ContainerImage.Pinniped/go.mod

module go.pinniped.dev

go 1.16

require (
	github.com/MakeNowJust/heredoc/v2 v2.0.1
	github.com/coreos/go-oidc/v3 v3.0.0
	github.com/creack/pty v1.1.13
	github.com/davecgh/go-spew v1.1.1
	github.com/go-ldap/ldap/v3 v3.3.0
	github.com/go-logr/logr v0.4.0
	github.com/go-logr/stdr v0.4.0
	github.com/go-openapi/spec v0.20.3 // indirect
	github.com/gofrs/flock v0.8.1
	github.com/golang/mock v1.6.0
	github.com/google/go-cmp v0.5.6
	github.com/google/gofuzz v1.2.0
	github.com/google/uuid v1.1.2 // indirect
	github.com/gorilla/securecookie v1.1.1
	github.com/gorilla/websocket v1.4.2
	github.com/onsi/ginkgo v1.13.0 // indirect
	github.com/ory/fosite v0.40.2
	github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4
	github.com/pkg/errors v0.9.1
	github.com/sclevine/agouti v3.0.0+incompatible
	github.com/sclevine/spec v1.4.0
	github.com/spf13/cobra v1.2.1
	github.com/spf13/pflag v1.0.5
	github.com/stretchr/testify v1.7.0
	github.com/tdewolff/minify/v2 v2.9.19
	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
	golang.org/x/net v0.0.0-20210520170846-37e1c6afe023
	golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602
	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
	golang.org/x/term v0.0.0-20210503060354-a79de5458b56
	gopkg.in/square/go-jose.v2 v2.6.0
	k8s.io/api v0.21.3
	k8s.io/apimachinery v0.21.3
	k8s.io/apiserver v0.21.3
	k8s.io/client-go v0.21.3
	k8s.io/component-base v0.21.3
	k8s.io/gengo v0.0.0-20210203185629-de9496dff47b
	k8s.io/klog/v2 v2.10.0
	k8s.io/kube-aggregator v0.21.3
	k8s.io/utils v0.0.0-20210521133846-da695404a2bc
	sigs.k8s.io/yaml v1.2.0
)

// Workaround a broken module version (see https://github.com/oleiade/reflections/issues/14).
// We need this until none of our deps tries to pull in v1.0.0, otherwise some tools like
// Dependabot will fail on our module.
replace github.com/oleiade/reflections v1.0.0 => github.com/oleiade/reflections v1.0.1

// We were never vulnerable to CVE-2020-26160 but this avoids future issues
// This fork is not particularly better though:
// https://github.com/form3tech-oss/jwt-go/issues/7
// We use the SHA of github.com/form3tech-oss/jwt-go@v3.2.2 to get around "used for two different module paths"
// https://golang.org/issues/26904
replace github.com/dgrijalva/jwt-go v3.2.0+incompatible => github.com/form3tech-oss/jwt-go v0.0.0-20200915135329-9162a5abdbc0

// Pin gRPC back to v1.29.1 (the version required by Kubernetes), but also override a module that's only used in some tests.
// This is required because sometime after v1.29.1, they moved this package into a separate module.
replace (
	google.golang.org/grpc => google.golang.org/grpc v1.29.1
	google.golang.org/grpc/examples => ./hack/dependencyhacks/grpcexamples/
)
Add Go vanity import paths. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-09-18 19:56:24 +00:00			`module go.pinniped.dev`
Hello, world! 2020-07-03 00:05:59 +00:00
Add custom response_mode=form_post HTML template. This is a new pacakge internal/oidc/provider/formposthtml containing a number of static files embedded using the relatively recent Go "//go:embed" functionality introduced in Go 1.16 (https://blog.golang.org/go1.16). The Javascript and CSS files are minifiied and injected to make a single self-contained HTML response. There is a special Content-Security-Policy helper to calculate hash-based script-src and style-src rules. This new code is covered by a new integration test that exercises the JS/HTML functionality in a real browser outside of the rest of the Supervisor. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-06-30 16:50:01 +00:00			`go 1.16`
Add a simple /healthz endpoint - Also remove the old hello world code Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-06 23:07:21 +00:00
Add initial linter configuration. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-07-07 19:35:20 +00:00			`require (`
Organize Pinniped CLI into subcommands; Add get-kubeconfig subcommand - Add flag parsing and help messages for root command, `exchange-credential` subcommand, and new `get-kubeconfig` subcommand - The new `get-kubeconfig` subcommand is a work in progress in this commit - Also add here.Doc() and here.Docf() to enable nice heredocs in our code 2020-09-12 00:56:05 +00:00			`github.com/MakeNowJust/heredoc/v2 v2.0.1`
Upgrade to github.com/coreos/go-oidc v3.0.0. See https://github.com/coreos/go-oidc/releases/tag/v3.0.0 for release notes. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-01-20 17:54:44 +00:00			`github.com/coreos/go-oidc/v3 v3.0.0`
Bump github.com/creack/pty from 1.1.12 to 1.1.13 Bumps [github.com/creack/pty](https://github.com/creack/pty) from 1.1.12 to 1.1.13. - [Release notes](https://github.com/creack/pty/releases) - [Commits](https://github.com/creack/pty/compare/v1.1.12...v1.1.13) Signed-off-by: dependabot[bot] <support@github.com> 2021-06-01 20:15:47 +00:00			`github.com/creack/pty v1.1.13`
