V3.4 support#7
Merged
Merged
Conversation
Add support for specification version 3.4 across the DCR manifest and schema validation. - Update IsSupportedSpecVersion and NewSpecManifest to include "3.4" and register NewDCR34. - Add NewDCR34 that reuses existing DCR32 scenarios to build the DCR34 manifest. - Register responseValidator34 in the schema validator factory. - Implement responseValidator34 with validation rules for OB client registration responses, including special handling for the TLS client auth subject DN (separating length and structural checks because Go's RE2 lacks lookahead). - Add unit tests, test helpers, and a sample testdata response34.json for v3.4. These changes enable validation and test coverage for the 3.4 spec while reusing existing scenarios where appropriate.
Makefile: allow running with overridden CONFIG and ARGS (use $(or $(CONFIG),configs/config.json)). .gitignore: ignore newmodelbank.json. cmd/cli: switch update-check to GitHub tags endpoint, replace ad-hoc http client with makeWellknownHTTPClient that honors tlsSkipVerify and increases timeout, and add crypto/tls import. These changes let developers run the binary with custom configs/args, use the GitHub repo for update checks, and optionally skip TLS verification for well-known endpoint calls (for testing).
Introduce a disableKeepAlives option passed from the CLI to the HTTP mTLS client. Adds a --disablekeepalives flag and flags field, forwards it into NewDCR32Config, exposes WithDisableKeepAlives on the mTLS builder, and sets MATLSConfig.DisableKeepAlives which is applied to http.Transport.DisableKeepAlives. Default remains false; this option is useful for mTLS servers that require a new TLS handshake per request. Minor import/formatting adjustments included.
Bump project to v1.4.0: update README release header and links, add releases entry, and add a new releases/v1.4.0.md with release notes. Notes include DCR v3.4 support, new CLI flags (tlsskipverify, disablekeepalives), and a docker run example. Also add .DS_Store to .gitignore.
Swap imports of github.com/dgrijalva/jwt-go for github.com/golang-jwt/jwt/v4 across the codebase (cmd, pkg, and tests). Update go.mod to require github.com/golang-jwt/jwt/v4 v4.5.2 and refresh go.sum accordingly. No functional changes aside from migrating to the maintained golang-jwt fork.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds Open Banking DCR specification v3.4 support to the conformance tool, updates JWT dependencies, and introduces new CLI/HTTP client options to handle TLS verification and mTLS keep-alive compatibility.
Changes:
- Add DCR v3.4 manifest wiring and a new v3.4 schema validator (incl. updated TLS Subject DN rules and additional grant type support).
- Migrate from
github.com/dgrijalva/jwt-gotogithub.com/golang-jwt/jwt/v4. - Add CLI/runtime options for
-tlsskipverifyon well-known discovery calls and-disablekeepalivesfor the mTLS HTTP client.
Reviewed changes
Copilot reviewed 35 out of 37 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| releases/v1.4.0.md | Adds v1.4.0 release notes for DCR v3.4 and new CLI flags. |
| releases/releases.md | Adds v1.4.0 entry to the release index. |
| README.md | Updates documentation links and highlights v1.4.0 release. |
| pkg/http/client.go | Adds DisableKeepAlives support to the mTLS transport. |
| pkg/http/builder.go | Threads disableKeepAlives through the mTLS client builder. |
| pkg/compliant/token_signing_method_resolver.go | Switches JWT import to golang-jwt/jwt/v4. |
| pkg/compliant/token_signing_method_resolver_test.go | Updates tests to use golang-jwt/jwt/v4. |
| pkg/compliant/step/client_register_response_test.go | Updates JWT dependency in tests. |
| pkg/compliant/step/claims_test.go | Updates JWT dependency in tests. |
| pkg/compliant/schema/version34.go | Introduces v3.4 response validator (DN length/pattern, grant types, application type updates). |
| pkg/compliant/schema/version34_test.go | Adds tests covering v3.4 schema rules and edge cases. |
| pkg/compliant/schema/testdata/response34.json | Adds v3.4 sample response payload for validator tests. |
| pkg/compliant/schema/response.go | Wires NewValidator to support spec version 3.4. |
| pkg/compliant/schema/helpers_test.go | Adds shared helpers for v3.4 schema tests. |
