go-vela · ecrupper · Apr 4, 2025 · Apr 3, 2025 · Apr 3, 2025 · Apr 3, 2025
@@ -12,7 +12,7 @@ import (
 
 	"github.com/adhocore/gronx"
 	"github.com/google/go-cmp/cmp"
-	"github.com/lestrrat-go/jwx/v2/jwk"
+	"github.com/lestrrat-go/jwx/v3/jwk"
 
 	api "github.com/go-vela/server/api/types"
 	"github.com/go-vela/server/api/types/settings"
@@ -991,9 +991,14 @@ func testJWKs(t *testing.T, db Interface, resources *Resources) {
 
 		jkPub, _ := jk.(jwk.RSAPublicKey)
 
+		kid, ok := jkPub.KeyID()
+		if !ok {
+			t.Errorf("unable to get key ID for jwk")
+		}
+
 		err := db.CreateJWK(context.TODO(), jkPub)
 		if err != nil {
-			t.Errorf("unable to create jwk %s: %v", jkPub.KeyID(), err)
+			t.Errorf("unable to create jwk %s: %v", kid, err)
 		}
 	}
 	methods["CreateJWK"] = true
@@ -1014,9 +1019,14 @@ func testJWKs(t *testing.T, db Interface, resources *Resources) {
 
 		jkPub, _ := jk.(jwk.RSAPublicKey)
 
-		got, err := db.GetActiveJWK(context.TODO(), jkPub.KeyID())
+		kid, ok := jkPub.KeyID()
+		if !ok {
+			t.Errorf("unable to get key ID for jwk")
+		}
+
+		got, err := db.GetActiveJWK(context.TODO(), kid)
 		if err != nil {
-			t.Errorf("unable to get jwk %s: %v", jkPub.KeyID(), err)
+			t.Errorf("unable to get jwk %s: %v", kid, err)
 		}
 
 		if !cmp.Equal(jkPub, got, testutils.JwkKeyOpts) {
@@ -1036,7 +1046,12 @@ func testJWKs(t *testing.T, db Interface, resources *Resources) {
 
 		jkPub, _ := jk.(jwk.RSAPublicKey)
 
-		_, err := db.GetActiveJWK(context.TODO(), jkPub.KeyID())
+		kid, ok := jkPub.KeyID()
+		if !ok {
+			t.Errorf("unable to get key ID for jwk")
+		}
+
+		_, err := db.GetActiveJWK(context.TODO(), kid)
 		if err == nil {
 			t.Errorf("GetActiveJWK() should return err after rotation")
 		}

@@ -5,8 +5,9 @@ package jwk
 import (
 	"context"
 	"database/sql"
+	"fmt"
 
-	"github.com/lestrrat-go/jwx/v2/jwk"
+	"github.com/lestrrat-go/jwx/v3/jwk"
 	"github.com/sirupsen/logrus"
 
 	"github.com/go-vela/server/constants"
@@ -15,9 +16,14 @@ import (
 
 // CreateJWK creates a new JWK in the database.
 func (e *engine) CreateJWK(ctx context.Context, j jwk.RSAPublicKey) error {
+	logKeyID, ok := j.KeyID()
+	if !ok {
+		return fmt.Errorf("unable to create JWK: no key provided")
+	}
+
 	e.logger.WithFields(logrus.Fields{
-		"jwk": j.KeyID(),
-	}).Tracef("creating key %s", j.KeyID())
+		"jwk": logKeyID,
+	}).Tracef("creating key %s", logKeyID)
 
 	key := types.JWKFromAPI(j)
 	key.Active = sql.NullBool{Bool: true, Valid: true}

@@ -23,11 +23,16 @@ func TestJWK_Engine_CreateJWK(t *testing.T) {
 	_postgres, _mock := testPostgres(t)
 	defer func() { _sql, _ := _postgres.client.DB(); _sql.Close() }()
 
+	kid, ok := _jwk.KeyID()
+	if !ok {
+		t.Errorf("unable to get key ID for jwk")
+	}
+
 	// ensure the mock expects the query
 	_mock.ExpectExec(`INSERT INTO "jwks"
 ("id","active","key")
 VALUES ($1,$2,$3)`).
-		WithArgs(_jwk.KeyID(), true, _jwkBytes).
+		WithArgs(kid, true, _jwkBytes).
 		WillReturnResult(sqlmock.NewResult(1, 1))
 
 	_sqlite := testSqlite(t)

@@ -5,7 +5,7 @@ package jwk
 import (
 	"context"
 