Merge the `./test` packages back into the main module. We were using this at one point to control which tests ran with `go test ./...`, but now we're also using the `-short` flag to differentiate unit vs. integration tests. Hopefully this will simplify things a bit. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-08-25 15:27:18 +00:00			`github.com/davecgh/go-spew v1.1.1`
ldap: add initial stub upstream LDAP connection package Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2021-04-09 15:38:53 +00:00			`github.com/go-ldap/ldap/v3 v3.3.0`
Bump a bunch of minor dependencies. Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.6.1 to 1.7.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.6.1...v1.7.0) Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 0.3.0 to 0.4.0. - [Release notes](https://github.com/go-logr/logr/releases) - [Commits](https://github.com/go-logr/logr/compare/v0.3.0...v0.4.0) Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.4.0 to 2.5.0. - [Release notes](https://github.com/kubernetes/klog/releases) - [Changelog](https://github.com/kubernetes/klog/blob/master/RELEASE.md) - [Commits](https://github.com/kubernetes/klog/compare/v2.4.0...v2.5.0) Bumps [github.com/go-logr/stdr](https://github.com/go-logr/stdr) from 0.2.0 to 0.4.0. - [Release notes](https://github.com/go-logr/stdr/releases) - [Commits](https://github.com/go-logr/stdr/compare/v0.2.0...v0.4.0) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.1 to 1.1.3. - [Release notes](https://github.com/spf13/cobra/releases) - [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md) - [Commits](https://github.com/spf13/cobra/compare/v1.1.1...v1.1.3) Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-02-24 22:37:31 +00:00			`github.com/go-logr/logr v0.4.0`
			`github.com/go-logr/stdr v0.4.0`
Stop generating zz_generated.openapi.go files. It turns out we no longer need these and can skip this bit of code generation. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-05-21 16:16:07 +00:00			`github.com/go-openapi/spec v0.20.3 // indirect`
Bump github.com/gofrs/flock from 0.8.0 to 0.8.1 Bumps [github.com/gofrs/flock](https://github.com/gofrs/flock) from 0.8.0 to 0.8.1. - [Release notes](https://github.com/gofrs/flock/releases) - [Commits](https://github.com/gofrs/flock/compare/v0.8.0...v0.8.1) --- updated-dependencies: - dependency-name: github.com/gofrs/flock dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> 2021-06-28 01:28:52 +00:00			`github.com/gofrs/flock v0.8.1`
Bump github.com/golang/mock from 1.5.0 to 1.6.0 Bumps [github.com/golang/mock](https://github.com/golang/mock) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/golang/mock/releases) - [Changelog](https://github.com/golang/mock/blob/master/.goreleaser.yml) - [Commits](https://github.com/golang/mock/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: github.com/golang/mock dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2021-06-16 01:22:04 +00:00			`github.com/golang/mock v1.6.0`
Bump github.com/google/go-cmp from 0.5.5 to 0.5.6 Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.5 to 0.5.6. - [Release notes](https://github.com/google/go-cmp/releases) - [Commits](https://github.com/google/go-cmp/compare/v0.5.5...v0.5.6) Signed-off-by: dependabot[bot] <support@github.com> 2021-05-25 05:51:17 +00:00			`github.com/google/go-cmp v0.5.6`
Update all modules. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-17 19:08:15 +00:00			`github.com/google/gofuzz v1.2.0`
parsing objectGUID as human-readable string version 2021-07-27 18:08:23 +00:00			`github.com/google/uuid v1.1.2 // indirect`
WIP for saving authorize endpoint state into upstream state param Signed-off-by: Ryan Richard <richardry@vmware.com> 2020-11-11 01:58:00 +00:00			`github.com/gorilla/securecookie v1.1.1`
Add integration test for using WhoAmIRequest through impersonator 2021-03-11 00:57:15 +00:00			`github.com/gorilla/websocket v1.4.2`
Remove our main module dependency on golangci-lint. We will still pin this in CI via an image dependency. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-17 22:30:34 +00:00			`github.com/onsi/ginkgo v1.13.0 // indirect`
Upgrade github.com/ory/fosite to v0.40.2. This required a weird hack because some of the Fosite tests (or a transitive dependency of them) depends on a newer version of gRPC that's incompatible with the Kubernetes runtime version we use. It wasn't as simple as just replacing the gRPC module with an older version, because in the latest versions of gRPC, they split out the "examples" packages into their own module. This new module name doesn't exist at the old version. Ultimately, the workaround was to make a fake "examples" module locally. This module can be empty because we never actually depend on that code (it's only used in transitive dependency tests). Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-05-28 14:52:49 +00:00			`github.com/ory/fosite v0.40.2`
