mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-04 20:24:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,816 Commits 21 Branches 50 Tags
main
Commit Graph

42 Commits

Author SHA1 Message Date
Ryan Richard
a038aeb8f0 adjust test code to allow for using Okta LDAP in integration tests 
- Okta LDAP requires using a different groups search filter.
- It also does not support posix groups, so make that expected
  value optional.
 2025-07-31 15:16:10 -07:00
Ryan Richard
cc4a148c70 add new login integration tests for new JWTAuthenticator features 2025-07-18 12:14:32 -07:00
Ryan Richard
6de6bcd81a test fixes for when Kind cluster VM has no public IP in CI 2025-06-27 13:31:38 -07:00
Joshua Casey
60bd118a9c pinniped CLI should print the audit-ID in certain error cases 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-11-27 13:53:02 -06:00
Ryan Richard
fedb9812bd add SAN to default cert in supervisor_discovery_test.go 2024-11-04 17:34:53 -08:00
Joshua Casey
72fa369fc9 Integration tests should use PINNIPED_TEST_SUPERVISOR_SERVICE_NAME to decide where to port-forward 2024-09-04 20:52:01 -05:00
Joshua Casey
18e2024e3f Environment variables with 'https_address' in them should have 'https://' scheme 2024-08-31 17:46:35 -05:00
Joshua Casey
7d83e209c8 Integration tests should expect that the Supervisor hostname might be an IP address 2024-08-31 08:51:31 -05:00
Joshua Casey
557dee06f0 Allow the integration tests to set an IP address for the Supervisor issuer 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-30 15:48:04 -05:00
Ryan Richard
ca2dd2d476 refactor InferSupervisorIssuerURL() func; remove a TODO 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
0f9352db3b Integration tests should use a helper func to infer Supervisor's downstream issuer URL 2024-08-05 11:32:19 -07:00
Joshua Casey
bafd578866 Merge branch 'main' into jtc/add-importas-linter 2024-06-11 09:39:48 -05:00
Ryan Richard
6327f51f5b repeat same github int tests using OAuth client in supervisor_login_test 2024-05-30 09:58:10 -07:00
Ryan Richard
8923704f3c Finish initial github login flow 
Also:
- fix github teams query: fix bug and sort/unique the results
- add IDP display name to github downstream subject
- fix error types returned by LoginFromCallback
- add trace logs to github API results
- update e2e test
- implement placeholder version of refresh for github
 2024-05-22 21:21:45 -05:00
Joshua Casey
e9252a9ee3 Enforce more imports 
- k8s.io/apimachinery/pkg/apis/meta/v1
- k8s.io/api/core/v1
- github.com/coreos/go-oidc/v3/oidc
- github.com/ory/fosite/handler/oauth2
- go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1
 2024-05-21 09:31:15 -05:00
Ryan Richard
7c85a511a2 first draft of an e2e integration test for GitHub login (skip while WIP) 2024-05-09 15:35:37 -07:00
Ryan Richard
29e939db7f Upgrade the linter to golangci-lint@v1.55.1 
The unused-parameter linter became stricter, so we adjust it to
allow unused params that start with underscore. It can be nice to keep
unused param names when implementing an interface sometimes, to help
readers understand why it is unused in that particular implementation.
 2023-11-02 09:54:16 -07:00
Ryan Richard
5e06c6d5ad add integration test for graceful shutdowns which release leader leases 2023-09-25 09:51:17 -07:00
Ryan Richard
552eceabdb Add integration test for UserAttributeForFilter group search setting 
Also adds new integration test env var to support the new test:
PINNIPED_TEST_LDAP_EXPECTED_DIRECT_POSIX_GROUPS_CN
 2023-05-31 10:29:44 -07:00
Ryan Richard
c6c2c525a6 Upgrade the linter and fix all new linter warnings 
Also fix some tests that were broken by bumping golang and dependencies
in the previous commits.

