Merge branch 'master' into pr/gdamjan/398

gdamjan · Aug 2, 2021 · 9d66192 · 9d66192
2 parents 33847ed + dc6261c
commit 9d66192
Show file tree

Hide file tree

Showing 10 changed files with 182 additions and 152 deletions.
diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
 [![GitHub stars](https://img.shields.io/github/stars/vouch/vouch-proxy.svg)](https://github.com/vouch/vouch-proxy)
 [![Go Report Card](https://goreportcard.com/badge/github.com/vouch/vouch-proxy)](https://goreportcard.com/report/github.com/vouch/vouch-proxy)
 [![MIT license](https://img.shields.io/badge/license-MIT-green.svg)](https://github.com/vouch/vouch-proxy/blob/master/LICENSE)
-[![Docker pulls](https://img.shields.io/docker/pulls/voucher/vouch-proxy.svg)](https://hub.docker.com/r/voucher/vouch-proxy/)
+[![Docker Repository on Quay](https://quay.io/repository/vouch/vouch-proxy/status 'Docker Repository on Quay')](https://quay.io/repository/vouch/vouch-proxy)
 [![GitHub version](https://img.shields.io/github/v/tag/vouch/vouch-proxy.svg?sort=semver&color=green)](https://github.com/vouch/vouch-proxy)
 
 An SSO solution for Nginx using the [auth_request](http://nginx.org/en/docs/http/ngx_http_auth_request_module.html) module. Vouch Proxy can protect all of your websites at once.
@@ -245,7 +245,7 @@ docker run -d \
     -p 9090:9090 \
     --name vouch-proxy \
     -v ${PWD}/config:/config \
-    voucher/vouch-proxy
+    quay.io/vouch/vouch-proxy
 ```
 
 or
@@ -259,15 +259,23 @@ docker run -d \
     -e OAUTH_CLIENT_ID=1234 \
     -e OAUTH_CLIENT_SECRET=secretsecret \
     -e OAUTH_CALLBACK_URL=https://vouch.yourdomain.com/auth \
-    voucher/vouch-proxy
+    quay.io/vouch/vouch-proxy
 ```
 
-Automated container builds for each Vouch Proxy release are available from [Docker Hub](https://hub.docker.com/r/voucher/vouch-proxy/). Each release produces..
+Automated container builds for each Vouch Proxy release are available from [quay.io](https://quay.io/repository/vouch/vouch-proxy). Each release produces..
+
+a minimal go binary container built from `Dockerfile`
+
+- `quay.io/vouch/vouch-proxy:latest`
+- `quay.io/vouch/vouch-proxy:vx.y.z` such as `quay.io/vouch/vouch-proxy:v0.28.0`
+
+an `alpine` based container built from `Dockerfile.alpine`
+
+- `quay.io/vouch/vouch-proxy:alpine`
+- `quay.io/vouch/vouch-proxy:alpine-vx.y.z`
+
+Vouch Proxy `arm` images are available on [Docker Hub](https://hub.docker.com/r/voucher/vouch-proxy/)
 
-- `voucher/vouch-proxy:latest`
-- `voucher/vouch-proxy:x.y.z`
-- `voucher/vouch-proxy:alpine`
-- `voucher/vouch-proxy:alpine-x.y.z`
 - `voucher/vouch-proxy:latest-arm`
 
 ## Kubernetes Nginx Ingress
@@ -398,10 +406,10 @@ TLDR:
 - then [open a new issue](https://github.com/vouch/vouch-proxy/issues/new) in this repository
 - or visit our IRC channel [#vouch](irc.libera.chat/#vouch) on libera.chat
 
-A bug report can be generated from a docker environment using the `voucher/vouch-proxy:alpine` image...
+A bug report can be generated from a docker environment using the `quay.io/vouch/vouch-proxy:alpine` image...
 
 ```!bash
-docker run --name vouch_proxy -v $PWD/config:/config -v $PWD/certs:/certs -it --rm --entrypoint /do.sh voucher/vouch-proxy:alpine bug_report yourdomain.com anotherdomain.com someothersecret
+docker run --name vouch_proxy -v $PWD/config:/config -v $PWD/certs:/certs -it --rm --entrypoint /do.sh quay.io/vouch/vouch-proxy:alpine bug_report yourdomain.com anotherdomain.com someothersecret
 ```
 