Upgrade github.com/pkg/browser. This some some kind of improvement on Windows. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-05-21 15:00:19 +00:00			`github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4`
Finished tests for pkce storage and added it to kubestorage - Also fixed some lint errors with v1.33.0 of the linter Signed-off-by: Margo Crawford <margaretc@vmware.com> 2020-12-01 22:53:22 +00:00			`github.com/pkg/errors v0.9.1`
Add initial CLI integration test for OIDC login. This is our first test using a real browser to interact with an upstream provider. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-10-13 15:41:53 +00:00			`github.com/sclevine/agouti v3.0.0+incompatible`
Add placeholder-name CLI - main and unit tests for main - client package to be done in a future commit Signed-off-by: Aram Price <pricear@vmware.com> 2020-07-27 23:49:43 +00:00			`github.com/sclevine/spec v1.4.0`
Bump github.com/spf13/cobra from 1.2.0 to 1.2.1 Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.2.0 to 1.2.1. - [Release notes](https://github.com/spf13/cobra/releases) - [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md) - [Commits](https://github.com/spf13/cobra/compare/v1.2.0...v1.2.1) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> 2021-07-05 01:28:57 +00:00			`github.com/spf13/cobra v1.2.1`
Switch back to an exec-based approach to grab the controller-manager CA. (#65) This switches us back to an approach where we use the Pod "exec" API to grab the keys we need, rather than forcing our code to run on the control plane node. It will help us fail gracefully (or dynamically switch to alternate implementations) when the cluster is not self-hosted. Signed-off-by: Matt Moyer <moyerm@vmware.com> Co-authored-by: Ryan Richard <richardry@vmware.com> 2020-08-19 18:21:07 +00:00			`github.com/spf13/pflag v1.0.5`
Bump a bunch of minor dependencies. Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.6.1 to 1.7.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.6.1...v1.7.0) Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 0.3.0 to 0.4.0. - [Release notes](https://github.com/go-logr/logr/releases) - [Commits](https://github.com/go-logr/logr/compare/v0.3.0...v0.4.0) Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.4.0 to 2.5.0. - [Release notes](https://github.com/kubernetes/klog/releases) - [Changelog](https://github.com/kubernetes/klog/blob/master/RELEASE.md) - [Commits](https://github.com/kubernetes/klog/compare/v2.4.0...v2.5.0) Bumps [github.com/go-logr/stdr](https://github.com/go-logr/stdr) from 0.2.0 to 0.4.0. - [Release notes](https://github.com/go-logr/stdr/releases) - [Commits](https://github.com/go-logr/stdr/compare/v0.2.0...v0.4.0) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.1 to 1.1.3. - [Release notes](https://github.com/spf13/cobra/releases) - [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md) - [Commits](https://github.com/spf13/cobra/compare/v1.1.1...v1.1.3) Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-02-24 22:37:31 +00:00			`github.com/stretchr/testify v1.7.0`
Bump github.com/tdewolff/minify/v2 from 2.9.18 to 2.9.19 Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify) from 2.9.18 to 2.9.19. - [Release notes](https://github.com/tdewolff/minify/releases) - [Commits](https://github.com/tdewolff/minify/compare/v2.9.18...v2.9.19) --- updated-dependencies: - dependency-name: github.com/tdewolff/minify/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> 2021-07-12 01:20:59 +00:00			`github.com/tdewolff/minify/v2 v2.9.19`
Upgrade golang.org/x/* module dependencies. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-05-21 15:06:29 +00:00			`golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a`
			`golang.org/x/net v0.0.0-20210520170846-37e1c6afe023`
Bump github.com/spf13/cobra from 1.1.3 to 1.2.0 Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.3 to 1.2.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md) - [Commits](https://github.com/spf13/cobra/compare/v1.1.3...v1.2.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2021-07-02 01:11:11 +00:00			`golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602`
Upgrade golang.org/x/* module dependencies. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-05-21 15:06:29 +00:00			`golang.org/x/sync v0.0.0-20210220032951-036812b2e83c`
			`golang.org/x/term v0.0.0-20210503060354-a79de5458b56`