-	"github.com/lestrrat-go/jwx/v2/jwk"
+	"github.com/lestrrat-go/jwx/v3/jwk"
 
 	"github.com/go-vela/server/constants"
 	"github.com/go-vela/server/database/types"

@@ -9,7 +9,7 @@ import (
 
 	"github.com/DATA-DOG/go-sqlmock"
 	"github.com/google/go-cmp/cmp"
-	"github.com/lestrrat-go/jwx/v2/jwk"
+	"github.com/lestrrat-go/jwx/v3/jwk"
 
 	"github.com/go-vela/server/database/testutils"
 )
@@ -25,13 +25,18 @@ func TestJWK_Engine_GetJWK(t *testing.T) {
 	_postgres, _mock := testPostgres(t)
 	defer func() { _sql, _ := _postgres.client.DB(); _sql.Close() }()
 
+	kid, ok := _jwk.KeyID()
+	if !ok {
+		t.Errorf("unable to get key ID for jwk")
+	}
+
 	// create expected result in mock
 	_rows := sqlmock.NewRows(
 		[]string{"id", "active", "key"},
-	).AddRow(_jwk.KeyID(), true, _jwkBytes)
+	).AddRow(kid, true, _jwkBytes)
 
 	// ensure the mock expects the query
-	_mock.ExpectQuery(`SELECT * FROM "jwks" WHERE id = $1 AND active = $2 LIMIT $3`).WithArgs(_jwk.KeyID(), true, 1).WillReturnRows(_rows)
+	_mock.ExpectQuery(`SELECT * FROM "jwks" WHERE id = $1 AND active = $2 LIMIT $3`).WithArgs(kid, true, 1).WillReturnRows(_rows)
 
 	_sqlite := testSqlite(t)
 	defer func() { _sql, _ := _sqlite.client.DB(); _sql.Close() }()
@@ -65,7 +70,7 @@ func TestJWK_Engine_GetJWK(t *testing.T) {
 	// run tests
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			got, err := test.database.GetActiveJWK(context.TODO(), _jwk.KeyID())
+			got, err := test.database.GetActiveJWK(context.TODO(), kid)
 
 			if test.failure {
 				if err == nil {

@@ -5,7 +5,7 @@ package jwk
 import (
 	"context"
 
-	"github.com/lestrrat-go/jwx/v2/jwk"
+	"github.com/lestrrat-go/jwx/v3/jwk"
 )
 
 // JWKInterface represents the Vela interface for JWK

@@ -5,7 +5,7 @@ package jwk
 import (
 	"context"
 
-	"github.com/lestrrat-go/jwx/v2/jwk"
+	"github.com/lestrrat-go/jwx/v3/jwk"
 
 	"github.com/go-vela/server/constants"
 	"github.com/go-vela/server/database/types"

@@ -9,7 +9,7 @@ import (
 	"testing"
 
 	"github.com/DATA-DOG/go-sqlmock"
-	"github.com/lestrrat-go/jwx/v2/jwk"
+	"github.com/lestrrat-go/jwx/v3/jwk"
 
 	"github.com/go-vela/server/database/testutils"
 )
@@ -31,11 +31,21 @@ func TestJWK_Engine_ListJWKs(t *testing.T) {
 	_postgres, _mock := testPostgres(t)
 	defer func() { _sql, _ := _postgres.client.DB(); _sql.Close() }()
 
+	kidOne, ok := _jwkOne.KeyID()
+	if !ok {
+		t.Errorf("unable to get key ID for jwk")
+	}
+
+	kidTwo, ok := _jwkTwo.KeyID()
+	if !ok {
+		t.Errorf("unable to get key ID for jwk")
+	}
+
 	// create expected result in mock
 	_rows := sqlmock.NewRows(
 		[]string{"id", "active", "key"}).
-		AddRow(_jwkOne.KeyID(), true, _jwkOneBytes).
-		AddRow(_jwkTwo.KeyID(), true, _jwkTwoBytes)
+		AddRow(kidOne, true, _jwkOneBytes).
+		AddRow(kidTwo, true, _jwkTwoBytes)
 
 	// ensure the mock expects the query
 	_mock.ExpectQuery(`SELECT * FROM "jwks"`).WillReturnRows(_rows)

@@ -29,21 +29,31 @@ func TestJWK_Engine_RotateKeys(t *testing.T) {
 	_postgres, _mock := testPostgres(t)
 	defer func() { _sql, _ := _postgres.client.DB(); _sql.Close() }()
 
