Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package step-cli for openSUSE:Factory checked in at 2025-03-05 17:04:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/step-cli (Old) and /work/SRC/openSUSE:Factory/.step-cli.new.19136 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "step-cli" Wed Mar 5 17:04:08 2025 rev:7 rq:1250411 version:0.28.5 Changes: -------- --- /work/SRC/openSUSE:Factory/step-cli/step-cli.changes 2025-02-20 22:05:15.240091781 +0100 +++ /work/SRC/openSUSE:Factory/.step-cli.new.19136/step-cli.changes 2025-03-05 17:05:00.750574402 +0100 @@ -1,0 +2,24 @@ +Wed Mar 5 12:34:56 UTC 2025 - Johannes Kastl <opensuse_buildserv...@ojkastl.de> + +- update to 0.28.5: + https://github.com/smallstep/cli/releases/tag/v0.28.5 + * Merge pull request #1382 from smallstep/herman/crypto-v0.59.1 + * Merge pull request #1383 from + smallstep/herman/fix-token-user-braces + * Change .Token.user.field to not use curly braces + * Upgrade go.step.sm/crypto to v0.59.1 + +------------------------------------------------------------------- +Wed Mar 5 10:28:16 UTC 2025 - Johannes Kastl <opensuse_buildserv...@ojkastl.de> + +- update to 0.28.4: + https://github.com/smallstep/cli/releases/tag/v0.28.4 + * Added + - Add the --set and --set-file flags to the step ca token + command, allowing the user to set keys in the "user" claim in + the resulting JWT. (#1375) + - Support for downloading additional default settings when + running 'step ssh config' (#1377) 'min-password-length' and + 'provisioner' + +------------------------------------------------------------------- Old: ---- cli-0.28.3.tar.gz New: ---- cli-0.28.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ step-cli.spec ++++++ --- /var/tmp/diff_new_pack.kScSNL/_old 2025-03-05 17:05:03.258679621 +0100 +++ /var/tmp/diff_new_pack.kScSNL/_new 2025-03-05 17:05:03.258679621 +0100 @@ -22,7 +22,7 @@ %define pkg_name cli %define pkg_version %{version} Name: step-cli -Version: 0.28.3 +Version: 0.28.5 Release: 0 Summary: Zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc License: Apache-2.0 @@ -37,7 +37,7 @@ BuildRequires: golang-packaging BuildRequires: pkgconfig BuildRequires: zsh -BuildRequires: golang(API) >= 1.19 +BuildRequires: golang(API) >= 1.23.6 BuildRequires: pkgconfig(bash-completion) BuildRequires: pkgconfig(systemd) Conflicts: step ++++++ cli-0.28.3.tar.gz -> cli-0.28.5.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cli-0.28.3/.VERSION new/cli-0.28.5/.VERSION --- old/cli-0.28.3/.VERSION 2025-02-20 18:46:12.000000000 +0100 +++ new/cli-0.28.5/.VERSION 2025-03-05 12:08:34.000000000 +0100 @@ -1 +1 @@ - (HEAD -> master, tag: v0.28.3) + (HEAD -> master, tag: v0.28.5) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cli-0.28.3/.github/workflows/release.yml new/cli-0.28.5/.github/workflows/release.yml --- old/cli-0.28.3/.github/workflows/release.yml 2025-02-20 18:46:12.000000000 +0100 +++ new/cli-0.28.5/.github/workflows/release.yml 2025-03-05 12:08:34.000000000 +0100 @@ -162,9 +162,9 @@ ]' > "$RUNNER_TEMP/reference-routes.json" # Replace old route manifest with new - jq --argfile newRoutes "$RUNNER_TEMP/reference-routes.json" 'walk( + jq --slurpfile newRoutes "$RUNNER_TEMP/reference-routes.json" 'walk( if type == "object" and .isStepReference == true then - .routes = $newRoutes + .routes = $newRoutes[0] else . end )' < manifest.json > manifest.json.new diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cli-0.28.3/CHANGELOG.md new/cli-0.28.5/CHANGELOG.md --- old/cli-0.28.3/CHANGELOG.md 2025-02-20 18:46:12.000000000 +0100 +++ new/cli-0.28.5/CHANGELOG.md 2025-03-05 12:08:34.000000000 +0100 @@ -26,6 +26,15 @@ --- +## [0.28.4] - 2025-03-04 + +### Added + +- Add the --set and --set-file flags to the step ca token command, allowing the user to set keys in the "user" claim in the resulting JWT. (smallstep/cli#1375) +- Support for downloading additional default settings when running 'step ssh config' (smallstep/cli#1377) + - 'min-password-length' and 'provisioner' + + ## [0.28.3] - 2025-02-20 ### Added diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cli-0.28.3/command/ca/token.go new/cli-0.28.5/command/ca/token.go --- old/cli-0.28.3/command/ca/token.go 2025-02-20 18:46:12.000000000 +0100 +++ new/cli-0.28.5/command/ca/token.go 2025-03-05 12:08:34.000000000 +0100 @@ -34,7 +34,8 @@ [**--sshpop-cert**=<file>] [**--sshpop-key**=<file>] [**--cnf**=<fingerprint>] [**--cnf-file**=<file>] [**--ssh**] [**--host**] [**--principal**=<name>] [**--k8ssa-token-path**=<file>] -[**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>]`, +[**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>] +[**--set**=<key=value>] [**--set-file**=<file>]`, Description: `**step ca token** command generates a one-time token granting access to the certificates authority. @@ -174,6 +175,18 @@ $ step ca token --kms yubikey:pin-value=123456 \ --x5c-cert yubikey:slot-id=82 --x5c-key yubikey:slot-id=82 \ internal.example.com +''' + +Generate a token with custom data in the "user" claim. The example below can be +accessed in a template as **.Token.user.field**, rendering to the string +"value". + +This is distinct from **.Insecure.User**: any attributes set using this option +are added to a claim named "user" in the signed JWT produced by this command. +This data may therefore be considered trusted (insofar as the token itself is +trusted). +''' +$ step ca token --set field=value internal.example.com '''`, Flags: []cli.Flag{ provisionerKidFlag, @@ -244,6 +257,8 @@ flags.CaURL, flags.Root, flags.Context, + flags.TemplateSet, + flags.TemplateSetFile, }, } } @@ -350,11 +365,29 @@ tokenOpts = append(tokenOpts, cautils.WithConfirmationFingerprint(cnf)) } + templateData, err := flags.GetTemplateData(ctx) + if err != nil { + return err + } + if templateData != nil { + tokenOpts = append(tokenOpts, cautils.WithCustomAttributes(templateData)) + } + // --san and --type revoke are incompatible. Revocation tokens do not support SANs. if typ == cautils.RevokeType && len(sans) > 0 { return errs.IncompatibleFlagWithFlag(ctx, "san", "revoke") } + // --offline doesn't support tokenOpts, so reject set/set-file + if offline { + if len(ctx.StringSlice("set")) > 0 { + return errs.IncompatibleFlagWithFlag(ctx, "offline", "set") + } + if ctx.String("set-file") != "" { + return errs.IncompatibleFlagWithFlag(ctx, "offline", "set-file") + } + } + // parse times or durations notBefore, ok := flags.ParseTimeOrDuration(ctx.String("not-before")) if !ok { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cli-0.28.3/command/oauth/cmd.go new/cli-0.28.5/command/oauth/cmd.go --- old/cli-0.28.3/command/oauth/cmd.go 2025-02-20 18:46:12.000000000 +0100 +++ new/cli-0.28.5/command/oauth/cmd.go 2025-03-05 12:08:34.000000000 +0100 @@ -784,18 +784,22 @@ return nil, err } - if err := exec.OpenInBrowser(authURL, o.browser); err != nil { - fmt.Fprintln(os.Stderr, "Cannot open a web browser on your platform.") - fmt.Fprintln(os.Stderr) - fmt.Fprintln(os.Stderr, "Open a local web browser and visit:") - fmt.Fprintln(os.Stderr) + if skipBrowser := os.Getenv("STEP_OPEN_BROWSER") == "0"; skipBrowser { fmt.Fprintln(os.Stderr, authURL) - fmt.Fprintln(os.Stderr) } else { - fmt.Fprintln(os.Stderr, "Your default web browser has been opened to visit:") - fmt.Fprintln(os.Stderr) - fmt.Fprintln(os.Stderr, authURL) - fmt.Fprintln(os.Stderr) + if err := exec.OpenInBrowser(authURL, o.browser); err != nil { + fmt.Fprintln(os.Stderr, "Cannot open a web browser on your platform.") + fmt.Fprintln(os.Stderr) + fmt.Fprintln(os.Stderr, "Open a local web browser and visit:") + fmt.Fprintln(os.Stderr) + fmt.Fprintln(os.Stderr, authURL) + fmt.Fprintln(os.Stderr) + } else { + fmt.Fprintln(os.Stderr, "Your default web browser has been opened to visit:") + fmt.Fprintln(os.Stderr) + fmt.Fprintln(os.Stderr, authURL) + fmt.Fprintln(os.Stderr) + } } // Wait for response and return the token diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cli-0.28.3/command/ssh/certificate.go new/cli-0.28.5/command/ssh/certificate.go --- old/cli-0.28.3/command/ssh/certificate.go 2025-02-20 18:46:12.000000000 +0100 +++ new/cli-0.28.5/command/ssh/certificate.go 2025-03-05 12:08:34.000000000 +0100 @@ -5,6 +5,7 @@ "crypto" "crypto/rand" "crypto/x509" + "fmt" "net/url" "os" "strings" @@ -44,7 +45,8 @@ [**--console**] [**--no-password**] [**--insecure**] [**--force**] [**--x5c-cert**=<file>] [**--x5c-key**=<file>] [**--k8ssa-token-path**=<file>] [**--no-agent**] [**--kty**=<key-type>] [**--curve**=<curve>] [**--size**=<size>] -[**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>]`, +[**--min-password-length**=<length>] [**--ca-url**=<uri>] +[**--root**=<file>] [**--context**=<name>]`, Description: `**step ssh certificate** command generates an SSH key pair and creates a certificate using [step certificates](https://github.com/smallstep/certificates). @@ -202,6 +204,11 @@ Name: "no-agent", Usage: "Do not add the generated certificate and associated private key to the SSH agent.", }, + cli.IntFlag{ + Name: "min-password-length", + Usage: "Set minimum required length for password used to encrypt private key. The default value is '0'. Values <=0 are interpreted as if no minimum value is set.", + Value: 0, + }, flags.CaConfig, flags.CaURL, flags.Root, @@ -240,6 +247,7 @@ noPassword := ctx.Bool("no-password") insecure := ctx.Bool("insecure") sshPrivKeyFile := ctx.String("private-key") + minPasswordLength := ctx.Int("min-password-length") validAfter, validBefore, err := flags.ParseTimeDuration(ctx) if err != nil { return err @@ -258,6 +266,8 @@ switch { case noPassword && !insecure: return errs.RequiredInsecureFlag(ctx, "no-password") + case noPassword && minPasswordLength > 0: + return errs.IncompatibleFlagWithFlag(ctx, "no-password", "min-password-length") case noPassword && passwordFile != "": return errs.IncompatibleFlagWithFlag(ctx, "no-password", "password-file") case token != "" && provisionerPasswordFile != "": @@ -456,42 +466,47 @@ // Private key (with password unless --no-password --insecure) opts := []pemutil.Options{ pemutil.WithOpenSSH(true), - pemutil.ToFile(keyFile, 0600), + pemutil.ToFile(keyFile, 0o600), } switch { case noPassword && insecure: case passwordFile != "": - opts = append(opts, pemutil.WithPasswordFile(passwordFile)) + opts = append(opts, pemutil.WithMinLengthPasswordFile(passwordFile, minPasswordLength)) default: - opts = append(opts, pemutil.WithPasswordPrompt("Please enter the password to encrypt the private key", func(s string) ([]byte, error) { - return ui.PromptPassword(s, ui.WithValidateNotEmpty()) + prompt := "Please enter the password to encrypt the private key" + if minPasswordLength > 0 { + prompt = fmt.Sprintf("%s (must be at least %d characters)", prompt, minPasswordLength) + } + opts = append(opts, pemutil.WithPasswordPrompt(prompt, func(s string) ([]byte, error) { + return ui.PromptPassword(s, ui.WithValidateNotEmpty(), ui.WithMinLength(minPasswordLength)) })) } + _, err = pemutil.Serialize(priv, opts...) if err != nil { return err } - if err := utils.WriteFile(pubFile, marshalPublicKey(sshPub, subject), 0644); err != nil { + if err := utils.WriteFile(pubFile, marshalPublicKey(sshPub, subject), 0o644); err != nil { return err } } // Write certificate - if err := utils.WriteFile(crtFile, marshalPublicKey(resp.Certificate, subject), 0644); err != nil { + if err := utils.WriteFile(crtFile, marshalPublicKey(resp.Certificate, subject), 0o644); err != nil { return err } // Write Add User keys and certs if isAddUser && resp.AddUserCertificate != nil { id := provisioner.SanitizeSSHUserPrincipal(subject) + "-provisioner" - if _, err := pemutil.Serialize(auPriv, pemutil.WithOpenSSH(true), pemutil.ToFile(baseName+"-provisioner", 0600)); err != nil { + if _, err := pemutil.Serialize(auPriv, pemutil.WithOpenSSH(true), pemutil.ToFile(baseName+"-provisioner", 0o600)); err != nil { return err } - if err := utils.WriteFile(baseName+"-provisioner.pub", marshalPublicKey(sshAuPub, id), 0644); err != nil { + if err := utils.WriteFile(baseName+"-provisioner.pub", marshalPublicKey(sshAuPub, id), 0o644); err != nil { return err } - if err := utils.WriteFile(baseName+"-provisioner-cert.pub", marshalPublicKey(resp.AddUserCertificate, id), 0644); err != nil { + if err := utils.WriteFile(baseName+"-provisioner-cert.pub", marshalPublicKey(resp.AddUserCertificate, id), 0o644); err != nil { return err } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cli-0.28.3/flags/flags.go new/cli-0.28.5/flags/flags.go --- old/cli-0.28.3/flags/flags.go 2025-02-20 18:46:12.000000000 +0100 +++ new/cli-0.28.5/flags/flags.go 2025-03-05 12:08:34.000000000 +0100 @@ -670,3 +670,21 @@ return fmt.Sprintf("%s://%s", u.Scheme, u.Host), nil } + +// FirstStringOf returns the value of the first defined flag from the input list. +// If no defined flags, returns first flag with non-empty default value. +func FirstStringOf(ctx *cli.Context, flags ...string) string { + // Return first defined flag. + for _, f := range flags { + if ctx.IsSet(f) { + return ctx.String(f) + } + } + // Return first non-empty, default, flag value. + for _, f := range flags { + if val := ctx.String(f); val != "" { + return val + } + } + return "" +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cli-0.28.3/flags/flags_test.go new/cli-0.28.5/flags/flags_test.go --- old/cli-0.28.3/flags/flags_test.go 2025-02-20 18:46:12.000000000 +0100 +++ new/cli-0.28.5/flags/flags_test.go 2025-03-05 12:08:34.000000000 +0100 @@ -230,3 +230,78 @@ }) } } + +func TestFirstStringOf(t *testing.T) { + getAppSet := func() (*cli.App, *flag.FlagSet) { + app := &cli.App{} + set := flag.NewFlagSet("contrive", 0) + return app, set + } + tests := []struct { + name string + getContext func() *cli.Context + inputs []string + want string + }{ + { + name: "no-flags-empty", + getContext: func() *cli.Context { + app, set := getAppSet() + //_ = set.String("ca-url", "", "") + return cli.NewContext(app, set, nil) + }, + inputs: []string{"foo", "bar"}, + want: "", + }, + { + name: "return-first-set-flag", + getContext: func() *cli.Context { + app, set := getAppSet() + _ = set.String("foo", "", "") + _ = set.String("bar", "", "") + _ = set.String("baz", "", "") + ctx := cli.NewContext(app, set, nil) + ctx.Set("bar", "test1") + ctx.Set("baz", "test2") + return ctx + }, + inputs: []string{"foo", "bar", "baz"}, + want: "test1", + }, + { + name: "return-first-default-flag", + getContext: func() *cli.Context { + app, set := getAppSet() + _ = set.String("foo", "", "") + _ = set.String("bar", "", "") + _ = set.String("baz", "test1", "") + ctx := cli.NewContext(app, set, nil) + return ctx + }, + inputs: []string{"foo", "bar", "baz"}, + want: "test1", + }, + { + name: "all-empty", + getContext: func() *cli.Context { + app, set := getAppSet() + _ = set.String("foo", "", "") + _ = set.String("bar", "", "") + _ = set.String("baz", "", "") + ctx := cli.NewContext(app, set, nil) + return ctx + }, + inputs: []string{"foo", "bar", "baz"}, + want: "", + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + ctx := tt.getContext() + val := FirstStringOf(ctx, tt.inputs...) + if val != tt.want { + t.Errorf("expected %v, but got %v", tt.want, val) + } + }) + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cli-0.28.3/go.mod new/cli-0.28.5/go.mod --- old/cli-0.28.3/go.mod 2025-02-20 18:46:12.000000000 +0100 +++ new/cli-0.28.5/go.mod 2025-03-05 12:08:34.000000000 +0100 @@ -7,8 +7,8 @@ github.com/ThomasRooney/gexpect v0.0.0-20161231170123-5482f0350944 github.com/ccoveille/go-safecast v1.5.0 github.com/fxamacker/cbor/v2 v2.7.0 - github.com/go-jose/go-jose/v3 v3.0.3 - github.com/google/go-cmp v0.6.0 + github.com/go-jose/go-jose/v3 v3.0.4 + github.com/google/go-cmp v0.7.0 github.com/google/go-tpm v0.9.3 github.com/google/uuid v1.6.0 github.com/icrowley/fake v0.0.0-20221112152111-d7b7e2276db2 @@ -19,7 +19,7 @@ github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 github.com/smallstep/certificates v0.28.2 github.com/smallstep/certinfo v1.13.0 - github.com/smallstep/cli-utils v0.10.0 + github.com/smallstep/cli-utils v0.12.1 github.com/smallstep/go-attestation v0.4.4-0.20240109183208-413678f90935 github.com/smallstep/linkedca v0.23.0 github.com/smallstep/truststore v0.13.0 @@ -28,8 +28,8 @@ github.com/stretchr/testify v1.10.0 github.com/urfave/cli v1.22.16 go.mozilla.org/pkcs7 v0.9.0 - go.step.sm/crypto v0.57.1 - golang.org/x/crypto v0.33.0 + go.step.sm/crypto v0.59.1 + golang.org/x/crypto v0.35.0 golang.org/x/sys v0.30.0 golang.org/x/term v0.29.0 google.golang.org/protobuf v1.36.5 @@ -37,22 +37,22 @@ ) require ( - cloud.google.com/go v0.116.0 // indirect - cloud.google.com/go/auth v0.14.1 // indirect + cloud.google.com/go v0.118.2 // indirect + cloud.google.com/go/auth v0.15.