 ### submitting a Pull Request for a new feature

diff --git a/config/config.yml_example b/config/config.yml_example
@@ -198,6 +198,7 @@ vouch:
 #   callback_urls:           OAUTH_CALLBACK_URLS
 #   scopes:                  OAUTH_SCOPES
 #   code_challenge_method:   OAUTH_CODE_CHALLENGE_METHOD
+#   relying_party_id         OAUTH_RELYING_PARTY_ID
 
 #
 # configure ONLY ONE of the following oauth providers
@@ -260,4 +261,19 @@ oauth:
   auth_url: https://indielogin.com/auth
   callback_url: http://vouch.yourdomain.com:9090/auth
 
+  # adfs
+  provider: adfs
+  client_id:
+  client_secret:
+  auth_url: https://adfs.yourdomain.com/adfs/oauth2/authorize/
+  token_url: https://adfs.yourdomain.com/adfs/oauth2/token/
+  # vouch-proxy use RedirectURL as relying party identifier by default, if you want a custom one:
+  # see https://github.com/vouch/vouch-proxy/issues/189
+  # relying_party_id:  487d8ff7-80a8-4f62-b926-c2852ab06e94
+  scopes:
+    - openid
+    - email
+    - profile
+  callback_url: https://vouch.yourdomain.com/auth
+
 
diff --git a/config/config.yml_example_adfs b/config/config.yml_example_adfs
@@ -18,6 +18,9 @@ oauth:
   client_secret: sauceSecret
   auth_url: https://adfs.yourdomain.com/adfs/oauth2/authorize/
   token_url: https://adfs.yourdomain.com/adfs/oauth2/token/
+  # vouch-proxy use RedirectURL as relying party identifier by default, if you want a custom one:
+  # see https://github.com/vouch/vouch-proxy/issues/189
+  # relying_party_id:  487d8ff7-80a8-4f62-b926-c2852ab06e94
   scopes:
     - openid
     - email

diff --git a/go.mod b/go.mod
@@ -3,37 +3,29 @@ module github.com/vouch/vouch-proxy
 go 1.16
 
 require (
-	cloud.google.com/go v0.80.0 // indirect
+	cloud.google.com/go v0.89.0 // indirect
 	github.com/bmizerany/perks v0.0.0-20141205001514-d9a9656a3a4b // indirect
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/dgryski/go-gk v0.0.0-20200319235926-a69029f61654 // indirect
-	github.com/fsnotify/fsnotify v1.4.9 // indirect
-	github.com/google/go-cmp v0.5.5
+	github.com/golang-jwt/jwt v3.2.2+incompatible
+	github.com/google/go-cmp v0.5.6
 	github.com/gorilla/mux v1.8.0
 	github.com/gorilla/sessions v1.2.1
 	github.com/influxdata/tdigest v0.0.1 // indirect
 	github.com/karupanerura/go-mock-http-response v0.0.0-20171201120521-7c242a447d45
 	github.com/kelseyhightower/envconfig v1.4.0
-	github.com/magiconair/properties v1.8.5 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mitchellh/mapstructure v1.4.1
 	github.com/nirasan/go-oauth-pkce-code-verifier v0.0.0-20170819232839-0fbfe93532da
 	github.com/patrickmn/go-cache v2.1.0+incompatible
-	github.com/pelletier/go-toml v1.8.1 // indirect
-	github.com/spf13/afero v1.6.0 // indirect
-	github.com/spf13/cast v1.3.1 // indirect
-	github.com/spf13/jwalterweatherman v1.1.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/spf13/viper v1.7.1
+	github.com/spf13/cast v1.4.0 // indirect
+	github.com/spf13/viper v1.8.1
 	github.com/streadway/quantile v0.0.0-20150917103942-b0c588724d25 // indirect
-	github.com/stretchr/testify v1.6.1
+	github.com/stretchr/testify v1.7.0
 	github.com/theckman/go-securerandom v0.1.1
 	github.com/tsenart/vegeta v12.7.0+incompatible
-	go.uber.org/multierr v1.6.0 // indirect
-	go.uber.org/zap v1.16.0
-	golang.org/x/net v0.0.0-20210326220855-61e056675ecf
-	golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558
-	golang.org/x/sys v0.0.0-20210326220804-49726bf1d181 // indirect
-	gopkg.in/ini.v1 v1.62.0 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
+	go.uber.org/atomic v1.9.0 // indirect
+	go.uber.org/multierr v1.7.0 // indirect
+	go.uber.org/zap v1.18.1
+	golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985
+	golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914
 )