TLS configure for OIDC connector #1632

xtremerui · 2020-01-20T17:09:00Z

This PR adds two configurable fiels RootCAs and InsecureSkipVerify to OIDC connector. When openning a connection to OIDC connect provider, it will use a httpclient based on these two fields.

xtremerui · 2020-11-05T04:34:17Z

@sagikazarmark just a quick raincheck here to see if this PR falls in the path. I am seeing some connectors providing TLS config (more or less). For example,

Github:

dex/connector/github/github.go

Lines 99 to 108 in 6cdbb59

    
           if c.RootCA != "" { 
        
           	if c.HostName == "" { 
        
           		return nil, errors.New("invalid connector config: Host name field required for a root certificate file") 
        
           	} 
        
           	g.rootCA = c.RootCA 
        
           	var err error 
        
           	if g.httpClient, err = newHTTPClient(g.rootCA); err != nil { 
        
           		return nil, fmt.Errorf("failed to create HTTP client: %v", err) 
        
           	}

LDAP:

dex/connector/ldap/ldap.go

Lines 255 to 269 in 6cdbb59

    
           tlsConfig := &tls.Config{ServerName: host, InsecureSkipVerify: c.InsecureSkipVerify} 
        
           if c.RootCA != "" || len(c.RootCAData) != 0 { 
        
           	data := c.RootCAData 
        
           	if len(data) == 0 { 
        
           		var err error 
        
           		if data, err = ioutil.ReadFile(c.RootCA); err != nil { 
        
           			return nil, fmt.Errorf("ldap: read ca file: %v", err) 
        
           		} 
        
           	} 
        
           	rootCAs := x509.NewCertPool() 
        
           	if !rootCAs.AppendCertsFromPEM(data) { 
        
           		return nil, fmt.Errorf("ldap: no certs found in ca file") 
        
           	} 
        
           	tlsConfig.RootCAs = rootCAs 
        
           }

openshift:

dex/connector/openshift/openshift.go

Lines 81 to 84 in 6cdbb59

    
           if openshiftConnector.httpClient, err = newHTTPClient(c.InsecureCA, c.RootCA); err != nil { 
        
           	cancel() 
        
           	return nil, fmt.Errorf("failed to create HTTP client: %v", err) 
        
           }

Thank you for your time!

xtremerui · 2021-11-10T18:29:02Z

Hi could I get some feedbacks on thie PR? Thx @sagikazarmark

sagikazarmark

Apologies for the delay on this one.

I had a couple notes, but looks OK overall.

connector/oidc/oidc.go

sagikazarmark · 2022-10-03T16:37:30Z

connector/oidc/oidc.go

@@ -166,6 +188,40 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
 	}, nil
 }

+func newHTTPClient(rootCAs []string, insecureSkipVerify bool) (*http.Client, error) {


Would it make sense to create a common function in an internal package? Haven't checked how this is used in different packages, but unless there are significant differences, it might make sense to reuse.

I have extract the func out to a package named httpclient. The test of it requires some test certs as you can see. The instruction for regenerate the test certs are in the readme. Test certs are set to expired in 10 years.

@sagikazarmark please let me know if you want to set up the test differently. Thank you!

…#2679)" This reverts commit 4947772. Signed-off-by: Mark Sagi-Kazar <[email protected]>

Signed-off-by: Mark Sagi-Kazar <[email protected]>

Backport dexidp#2694 to v2.35.x

Bumps golang from 1.19.1-alpine3.16 to 1.19.2-alpine3.16. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Backport Go update to v2.35.x

Signed-off-by: Mark Sagi-Kazar <[email protected]>

Backport dexidp#2700 to v2.35.x

Signed-off-by: m.nabokikh <[email protected]>

Backport dexidp#2705 to v2.35.x

Signed-off-by: Alex Suraci <[email protected]> Co-authored-by: Rui Yang <[email protected]>

Signed-off-by: Rui Yang <[email protected]>

* extract common newHTTPClient func out to its own package * add test for testing root CAs in the constructor. * test certs are set to expired in 10 years Signed-off-by: Rui Yang <[email protected]>

Signed-off-by: Rui Yang <[email protected]>

nabokihms · 2022-11-04T12:48:59Z

@xtremerui Thanks for your work, and sorry for this PR being delayed for so long. My apologies.

I am ready to merge this. Could you please fix the conflicts?

Signed-off-by: Rui Yang <[email protected]>

xtremerui · 2022-11-05T01:33:00Z

@nabokihms thx its done.