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect cloud.google.com/go/compute/metadata v0.6.0 // indirect - cloud.google.com/go/iam v1.2.2 // indirect + cloud.google.com/go/iam v1.4.0 // indirect cloud.google.com/go/longrunning v0.6.4 // indirect cloud.google.com/go/security v1.18.3 // indirect dario.cat/mergo v1.0.1 // indirect filippo.io/edwards25519 v1.1.0 // indirect github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.3.0 // indirect github.com/Masterminds/sprig/v3 v3.3.0 // indirect @@ -74,7 +74,7 @@ github.com/dustin/go-humanize v1.0.1 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/go-chi/chi/v5 v5.2.1 // indirect - github.com/go-jose/go-jose/v4 v4.0.2 // indirect + github.com/go-jose/go-jose/v4 v4.0.5 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-sql-driver/mysql v1.8.1 // indirect @@ -84,7 +84,7 @@ github.com/golang/snappy v0.0.4 // indirect github.com/google/btree v1.1.3 // indirect github.com/google/certificate-transparency-go v1.2.2 // indirect - github.com/google/go-tpm-tools v0.4.4 // indirect + github.com/google/go-tpm-tools v0.4.5 // indirect github.com/google/go-tspi v0.3.0 // indirect github.com/google/s2a-go v0.1.9 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect @@ -126,21 +126,21 @@ github.com/x448/float16 v0.8.4 // indirect go.etcd.io/bbolt v1.3.11 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect go.opentelemetry.io/otel v1.34.0 // indirect go.opentelemetry.io/otel/metric v1.34.0 // indirect go.opentelemetry.io/otel/trace v1.34.0 // indirect - golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 // indirect + golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc // indirect golang.org/x/net v0.35.0 // indirect golang.org/x/oauth2 v0.26.0 // indirect golang.org/x/sync v0.11.0 // indirect golang.org/x/text v0.22.0 // indirect golang.org/x/time v0.10.0 // indirect - google.golang.org/api v0.221.0 // indirect - google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6 // indirect + google.golang.org/api v0.223.0 // indirect + google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250219182151-9fdb1cabc7b2 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250219182151-9fdb1cabc7b2 // indirect google.golang.org/grpc v1.70.0 // indirect google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cli-0.28.3/go.sum new/cli-0.28.5/go.sum --- old/cli-0.28.3/go.sum 2025-02-20 18:46:12.000000000 +0100 +++ new/cli-0.28.5/go.sum 2025-03-05 12:08:34.000000000 +0100 @@ -1,15 +1,15 @@ -cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= -cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.14.1 h1:AwoJbzUdxA/whv1qj3TLKwh3XX5sikny2fc40wUl+h0= -cloud.google.com/go/auth v0.14.1/go.mod h1:4JHUxlGXisL0AW8kXPtUF6ztuOksyfUQNFjfsOCXkPM= +cloud.google.com/go v0.118.2 h1:bKXO7RXMFDkniAAvvuMrAPtQ/VHrs9e7J5UT3yrGdTY= +cloud.google.com/go v0.118.2/go.mod h1:CFO4UPEPi8oV21xoezZCrd3d81K4fFkDTEJu4R8K+9M= +cloud.google.com/go/auth v0.15.0 h1:Ly0u4aA5vG/fsSsxu98qCQBemXtAtJf+95z9HK+cxps= +cloud.google.com/go/auth v0.15.0/go.mod h1:WJDGqZ1o9E9wKIL+IwStfyn/+s59zl4Bi+1KQNVXLZ8= cloud.google.com/go/auth/oauth2adapt v0.2.7 h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M= cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc= cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= -cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= -cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= -cloud.google.com/go/kms v1.20.5 h1:aQQ8esAIVZ1atdJRxihhdxGQ64/zEbJoJnCz/ydSmKg= -cloud.google.com/go/kms v1.20.5/go.mod h1:C5A8M1sv2YWYy1AE6iSrnddSG9lRGdJq5XEdBy28Lmw= +cloud.google.com/go/iam v1.4.0 h1:ZNfy/TYfn2uh/ukvhp783WhnbVluqf/tzOaqVUPlIPA= +cloud.google.com/go/iam v1.4.0/go.mod h1:gMBgqPaERlriaOV0CUl//XUzDhSfXevn4OEUbg6VRs4= +cloud.google.com/go/kms v1.21.0 h1:x3EeWKuYwdlo2HLse/876ZrKjk2L5r7Uexfm8+p6mSI= +cloud.google.com/go/kms v1.21.0/go.mod h1:zoFXMhVVK7lQ3JC9xmhHMoQhnjEDZFoLAr5YMwzBLtk= cloud.google.com/go/longrunning v0.6.4 h1:3tyw9rO3E2XVXzSApn1gyEEnH2K9SynNQjMlBi3uHLg= cloud.google.com/go/longrunning v0.6.4/go.mod h1:ttZpLCe6e7EXvn9OxpBRx7kZEB0efv8yBO6YnVMfhJs= cloud.google.com/go/security v1.18.3 h1:ya9gfY1ign6Yy25VMMMgZ9xy7D/TczDB0ElXcyWmEVE= @@ -22,10 +22,10 @@ github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0 h1:g0EZJwz7xkXQiZAI5xi9f3WWFYBlX1CPTrR+NDToRkQ= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0/go.mod h1:XCW7KnZet0Opnr7HccfUw1PLc4CjHqpcaxW8DHklNkQ= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1 h1:1mvYtZfWQAnwNah/C+Z+Jb9rQH95LPE2vlmMuWAHJk8= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1/go.mod h1:75I/mXtme1JyWFtz8GocPHVFyH421IBoZErnO16dd0k= -github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.1 h1:Bk5uOhSAenHyR5P61D/NzeQCv+4fEVV8mOkJ82NqpWw= -github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.1/go.mod h1:QZ4pw3or1WPmRBxf0cHd1tknzrT54WPBOQoGutCPvSU= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2 h1:F0gBpfdPLGsw+nsgk6aqqkZS1jiixa5WwFe3fk/T3Ys= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2/go.mod h1:SqINnQ9lVVdRlyC8cd1lCI0SdX4n2paeABd2K8ggfnE= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 h1:m/sWOGCREuSBqg2htVQTBY8nOZpyajYztF0vUvSZTuM= @@ -34,8 +34,8 @@ github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= -github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 h1:kYRSnvJju5gYVyhkij+RTJ/VR6QIUaCfWeaFm2ycsjQ= -github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= +github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3 h1:H5xDQaE3XowWfhZRUpnfC+rGZMEVoSiji+b+/HFAPU4= +github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= @@ -53,32 +53,32 @@ github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/aws/aws-sdk-go-v2 v1.34.0 h1:9iyL+cjifckRGEVpRKZP3eIxVlL06Qk1Tk13vreaVQU= -github.com/aws/aws-sdk-go-v2 v1.34.0/go.mod h1:JgstGg0JjWU1KpVJjD5H0y0yyAIpSdKEq556EI6yOOM= -github.com/aws/aws-sdk-go-v2/config v1.29.2 h1:JuIxOEPcSKpMB0J+khMjznG9LIhIBdmqNiEcPclnwqc= -github.com/aws/aws-sdk-go-v2/config v1.29.2/go.mod h1:HktTHregOZwNSM/e7WTfVSu9RCX+3eOv+6ij27PtaYs= -github.com/aws/aws-sdk-go-v2/credentials v1.17.55 h1:CDhKnDEaGkLA5ZszV/qw5uwN5M8rbv9Cl0JRN+PRsaM= -github.com/aws/aws-sdk-go-v2/credentials v1.17.55/go.mod h1:kPD/vj+RB5MREDUky376+zdnjZpR+WgdBBvwrmnlmKE= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.25 h1:kU7tmXNaJ07LsyN3BUgGqAmVmQtq0w6duVIHAKfp0/w= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.25/go.mod