Added pod probes

Author: ewoutp

Makefile

@@ -79,6 +79,7 @@ update-vendor:
 		k8s.io/apiextensions-apiserver \
 		github.com/cenkalti/backoff \
 		github.com/dchest/uniuri \
+		github.com/dgrijalva/jwt-go \
 		github.com/pkg/errors \
 		github.com/prometheus/client_golang/prometheus \
 		github.com/pulcy/pulsar \

deps/github.com/dgrijalva/jwt-go/.travis.yml

@@ -1,8 +1,13 @@
 language: go
 
+script:
+    - go vet ./...
+    - go test -v ./...
+
 go:
   - 1.3
   - 1.4
   - 1.5
   - 1.6
+  - 1.7
   - tip

deps/github.com/dgrijalva/jwt-go/MIGRATION_GUIDE.md

@@ -56,8 +56,9 @@ This simple parsing example:
 is directly mapped to:
 
 ```go
-	if token, err := request.ParseFromRequest(tokenString, request.OAuth2Extractor, req, keyLookupFunc); err == nil {
-		fmt.Printf("Token for user %v expires %v", token.Claims["user"], token.Claims["exp"])
+	if token, err := request.ParseFromRequest(req, request.OAuth2Extractor, keyLookupFunc); err == nil {
+		claims := token.Claims.(jwt.MapClaims)
+		fmt.Printf("Token for user %v expires %v", claims["user"], claims["exp"])
 	}
 ```
 

deps/github.com/dgrijalva/jwt-go/README.md

@@ -4,7 +4,7 @@ A [go](http://www.golang.org) (or 'golang' for search engine friendliness) imple
 
 **BREAKING CHANGES:*** Version 3.0.0 is here. It includes _a lot_ of changes including a few that break the API.  We've tried to break as few things as possible, so there should just be a few type signature changes.  A full list of breaking changes is available in `VERSION_HISTORY.md`.  See `MIGRATION_GUIDE.md` for more information on updating your code.
 
-**NOTICE:** A vulnerability in JWT was [recently published](https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/).  As this library doesn't force users to validate the `alg` is what they expected, it's possible your usage is effected.  There will be an update soon to remedy this, and it will likey require backwards-incompatible changes to the API.  In the short term, please make sure your implementation verifies the `alg` is what you expect.
+**NOTICE:** It's important that you [validate the `alg` presented is what you expect](https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/). This library attempts to make it easy to do the right thing by requiring key types match the expected alg, but you should take the extra step to verify it in your usage.  See the examples provided.
 
 
 ## What the heck is a JWT?
@@ -74,12 +74,12 @@ It's worth mentioning that OAuth and JWT are not the same thing. A JWT token is
 
 Without going too far down the rabbit hole, here's a description of the interaction of these technologies:
 
-* OAuth is a protocol for allowing an identity provider to be separate from the service a user is logging in to.  For example, whenever you use Facebook to log into a different service (Yelp, Spotify, etc), you are using OAuth.
+* OAuth is a protocol for allowing an identity provider to be separate from the service a user is logging in to. For example, whenever you use Facebook to log into a different service (Yelp, Spotify, etc), you are using OAuth.
 * OAuth defines several options for passing around authentication data. One popular method is called a "bearer token". A bearer token is simply a string that _should_ only be held by an authenticated user. Thus, simply presenting this token proves your identity. You can probably derive from here why a JWT might make a good bearer token.
 * Because bearer tokens are used for authentication, it's important they're kept secret. This is why transactions that use bearer tokens typically happen over SSL.
 
 ## More
 
 Documentation can be found [on godoc.org](http://godoc.org/github.com/dgrijalva/jwt-go).
 
-The command line utility included in this project (cmd/jwt) provides a straightforward example of token creation and parsing as well as a useful tool for debugging your own integration.  You'll also find several implementation examples in to documentation.
+The command line utility included in this project (cmd/jwt) provides a straightforward example of token creation and parsing as well as a useful tool for debugging your own integration. You'll also find several implementation examples in the documentation.

deps/github.com/dgrijalva/jwt-go/VERSION_HISTORY.md

@@ -1,5 +1,11 @@
 ## `jwt-go` Version History
 
+#### 3.1.0
+
+* Improvements to `jwt` command line tool
+* Added `SkipClaimsValidation` option to `Parser`
+* Documentation updates
+
 #### 3.0.0
 