nabokihms

LGTM

* feat: Add acr_values support for OIDC Signed-off-by: Engin Diri <[email protected]> * build(deps): bump golang from 1.17.7-alpine3.14 to 1.17.8-alpine3.14 Bumps golang from 1.17.7-alpine3.14 to 1.17.8-alpine3.14. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * fix: Implicit Grant discovery Signed-off-by: m.nabokikh <[email protected]> * build(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0 Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.3.0 to 1.4.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md) - [Commits](https://github.com/spf13/cobra/compare/v1.3.0...v1.4.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.0 to 1.7.1. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.7.0...v1.7.1) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump alpine from 3.15.0 to 3.15.1 Bumps alpine from 3.15.0 to 3.15.1. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * chore: update alpine version Signed-off-by: Mark Sagi-Kazar <[email protected]> * build(deps): bump alpine from 3.15.1 to 3.15.3 Bumps alpine from 3.15.1 to 3.15.3. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump google.golang.org/api from 0.70.0 to 0.74.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.70.0 to 0.74.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.70.0...v0.74.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump alpine from 3.15.3 to 3.15.4 Bumps alpine from 3.15.3 to 3.15.4. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0 Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.27.1 to 1.28.0. - [Release notes](https://github.com/protocolbuffers/protobuf-go/releases) - [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash) - [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.27.1...v1.28.0) --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * feat: update entgo library Signed-off-by: Mark Sagi-Kazar <[email protected]> * feat: update generated storage files Signed-off-by: Mark Sagi-Kazar <[email protected]> * feat: use the new atlas engine for migrations Signed-off-by: Mark Sagi-Kazar <[email protected]> * fix: define milisecond precision for postgres Signed-off-by: Mark Sagi-Kazar <[email protected]> * revert: atlas and precision change Looks like Atlas (the new migration library under Ent) cannot handle precision properly. An issue has been reported to Ent: https://github.com/ent/ent/issues/2454 Signed-off-by: Mark Sagi-Kazar <[email protected]> * build(deps): bump aquasecurity/trivy-action from 0.2.2 to 0.2.3 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.2.2 to 0.2.3. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.2.2...0.2.3) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump actions/setup-go from 2 to 3 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 3. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * feat: enable profiling endpoints Signed-off-by: m.nabokikh <[email protected]> * Create setting to allow to trust the system root CAs Previously, when rootCA was set, the trusted system root CAs were ignored. Now, allow for both being able to be configured and used Signed-off-by: Daniel Haus <[email protected]> * Remove external setting, enable injection of HTTP client to config. Signed-off-by: Daniel Haus <[email protected]> * Bump Alpine to latest version Signed-off-by: Mattias Gees <[email protected]> * ci: new docker image build Signed-off-by: Mark Sagi-Kazar <[email protected]> * ci: wait for container images with container scan Signed-off-by: Mark Sagi-Kazar <[email protected]> * ci: update trivy scan job Signed-off-by: Mark Sagi-Kazar <[email protected]> * build: help dependabot detect base image versions Signed-off-by: Mark Sagi-Kazar <[email protected]> * ci: build distroless images Signed-off-by: Mark Sagi-Kazar <[email protected]> * ci: disable Docker job on push Signed-off-by: Mark Sagi-Kazar <[email protected]> * fix: log only errors on refreshing Signed-off-by: m.nabokikh <[email protected]> * ci: only enable the necessary platforms for emulation Signed-off-by: Mark Sagi-Kazar <[email protected]> * build(deps): bump aquasecurity/trivy-action from 0.2.4 to 0.2.5 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.2.4 to 0.2.5. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.2.4...0.2.5) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Feature: groups in Gitea Signed-off-by: techknowlogick <[email protected]> * revert: docker matrix build Apparently matrix builds don't work with the docker action. Only reference I found about the topic: https://github.com/docker/build-push-action/issues/130 Signed-off-by: Mark Sagi-Kazar <[email protected]> * revert: move container scan back to the container build step Signed-off-by: Mark Sagi-Kazar <[email protected]> * ci: add docker metadata action Signed-off-by: Mark Sagi-Kazar <[email protected]> * Add numeric user ID support for oauth connector Signed-off-by: Shuanglei Tao <[email protected]> * ci: use docker metadata for build input Signed-off-by: Mark Sagi-Kazar <[email protected]> * build(deps): bump github/codeql-action from 1 to 2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Fix unparam lint error in oauth_test Signed-off-by: Shuanglei Tao <[email protected]> * Remove google specific hd / hosted domain claim config Signed-off-by: Anthony Brandelli <[email protected]> * chore: do not use caching for docker build Signed-off-by: m.nabokikh <[email protected]> * Add support for IDPs that do not send ID tokens in the reply when using a refresh grant. Add tests for the aforementioned functionality. Signed-off-by: Anthony Brandelli <[email protected]> * Fix issues to make the linter happy Signed-off-by: Anthony Brandelli <[email protected]> * feat: add enhancement template Signed-off-by: m.nabokikh <[email protected]> * Apply suggestions from code review Signed-off-by: Mark Sagi-Kazar <[email protected]> Co-authored-by: Márk Sági-Kazár <[email protected]> Signed-off-by: m.nabokikh <[email protected]> * fix: Move enhancements to the docs folder Signed-off-by: m.nabokikh <[email protected]> * build(deps): bump docker/build-push-action from 2 to 3 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2 to 3. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump docker/metadata-action from 3 to 4 Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 3 to 4. - [Release notes](https://github.com/docker/metadata-action/releases) - [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md) - [Commits](https://github.com/docker/metadata-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump docker/setup-qemu-action from 1 to 2 Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 1 to 2. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v1...v2) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump docker/login-action from 1 to 2 Bumps [docker/login-action](https://github.com/docker/login-action) from 1 to 2. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v1...v2) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump docker/setup-buildx-action from 1 to 2 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1 to 2. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v1...v2) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump lint timeout to reduce the number of failed executions Signed-off-by: m.nabokikh <[email protected]> * fix: prevent cross-site scripting for the device flow Signed-off-by: m.nabokikh <[email protected]> * Limit the amount of objects we attempt to GC on each cycle If something causes the number k8s resources to increase beyond a certain threshold, garbage collection can fail because the query to retrieve those resources will time out, resulting in a perpetual cycle of being unable to garbage collect resources. In lieu of trying to get *every* object each cycle, we can limit the number of resources retrieved per GC cycle to some reasonable number. Signed-off-by: Michael Kelly <[email protected]> * build(deps): bump aquasecurity/trivy-action from 0.2.5 to 0.3.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.2.5 to 0.3.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.2.5...0.3.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump alpine from 3.15.4 to 3.16.0 Bumps alpine from 3.15.4 to 3.16.0. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * chore: Go mod update 1.17 Signed-off-by: m.nabokikh <[email protected]> * build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.2 to 3.5.4 Bumps [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd) from 3.5.2 to 3.5.4. - [Release notes](https://github.com/etcd-io/etcd/releases) - [Changelog](https://github.com/etcd-io/etcd/blob/main/Dockerfile-release.amd64) - [Commits](https://github.com/etcd-io/etcd/compare/v3.5.2...v3.5.4) --- updated-dependencies: - dependency-name: go.etcd.io/etcd/client/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump google.golang.org/grpc from 1.45.0 to 1.46.2 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.45.0 to 1.46.2. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.45.0...v1.46.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump github.com/coreos/go-oidc/v3 from 3.1.0 to 3.2.0 Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/coreos/go-oidc/releases) - [Commits](https://github.com/coreos/go-oidc/compare/v3.1.0...v3.2.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-oidc/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump github.com/prometheus/client_golang Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.1 to 1.12.2. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.12.1...v1.12.2) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump github.com/felixge/httpsnoop from 1.0.2 to 1.0.3 Bumps [github.com/felixge/httpsnoop](https://github.com/felixge/httpsnoop) from 1.0.2 to 1.0.3. - [Release notes](https://github.com/felixge/httpsnoop/releases) - [Commits](https://github.com/felixge/httpsnoop/compare/v1.0.2...v1.0.3) --- updated-dependencies: - dependency-name: github.com/felixge/httpsnoop dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump google.golang.org/api from 0.74.0 to 0.81.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.74.0 to 0.81.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.74.0...v0.81.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump google.golang.org/grpc in /api/v2 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.44.0 to 1.46.2. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.44.0...v1.46.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * feat: upgrade Go to 1.18 Signed-off-by: Mark Sagi-Kazar <[email protected]> * chore: upgrade linter Signed-off-by: Mark Sagi-Kazar <[email protected]> * build(deps): bump google.golang.org/protobuf in /api/v2 Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.27.1 to 1.28.0. - [Release notes](https://github.com/protocolbuffers/protobuf-go/releases) - [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash) - [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.27.1...v1.28.0) --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * chore: fix lint violations Signed-off-by: Mark Sagi-Kazar <[email protected]> * build(deps): bump golang from 1.18.0-alpine3.15 to 1.18.2-alpine3.15 Bumps golang from 1.18.0-alpine3.15 to 1.18.2-alpine3.15. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * chore: release note configuration Signed-off-by: Mark Sagi-Kazar <[email protected]> * Add the comment about groups request notification Signed-off-by: m.nabokikh <[email protected]> * Fixes https://github.com/dexidp/dex/issues/2537 Signed-off-by: Shivansh Vij <[email protected]> * Updating test cases Fixes https://github.com/dexidp/dex/issues/2537 Signed-off-by: Shivansh Vij <[email protected]> * build(deps): bump golang from 1.18.2-alpine3.15 to 1.18.3-alpine3.15 Bumps golang from 1.18.2-alpine3.15 to 1.18.3-alpine3.15. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump google.golang.org/api from 0.81.0 to 0.82.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.81.0 to 0.82.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.81.0...v0.82.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.46.2 to 1.47.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.46.2...v1.47.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.1 to 1.7.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.7.1...v1.7.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * chore(deps): update grpc Signed-off-by: Mark Sagi-Kazar <[email protected]> * chore: update gitignore Signed-off-by: Mark Sagi-Kazar <[email protected]> * s/getUrl/getURL golang prefers URL not Url Signed-off-by: Michael Kelly <[email protected]> * Tweaks based on review comments Signed-off-by: Michael Kelly <[email protected]> * Fix formatting Signed-off-by: Michael Kelly <[email protected]> * build(deps): bump helm/kind-action from 1.2.0 to 1.3.0 Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.2.0 to 1.3.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/v1.2.0...v1.3.0) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump aquasecurity/trivy-action from 0.3.0 to 0.4.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.3.0 to 0.4.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.3.0...0.4.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump mheap/github-action-required-labels from 1 to 2 Bumps [mheap/github-action-required-labels](https://github.com/mheap/github-action-required-labels) from 1 to 2. - [Release notes](https://github.com/mheap/github-action-required-labels/releases) - [Commits](https://github.com/mheap/github-action-required-labels/compare/v1...v2) --- updated-dependencies: - dependency-name: mheap/github-action-required-labels dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump google.golang.org/api from 0.82.0 to 0.86.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.82.0 to 0.86.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.82.0...v0.86.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump aquasecurity/trivy-action from 0.4.0 to 0.5.1 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.4.0 to 0.5.1. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.4.0...0.5.1) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.8.0 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.2 to 1.8.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.7.2...v1.8.