This change adds additional JWT validations:
- It ensures there isn't a valid timestamp skew greater than 30
seconds.
- It ensures that the issuer is GCP IAP.
Change-Id: I130b5cf2a83c92d4800683e9012e5898bcc2bca6
Reviewed-on: https://go-review.googlesource.com/c/build/+/442535
Run-TryBot: Carlos Amedee <carlos@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Change-Id: Id8468705aa93a615caf014196cc77529bf991a9f
GitHub-Last-Rev: 7598fb5831
GitHub-Pull-Request: golang/build#46
Reviewed-on: https://go-review.googlesource.com/c/build/+/429455
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Generated with go run update-readmes.go.
Also capitalize the word "Package" in 3 package comments
and update releaselet test not to fail on README.md file.
Change-Id: I031b15ec570dd089b1931b79dcb1f8e6694e7e62
Reviewed-on: https://go-review.googlesource.com/c/build/+/394520
Reviewed-by: Carlos Amedee <carlos@golang.org>
Trust: Carlos Amedee <carlos@golang.org>
Trust: Emmanuel Odeke <emmanuel@orijtech.com>
Trust: Dmitri Shuralyov <dmitshur@golang.org>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
This change adds the option to skip the validation of the audience
field in JWT tokens. We understand that validating the JWT token is
enough to know that the packet came from a valid source.
Updates golang/go#48742
Change-Id: I77c79e4b7f7273c3fb74f088c402c0a55efc3169
Reviewed-on: https://go-review.googlesource.com/c/build/+/378574
Trust: Carlos Amedee <carlos@golang.org>
Run-TryBot: Carlos Amedee <carlos@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
This change adds functions which assists in the testing of authentication.
Updates golang/go#48729
Change-Id: Ibff9c758e97c5fd3584c6e68612e4d9db99baa5e
Reviewed-on: https://go-review.googlesource.com/c/build/+/371396
Trust: Carlos Amedee <carlos@golang.org>
Run-TryBot: Carlos Amedee <carlos@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
This change:
- Adds a simple GRPC gomote server.
- Updates the documentation for the audiance required for IAP authentication.
- Adds a field for the backend service id in the build enviornment package.
- Creates middleware for the GRPC server use in the existing HTTP servers.
Updates golang/go#47521
Updates golang/go#48742
Change-Id: I2a56e39b96bf1b429f807f79c58aee3f72a45a33
Reviewed-on: https://go-review.googlesource.com/c/build/+/361098
Trust: Carlos Amedee <carlos@golang.org>
Run-TryBot: Carlos Amedee <carlos@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Alexander Rakoczy <alex@golang.org>
This change adds an access package which is intented to contain
functions which will handle Identity Aware Proxy authentication. It
may be extended to include authorization logic in the future.
Fixesgolang/go#48729
Updates golang/go#47521
Change-Id: I68cd90c3e83066763e3194fcb58e324c3630f811
Reviewed-on: https://go-review.googlesource.com/c/build/+/358915
Reviewed-by: Heschi Kreinick <heschi@google.com>
Reviewed-by: Alexander Rakoczy <alex@golang.org>
Trust: Alexander Rakoczy <alex@golang.org>
Run-TryBot: Alexander Rakoczy <alex@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Carlos Amedee
cui fliter
Dmitri Shuralyov