+	kidOne, ok := _jwkOne.KeyID()
+	if !ok {
+		t.Errorf("unable to get key ID for jwk")
+	}
+
+	kidTwo, ok := _jwkTwo.KeyID()
+	if !ok {
+		t.Errorf("unable to get key ID for jwk")
+	}
+
 	// create expected result in mock
 	_rows := sqlmock.NewRows(
 		[]string{"id", "active", "key"},
-	).AddRow(_jwkOne.KeyID(), true, _jwkOneBytes)
+	).AddRow(kidOne, true, _jwkOneBytes)
 
 	// ensure the mock expects the query
-	_mock.ExpectQuery(`SELECT * FROM "jwks" WHERE id = $1 AND active = $2 LIMIT $3`).WithArgs(_jwkOne.KeyID(), true, 1).WillReturnRows(_rows)
+	_mock.ExpectQuery(`SELECT * FROM "jwks" WHERE id = $1 AND active = $2 LIMIT $3`).WithArgs(kidOne, true, 1).WillReturnRows(_rows)
 
 	// create expected result in mock
 	_rows = sqlmock.NewRows(
 		[]string{"id", "active", "key"},
-	).AddRow(_jwkTwo.KeyID(), true, _jwkTwoBytes)
+	).AddRow(kidTwo, true, _jwkTwoBytes)
 
 	// ensure the mock expects the query
-	_mock.ExpectQuery(`SELECT * FROM "jwks" WHERE id = $1 AND active = $2 LIMIT $3`).WithArgs(_jwkTwo.KeyID(), true, 1).WillReturnRows(_rows)
+	_mock.ExpectQuery(`SELECT * FROM "jwks" WHERE id = $1 AND active = $2 LIMIT $3`).WithArgs(kidTwo, true, 1).WillReturnRows(_rows)
 
 	_mock.ExpectExec(`DELETE FROM "jwks" WHERE active = $1`).
 		WithArgs(false).
@@ -87,12 +97,12 @@ func TestJWK_Engine_RotateKeys(t *testing.T) {
 	// run tests
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			_, err := test.database.GetActiveJWK(context.TODO(), _jwkOne.KeyID())
+			_, err := test.database.GetActiveJWK(context.TODO(), kidOne)
 			if err != nil {
 				t.Errorf("GetActiveJWK for %s returned err: %v", test.name, err)
 			}
 
-			_, err = test.database.GetActiveJWK(context.TODO(), _jwkTwo.KeyID())
+			_, err = test.database.GetActiveJWK(context.TODO(), kidTwo)
 			if err != nil {
 				t.Errorf("GetActiveJWK for %s returned err: %v", test.name, err)
 			}
@@ -111,12 +121,12 @@ func TestJWK_Engine_RotateKeys(t *testing.T) {
 				t.Errorf("RotateKeys for %s returned err: %v", test.name, err)
 			}
 
-			_, err = test.database.GetActiveJWK(context.TODO(), _jwkOne.KeyID())
+			_, err = test.database.GetActiveJWK(context.TODO(), kidOne)
 			if err == nil {
 				t.Errorf("GetActiveJWK for %s should have returned err", test.name)
 			}
 
-			_, err = test.database.GetActiveJWK(context.TODO(), _jwkTwo.KeyID())
+			_, err = test.database.GetActiveJWK(context.TODO(), kidTwo)
 			if err == nil {
 				t.Errorf("GetActiveJWK for %s should have returned err", test.name)
 			}

@@ -7,7 +7,7 @@ import (
 	"crypto/rsa"
 
 	"github.com/google/uuid"
-	"github.com/lestrrat-go/jwx/v2/jwk"
+	"github.com/lestrrat-go/jwx/v3/jwk"
 
 	api "github.com/go-vela/server/api/types"
 	"github.com/go-vela/server/api/types/actions"
@@ -302,7 +302,7 @@ func JWK() jwk.RSAPublicKey {
 		return nil
 	}
 
-	pubJwk, err := jwk.FromRaw(privateRSAKey.PublicKey)
+	pubJwk, err := jwk.Import(privateRSAKey.PublicKey)
 	if err != nil {
 		return nil
 	}

@@ -8,7 +8,7 @@ import (
 	"time"
 
 	"github.com/google/go-cmp/cmp"
-	"github.com/lestrrat-go/jwx/v2/jwk"
+	"github.com/lestrrat-go/jwx/v3/jwk"
 )
 
 // This will be used with the github.com/DATA-DOG/go-sqlmock library to compare values
@@ -47,16 +47,16 @@ var JwkKeyOpts = cmp.Options{
 		xJWK := x.(jwk.RSAPublicKey)
 		yJWK := y.(jwk.RSAPublicKey)
 
