1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-07-05 01:08:48 +02:00

Multiarch builds (#1147)

* extract email from id_token for azure provider (#914)

* extract email from id_token for azure provider

this change fixes a bug when --resource is specified with non-Graph
api and the access token destined to --resource is used to call Graph
api

* fixed typo

* refactor GetEmailAddress to EnrichSessionState

* make getting email from idtoken best effort and fall back to previous behavior when it's absent

* refactor to use jwt package to extract claims

* fix lint

* refactor unit tests to use test table
refactor the get email logic from profile api

* addressing feedback

* added oidc verifier to azure provider and extract email from id_token if present

* fix lint and codeclimate

* refactor to use oidc verifier to verify id_token if oidc is configured

* fixed UT

* addressed comments

* minor refactor

* addressed feedback

* extract email from id_token first and fallback to access token

* fallback to access token as well when id_token doesn't have email claim

* address feedbacks

* updated change log!

* switch to docker buildx for multiarch builds

* add setup docker buildx action

* update docker push to push the multiarch image

* make multiarch image have parity with currently produced images by adding linux/armv6

* triaging issue with arm v6

* incorporating feedback

* fixing rebase disaster

* reset Makefile to blessed state

Co-authored-by: Weinong Wang <weinong@outlook.com>
This commit is contained in:
Ryan Hartje
2021-09-21 08:17:59 -05:00
committed by GitHub
parent ee7c405bd8
commit 05a4e77c4c
3 changed files with 14 additions and 5 deletions

View File

@ -57,6 +57,13 @@ jobs:
- name: Check out code - name: Check out code
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: Set up Docker Buildx
id: buildx
uses: crazy-max/ghaction-docker-buildx@v3
with:
buildx-version: latest
qemu-version: latest
- name: Docker Build - name: Docker Build
run: | run: |
make docker make docker

View File

@ -8,7 +8,7 @@
deserialization from v6.0.0 (only) has been removed to improve performance. If you are on v6.0.0, either upgrade deserialization from v6.0.0 (only) has been removed to improve performance. If you are on v6.0.0, either upgrade
to a version before this first and allow legacy sessions to expire gracefully or change your `cookie-secret` to a version before this first and allow legacy sessions to expire gracefully or change your `cookie-secret`
value and force all sessions to reauthenticate. value and force all sessions to reauthenticate.
- [#1210](https://github.com/oauth2-proxy/oauth2-proxy/pull/1210) A new `keycloak-oidc` provider has been added with support for role based authentication. The existing keycloak auth provider will eventually be deprecated and removed. Please switch to the new provider `keycloak-oidc`. - [#1210](https://github.com/oauth2-proxy/oauth2-proxy/pull/1210) A new `keycloak-oidc` provider has been added with support for role based authentication. The existing keycloak auth provider will eventually be deprecated and removed. Please switch to the new provider `keycloak-oidc`.
## Breaking Changes ## Breaking Changes
@ -36,6 +36,7 @@
- [#1330](https://github.com/oauth2-proxy/oauth2-proxy/pull/1330) Allow specifying URL as input for custom sign in logo (@MaikuMori) - [#1330](https://github.com/oauth2-proxy/oauth2-proxy/pull/1330) Allow specifying URL as input for custom sign in logo (@MaikuMori)
- [#1357](https://github.com/oauth2-proxy/oauth2-proxy/pull/1357) Fix unsafe access to session variable (@harzallah) - [#1357](https://github.com/oauth2-proxy/oauth2-proxy/pull/1357) Fix unsafe access to session variable (@harzallah)
- [#997](https://github.com/oauth2-proxy/oauth2-proxy/pull/997) Allow passing the raw url path when proxying upstream requests - e.g. /%2F/ (@FStelzer) - [#997](https://github.com/oauth2-proxy/oauth2-proxy/pull/997) Allow passing the raw url path when proxying upstream requests - e.g. /%2F/ (@FStelzer)
- [#1147](https://github.com/oauth2-proxy/oauth2-proxy/pull/1147) Multiarch support for docker image (@goshlanguage)
# V7.1.3 # V7.1.3

View File

@ -13,8 +13,6 @@ MINIMUM_SUPPORTED_GO_MAJOR_VERSION = 1
MINIMUM_SUPPORTED_GO_MINOR_VERSION = 15 MINIMUM_SUPPORTED_GO_MINOR_VERSION = 15
GO_VERSION_VALIDATION_ERR_MSG = Golang version is not supported, please update to at least $(MINIMUM_SUPPORTED_GO_MAJOR_VERSION).$(MINIMUM_SUPPORTED_GO_MINOR_VERSION) GO_VERSION_VALIDATION_ERR_MSG = Golang version is not supported, please update to at least $(MINIMUM_SUPPORTED_GO_MAJOR_VERSION).$(MINIMUM_SUPPORTED_GO_MINOR_VERSION)
DOCKER_BUILD := docker build --build-arg VERSION=${VERSION}
ifeq ($(COVER),true) ifeq ($(COVER),true)
TESTCOVER ?= -coverprofile c.out TESTCOVER ?= -coverprofile c.out
endif endif
@ -41,9 +39,12 @@ build: validate-go-version clean $(BINARY)
$(BINARY): $(BINARY):
GO111MODULE=on CGO_ENABLED=0 $(GO) build -a -installsuffix cgo -ldflags="-X main.VERSION=${VERSION}" -o $@ github.com/oauth2-proxy/oauth2-proxy/v7 GO111MODULE=on CGO_ENABLED=0 $(GO) build -a -installsuffix cgo -ldflags="-X main.VERSION=${VERSION}" -o $@ github.com/oauth2-proxy/oauth2-proxy/v7
DOCKER_BUILD := docker build --build-arg VERSION=${VERSION}
DOCKER_BUILDX := docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v6 --build-arg VERSION=${VERSION}
.PHONY: docker .PHONY: docker
docker: docker:
$(DOCKER_BUILD) -f Dockerfile -t $(REGISTRY)/oauth2-proxy:latest . $(DOCKER_BUILDX) -f Dockerfile -t $(REGISTRY)/oauth2-proxy:latest .
.PHONY: docker-all .PHONY: docker-all
docker-all: docker docker-all: docker
@ -57,7 +58,7 @@ docker-all: docker
.PHONY: docker-push .PHONY: docker-push
docker-push: docker-push:
docker push $(REGISTRY)/oauth2-proxy:latest docker buildx build --push --platform linux/amd64,linux/arm64,linux/arm/v6 -t $(REGISTRY)/oauth2-proxy:latest .
.PHONY: docker-push-all .PHONY: docker-push-all
docker-push-all: docker-push docker-push-all: docker-push