mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2025-12-23 06:15:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,812 Commits 21 Branches 49 Tags
main
Commit Graph

1090 Commits

Author SHA1 Message Date
Ryan Richard
54d530784d upgrade to golangci-lint v2.7.2, bring back some nolint directives 2025-12-22 11:03:46 -08:00
Ryan Richard
b04ae898ca update integration test expectations for k8s 1.35 libs 2025-12-19 13:57:12 -08:00
Ryan Richard
5218c20c76 upgrade linter and remove newly unused linter directives 2025-12-05 10:56:33 -08:00
Ryan Richard
cba4e2a2e8 update test expectations for new oidc error message text 2025-12-05 10:30:46 -08:00
Joshua Casey
9aa3f7496a Update CEL errors for k8s 1.35+ 2025-10-20 08:32:49 -05:00
Ryan Richard
a038aeb8f0 adjust test code to allow for using Okta LDAP in integration tests 
- Okta LDAP requires using a different groups search filter.
- It also does not support posix groups, so make that expected
  value optional.
 2025-07-31 15:16:10 -07:00
Ryan Richard
3a02eec765 avoid using t.Context inside t.Cleanup because it is already cancelled 2025-07-30 15:22:20 -07:00
Joshua Casey
1c1b3b7f2e Bump golangci-lint to 2.3.0 and fix issues 2025-07-30 10:25:23 -05:00
Ryan Richard
cf700382fe Merge pull request #2491 from vmware/jwtauthenticator_new_features
Some checks failed
CodeQL / Analyze (go) (push) Failing after 3m35s
Details
CodeQL / Analyze (javascript) (push) Failing after 2m21s
Details 
add new features in JWTAuthenticator CRD
 2025-07-25 13:17:15 -07:00
Ryan Richard
679a40b847 change css selectors which find Okta page elements for new Okta account 2025-07-23 11:02:16 -07:00
Ryan Richard
3c28171525 account for change in err msg starting in Kube 1.34 beta version 2025-07-21 13:50:29 -07:00
Ryan Richard
83696fd023 improve errors and docs for JWTAuthenticator features, with int tests 2025-07-18 12:22:06 -07:00
Ryan Richard
cc4a148c70 add new login integration tests for new JWTAuthenticator features 2025-07-18 12:14:32 -07:00
Ryan Richard
52622d5e4c fix pre-existing integration tests for new JWTAuthenticator features 2025-07-17 10:52:29 -07:00
Ryan Richard
04f0c559db skip some integration tests on EKS 2025-07-10 13:27:26 -07:00
Ryan Richard
d57005c42a do not drop internal IP annotation from CredentialIssuer in test 2025-06-30 14:56:48 -07:00
Ryan Richard
6de6bcd81a test fixes for when Kind cluster VM has no public IP in CI 2025-06-27 13:31:38 -07:00
Ryan Richard
2e3e0eed8e avoid "defer cancelFunc()" for top-level context in integration tests 
"defer cancelFunc()" causes the context to be cancelled already when
the t.Cleanup's are called, which causes strange test results if those
t.Cleanup's try to use that cancelled context to perform operations.
 2025-05-16 10:43:13 -05:00
Ryan Richard
72cea70967 integration test for new config option kubeCertAgent.priorityClassName 2025-05-16 10:43:13 -05:00
Ryan Richard
2e4f719419 fix linter warning caused by k8s 0.33 function deprecation 2025-05-13 12:17:14 -07:00
Joshua Casey
b8e7a64afe Bump libs to k8s.io@v0.32.3, add codegen for k8s 1.32, and drop codegen for k8s 1.25 2025-05-12 16:36:46 -07:00
Ryan Richard
c600cf7949 upgrade linter to latest 2025-05-12 15:19:50 -07:00
Ryan Richard
749633e43c support response_mode=form_post in upstream OIDC IDPs 2025-03-06 15:28:47 -08:00
Ryan Richard
6133276555 make tools deployment proxy server optional 2025-03-06 11:02:24 -08:00
Ryan Richard