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump github.com/spf13/cobra from 1.4.0 to 1.5.0 Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.4.0 to 1.5.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.4.0...v1.5.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Add expiry.refreshToken settings to config.yaml.dist Signed-off-by: Chance Zibolski <[email protected]> * Use GitLab's refresh_token during Refresh. (#2352) Signed-off-by: Daniel Haus <[email protected]> * build(deps): bump aquasecurity/trivy-action from 0.5.1 to 0.6.0 (#2602) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.5.1 to 0.6.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.5.1...0.6.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump alpine from 3.16.0 to 3.16.1 (#2598) Bumps alpine from 3.16.0 to 3.16.1. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang from 1.18.3-alpine3.15 to 1.18.4-alpine3.15 (#2592) Bumps golang from 1.18.3-alpine3.15 to 1.18.4-alpine3.15. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add domainHint parameter to Microsoft Connector (#2586) Signed-off-by: Joe Knight <[email protected]> * grpc-client: Do not crash on empty response (#2584) Signed-off-by: Björn Busse <[email protected]> * build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 (#2599) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.1 to 1.9.0. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.0) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add PKCE support to device code flow (#2575) Signed-off-by: Bob Callaway <[email protected]> * add config to explicitly set scopes for microsoft connector (#2582) Signed-off-by: Bob Callaway <[email protected]> * build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.2 to 3.4.4 (#2606) Bumps [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap) from 3.4.2 to 3.4.4. - [Release notes](https://github.com/go-ldap/ldap/releases) - [Commits](https://github.com/go-ldap/ldap/compare/v3.4.2...v3.4.4) --- updated-dependencies: - dependency-name: github.com/go-ldap/ldap/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump google.golang.org/api from 0.86.0 to 0.89.0 (#2605) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.86.0 to 0.89.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.86.0...v0.89.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump aquasecurity/trivy-action from 0.6.0 to 0.6.1 (#2604) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.6.0 to 0.6.1. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.6.0...0.6.1) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add HMAC protection on /approval endpoint Signed-off-by: Bob Callaway <[email protected]> * build(deps): bump alpine from 3.16.1 to 3.16.2 Bumps alpine from 3.16.1 to 3.16.2. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump github.com/prometheus/client_golang (#2623) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.2 to 1.13.0. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.12.2...v1.13.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * updated gomplate version and added ppc64le support Signed-off-by: mayurwaghmode <[email protected]> * build(deps): bump aquasecurity/trivy-action from 0.6.1 to 0.7.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.6.1 to 0.7.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.6.1...0.7.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump google.golang.org/api from 0.89.0 to 0.93.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.89.0 to 0.93.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.89.0...v0.93.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump github.com/mattn/go-sqlite3 from 1.14.11 to 1.14.15 Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.11 to 1.14.15. - [Release notes](https://github.com/mattn/go-sqlite3/releases) - [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.11...v1.14.15) --- updated-dependencies: - dependency-name: github.com/mattn/go-sqlite3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump aquasecurity/trivy-action from 0.7.0 to 0.7.1 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.7.0 to 0.7.1. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.7.0...0.7.1) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * fix: Fallback when group claim is a string instead of an array of strings (#2639) Signed-off-by: Joost Buskermolen <[email protected]> Co-authored-by: Michiel van Pouderoijen <[email protected]> * build(deps): bump google.golang.org/api from 0.93.0 to 0.94.0 (#2637) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.93.0 to 0.94.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.93.0...v0.94.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump google.golang.org/protobuf in /api/v2 Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.28.0 to 1.28.1. - [Release notes](https://github.com/protocolbuffers/protobuf-go/releases) - [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash) - [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.28.0...v1.28.1) --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * chore: Bump ent to 0.11.2 (#2640) Signed-off-by: m.nabokikh <[email protected]> * chore: Bump Go 1.19 (#2641) Signed-off-by: m.nabokikh <[email protected]> * feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <[email protected]> * build(deps): bump github.com/coreos/go-oidc/v3 from 3.2.0 to 3.3.0 (#2646) Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/coreos/go-oidc/releases) - [Commits](https://github.com/coreos/go-oidc/compare/v3.2.0...v3.3.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-oidc/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump google.golang.org/grpc from 1.47.0 to 1.49.0 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.47.0 to 1.49.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.47.0...v1.49.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build: bump Go version to 1.19 in Nix Signed-off-by: Mark Sagi-Kazar <[email protected]> * build(deps): bump golang from 1.19.0-alpine3.15 to 1.19.1-alpine3.15 Bumps golang from 1.19.0-alpine3.15 to 1.19.1-alpine3.15. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump google.golang.org/api from 0.94.0 to 0.95.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.94.0 to 0.95.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.94.0...v0.95.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Implement Application Default Credentials for the google connector (#2530) Signed-off-by: Trung <[email protected]> * chore: update alpine version in Go image Signed-off-by: Mark Sagi-Kazar <[email protected]> * build(deps): bump github.com/coreos/go-oidc/v3 from 3.3.0 to 3.4.0 Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/coreos/go-oidc/releases) - [Commits](https://github.com/coreos/go-oidc/compare/v3.3.0...v3.4.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-oidc/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump github.com/lib/pq from 1.10.5 to 1.10.7 (#2651) Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.10.5 to 1.10.7. - [Release notes](https://github.com/lib/pq/releases) - [Commits](https://github.com/lib/pq/compare/v1.10.5...v1.10.7) --- updated-dependencies: - dependency-name: github.com/lib/pq dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump google.golang.org/grpc in /api/v2 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.47.0 to 1.49.