Bump gopkg.in/square/go-jose.v2 from 2.5.1 to 2.6.0 Bumps [gopkg.in/square/go-jose.v2](https://github.com/square/go-jose) from 2.5.1 to 2.6.0. - [Release notes](https://github.com/square/go-jose/releases) - [Commits](https://github.com/square/go-jose/compare/v2.5.1...v2.6.0) --- updated-dependencies: - dependency-name: gopkg.in/square/go-jose.v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2021-06-08 05:41:45 +00:00			`gopkg.in/square/go-jose.v2 v2.6.0`
Bump to Go 1.16.6 and Kube v0.21.3 Signed-off-by: Monis Khan <mok@vmware.com> 2021-07-27 18:18:08 +00:00			`k8s.io/api v0.21.3`
			`k8s.io/apimachinery v0.21.3`
			`k8s.io/apiserver v0.21.3`
			`k8s.io/client-go v0.21.3`
			`k8s.io/component-base v0.21.3`
Upgrade k8s.io/gengo dependency. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-05-21 15:07:00 +00:00			`k8s.io/gengo v0.0.0-20210203185629-de9496dff47b`
Bump to Go 1.16.6 and Kube v0.21.3 Signed-off-by: Monis Khan <mok@vmware.com> 2021-07-27 18:18:08 +00:00			`k8s.io/klog/v2 v2.10.0`
			`k8s.io/kube-aggregator v0.21.3`
Upgrade k8s.io/utils dependency. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-05-21 15:07:41 +00:00			`k8s.io/utils v0.0.0-20210521133846-da695404a2bc`
Define initial config file format - Users may want to consume pkg/config to generate configuration files. - This also involved putting config-related utilities in the config package for ease of consumption. - We did not add in versioning into the Config type for now...this is something we will likely do in the future, but it is not deemed necessary this early in the project. - The config file format tries to follow the patterns of Kube. One such example of this is requiring the use of base64-encoded CA bundle PEM bytes instead of a file path. This also slightly simplifies the config file handling because we don't have to 1) read in a file or 2) deal with the error case of the file not being there. - The webhook code from k8s.io/apiserver is really exactly what we want here. If this dependency gets too burdensome, we can always drop it, but the pros outweigh the cons at the moment. - Writing out a kubeconfig to disk to configure the webhook is a little janky, but hopefully this won't hurt performance too much in the year 2020. - Also bonus: call the right Serve() function when starting our servers. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-14 15:50:14 +00:00			`sigs.k8s.io/yaml v1.2.0`
Add initial linter configuration. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-07-07 19:35:20 +00:00			`)`
Workaround a bad module version to fix Dependabot. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-02-16 23:05:33 +00:00
			`// Workaround a broken module version (see https://github.com/oleiade/reflections/issues/14).`
			`// We need this until none of our deps tries to pull in v1.0.0, otherwise some tools like`
			`// Dependabot will fail on our module.`
			`replace github.com/oleiade/reflections v1.0.0 => github.com/oleiade/reflections v1.0.1`
Move to github.com/form3tech-oss/jwt-go Signed-off-by: Monis Khan <mok@vmware.com> 2021-03-18 20:54:55 +00:00
			`// We were never vulnerable to CVE-2020-26160 but this avoids future issues`
			`// This fork is not particularly better though:`
			`// https://github.com/form3tech-oss/jwt-go/issues/7`
			`// We use the SHA of github.com/form3tech-oss/jwt-go@v3.2.2 to get around "used for two different module paths"`
			`// https://golang.org/issues/26904`
			`replace github.com/dgrijalva/jwt-go v3.2.0+incompatible => github.com/form3tech-oss/jwt-go v0.0.0-20200915135329-9162a5abdbc0`
Upgrade github.com/ory/fosite to v0.40.2. This required a weird hack because some of the Fosite tests (or a transitive dependency of them) depends on a newer version of gRPC that's incompatible with the Kubernetes runtime version we use. It wasn't as simple as just replacing the gRPC module with an older version, because in the latest versions of gRPC, they split out the "examples" packages into their own module. This new module name doesn't exist at the old version. Ultimately, the workaround was to make a fake "examples" module locally. This module can be empty because we never actually depend on that code (it's only used in transitive dependency tests). Signed-off-by: Matt Moyer <moyerm@vmware.com> 2021-05-28 14:52:49 +00:00
			`// Pin gRPC back to v1.29.1 (the version required by Kubernetes), but also override a module that's only used in some tests.`
			`// This is required because sometime after v1.29.1, they moved this package into a separate module.`
			`replace (`
			`google.golang.org/grpc => google.golang.org/grpc v1.29.1`
			`google.golang.org/grpc/examples => ./hack/dependencyhacks/grpcexamples/`
			`)`