| pkg/compliant/dcr34.go | Adds a DCR34 manifest that reuses the DCR32 scenario set. |
| pkg/compliant/dcr32.go | Updates JWT dependency import. |
| pkg/compliant/dcr32_config.go | Adds disableKeepAlives parameter and passes it into the HTTP client builder; updates JWT import. |
| pkg/compliant/dcr.go | Extends supported spec versions and manifest selection to include 3.4. |
| pkg/compliant/client/private_key_jwt.go | Updates JWT dependency import. |
| pkg/compliant/client/private_key_jwt_test.go | Updates JWT dependency import in tests. |
| pkg/compliant/client/client_secret_jwt.go | Updates JWT dependency import. |
| pkg/compliant/auth/signer.go | Updates JWT dependency import. |
| pkg/compliant/auth/signer_test.go | Updates JWT dependency import in tests. |
| pkg/compliant/auth/private_key_jwt.go | Updates JWT dependency import. |
| pkg/compliant/auth/private_key_jwt_test.go | Updates JWT dependency import in tests. |
| pkg/compliant/auth/client_secret_jwt_test.go | Updates JWT dependency import in tests. |
| pkg/compliant/auth/client_secret_basic_test.go | Updates JWT dependency import in tests. |
| pkg/compliant/auth/authoriser.go | Updates JWT dependency import. |
| pkg/compliant/auth/authoriser_test.go | Updates JWT dependency import in tests. |
| pkg/compliant/auth/authoriser_builder.go | Updates JWT dependency import. |
| pkg/compliant/auth/authoriser_builder_test.go | Updates JWT dependency import in tests. |
| pkg/certs/load.go | Updates JWT dependency import. |
| Makefile | Enhances make run to allow overriding config path and passing extra args. |
| go.sum | Removes jwt-go entries and adds golang-jwt/jwt/v4 checksums. |
| go.mod | Replaces jwt-go with golang-jwt/jwt/v4. |
| cmd/cli/main.go | Switches update-check tag endpoint to GitHub, adds well-known HTTP client honoring -tlsskipverify, and adds -disablekeepalives flag. |
| .gitignore | Adds additional ignored local files. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Adjustments to compliant package tests: TestNewDCR32Config call now includes an additional boolean argument. Expected error message assertions were normalized to use "\x7f" escapes instead of "\u007f". Minor import ordering/cleanup in dcr32_config_test.go.
Remove the tlsSkipVerify parameter and the corresponding WithTlsSkipVerify builder call from the DCR32 configuration. Update call sites and tests to use the new NewDCR32Config signature without the tlsSkipVerify argument (cmd/cli/main.go, pkg/compliant/dcr32_config.go, pkg/compliant/dcr32_config_test.go). This removes the option to skip TLS verification from the HTTP client construction.
Update .github/workflows/go.yml to use the golang:1.24-alpine container for go-test, code-coverage, and e2e jobs (replacing golang:1.17-alpine3.15). Also replace actions/checkout@v2 with a pinned commit (11bd71901bbe5b1630ceea73d27597364c9af683, v4.2.2) for more reproducible workflow runs.
Modernize linting config and tooling, and bump dependencies. - Revise .golangci.yml: switch to explicit enabled linters, enable modules-download-mode readonly, simplify settings (replace golint with revive, adjust govet/errcheck/gofmt/misspell settings). - Makefile: use `go install` for goimports and update golangci-lint install to v2.12.2 via upstream install script. - go.mod: bump several dependencies (github.com/google/uuid, github.com/hashicorp/go-version, github.com/pkg/errors, github.com/stretchr/testify) and add gopkg.in/yaml.v3. - Tests: adjust expected error string casing in pkg/version/check_test.go to match updated error text. These changes modernize tooling, tighten linting configuration, and update libraries to newer releases.
Replace deprecated ioutil usages with io.ReadAll / os.ReadFile across packages and tests, and add explicit nolint on some deferred Close calls. Update .golangci.yml to v2 format with refined settings, exclusions and formatters. Update Makefile to reference GOPATH/bin tools (golangci-lint, goimports) and use the GOLANGCI_LINT variable for lint targets. Miscellaneous small fixes: add ReadHeaderTimeout to embedded server, preallocate result slices, introduce response-type constants, minor formatting/clarity tweaks in tests and step messages.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.