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.47.0...v1.49.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Reduce HTTP client creations in the Keystone connector (#2659) Signed-off-by: erwinvaneyk <[email protected]> * build(deps): bump google.golang.org/api from 0.95.0 to 0.97.0 (#2677) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.95.0 to 0.97.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.95.0...v0.97.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.4 to 3.5.5 Bumps [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd) from 3.5.4 to 3.5.5. - [Release notes](https://github.com/etcd-io/etcd/releases) - [Changelog](https://github.com/etcd-io/etcd/blob/main/Dockerfile-release.amd64) - [Commits](https://github.com/etcd-io/etcd/compare/v3.5.4...v3.5.5) --- updated-dependencies: - dependency-name: go.etcd.io/etcd/client/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump helm/kind-action from 1.3.0 to 1.4.0 Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.3.0 to 1.4.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/v1.3.0...v1.4.0) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * address review comments Signed-off-by: Bob Callaway <[email protected]> * build(deps): bump google.golang.org/api from 0.97.0 to 0.98.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.97.0 to 0.98.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.97.0...v0.98.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * fix: check for no serviceAccountFilePath and no email (#2679) Signed-off-by: Bob Callaway <[email protected]> * fix: supply HMACKey in test case (#2683) Signed-off-by: Bob Callaway <[email protected]> * build(deps): bump entgo.io/ent from 0.11.2 to 0.11.3 Bumps [entgo.io/ent](https://github.com/ent/ent) from 0.11.2 to 0.11.3. - [Release notes](https://github.com/ent/ent/releases) - [Commits](https://github.com/ent/ent/compare/v0.11.2...v0.11.3) --- updated-dependencies: - dependency-name: entgo.io/ent dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * chore(deps): update golang.org/x packages Signed-off-by: Mark Sagi-Kazar <[email protected]> * Add Argo CD to list of Dex adopters Signed-off-by: Jann Fischer <[email protected]> * fix: refresh token only once for all concurrent requests Signed-off-by: m.nabokikh <[email protected]> * Revert "fix: check for no serviceAccountFilePath and no email (#2679)" This reverts commit 49477729ce24448c2895ec8c98f2c61c646de884. Signed-off-by: Mark Sagi-Kazar <[email protected]> * fix(connector/google): make admin email optional for default creds Signed-off-by: Mark Sagi-Kazar <[email protected]> * build(deps): bump golang from 1.19.1-alpine3.16 to 1.19.2-alpine3.16 Bumps golang from 1.19.1-alpine3.16 to 1.19.2-alpine3.16. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * fix(connector/google): only initialize admin service if necessary Signed-off-by: Mark Sagi-Kazar <[email protected]> * fix: Update gomplate version to 3.11.3 fix CVE-2022-27665 (#2705) Signed-off-by: m.nabokikh <[email protected]> * build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (#2708) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#2715) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.1. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump google.golang.org/api from 0.98.0 to 0.101.0 (#2720) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.98.0 to 0.101.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.98.0...v0.101.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/mattn/go-sqlite3 from 1.14.15 to 1.14.16 (#2721) Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.15 to 1.14.16. - [Release notes](https://github.com/mattn/go-sqlite3/releases) - [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.15...v1.14.16) --- updated-dependencies: - dependency-name: github.com/mattn/go-sqlite3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump aquasecurity/trivy-action from 0.7.1 to 0.8.0 (#2723) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.7.1 to 0.8.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.7.1...0.8.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#2718) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.0 to 1.6.1. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang from 1.19.2-alpine3.16 to 1.19.3-alpine3.16 (#2724) Bumps golang from 1.19.2-alpine3.16 to 1.19.3-alpine3.16. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * TLS configure for OIDC connector (#1632) Signed-off-by: Rui Yang <[email protected]> * Add icon for gitea (#2733) Signed-off-by: Pablo Ovelleiro Corral <[email protected]> Signed-off-by: Engin Diri <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: m.nabokikh <[email protected]> Signed-off-by: Mark Sagi-Kazar <[email protected]> Signed-off-by: Daniel Haus <[email protected]> Signed-off-by: Mattias Gees <[email protected]> Signed-off-by: techknowlogick <[email protected]> Signed-off-by: Shuanglei Tao <[email protected]> Signed-off-by: Anthony Brandelli <[email protected]> Signed-off-by: Michael Kelly <[email protected]> Signed-off-by: Shivansh Vij <[email protected]> Signed-off-by: Chance Zibolski <[email protected]> Signed-off-by: Joe Knight <[email protected]> Signed-off-by: Björn Busse <[email protected]> Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: Bob Callaway <[email protected]> Signed-off-by: mayurwaghmode <[email protected]> Signed-off-by: Joost Buskermolen <[email protected]> Signed-off-by: Marcelo Clavel <[email protected]> Signed-off-by: Trung <[email protected]> Signed-off-by: erwinvaneyk <[email protected]> Signed-off-by: Jann Fischer <[email protected]> Signed-off-by: Rui Yang <[email protected]> Signed-off-by: Pablo Ovelleiro Corral <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Engin Diri <[email protected]> Co-authored-by: Maksim Nabokikh <[email protected]> Co-authored-by: Márk Sági-Kazár <[email protected]> Co-authored-by: Mark Sagi-Kazar <[email protected]> Co-authored-by: Daniel Haus <[email protected]> Co-authored-by: Mattias Gees <[email protected]> Co-authored-by: techknowlogick <[email protected]> Co-authored-by: Shuanglei Tao <[email protected]> Co-authored-by: Anthony Brandelli <[email protected]> Co-authored-by: Maksim Nabokikh <[email protected]> Co-authored-by: Michael Kelly <[email protected]> Co-authored-by: Shivansh Vij <[email protected]> Co-authored-by: Bob Callaway <[email protected]> Co-authored-by: Chance Zibolski <[email protected]> Co-authored-by: Joe Knight <[email protected]> Co-authored-by: Björn Busse <[email protected]> Co-authored-by: Bob Callaway <[email protected]> Co-authored-by: mayurwaghmode <[email protected]> Co-authored-by: Joost Buskermolen <[email protected]> Co-authored-by: Michiel van Pouderoijen <[email protected]> Co-authored-by: Marcelo Clavel <[email protected]> Co-authored-by: Hoang Quoc Trung <[email protected]> Co-authored-by: Erwin van Eyk <[email protected]> Co-authored-by: Jann Fischer <[email protected]> Co-authored-by: Rui Yang <[email protected]> Co-authored-by: Pablo Ovelleiro Corral <[email protected]>

