Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Spelling #2919

Merged
merged 16 commits into from
May 2, 2023
4 changes: 2 additions & 2 deletions .github/SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,10 @@ to confirm receipt of the issue.
## Review Process

Once a maintainer has confirmed the relevance of the report, a draft security
advisory will be created on Github. The draft advisory will be used to discuss
advisory will be created on GitHub. The draft advisory will be used to discuss
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

brand

the issue with maintainers, the reporter(s).
If the reporter(s) wishes to participate in this discussion, then provide
reporter Github username(s) to be invited to the discussion. If the reporter(s)
reporter GitHub username(s) to be invited to the discussion. If the reporter(s)
does not wish to participate directly in the discussion, then the reporter(s)
can request to be updated regularly via email.

Expand Down
2 changes: 1 addition & 1 deletion api/api.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion api/api.proto
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ message VersionReq {}
message VersionResp {
// Semantic version of the server.
string server = 1;
// Numeric version of the API. It increases everytime a new call is added to the API.
// Numeric version of the API. It increases every time a new call is added to the API.
// Clients should use this info to determine if the server supports specific features.
int32 api = 2;
}
Expand Down
2 changes: 1 addition & 1 deletion api/v2/api.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion api/v2/api.proto
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ message VersionReq {}
message VersionResp {
// Semantic version of the server.
string server = 1;
// Numeric version of the API. It increases everytime a new call is added to the API.
// Numeric version of the API. It increases every time a new call is added to the API.
// Clients should use this info to determine if the server supports specific features.
int32 api = 2;
}
Expand Down
2 changes: 1 addition & 1 deletion config.yaml.dist
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ web:
# name: 'Example App'
# secret: ZXhhbXBsZS1hcHAtc2VjcmV0

# Connectors are used to authenticate users agains upstream identity providers.
# Connectors are used to authenticate users against upstream identity providers.
#
# See the documentation (https://dexidp.io/docs/connectors/) for further information.
# connectors: []
Expand Down
2 changes: 1 addition & 1 deletion connector/gitlab/gitlab.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Package gitlab provides authentication strategies using Gitlab.
// Package gitlab provides authentication strategies using GitLab.
package gitlab

import (
Expand Down
2 changes: 1 addition & 1 deletion connector/google/google_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ func TestOpen(t *testing.T) {
expectedErr string

// string to set in GOOGLE_APPLICATION_CREDENTIALS. As local development environments can
// already contain ADC, test cases will be built uppon this setting this env variable
// already contain ADC, test cases will be built upon this setting this env variable
adc string
}

Expand Down
2 changes: 1 addition & 1 deletion connector/ldap/ldap.go
Original file line number Diff line number Diff line change
Expand Up @@ -619,7 +619,7 @@ func (c *ldapConnector) groups(ctx context.Context, user ldap.Entry) ([]string,
for _, group := range groups {
name := getAttr(*group, c.GroupSearch.NameAttr)
if name == "" {
// Be obnoxious about missing missing attributes. If the group entry is
// Be obnoxious about missing attributes. If the group entry is
// missing its name attribute, that indicates a misconfiguration.
//
// In the future we can add configuration options to just log these errors.
Expand Down
2 changes: 1 addition & 1 deletion connector/ldap/ldap_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -523,7 +523,7 @@ func getenv(key, defaultVal string) string {

// runTests runs a set of tests against an LDAP schema.
//
// The tests require LDAP to be runnning.
// The tests require LDAP to be running.
// You can use the provided docker-compose file to setup an LDAP server.
func runTests(t *testing.T, connMethod connectionMethod, config *Config, tests []subtest) {
ldapHost := os.Getenv("DEX_LDAP_HOST")
Expand Down
2 changes: 1 addition & 1 deletion connector/oidc/oidc.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ type Config struct {
// Certificates for SSL validation
RootCAs []string `json:"rootCAs"`

// Override the value of email_verifed to true in the returned claims
// Override the value of email_verified to true in the returned claims
InsecureSkipEmailVerified bool `json:"insecureSkipEmailVerified"`

// InsecureEnableGroups enables groups claims. This is disabled by default until https://github.com/dexidp/dex/issues/1065 is resolved
Expand Down
10 changes: 5 additions & 5 deletions docs/enhancements/token-exchange-2023-02-03-#2812.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,18 +40,18 @@ without issuing long lived API tokens.

Examples of downstream issues:

- [argoproj/argo-cd#11632 Argocd SSO login via Azure AD Auth using OIDC not work for cli sso login]
- [argoproj/argo-cd#11632 ArgoCD SSO login via Azure AD Auth using OIDC not work for cli sso login]

Other related Dex issues:

- [#2450 Non-OIDC JWT Connector] is a functionally similar request, but expanded to arbitrary JWTs
- [#1225 GitHub Non-Web application flow support] also asks for an exchange, but for an opaque Github PAT
- [#1225 GitHub Non-Web application flow support] also asks for an exchange, but for an opaque GitHub PAT

More broadly, this fits into recent movements to issue machine identities:

- [GCP Service Identity](https://cloud.google.com/run/docs/securing/service-identity)
- [AWS Execution Role](https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html)
- [Github Actions OIDC](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect)
- [GitHub Actions OIDC](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect)
- [CircleCI OIDC](https://circleci.com/docs/openid-connect-tokens/)
- [Kubernetes Service Accounts](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/)
- [SPIFFE](https://spiffe.io/)
Expand All @@ -64,7 +64,7 @@ and granting access to resources based on trusting federated identities:
[#1484 Token exchange for external tokens]: https://github.com/dexidp/dex/issues/1484
[#1668 Question: non-web based clients?]: https://github.com/dexidp/dex/issues/1668
[#2657 Get OIDC token issued by Dex using a token issued by one of the connectors]: https://github.com/dexidp/dex/issues/2657
[argoproj/argo-cd#11632 Argocd SSO login via Azure AD Auth using OIDC not work for cli sso login]: https://github.com/argoproj/argo-cd/issues/11632
[argoproj/argo-cd#11632 ArgoCD SSO login via Azure AD Auth using OIDC not work for cli sso login]: https://github.com/argoproj/argo-cd/issues/11632
[#2450 Non-OIDC JWT Connector]: https://github.com/dexidp/dex/issues/2450
[#1225 GitHub Non-Web application flow support]: https://github.com/dexidp/dex/issues/1225

Expand Down Expand Up @@ -166,7 +166,7 @@ Additionally, a new `allowedGrantTypes` would allow for disabling exchanges if t
- The password connector could be switch to support this new endpoint, submitting passwords as access tokens,
allowing for multiple password connectors to be configured
- The `audience` field could be made optional if there is a single connector or the id token is inspected for issuer url
- The `actor_token` and `actor_token_type` can be checked / validated if a suitable usecase is determined.
- The `actor_token` and `actor_token_type` can be checked / validated if a suitable use case is determined.
- A policy language like [cel] or [rego] as mentioned on [#1635 Connector Middleware]
would allow for stronger assertions of the provided identity against requested resource access.

Expand Down
2 changes: 1 addition & 1 deletion server/api_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -337,7 +337,7 @@ func TestRefreshToken(t *testing.T) {
}

if resp, _ := client.ListRefresh(ctx, &listReq); len(resp.RefreshTokens) != 0 {
t.Fatalf("Refresh token returned inspite of revoking it.")
t.Fatalf("Refresh token returned in spite of revoking it.")
}
}

Expand Down
2 changes: 1 addition & 1 deletion server/deviceflowhandlers_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -508,7 +508,7 @@ func TestDeviceTokenResponse(t *testing.T) {
expectedResponseCode: http.StatusBadRequest,
},
{
testName: "Test Non-existent Device Code",
testName: "Test Nonexistent Device Code",
testDeviceRequest: baseDeviceRequest,
testDeviceToken: storage.DeviceToken{
DeviceCode: "foo",
Expand Down
2 changes: 1 addition & 1 deletion server/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ type WebConfig struct {
// * themes/(theme) - Static static served at "( issuer URL )/theme".
Dir string

// Alternative way to programatically configure static web assets.
// Alternative way to programmatically configure static web assets.
// If Dir is specified, WebFS is ignored.
// It's expected to contain the same files and directories as mentioned above.
//
Expand Down
2 changes: 1 addition & 1 deletion server/server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -879,7 +879,7 @@ func TestOAuth2CodeFlow(t *testing.T) {

for _, token := range tokens {
if /* token was updated */ token.ObsoleteToken != "" && token.ConnectorData != nil {
t.Fatalf("token connectorDatawith id %q field is not nil: %s", token.ID, token.ConnectorData)
t.Fatalf("token connectorData with id %q field is not nil: %s", token.ID, token.ConnectorData)
}
}
})
Expand Down
2 changes: 1 addition & 1 deletion storage/conformance/conformance.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ func mustLoadJWK(b string) *jose.JSONWebKey {
func mustBeErrNotFound(t *testing.T, kind string, err error) {
switch {
case err == nil:
t.Errorf("deleting non-existent %s should return an error", kind)
t.Errorf("deleting nonexistent %s should return an error", kind)
case err != storage.ErrNotFound:
t.Errorf("deleting %s expected storage.ErrNotFound, got %v", kind, err)
}
Expand Down
2 changes: 1 addition & 1 deletion storage/kubernetes/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ func (cli *client) urlForWithParams(
if name != "" && (len(name) > kubeResourceMaxLen || !kubeResourceNameRegex.MatchString(name)) {
// The actual name can be found in auth request or auth code objects and equals to the state value
return "", fmt.Errorf(
"invalid kubernetes resource name: must match the pattern %s and be no longer than %d charactes",
"invalid kubernetes resource name: must match the pattern %s and be no longer than %d characters",
kubeResourceNameRegex.String(),
kubeResourceMaxLen)
}
Expand Down
2 changes: 1 addition & 1 deletion storage/storage.go
Original file line number Diff line number Diff line change
Expand Up @@ -317,7 +317,7 @@ type RefreshTokenRef struct {

// OfflineSessions objects are sessions pertaining to users with refresh tokens.
type OfflineSessions struct {
// UserID of an end user who has logged in to the server.
// UserID of an end user who has logged into the server.
UserID string

// The ID of the connector used to login the user.
Expand Down