dd0dcad8c4 slow down filling out the Okta login screen for Chrome v134 2025-03-05 12:13:45 -08:00
Ryan Richard
4e04f5b606 remove fips_strict insecure ciphers which do not seem to be in Go 1.24 2025-02-19 08:13:55 -08:00
Ryan Richard
8cfc1c08ec allow both TLS v1.2 and v1.3 in fips mode, supported starting in Go 1.24 2025-02-18 10:46:59 -08:00
Ryan Richard
02eb26f135 "pinniped get kubeconfig" discovers CA bundle from CertificateAuthorityDataSource 2025-02-05 10:59:02 -08:00
Joshua Casey
1d873be184 Make sure that CEL errors are checked for the appropriate Kube version 2025-01-27 10:46:55 -06:00
Joshua Casey
5a0d6eddb1 Make sure each FederationDomain has a unique name, and skip CEL tests for old K8s versions 2025-01-27 10:46:55 -06:00
Joshua Casey
31b45525ce Remove deprecated CredentialIssuer.status.kubeConfigInfo 2025-01-27 10:46:55 -06:00
Joshua Casey
430c73b903 FederationDomain.spec.issuer must now be an HTTPS URL 2025-01-27 10:46:55 -06:00
Joshua Casey
cc1befbc57 Allow for multiple error messages 2025-01-27 10:46:55 -06:00
Joshua Casey
68a0ad4112 Extract common prefix from error messages 2025-01-27 10:46:55 -06:00
Ryan Richard
9619a0f226 change remoteAddr to sourceIPs in Supervisor audit log for incoming reqs 2025-01-06 21:21:01 -06:00
Ryan Richard
b625b4a076 introduce build tags to optionally override some TLS settings 2024-12-20 10:28:32 -08:00
Ryan Richard
90c95866d1 upgrade fosite to v0.49.0 and handle its API changes 2024-12-13 10:17:42 -08:00
Ryan Richard
ede9e45211 make audit_test.go ignore pod log lines that aren't JSON 2024-12-03 17:20:25 -06:00
Ryan Richard
df017f9267 attempt to fix a test flake seen sometimes in CI 2024-11-27 13:53:03 -06:00
Ryan Richard
ae5aad178d TokenCredentialRequest uses actual cert expiry time instead of estimate 
and also audit logs both the NotBefore and NotAfter of the issued cert.
Implemented by changing the return type of the cert issuer helpers
to make them also return the NotBefore and NotAfter values of the new
cert, along with the key PEM and cert PEM.
 2024-11-27 13:53:03 -06:00
Joshua Casey
0a28c818ad Small fixes for integration tests 2024-11-27 13:53:02 -06:00
Ryan Richard
1ebe2fcd1a add integration test for personal info showing in login audit logs 2024-11-27 13:53:02 -06:00
Joshua Casey
60bd118a9c pinniped CLI should print the audit-ID in certain error cases 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-11-27 13:53:02 -06:00
Joshua Casey
b69507f7f3 Add generic audit integration test 2024-11-27 13:53:02 -06:00
Ryan Richard
51fc86f950 don't audit log missing username or password, change query param value 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:02 -06:00
Ryan Richard
8fad2c5127 update test expectation to match new validation error text in new Kube 2024-11-06 13:57:15 -08:00
Ryan Richard
feef4bf508 fix test flake by removing memory limit from test pod 
On AKS clusters, the pod's container would exceed its memory limit,
get OOMKilled, get restarted, and cause that test to flake.

Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-06 09:56:36 -08:00
Ryan Richard
fedb9812bd add SAN to default cert in supervisor_discovery_test.go 2024-11-04 17:34:53 -08:00
Ryan Richard
5c252fd083 increase allowed delta in test to allow for slower CI workers 2024-10-14 09:32:06 -07:00
Ryan Richard
eca8914760 fix integration test for WebhookAuthenticator status conditions 2024-10-10 14:41:49 -07:00