@xtremerui

The official container image for this release can be pulled from ``` ghcr.io/dexidp/dex:v2.36.0 ```  ## What's Changed ### Enhancements 🚀 * TLS configure for OIDC connector by @xtremerui in dexidp#1632 * Add icon for gitea by @pinpox in dexidp#2733 * fix: Do not use connector data from the refresh token field by @nabokihms in dexidp#2729 * Add preferredEmailDomain config option for GitHub connector by @nobuyo in dexidp#2740 * Move unique functionality into getGroups to reduce calls to google by @snuggie12 in dexidp#2628 * fix: prevent server-side request forgery using Kubernetes storage by @nabokihms in dexidp#2479 * fix: return 401 if password is invalid by @nabokihms in dexidp#2796 * feat: Add default robots.txt by @nabokihms in dexidp#2834 * Skip redirection to approval when it is not required (dexidp#2686) by @nobuyo in dexidp#2805 * feat: Bump dependencies and Makefile refactoring by @nabokihms in dexidp#2844 ### Bug Fixes 🐛 * Make admin email optional when no service account path is configured by @sagikazarmark in dexidp#2695 * Only initialize google admin service if necessary by @sagikazarmark in dexidp#2700 ### Dependency Updates ⬆️ * build(deps): bump golang from 1.19.1-alpine3.16 to 1.19.2-alpine3.16 by @dependabot in dexidp#2697 * fix: Update gomplate version to 3.11.3 fix CVE-2022-27665 by @nabokihms in dexidp#2705 * build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 by @dependabot in dexidp#2708 * build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 by @dependabot in dexidp#2715 * build(deps): bump google.golang.org/api from 0.98.0 to 0.101.0 by @dependabot in dexidp#2720 * build(deps): bump github.com/mattn/go-sqlite3 from 1.14.15 to 1.14.16 by @dependabot in dexidp#2721 * build(deps): bump aquasecurity/trivy-action from 0.7.1 to 0.8.0 by @dependabot in dexidp#2723 * build(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 by @dependabot in dexidp#2718 * build(deps): bump golang from 1.19.2-alpine3.16 to 1.19.3-alpine3.16 by @dependabot in dexidp#2724 * build(deps): bump alpine from 3.16.2 to 3.17.0 by @dependabot in dexidp#2746 * build(deps): bump github.com/prometheus/client_golang from 1.13.0 to 1.14.0 by @dependabot in dexidp#2735 * build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.5 to 3.5.6 by @dependabot in dexidp#2744 * build(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 by @dependabot in dexidp#2751 * build(deps): bump golang from 1.19.3-alpine3.16 to 1.19.4-alpine3.16 by @dependabot in dexidp#2750 * build(deps): bump golang.org/x/crypto from 0.3.0 to 0.4.0 by @dependabot in dexidp#2755 * build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.5 to 3.5.6 by @dependabot in dexidp#2743 * build(deps): bump github.com/go-sql-driver/mysql from 1.6.0 to 1.7.0 by @dependabot in dexidp#2754 * build(deps): bump helm/kind-action from 1.4.0 to 1.5.0 by @dependabot in dexidp#2758 * build(deps): bump google.golang.org/grpc from 1.50.1 to 1.51.0 by @dependabot in dexidp#2741 * build(deps): bump google.golang.org/api from 0.101.0 to 0.104.0 by @dependabot in dexidp#2753 * build(deps): bump google.golang.org/grpc from 1.49.0 to 1.51.0 in /api/v2 by @dependabot in dexidp#2742 * build(deps): bump golang.org/x/net from 0.3.0 to 0.4.0 by @dependabot in dexidp#2761 * build(deps): bump entgo.io/ent from 0.11.3 to 0.11.4 by @dependabot in dexidp#2725 * build(deps): bump google.golang.org/api from 0.104.0 to 0.105.0 by @dependabot in dexidp#2760 * build(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 by @dependabot in dexidp#2774 * build(deps): bump google.golang.org/api from 0.105.0 to 0.106.0 by @dependabot in dexidp#2772 * build(deps): bump github.com/coreos/go-oidc/v3 from 3.4.0 to 3.5.0 by @dependabot in dexidp#2770 * build(deps): bump golang.org/x/crypto from 0.4.0 to 0.5.0 by @dependabot in dexidp#2773 * build(deps): bump golang.org/x/oauth2 from 0.3.0 to 0.4.0 by @dependabot in dexidp#2777 * build(deps): bump entgo.io/ent from 0.11.4 to 0.11.5 by @dependabot in dexidp#2779 * build(deps): bump alpine from 3.17.0 to 3.17.1 by @dependabot in dexidp#2780 * build(deps): bump mheap/github-action-required-labels from 2 to 3 by @dependabot in dexidp#2769 * build(deps): bump google.golang.org/api from 0.106.0 to 0.107.0 by @dependabot in dexidp#2788 * build(deps): bump golang from 1.19.4-alpine3.16 to 1.19.5-alpine3.16 by @dependabot in dexidp#2782 * build(deps): bump google.golang.org/grpc from 1.51.0 to 1.52.0 by @dependabot in dexidp#2783 * build(deps): bump google.golang.org/api from 0.107.0 to 0.108.0 by @dependabot in dexidp#2793 * build(deps): bump google.golang.org/grpc from 1.51.0 to 1.52.0 in /api/v2 by @dependabot in dexidp#2784 * chore: Upgrade golangci-lint to v1.50.1 from v1.46.0 by @dlipovetsky in dexidp#2790 * ci: Use go 1.19 by @dlipovetsky in dexidp#2791 * build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.6 to 3.5.7 by @dependabot in dexidp#2798 * build(deps): bump docker/build-push-action from 3 to 4 by @dependabot in dexidp#2807 * build(deps): bump golang from 1.19.5-alpine3.16 to 1.20.0-alpine3.16 by @dependabot in dexidp#2811 * build(deps): bump aquasecurity/trivy-action from 0.8.0 to 0.9.0 by @dependabot in dexidp#2810 * build(deps): bump alpine from 3.17.1 to 3.17.2 by @dependabot in dexidp#2821 * build(deps): bump aquasecurity/trivy-action from 0.9.0 to 0.9.1 by @dependabot in dexidp#2822 * build(deps): bump entgo.io/ent from 0.11.5 to 0.11.8 by @dependabot in dexidp#2823 * build(deps): bump golang.org/x/crypto from 0.5.0 to 0.6.0 by @dependabot in dexidp#2818 * build(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 by @dependabot in dexidp#2828 * build(deps): bump golang.org/x/net from 0.4.0 to 0.7.0 in /api/v2 by @dependabot in dexidp#2832 * build(deps): bump golang.org/x/sys from 0.0.0-20220114195835-da31bd327af9 to 0.1.0 in /examples by @dependabot in dexidp#2837 * build(deps): bump golang.org/x/net from 0.0.0-20220114011407-0dd24b26b47d to 0.7.0 in /examples by @dependabot in dexidp#2846 * build(deps): bump golang from 1.20.0-alpine3.16 to 1.20.1-alpine3.16 by @dependabot in dexidp#2827 * build(deps): bump aquasecurity/trivy-action from 0.9.1 to 0.9.2 by @dependabot in dexidp#2850 * build(deps): bump golang from 1.20.1-alpine3.16 to 1.20.2-alpine3.16 by @dependabot in dexidp#2849 * feat: Bump gomplate 3.11.4 by @nabokihms in dexidp#2840 * build(deps): bump golang.org/x/crypto from 0.6.0 to 0.7.0 by @dependabot in dexidp#2856 * build(deps): bump golang.org/x/oauth2 from 0.4.0 to 0.6.0 by @dependabot in dexidp#2847 * build(deps): bump google.golang.org/api from 0.108.0 to 0.112.0 by @dependabot in dexidp#2853 * build(deps): bump google.golang.org/api from 0.112.0 to 0.114.0 by @dependabot in dexidp#2869 * build(deps): bump actions/setup-go from 3 to 4 by @dependabot in dexidp#2863 * build(deps): bump github.com/russellhaering/goxmldsig from 1.2.0 to 1.3.0 by @dependabot in dexidp#2862 * build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.30.0 by @dependabot in dexidp#2866 * build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.30.0 in /api/v2 by @dependabot in dexidp#2867 * build(deps): bump golang.org/x/crypto from 0.0.0-20220112180741-5e0467b6c7ce to 0.1.0 in /examples by @dependabot in dexidp#2845 * build(deps): bump google.golang.org/grpc from 1.52.0 to 1.53.0 in /api/v2 by @dependabot in dexidp#2816 * chore: upgrade tools by @sagikazarmark in dexidp#2870 ### Other Changes * Bump image in examples/k8s/dex.yaml to v2.32.0 by @stealthybox in dexidp#2569 ## New Contributors * @pinpox made their first contribution in dexidp#2733 * @nobuyo made their first contribution in dexidp#2740 * @dlipovetsky made their first contribution in dexidp#2790 * @seankhliao made their first contribution in dexidp#2812 * @stealthybox made their first contribution in dexidp#2569 **Full Changelog**: dexidp/dex@v2.35.3...v2.36.0

