, _ := regexp.Compile("(?:(?:.|\n)*)value=\"(.*?)\"(?:(?:.|\n)*)")
+
+ match := r.FindStringSubmatch(string(body))
+
+ // We expect two matches - the entire body, and then just the code group
+ if (len(match) != 2) {
+ return AuthResponse{}, fmt.Errorf("failed to extract token from
OOB response")
+ }
+
+ code := match[1]
client.CheckRedirect = oldRedirectChecker
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/caasp-cli-master/vendor/k8s.io/client-go/pkg/version/base.go
new/caasp-cli-master/vendor/k8s.io/client-go/pkg/version/base.go
--- old/caasp-cli-master/vendor/k8s.io/client-go/pkg/version/base.go
2017-09-29 22:20:36.000000000 +0200
+++ new/caasp-cli-master/vendor/k8s.io/client-go/pkg/version/base.go
2018-02-07 18:23:45.000000000 +0100
@@ -51,8 +51,8 @@
// semantic version is a git hash, but the version itself is no
// longer the direct output of "git describe", but a slight
// translation to be semver compliant.
- gitVersion string = "v1.7.3-beta.0+b195256"
- gitCommit string = "b195256ef7267ff62385fd9ad67a22e7624754ed" //
sha1 from git, output of $(git rev-parse HEAD)
+ gitVersion string = "v1.7.3-beta.0+7606f5c"
+ gitCommit string = "7606f5c01169134762049d0e3dcfd3913518147b" //
sha1 from git, output of $(git rev-parse HEAD)
gitTreeState string = "not a git tree" // state of git tree, either
"clean" or "dirty"
buildDate string = "1970-01-01T00:00:00Z" // build date in ISO8601
format, output of $(date -u +'%Y-%m-%dT%H:%M:%SZ')