h1:OiC8+OiqrURb1wrwmr/UbOVLFSWEGxjinj5C299VQdo= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29 h1:Ej0Rf3GMv50Qh4G4852j2djtoDb7AzQ7MuQeFHa3D70= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29/go.mod h1:oeNTC7PwJNoM5AznVr23wxhLnuJv0ZDe5v7w0wqIs9M= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29 h1:6e8a71X+9GfghragVevC5bZqvATtc3mAMgxpSNbgzF0= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29/go.mod h1:c4jkZiQ+BWpNqq7VtrxjwISrLrt/VvPq3XiopkUIolI= +github.com/aws/aws-sdk-go-v2 v1.36.1 h1:iTDl5U6oAhkNPba0e1t1hrwAo02ZMqbrGq4k5JBWM5E= +github.com/aws/aws-sdk-go-v2 v1.36.1/go.mod h1:5PMILGVKiW32oDzjj6RU52yrNrDPUHcbZQYr1sM7qmM= +github.com/aws/aws-sdk-go-v2/config v1.29.6 h1:fqgqEKK5HaZVWLQoLiC9Q+xDlSp+1LYidp6ybGE2OGg= +github.com/aws/aws-sdk-go-v2/config v1.29.6/go.mod h1:Ft+WLODzDQmCTHDvqAH1JfC2xxbZ0MxpZAcJqmE1LTQ= +github.com/aws/aws-sdk-go-v2/credentials v1.17.59 h1:9btwmrt//Q6JcSdgJOLI98sdr5p7tssS9yAsGe8aKP4= +github.com/aws/aws-sdk-go-v2/credentials v1.17.59/go.mod h1:NM8fM6ovI3zak23UISdWidyZuI1ghNe2xjzUZAyT+08= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28 h1:KwsodFKVQTlI5EyhRSugALzsV6mG/SGrdjlMXSZSdso= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28/go.mod h1:EY3APf9MzygVhKuPXAc5H+MkGb8k/DOSQjWS0LgkKqI= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32 h1:BjUcr3X3K0wZPGFg2bxOWW3VPN8rkE3/61zhP+IHviA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32/go.mod h1:80+OGC/bgzzFFTUmcuwD0lb4YutwQeKLFpmt6hoWapU= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32 h1:m1GeXHVMJsRsUAqG6HjZWx9dj7F5TR+cF1bjyfYyBd4= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32/go.mod h1:IitoQxGfaKdVLNg0hD8/DXmAqNy0H4K2H2Sf91ti8sI= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 h1:Pg9URiobXy85kgFev3og2CuOZ8JZUBENF+dcgWBaYNk= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 h1:D4oz8/CzT9bAEYtVhSBmFj2dNOtaHOtMKc2vHBwYizA= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2/go.mod h1:Za3IHqTQ+yNcRHxu1OFucBh0ACZT4j4VQFF0BqpZcLY= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.10 h1:hN4yJBGswmFTOVYqmbz1GBs9ZMtQe8SrYxPwrkrlRv8= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.10/go.mod h1:TsxON4fEZXyrKY+D+3d2gSTyJkGORexIYab9PTf56DA= -github.com/aws/aws-sdk-go-v2/service/kms v1.37.14 h1:IvhYu4W4wKMqN6DqtuVD7obkFflgTv1wmnZMjlSeDAA= -github.com/aws/aws-sdk-go-v2/service/kms v1.37.14/go.mod h1:yqUt1GZH4uf7HUNT2Kd7qk6P+Vi5z+C5+NjNSNRO1L4= -github.com/aws/aws-sdk-go-v2/service/sso v1.24.12 h1:kznaW4f81mNMlREkU9w3jUuJvU5g/KsqDV43ab7Rp6s= -github.com/aws/aws-sdk-go-v2/service/sso v1.24.12/go.mod h1:bZy9r8e0/s0P7BSDHgMLXK2KvdyRRBIQ2blKlvLt0IU= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.11 h1:mUwIpAvILeKFnRx4h1dEgGEFGuV8KJ3pEScZWVFYuZA= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.11/go.mod h1:JDJtD+b8HNVv71axz8+S5492KM8wTzHRFpMKQbPlYxw= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.10 h1:g9d+TOsu3ac7SgmY2dUf1qMgu/uJVTlQ4VCbH6hRxSw= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.10/go.mod h1:WZfNmntu92HO44MVZAubQaz3qCuIdeOdog2sADfU6hU= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13 h1:SYVGSFQHlchIcy6e7x12bsrxClCXSP5et8cqVhL8cuw= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13/go.mod h1:kizuDaLX37bG5WZaoxGPQR/LNFXpxp0vsUnqfkWXfNE= +github.com/aws/aws-sdk-go-v2/service/kms v1.37.18 h1:pi9M/9n1PLayBXjia7LfwgXwcpFdFO7Q2cqKOZa1ZmM= +github.com/aws/aws-sdk-go-v2/service/kms v1.37.18/go.mod h1:vZXvmzfhdsPj/axc8+qk/2fSCP4hGyaZ1MAduWEHAxM= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.15 h1:/eE3DogBjYlvlbhd2ssWyeuovWunHLxfgw3s/OJa4GQ= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.15/go.mod h1:2PCJYpi7EKeA5SkStAmZlF6fi0uUABuhtF8ILHjGc3Y= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14 h1:M/zwXiL2iXUrHputuXgmO94TVNmcenPHxgLXLutodKE= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14/go.mod h1:RVwIw3y/IqxC2YEXSIkAzRDdEU1iRabDPaYjpGCbCGQ= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.14 h1:TzeR06UCMUq+KA3bDkujxK1GVGy+G8qQN/QVYzGLkQE= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.14/go.mod h1:dspXf/oYWGWo6DEvj98wpaTeqt5+DMidZD0A9BYTizc= github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -143,10 +143,10 @@ github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-chi/chi/v5 v5.2.1 h1:KOIHODQj58PmL80G2Eak4WdvUzjSJSm0vG72crDCqb8= github.com/go-chi/chi/v5 v5.2.1/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops= -github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= -github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= -github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= -github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= +github.com/go-jose/go-jose/v3 v3.0.4 h1:Wp5HA7bLQcKnf6YYao/4kpRpVMp/yf6+pJKV8WFSaNY= +github.com/go-jose/go-jose/v3 v3.0.4/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE= +github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -172,20 +172,21 @@ github.com/google/certificate-transparency-go v1.2.2 h1:5TAzjQnCfN1vps2XWUgU6Svt++rgy9a+b8CBYXaKUAo= github.com/google/certificate-transparency-go v1.2.2/go.mod h1:d1o5XNQzK/yz8IXzEce6KXgMxfter/EcMP9vG4dBRNE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-configfs-tsm v0.2.2 h1:YnJ9rXIOj5BYD7/0DNnzs8AOp7UcvjfTvt215EWcs98= -github.com/google/go-configfs-tsm v0.2.