scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 02:57:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Upgrade api package go-jose to v4 (#26527)

Browse Source 
* Upgrade api package go-jose to v4
* go-jose/v4 requires go 1.21
This commit is contained in:
Tom Proctor
2024-04-19 13:17:41 +02:00
committed by GitHub
parent 16cd58d478
commit 86d529e115
5 changed files with 19 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
api/plugin_helpers.go
View File

@@ -13,7 +13,8 @@ import (
"net/url"
"os"
"github.com/go-jose/go-jose/v3/jwt"
jose "github.com/go-jose/go-jose/v4"
"github.com/go-jose/go-jose/v4/jwt"
"github.com/hashicorp/errwrap"
)
@@ -40,6 +41,11 @@ const (
// PluginUnwrapTokenEnv is the ENV name used to pass unwrap tokens to the
// plugin.
PluginUnwrapTokenEnv = "VAULT_UNWRAP_TOKEN"
// CubbyHoleJWTSignatureAlgorithm is the signature algorithm used for
// the unwrap token that Vault passes to a plugin when auto-mTLS is
// not enabled.
CubbyHoleJWTSignatureAlgorithm = jose.ES512
)
// PluginAPIClientMeta is a helper that plugins can use to configure TLS connections
@@ -102,7 +108,7 @@ func VaultPluginTLSProviderContext(ctx context.Context, apiTLSConfig *TLSConfig)
return func() (*tls.Config, error) {
unwrapToken := os.Getenv(PluginUnwrapTokenEnv)
parsedJWT, err := jwt.ParseSigned(unwrapToken)
parsedJWT, err := jwt.ParseSigned(unwrapToken, []jose.SignatureAlgorithm{CubbyHoleJWTSignatureAlgorithm})
if err != nil {
return nil, errwrap.Wrapf("error parsing wrapping token: {{err}}", err)
}