Note that in addition to changes made to satisfy the linter which do not
impact the behavior of the code, this commit also adds ReadHeaderTimeout
to all usages of http.Server to satisfy the linter (and because it
seemed like a good suggestion).
 2022-08-24 14:45:55 -07:00
Ryan Richard
cf471d6422 Remove unused env.SupervisorHTTPAddress integration test var 2022-03-29 09:13:44 -07:00
Ryan Richard
fffcb7f5b4 Update to github.com/golangci/golangci-lint/cmd/golangci-lint@v1.44.2 
- Two of the linters changed their names
- Updated code and nolint comments to make all linters pass with 1.44.2
- Added a new hack/install-linter.sh script to help developers install
  the expected version of the linter for local development
 2022-03-08 12:28:09 -08:00
Ryan Richard
814399324f Merge branch 'main' into upstream_access_revocation_during_gc 2022-01-14 10:49:22 -08:00
Margo Crawford
da9b4620b3 Active Directory checks whether password has changed recently during 
upstream refresh

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-12-09 16:16:35 -08:00
Ryan Richard
7ec0304472 Add offline_access scope for integration tests when using Dex 2021-10-19 12:25:51 -07:00
Margo Crawford
2d32e0fa7d Merge branch 'main' of github.com:vmware-tanzu/pinniped into active-directory-identity-provider 2021-08-26 16:21:08 -07:00
Margo Crawford
6f221678df Change sAMAccountName env vars to userPrincipalName 
and add E2E ActiveDirectory test
also fixed regexes in supervisor_login_test to be anchored to the
beginning and end
 2021-08-26 16:18:05 -07:00
Monis Khan
74daa1da64 test/integration: run parallel tests concurrently with serial tests 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-08-26 12:59:52 -04:00
Ryan Richard
d20cab10b9 Replace one-off usages of busybox and debian images in integration tests 
Those images that are pulled from Dockerhub will cause pull failures
on some test clusters due to Dockerhub rate limiting.

Because we already have some images that we use for testing, and
because those images are already pre-loaded onto our CI clusters
to make the tests faster, use one of those images and always specify
PullIfNotPresent to avoid pulling the image again during the integration
test.
 2021-08-25 15:12:07 -07:00
Margo Crawford
a20aee5f18 Update test assertions to reflect userPrincipalName as username 2021-08-18 13:18:53 -07:00
Margo Crawford
1c5da35527 Merge remote-tracking branch 'origin' into active-directory-identity-provider 2021-08-18 12:44:12 -07:00
Margo Crawford
26c47d564f Make new combined sAMAccountName@domain attribute the group name 
Also change default username attribute to userPrincipalName
 2021-08-17 16:53:26 -07:00
Monis Khan
cf25c308cd test/integration: ignore restarts associated with test pods 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-08-17 12:57:41 -04:00
Margo Crawford
cc3875f048 PR feedback 2021-07-26 16:03:12 -07:00
Margo Crawford
1050f39789 Integration test deactivated ad account 2021-07-23 13:01:41 -07:00
Margo Crawford
91085e68f9 Refactoring defaulting logic 2021-07-23 13:01:41 -07:00
Ryan Richard
3b4f521596 Changed TestLDAPUpstream.TestUsernameAttributeName back to TestUserMailAttributeName 
Also added TestUserSAMAccountNameValue

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-07-23 13:01:40 -07:00
Ryan Richard
aaa4861373 Custom API Group overlay for AD 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-07-23 13:01:40 -07:00
Margo Crawford
94e90a5d26 groups related env variables for AD 2021-07-23 13:01:40 -07:00
Margo Crawford
3b8edb84a5 WIP on active directory integration test 2021-07-23 13:01:40 -07:00
Ryan Richard
709c10227f Run the LDAP client's integration tests only on Kind 
TestSimultaneousLDAPRequestsOnSingleProvider proved to be unreliable
on AKS due to some kind of kubectl port-forward issue, so only
run the LDAP client's integration tests on Kind. They are testing
the integration between the client code and the OpenLDAP test server,
not testing anything about Kubernetes, so running only on Kind should
give us sufficient test coverage.
 2021-07-08 11:10:53 -07:00
Monis Khan
d78b845575 Fix bad test package name 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-06-22 11:23:19 -04:00