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= +github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc h1:SG12DWUUM5igxm+//YX5Yq4vhdoRnOG9HkCodkOn+YU= +github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= -github.com/google/go-sev-guest v0.9.3 h1:GOJ+EipURdeWFl/YYdgcCxyPeMgQUWlI056iFkBD8UU= -github.com/google/go-sev-guest v0.9.3/go.mod h1:hc1R4R6f8+NcJwITs0L90fYWTsBpd1Ix+Gur15sqHDs= -github.com/google/go-tdx-guest v0.3.1 h1:gl0KvjdsD4RrJzyLefDOvFOUH3NAJri/3qvaL5m83Iw= -github.com/google/go-tdx-guest v0.3.1/go.mod h1:/rc3d7rnPykOPuY8U9saMyEps0PZDThLk/RygXm04nE= +github.com/google/go-sev-guest v0.12.1 h1:H4rFYnPIn8HtqEsNTmh56Zxcf9BI9n48ZSYCnpYLYvc= +github.com/google/go-sev-guest v0.12.1/go.mod h1:SK9vW+uyfuzYdVN0m8BShL3OQCtXZe/JPF7ZkpD3760= +github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 h1:+MoPobRN9HrDhGyn6HnF5NYo4uMBKaiFqAtf/D/OB4A= +github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843/go.mod h1:g/n8sKITIT9xRivBUbizo34DTsUm2nN2uU3A662h09g= github.com/google/go-tpm v0.9.3 h1:+yx0/anQuGzi+ssRqeD6WpXjW2L/V0dItUayO0i9sRc= github.com/google/go-tpm v0.9.3/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY= -github.com/google/go-tpm-tools v0.4.4 h1:oiQfAIkc6xTy9Fl5NKTeTJkBTlXdHsxAofmQyxBKY98= -github.com/google/go-tpm-tools v0.4.4/go.mod h1:T8jXkp2s+eltnCDIsXR84/MTcVU9Ja7bh3Mit0pa4AY= +github.com/google/go-tpm-tools v0.4.5 h1:3fhthtyMDbIZFR5/0y1hvUoZ1Kf4i1eZ7C73R4Pvd+k= +github.com/google/go-tpm-tools v0.4.5/go.mod h1:ktjTNq8yZFD6TzdBFefUfen96rF3NpYwpSb2d8bc+Y8= github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus= github.com/google/go-tspi v0.3.0/go.mod h1:xfMGI3G0PhxCdNVcYr1C4C+EizojDg/TXuX5by8CiHI= github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ= @@ -252,8 +253,6 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/newrelic/go-agent/v3 v3.36.0 h1:PdvJZiUu45qg2qrOeia0gYr1vaZ2Ro6QIlqlgHObHXo= github.com/newrelic/go-agent/v3 v3.36.0/go.mod h1:GNTda53CohAhkgsc7/gqSsJhDZjj8vaky5u+vKz7wqM= -github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw= -github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/peterbourgon/diskv/v3 v3.0.1 h1:x06SQA46+PKIUftmEujdwSEpIx8kR+M9eLYsUxeYveU= github.com/peterbourgon/diskv/v3 v3.0.1/go.mod h1:kJ5Ny7vLdARGU3WUuy6uzO6T0nb/2gWcT1JiBvRmb5o= @@ -299,8 +298,8 @@ github.com/smallstep/certificates v0.28.2/go.mod h1:UWVIqq5A3toV9rSzYUnimqRNeU6xCt3YWB2mTaCxm28= github.com/smallstep/certinfo v1.13.0 h1:iv/Fc1c8vke1asJZI7s3XoH7Wo/MY7znK0TlDUsSAhs= github.com/smallstep/certinfo v1.13.0/go.mod h1:2pGT3T7r0s5f3BpJRi/j5K5akgvL3RfYXts5rDICkEA= -github.com/smallstep/cli-utils v0.10.0 h1:CfXNvHtIN5pAzGvGP0NEUZoGFcj5epNEB6RSpSfduek= -github.com/smallstep/cli-utils v0.10.0/go.mod h1:jIeNa5ctrVg89lU5TaQKYd6o1eFxi9mtZu1sXSxpEBg= +github.com/smallstep/cli-utils v0.12.1 h1:D9QvfbFqiKq3snGZ2xDcXEFrdFJ1mQfPHZMq/leerpE= +github.com/smallstep/cli-utils v0.12.1/go.mod h1:skV2Neg8qjiKPu2fphM89H9bIxNpKiiRTnX9Q6Lc+20= github.com/smallstep/go-attestation v0.4.4-0.20240109183208-413678f90935 h1:kjYvkvS/Wdy0PVRDUAA0gGJIVSEZYhiAJtfwYgOYoGA= github.com/smallstep/go-attestation v0.4.4-0.20240109183208-413678f90935/go.mod h1:vNAduivU014fubg6ewygkAvQC0IQVXqdc8vaGl/0er4= github.com/smallstep/linkedca v0.23.0 h1:5W/7EudlK1HcCIdZM68dJlZ7orqCCCyv6bm2l/0JmLU= @@ -360,10 +359,10 @@ go.mozilla.org/pkcs7 v0.9.0/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 h1:PS8wXpbyaDJQ2VDHHncMe9Vct0Zn1fEjpsjrLxGJoSc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0 h1:rgMkmiGfix9vFJDcDi1PK8WEQP4FLQwLDfhp5ZLpFeE= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0/go.mod h1:ijPqXp5P6IRRByFVVg9DY8P5HkxkHE5ARIa+86aXPf4= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 h1:CV7UdSGJt/Ao6Gp4CXckLxVRRsRgDHoI8XjbL3PDl8s= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0/go.mod h1:FRmFuRJfag1IZ2dPkHnEoSFVgTVPUd2qf5Vi69hLb8I= go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY= go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI= go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ= @@ -374,8 +373,8 @@ go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ= go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k= go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE= -go.step.sm/crypto v0.57.1 h1:bt7ugfc0m2/nJ9/uhQOtXRW3xQr8zJwL087FLQk9mvc= -go.step.sm/crypto v0.57.1/go.mod h1:wL25/Mh7edmo36AA93hf9agP493Zt3y4QBzB1wzwOjc= +go.step.sm/crypto v0.59.1 h1:jUL+5p19YS9YJKLaPUgkS2OdGm7s0+hwP7AqTFyF9Cg= +go.step.sm/crypto v0.59.1/go.mod h1:XHavmnzfTyPpQE/n4YokEtjiBzP3LZI9/1O061f5y0o= go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU= go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= @@ -387,10 +386,11 @@ golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= -golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= -golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 h1:6R2FC06FonbXQ8pK11/PDFY6N6LWlf9KlzibaCapmqc= -golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ= +golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs= +golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ= +golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc h1:O9NuF4s+E/PvMIy+9IUZB9znFwUIXEWSstNjek6VpVg= +golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= @@ -471,14 +471,14 @@ golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.221.0 h1:qzaJfLhDsbMeFee8zBRdt/Nc+xmOuafD/dbdgGfutOU= -google.golang.org/api v0.221.0/go.mod h1:7sOU2+TL4TxUTdbi0gWgAIg7tH5qBXxoyhtL+9x3biQ= -google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk= -google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= -google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= -google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6 h1:2duwAxN2+k0xLNpjnHTXoMUgnv6VPSp5fiqTuwSxjmI= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6/go.mod h1:8BS3B93F/U1juMFq9+EDk+qOT5CO1R9IzXxG3PTqiRk= +google.golang.org/api v0.223.0 h1:JUTaWEriXmEy5AhvdMgksGGPEFsYfUKaPEYXd4c3Wvc= +google.golang.org/api v0.223.0/go.mod h1:C+RS7Z+dDwds2b+zoAk5hN/eSfsiCn0UDrYof/M4d2M= +google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4 h1:Pw6WnI9W/LIdRxqK7T6XGugGbHIRl5Q7q3BssH6xk4s= +google.golang.org/genproto v0.0.0-20250122153221-138b5a5a4fd4/go.mod h1:qbZzneIOXSq+KFAFut9krLfRLZiFLzZL5u2t8SV83EE= +google.golang.org/genproto/googleapis/api v0.0.0-20250219182151-9fdb1cabc7b2 