 * **Compatibility Breaking Changes**: See MIGRATION_GUIDE.md for tips on updating your code

deps/github.com/dgrijalva/jwt-go/cmd/jwt/README.md

@@ -0,0 +1,13 @@
+`jwt` command-line tool
+=======================
+
+This is a simple tool to sign, verify and show JSON Web Tokens from
+the command line.
+
+The following will create and sign a token, then verify it and output the original claims:
+
+     echo {\"foo\":\"bar\"} | ./jwt -key ../../test/sample_key -alg RS256 -sign - | ./jwt -key ../../test/sample_key.pub -alg RS256 -verify -
+
+To simply display a token, use:
+
+    echo $JWT | ./jwt -show -

deps/github.com/dgrijalva/jwt-go/cmd/jwt/app.go

@@ -0,0 +1,282 @@
+// A useful example app.  You can use this to debug your tokens on the command line.
+// This is also a great place to look at how you might use this library.
+//
+// Example usage:
+// The following will create and sign a token, then verify it and output the original claims.
+//     echo {\"foo\":\"bar\"} | bin/jwt -key test/sample_key -alg RS256 -sign - | bin/jwt -key test/sample_key.pub -verify -
+package main
+
+import (
+	"encoding/json"
+	"flag"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"regexp"
+	"strings"
+
+	jwt "github.com/dgrijalva/jwt-go"
+)
+
+var (
+	// Options
+	flagAlg     = flag.String("alg", "", "signing algorithm identifier")
+	flagKey     = flag.String("key", "", "path to key file or '-' to read from stdin")
+	flagCompact = flag.Bool("compact", false, "output compact JSON")
+	flagDebug   = flag.Bool("debug", false, "print out all kinds of debug data")
+	flagClaims  = make(ArgList)
+	flagHead    = make(ArgList)
+
+	// Modes - exactly one of these is required
+	flagSign   = flag.String("sign", "", "path to claims object to sign, '-' to read from stdin, or '+' to use only -claim args")
+	flagVerify = flag.String("verify", "", "path to JWT token to verify or '-' to read from stdin")
+	flagShow   = flag.String("show", "", "path to JWT file or '-' to read from stdin")
+)
+
+func main() {
+	// Plug in Var flags
+	flag.Var(flagClaims, "claim", "add additional claims. may be used more than once")
+	flag.Var(flagHead, "header", "add additional header params. may be used more than once")
+
+	// Usage message if you ask for -help or if you mess up inputs.
+	flag.Usage = func() {
+		fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0])
+		fmt.Fprintf(os.Stderr, "  One of the following flags is required: sign, verify\n")
+		flag.PrintDefaults()
+	}
+
+	// Parse command line options
+	flag.Parse()
+
+	// Do the thing.  If something goes wrong, print error to stderr
+	// and exit with a non-zero status code
+	if err := start(); err != nil {
+		fmt.Fprintf(os.Stderr, "Error: %v\n", err)
+		os.Exit(1)
+	}
+}
+
+// Figure out which thing to do and then do that
+func start() error {
+	if *flagSign != "" {
+		return signToken()
+	} else if *flagVerify != "" {
+		return verifyToken()
+	} else if *flagShow != "" {
+		return showToken()
+	} else {
+		flag.Usage()
+		return fmt.Errorf("None of the required flags are present.  What do you want me to do?")
+	}
+}
+
+// Helper func:  Read input from specified file or stdin
+func loadData(p string) ([]byte, error) {
+	if p == "" {
+		return nil, fmt.Errorf("No path specified")
+	}
+
+	var rdr io.Reader
+	if p == "-" {
+		rdr = os.Stdin
+	} else if p == "+" {
+		return []byte("{}"), nil
+	} else {
+		if f, err := os.Open(p); err == nil {
+			rdr = f
+			defer f.Close()
+		} else {
+			return nil, err
+		}
+	}
+	return ioutil.ReadAll(rdr)
+}
+
+// Print a json object in accordance with the prophecy (or the command line options)
+func printJSON(j interface{}) error {
+	var out []byte
+	var err error
+
+	if *flagCompact == false {
+		out, err = json.MarshalIndent(j, "", "    ")
+	} else {
+		out, err = json.Marshal(j)
+	}
+
+	if err == nil {
+		fmt.Println(string(out))
+	}
+
+	return err
+}
+
+// Verify a token and output the claims.  This is a great example
+// of how to verify and view a token.
+func verifyToken() error {
+	// get the token
+	tokData, err := loadData(*flagVerify)
+	if err != nil {
+		return fmt.Errorf("Couldn't read token: %v", err)
+	}
+
+	// trim possible whitespace from token
+	tokData = regexp.MustCompile(`\s*$`).ReplaceAll(tokData, []byte{})
+	if *flagDebug {