Signed-off-by: Rui Yang <[email protected]>

xtremerui force-pushed the pr/oidc-CA-configure-sync branch from e91e176 to 94a3e6c Compare January 20, 2020 17:36

xtremerui requested a review from sagikazarmark January 20, 2020 17:41

xtremerui mentioned this pull request Jan 20, 2020

Sync concourse/dex with upstream Dex concourse/concourse#4983

Open

xtremerui force-pushed the pr/oidc-CA-configure-sync branch from 94a3e6c to a0ea1b4 Compare January 20, 2020 17:44

xtremerui force-pushed the pr/oidc-CA-configure-sync branch 3 times, most recently from 8b6ec60 to 732eb22 Compare September 28, 2020 19:39

xtremerui force-pushed the pr/oidc-CA-configure-sync branch 4 times, most recently from 9e80f0b to 5bc7733 Compare October 5, 2020 20:51

xtremerui force-pushed the pr/oidc-CA-configure-sync branch from 5bc7733 to bbbfd15 Compare October 16, 2020 16:43

xtremerui force-pushed the pr/oidc-CA-configure-sync branch 2 times, most recently from 99c2dc8 to 7c621d3 Compare November 5, 2020 04:22

xtremerui force-pushed the pr/oidc-CA-configure-sync branch from 7c621d3 to ced8d9d Compare December 15, 2020 16:34

muntac force-pushed the pr/oidc-CA-configure-sync branch from ced8d9d to 14970ac Compare March 16, 2021 18:34

xtremerui force-pushed the pr/oidc-CA-configure-sync branch from 14970ac to bd81b08 Compare March 20, 2021 20:06

xtremerui force-pushed the pr/oidc-CA-configure-sync branch from bd81b08 to 7724ee0 Compare February 9, 2022 16:22