h1:35ZFtrCgaAjF7AFAK0+lRSf+4AyYnWRbH7og13p7rZ4= +google.golang.org/genproto/googleapis/api v0.0.0-20250219182151-9fdb1cabc7b2/go.mod h1:W9ynFDP/shebLB1Hl/ESTOap2jHd6pmLXPNZC7SVDbA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250219182151-9fdb1cabc7b2 h1:DMTIbak9GhdaSxEjvVzAeNZvyc03I61duqNbnm3SU0M= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250219182151-9fdb1cabc7b2/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I= google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ= google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 h1:F29+wU6Ee6qgu9TddPgooOdaqsxTMunOoj8KA5yuS5A= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cli-0.28.3/internal/cast/cast_test.go new/cli-0.28.5/internal/cast/cast_test.go --- old/cli-0.28.3/internal/cast/cast_test.go 2025-02-20 18:46:12.000000000 +0100 +++ new/cli-0.28.5/internal/cast/cast_test.go 2025-03-05 12:08:34.000000000 +0100 @@ -36,7 +36,7 @@ } func TestInt64PanicsOnLargeValue(t *testing.T) { - require.Panics(t, func() { cast.Int64(uint64(math.MaxInt + 1)) }) + require.Panics(t, func() { cast.Int64(uint64(math.MaxInt64 + 1)) }) } func TestUint64ConvertsValues(t *testing.T) { @@ -56,16 +56,16 @@ } func TestInt32PanicsOnTooSmallValue(t *testing.T) { - require.Panics(t, func() { cast.Int32(math.MinInt32 - 1) }) + require.Panics(t, func() { cast.Int32(int64(math.MinInt32 - 1)) }) } func TestInt32PanicsOnLargeValue(t *testing.T) { - require.Panics(t, func() { cast.Int32(math.MaxInt32 + 1) }) + require.Panics(t, func() { cast.Int32(int64(math.MaxInt32 + 1)) }) } func TestUint32ConvertsValues(t *testing.T) { require.Equal(t, uint32(0), cast.Uint32(0)) - require.Equal(t, uint32(math.MaxUint32), cast.Uint32(math.MaxUint32)) + require.Equal(t, uint32(math.MaxUint32), cast.Uint32(int64(math.MaxUint32))) require.Equal(t, uint32(42), cast.Uint32(42)) } @@ -74,8 +74,9 @@ } func TestUint32PanicsOnLargeValue(t *testing.T) { - require.Panics(t, func() { cast.Uint32(math.MaxUint32 + 1) }) + require.Panics(t, func() { cast.Uint32(int64(math.MaxUint32 + 1)) }) } + func TestUint8ConvertsValues(t *testing.T) { require.Equal(t, uint8(0), cast.Uint8(0)) require.Equal(t, uint8(math.MaxUint8), cast.Uint8(math.MaxUint8)) @@ -87,5 +88,5 @@ } func TestUint8PanicsOnLargeValue(t *testing.T) { - require.Panics(t, func() { cast.Uint8(math.MaxUint32 + 1) }) + require.Panics(t, func() { cast.Uint8(math.MaxUint8 + 1) }) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cli-0.28.3/token/options.go new/cli-0.28.5/token/options.go --- old/cli-0.28.3/token/options.go 2025-02-20 18:46:12.000000000 +0100 +++ new/cli-0.28.5/token/options.go 2025-03-05 12:08:34.000000000 +0100 @@ -80,6 +80,25 @@ } } +// WithUserData returns an Option function that merges the provided map with the +// existing user claim in the payload. +func WithUserData(v map[string]interface{}) Options { + return func(c *Claims) error { + if _, ok := c.ExtraClaims[UserClaim]; !ok { + c.Set(UserClaim, make(map[string]interface{})) + } + s := c.ExtraClaims[UserClaim] + sm, ok := s.(map[string]interface{}) + if !ok { + return fmt.Errorf("%q claim is %T, not map[string]interface{}", UserClaim, s) + } + for k, val := range v { + sm[k] = val + } + return nil + } +} + // WithSSH returns an Options function that sets the step claim with the ssh // property in the value. func WithSSH(v interface{}) Options { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cli-0.28.3/token/token.go new/cli-0.28.5/token/token.go --- old/cli-0.28.3/token/token.go 2025-02-20 18:46:12.000000000 +0100 +++ new/cli-0.28.5/token/token.go 2025-03-05 12:08:34.000000000 +0100 @@ -32,6 +32,9 @@ // StepClaim is the property name for a JWT claim the stores the custom information in the certificate. const StepClaim = "step" +// UserClaim is the property name for a JWT claim that stores user-provided custom information. +const UserClaim = "user" + // ConfirmationClaim is the property name for a JWT claim that stores a JSON // object used as Proof-Of-Possession. const ConfirmationClaim = "cnf" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cli-0.28.3/utils/cautils/bootstrap.go new/cli-0.28.5/utils/cautils/bootstrap.go --- old/cli-0.28.3/utils/cautils/bootstrap.go 2025-02-20 18:46:12.000000000 +0100 +++ new/cli-0.28.5/utils/cautils/bootstrap.go 2025-03-05 12:08:34.000000000 +0100 @@ -25,9 +25,11 @@ ) type bootstrapAPIResponse struct { - CaURL string `json:"url"` - Fingerprint string `json:"fingerprint"` - RedirectURL string `json:"redirect-url"` + CaURL string `json:"url"` + Fingerprint string `json:"fingerprint"` + RedirectURL string `json:"redirect-url"` + Provisioner string `json:"provisioner"` + MinPasswordLength int `json:"min-password-length"` } // UseContext returns true if contexts should be used, false otherwise. @@ -55,6 +57,20 @@ type bootstrapContext struct { defaultContextName string redirectURL string + provisioner string + minPasswordLength int +} + +func withProvisioner(provisioner string) bootstrapOption { + return func(bc *bootstrapContext) { + bc.provisioner = provisioner + } +} + +func withMinPasswordLength(minLength int) bootstrapOption { + return func(bc *bootstrapContext) { + bc.minPasswordLength = minLength + } } func withDefaultContextValues(context string) bootstrapOption { @@ -70,10 +86,12 @@ } type bootstrapConfig struct { - CA string `json:"ca-url"` - Fingerprint string `json:"fingerprint"` - Root string `json:"root"` - Redirect string `json:"redirect-url"` + CA string `json:"ca-url"` + Fingerprint string `json:"fingerprint"` + Root string `json:"root"` + Redirect string `json:"redirect-url,omitempty"` + Provisioner string `json:"provisioner,omitempty"` + MinPasswordLength int `json:"min-password-length,omitempty"` } func bootstrap(ctx *cli.Context, caURL, fingerprint string, opts ...bootstrapOption) error { @@ -126,16 +144,16 @@ rootFile := pki.GetRootCAPath() configFile := step.DefaultsFile() - if err = os.MkdirAll(filepath.Dir(rootFile), 0700); err != nil { + if err = os.MkdirAll(filepath.Dir(rootFile), 0o700); err != nil { return errs.FileError(err, rootFile) } - if err = os.MkdirAll(filepath.Dir(configFile), 0700); err != nil { + if err = os.MkdirAll(filepath.Dir(configFile), 0o700); err != nil { return errs.FileError(err, configFile) } // Serialize root - _, err = pemutil.Serialize(resp.RootPEM.Certificate, pemutil.ToFile(rootFile, 0600)) + _, err = pemutil.Serialize(resp.RootPEM.Certificate, pemutil.ToFile(rootFile, 0o600)) if err != nil { return err } @@ -148,12 +166,19 @@ } // Serialize defaults.json - b, err := json.MarshalIndent(bootstrapConfig{ + bootConf := bootstrapConfig{ CA: caURL, Fingerprint: fingerprint, Root: pki.GetRootCAPath(), Redirect: bc.redirectURL, - }, "", " ") + } + if bc.minPasswordLength > 0 { + bootConf.MinPasswordLength = bc.minPasswordLength + } + if bc.provisioner != "" { + bootConf.Provisioner = bc.provisioner + } + b, err := json.MarshalIndent(bootConf, "", " ") if err != nil { return errors.Wrap(err, "error marshaling defaults.json") } @@ -162,7 +187,7 @@ ctx.Set("fingerprint", fingerprint) ctx.Set("root", rootFile) - if err := utils.WriteFile(configFile, b, 0644); err != nil { + if err := utils.WriteFile(configFile, b, 0o644); err != nil { return err } @@ -171,12 +196,12 @@ if step.Contexts().Enabled() { profileDefaultsFile := step.ProfileDefaultsFile() - if err := os.MkdirAll(filepath.Dir(profileDefaultsFile), 0700); err != nil { + if err := os.MkdirAll(filepath.Dir(profileDefaultsFile), 0o700); err != nil { return errs.FileError(err, profileDefaultsFile) } if _, err := os.Stat(profileDefaultsFile); os.IsNotExist(err) { - if err := os.WriteFile(profileDefaultsFile, []byte("{}"), 0600); err != nil { + if err := os.WriteFile(profileDefaultsFile, []byte("{}"), 0o600); err != nil { return errs.FileError(err, profileDefaultsFile) } ui.Printf("The profile configuration has been saved in %s.\n", profileDefaultsFile) @@ -254,9 +279,17 @@ r.RedirectURL = "https://smallstep.com/app/teams/sso/success"; } - return bootstrap(ctx, r.CaURL, r.Fingerprint, - withDefaultContextValues(teamAuthority+"."+team), - withRedirectURL(r.RedirectURL)) + bootOpts := []bootstrapOption{ + withDefaultContextValues(teamAuthority + "." + team), + withRedirectURL(r.RedirectURL), + } + if r.Provisioner != "" { + bootOpts = append(bootOpts, withProvisioner(r.Provisioner)) + } + if r.MinPasswordLength > 0 { + bootOpts = append(bootOpts, withMinPasswordLength(r.MinPasswordLength)) + } + return bootstrap(ctx, r.CaURL, r.Fingerprint, bootOpts...) } // BootstrapAuthority bootstraps an authority using only the caURL and fingerprint. @@ -268,7 +301,7 @@ } } - var opts = []bootstrapOption{ + opts := []bootstrapOption{ withDefaultContextValues(caHostname), } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cli-0.28.3/utils/cautils/certificate_flow.go new/cli-0.28.5/utils/cautils/certificate_flow.go --- old/cli-0.28.3/utils/cautils/certificate_flow.go 2025-02-20 18:46:12.000000000 +0100 +++ new/cli-0.28.5/utils/cautils/certificate_flow.go 2025-03-05 12:08:34.000000000 +0100 @@ -43,6 +43,7 @@ SSHPublicKey ssh.PublicKey CertificateRequest *x509.CertificateRequest ConfirmationFingerprint string + CustomAttributes map[string]interface{} } // sharedContext is used to share information between commands. @@ -88,6 +89,18 @@ }) } +// WithCustomAttributes adds custom attributes to be set in the "user" claim. +func WithCustomAttributes(v map[string]interface{}) Option { + return newFuncFlowOption(func(fo *flowContext) { + if fo.CustomAttributes == nil { + fo.CustomAttributes = make(map[string]interface{}) + } + for k, val := range v { + fo.CustomAttributes[k] = val + } + }) +} + // NewCertificateFlow initializes a cli flow to get a new certificate. func NewCertificateFlow(ctx *cli.Context, opts ...Option) (*CertificateFlow, error) { var err error diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cli-0.28.3/utils/cautils/token_flow.go new/cli-0.28.5/utils/cautils/token_flow.go --- old/cli-0.28.3/utils/cautils/token_flow.go 2025-02-20 18:46:12.000000000 +0100 +++ new/cli-0.28.5/utils/cautils/token_flow.go 2025-03-05 12:08:34.000000000 +0100 @@ -212,7 +212,7 @@ } kid := ctx.String("kid") - issuer := ctx.String("issuer") + issuer := flags.FirstStringOf(ctx, "provisioner", "issuer") // Require issuer and keyFile if ca.json does not exists. // kid can be passed or created using jwk.Thumbprint. @@ -326,7 +326,7 @@ } // Filter by issuer (provisioner name) - if issuer := ctx.String("issuer"); issuer != "" { + if issuer := flags.FirstStringOf(ctx, "provisioner", "issuer"); issuer != "" { provisioners = provisionerFilter(provisioners, func(p provisioner.Interface) bool { return p.GetName() == issuer }) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cli-0.28.3/utils/cautils/token_generator.go new/cli-0.28.5/utils/cautils/token_generator.go --- old/cli-0.28.3/utils/cautils/token_generator.go 2025-02-20 18:46:12.000000000 +0100 +++ new/cli-0.28.5/utils/cautils/token_generator.go 2025-03-05 12:08:34.000000000 +0100 @@ -108,6 +108,11 @@ opts = append(opts, token.WithConfirmationFingerprint(sharedContext.ConfirmationFingerprint)) } + // Add custom user data, if set. + if sharedContext.CustomAttributes != nil { + opts = append(opts, token.WithUserData(sharedContext.CustomAttributes)) + } + return t.Token(sub, opts...) } @@ -126,6 +131,11 @@ ValidBefore: notAfter, })}, opts...) + // Add custom user data, if set. + if sharedContext.CustomAttributes != nil { + opts = append(opts, token.WithUserData(sharedContext.CustomAttributes)) + } + return t.Token(sub, opts...) } ++++++ vendor.tar.xz ++++++ ++++ 4602 lines of diff (skipped)