+		fmt.Fprintf(os.Stderr, "Token len: %v bytes\n", len(tokData))
+	}
+
+	// Parse the token.  Load the key from command line option
+	token, err := jwt.Parse(string(tokData), func(t *jwt.Token) (interface{}, error) {
+		data, err := loadData(*flagKey)
+		if err != nil {
+			return nil, err
+		}
+		if isEs() {
+			return jwt.ParseECPublicKeyFromPEM(data)
+		} else if isRs() {
+			return jwt.ParseRSAPublicKeyFromPEM(data)
+		}
+		return data, nil
+	})
+
+	// Print some debug data
+	if *flagDebug && token != nil {
+		fmt.Fprintf(os.Stderr, "Header:\n%v\n", token.Header)
+		fmt.Fprintf(os.Stderr, "Claims:\n%v\n", token.Claims)
+	}
+
+	// Print an error if we can't parse for some reason
+	if err != nil {
+		return fmt.Errorf("Couldn't parse token: %v", err)
+	}
+
+	// Is token invalid?
+	if !token.Valid {
+		return fmt.Errorf("Token is invalid")
+	}
+
+	// Print the token details
+	if err := printJSON(token.Claims); err != nil {
+		return fmt.Errorf("Failed to output claims: %v", err)
+	}
+
+	return nil
+}
+
+// Create, sign, and output a token.  This is a great, simple example of
+// how to use this library to create and sign a token.
+func signToken() error {
+	// get the token data from command line arguments
+	tokData, err := loadData(*flagSign)
+	if err != nil {
+		return fmt.Errorf("Couldn't read token: %v", err)
+	} else if *flagDebug {
+		fmt.Fprintf(os.Stderr, "Token: %v bytes", len(tokData))
+	}
+
+	// parse the JSON of the claims
+	var claims jwt.MapClaims
+	if err := json.Unmarshal(tokData, &claims); err != nil {
+		return fmt.Errorf("Couldn't parse claims JSON: %v", err)
+	}
+
+	// add command line claims
+	if len(flagClaims) > 0 {
+		for k, v := range flagClaims {
+			claims[k] = v
+		}
+	}
+
+	// get the key
+	var key interface{}
+	key, err = loadData(*flagKey)
+	if err != nil {
+		return fmt.Errorf("Couldn't read key: %v", err)
+	}
+
+	// get the signing alg
+	alg := jwt.GetSigningMethod(*flagAlg)
+	if alg == nil {
+		return fmt.Errorf("Couldn't find signing method: %v", *flagAlg)
+	}
+
+	// create a new token
+	token := jwt.NewWithClaims(alg, claims)
+
+	// add command line headers
+	if len(flagHead) > 0 {
+		for k, v := range flagHead {
+			token.Header[k] = v
+		}
+	}
+
+	if isEs() {
+		if k, ok := key.([]byte); !ok {
+			return fmt.Errorf("Couldn't convert key data to key")
+		} else {
+			key, err = jwt.ParseECPrivateKeyFromPEM(k)
+			if err != nil {
+				return err
+			}
+		}
+	} else if isRs() {
+		if k, ok := key.([]byte); !ok {
+			return fmt.Errorf("Couldn't convert key data to key")
+		} else {
+			key, err = jwt.ParseRSAPrivateKeyFromPEM(k)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	if out, err := token.SignedString(key); err == nil {
+		fmt.Println(out)
+	} else {
+		return fmt.Errorf("Error signing token: %v", err)
+	}
+
+	return nil
+}
+
+// showToken pretty-prints the token on the command line.
+func showToken() error {
+	// get the token
+	tokData, err := loadData(*flagShow)
+	if err != nil {
+		return fmt.Errorf("Couldn't read token: %v", err)
+	}
+
+	// trim possible whitespace from token
+	tokData = regexp.MustCompile(`\s*$`).ReplaceAll(tokData, []byte{})
+	if *flagDebug {
+		fmt.Fprintf(os.Stderr, "Token len: %v bytes\n", len(tokData))
+	}
+
+	token, err := jwt.Parse(string(tokData), nil)
+	if token == nil {
+		return fmt.Errorf("malformed token: %v", err)
+	}
+
+	// Print the token details
+	fmt.Println("Header:")
+	if err := printJSON(token.Header); err != nil {
+		return fmt.Errorf("Failed to output header: %v", err)
+	}
+
+	fmt.Println("Claims:")
+	if err := printJSON(token.Claims); err != nil {
+		return fmt.Errorf("Failed to output claims: %v", err)
+	}
+
+	return nil
+}
+
+func isEs() bool {
+	return strings.HasPrefix(*flagAlg, "ES")
+}
+
+func isRs() bool {
+	return strings.HasPrefix(*flagAlg, "RS")
+}

deps/github.com/dgrijalva/jwt-go/cmd/jwt/args.go

@@ -0,0 +1,23 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+)
+
+type ArgList map[string]string
+
+func (l ArgList) String() string {
+	data, _ := json.Marshal(l)
+	return string(data)
+}
+
+func (l ArgList) Set(arg string) error {
+	parts := strings.SplitN(arg, "=", 2)
+	if len(parts) != 2 {
+		return fmt.Errorf("Invalid argument '%v'.  Must use format 'key=value'. %v", arg, parts)
+	}
+	l[parts[0]] = parts[1]
+	return nil
+}