-		var rawXKey, rawYKey interface{}
-
-		if err := xJWK.Raw(&rawXKey); err != nil {
+		xkid, ok := xJWK.KeyID()
+		if !ok {
 			return false
 		}
 
-		if err := yJWK.Raw(&rawYKey); err != nil {
+		ykid, ok := yJWK.KeyID()
+		if !ok {
 			return false
 		}
 
-		return reflect.DeepEqual(rawXKey, rawYKey) && xJWK.KeyID() == yJWK.KeyID()
+		return reflect.DeepEqual(xJWK, yJWK) && xkid == ykid
 	})),
 }
@@ -8,7 +8,7 @@ import (
 	"errors"
 
 	"github.com/google/uuid"
-	"github.com/lestrrat-go/jwx/v2/jwk"
+	"github.com/lestrrat-go/jwx/v3/jwk"
 )
 
 var (
@@ -61,7 +61,12 @@ func JWKFromAPI(j jwk.RSAPublicKey) *JWK {
 		err error
 	)
 
-	id, err = uuid.Parse(j.KeyID())
+	keyID, ok := j.KeyID()
+	if !ok {
+		return nil
+	}
+
+	id, err = uuid.Parse(keyID)
 	if err != nil {
 		return nil
 	}

@@ -51,7 +51,9 @@ func TestTypes_JWK_ToAPI(t *testing.T) {
 		t.Errorf("unable to marshal JWK: %v", err)
 	}
 
-	uuid, _ := uuid.Parse(want.KeyID())
+	wantKeyID, _ := want.KeyID()
+
+	uuid, _ := uuid.Parse(wantKeyID)
 	h := &JWK{
 		ID:     uuid,
 		Active: sql.NullBool{Bool: true, Valid: true},
@@ -74,7 +76,9 @@ func TestTypes_JWKFromAPI(t *testing.T) {
 		t.Errorf("unable to marshal JWK: %v", err)
 	}
 
-	uuid, err := uuid.Parse(j.KeyID())
+	keyID, _ := j.KeyID()
+
+	uuid, err := uuid.Parse(keyID)
 	if err != nil {
 		t.Errorf("unable to parse JWK key id: %v", err)
 	}

@@ -27,7 +27,7 @@ require (
 	github.com/hashicorp/vault/api v1.16.0
 	github.com/invopop/jsonschema v0.13.0
 	github.com/joho/godotenv v1.5.1
-	github.com/lestrrat-go/jwx/v2 v2.1.4
+	github.com/lestrrat-go/jwx/v3 v3.0.0
 	github.com/lib/pq v1.10.9
 	github.com/microcosm-cc/bluemonday v1.0.27
 	github.com/pkg/errors v0.9.1
@@ -112,8 +112,7 @@ require (
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
-	github.com/lestrrat-go/httprc v1.0.6 // indirect
-	github.com/lestrrat-go/iter v1.0.2 // indirect
+	github.com/lestrrat-go/httprc/v3 v3.0.0-beta1 // indirect
 	github.com/lestrrat-go/option v1.0.1 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect

@@ -207,12 +207,10 @@ github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N
 github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
 github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
 github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
-github.com/lestrrat-go/httprc v1.0.6 h1:qgmgIRhpvBqexMJjA/PmwSvhNk679oqD1RbovdCGW8k=
-github.com/lestrrat-go/httprc v1.0.6/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
-github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
-github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
-github.com/lestrrat-go/jwx/v2 v2.1.4 h1:uBCMmJX8oRZStmKuMMOFb0Yh9xmEMgNJLgjuKKt4/qc=
-github.com/lestrrat-go/jwx/v2 v2.1.4/go.mod h1:nWRbDFR1ALG2Z6GJbBXzfQaYyvn751KuuyySN2yR6is=
+github.com/lestrrat-go/httprc/v3 v3.0.0-beta1 h1:pzDjP9dSONCFQC/AE3mWUnHILGiYPiMKzQIS+weKJXA=
+github.com/lestrrat-go/httprc/v3 v3.0.0-beta1/go.mod h1:wdsgouffPvWPEYh8t7PRH/PidR5sfVqt0na4Nhj60Ms=
+github.com/lestrrat-go/jwx/v3 v3.0.0 h1:IRnFNdZx5dJHjTpPVkYqP6TRahJI2Z9v43UwEDJcj6U=
+github.com/lestrrat-go/jwx/v3 v3.0.0/go.mod h1:ak32WoNtHE0aLowVWBcCvXngcAnW4tuC0YhFwOr/kwc=
 github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
 github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=