xtremerui force-pushed the pr/oidc-CA-configure-sync branch from 7724ee0 to f98aae9 Compare March 22, 2022 14:15

xtremerui force-pushed the pr/oidc-CA-configure-sync branch from f98aae9 to 9460b5d Compare May 26, 2022 16:08

xtremerui force-pushed the pr/oidc-CA-configure-sync branch 2 times, most recently from 38a8196 to cc399f7 Compare August 2, 2022 18:01

xtremerui force-pushed the pr/oidc-CA-configure-sync branch 2 times, most recently from 0f9c3a5 to a3df4f9 Compare September 16, 2022 05:28

xtremerui force-pushed the pr/oidc-CA-configure-sync branch from a3df4f9 to b3f0835 Compare October 3, 2022 16:05

sagikazarmark added the kind/enhancement label Oct 3, 2022

sagikazarmark requested changes Oct 3, 2022

View reviewed changes

sagikazarmark added this to the v2.36.0 milestone Oct 3, 2022

sagikazarmark and others added 3 commits October 4, 2022 09:07

Revert "fix: check for no serviceAccountFilePath and no email (dexidp…

19b3aab

…#2679)" This reverts commit 4947772. Signed-off-by: Mark Sagi-Kazar <[email protected]>

fix(connector/google): make admin email optional for default creds

261adee

Signed-off-by: Mark Sagi-Kazar <[email protected]>

Merge pull request dexidp#2696 from dexidp/backport-2694

2027413

Backport dexidp#2694 to v2.35.x

xtremerui force-pushed the pr/oidc-CA-configure-sync branch from b3f0835 to ed39c34 Compare October 4, 2022 10:34

dependabot bot and others added 4 commits October 5, 2022 12:39

Merge pull request dexidp#2698 from dexidp/backport-go-update

8e2bce3

Backport Go update to v2.35.x

fix(connector/google): only initialize admin service if necessary

829444d

Signed-off-by: Mark Sagi-Kazar <[email protected]>

Merge pull request dexidp#2702 from dexidp/backport-2700

9063c79

Backport dexidp#2700 to v2.35.x

xtremerui force-pushed the pr/oidc-CA-configure-sync branch from ccdc4d0 to e73567b Compare October 8, 2022 01:39

nabokihms and others added 2 commits October 10, 2022 13:25

fix: Update gomplate version to 3.11.3 fix CVE-2022-27665

ccbc86e

Signed-off-by: m.nabokikh <[email protected]>

Merge pull request dexidp#2706 from flant/backport-cve-2022-27665

54c9e82

Backport dexidp#2705 to v2.35.x

xtremerui force-pushed the pr/oidc-CA-configure-sync branch 2 times, most recently from 2cb57bb to 9b00836 Compare October 11, 2022 21:08

vito and others added 4 commits October 31, 2022 15:02

allow configuring CAs/skip verify for OIDC

ac3d07f

Signed-off-by: Alex Suraci <[email protected]> Co-authored-by: Rui Yang <[email protected]>

Fix io/ioutil deprecation error

eb3dbfc

Signed-off-by: Rui Yang <[email protected]>

refactor newHTTPClient func

3eff26c

* extract common newHTTPClient func out to its own package * add test for testing root CAs in the constructor. * test certs are set to expired in 10 years Signed-off-by: Rui Yang <[email protected]>

remove unused HostedDomains

67d9142

Signed-off-by: Rui Yang <[email protected]>

xtremerui force-pushed the pr/oidc-CA-configure-sync branch from 9b00836 to 67d9142 Compare October 31, 2022 15:02

nabokihms self-requested a review November 4, 2022 12:49

Merge branch 'master' into pr/oidc-CA-configure-sync

df80649

Signed-off-by: Rui Yang <[email protected]>

nabokihms approved these changes Nov 7, 2022

View reviewed changes

nabokihms merged commit 54345b6 into dexidp:master Nov 7, 2022

nabokihms mentioned this pull request Jan 10, 2023

fix: propagate http client to userInfo requests for OIDC connector #2781

Merged

xtremerui deleted the pr/oidc-CA-configure-sync branch May 25, 2023 15:40

palexster pushed a commit to palexster/dex that referenced this pull request Oct 4, 2023

TLS configure for OIDC connector (dexidp#1632)

ff4953c

Signed-off-by: Rui Yang <[email protected]>

michaelliau pushed a commit to FlockFreight/dex that referenced this pull request Oct 4, 2023

TLS configure for OIDC connector (dexidp#1632)

fcd23cc

Signed-off-by: Rui Yang <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TLS configure for OIDC connector #1632

TLS configure for OIDC connector #1632

xtremerui commented Jan 20, 2020

xtremerui commented Nov 5, 2020

xtremerui commented Nov 10, 2021

sagikazarmark left a comment

sagikazarmark Oct 3, 2022

xtremerui Oct 8, 2022 •

edited

Loading

nabokihms commented Nov 4, 2022

xtremerui commented Nov 5, 2022

nabokihms left a comment

TLS configure for OIDC connector #1632

TLS configure for OIDC connector #1632

Conversation

xtremerui commented Jan 20, 2020

xtremerui commented Nov 5, 2020

xtremerui commented Nov 10, 2021

sagikazarmark left a comment

Choose a reason for hiding this comment

sagikazarmark Oct 3, 2022

Choose a reason for hiding this comment

xtremerui Oct 8, 2022 • edited Loading

Choose a reason for hiding this comment

nabokihms commented Nov 4, 2022

xtremerui commented Nov 5, 2022

nabokihms left a comment

Choose a reason for hiding this comment

xtremerui Oct 8, 2022 •

edited

Loading