mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-07 14:05:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,596 Commits 23 Branches 50 Tags
00c2c5cf6ef6acb136e9f2cb80470d697977a22c
Commit Graph

1444 Commits

Author SHA1 Message Date
Ryan Richard
5e6f6a1c50 support alternate controller-manager flags in kubecertagent controller 2024-08-08 15:52:50 -07:00
Joshua Casey
bab8b54ed8 Update godoc 2024-08-08 10:38:12 -05:00
Joshua Casey
4bd5db14b4 Refactor branching logic when using an early return 2024-08-08 08:12:41 -05:00
Joshua Casey
4a9136040c Refactor to make it obvious that newCondition is a copy 2024-08-08 08:12:41 -05:00
Joshua Casey
8b97414f3d Refactor to simplify logic 2024-08-08 08:12:41 -05:00
Joshua Casey
1e8e9ecc98 Refactor to use slices helpers instead of harder-to-read loops 2024-08-08 08:12:41 -05:00
Joshua Casey
2d8ab9ff5d Refactor variable name for clarity 2024-08-08 08:12:41 -05:00
Joshua Casey
17f66331ea Refactor parameter names for clarity 2024-08-08 08:12:41 -05:00
Joshua Casey
6bf30bc6b5 Backfill test for existing exported function HadErrorCondition 2024-08-08 08:12:41 -05:00
Joshua Casey
f798777a3b Refactor: reorder parameters to MergeConditions 2024-08-08 08:12:41 -05:00
Ryan Richard
6b49cd7d28 add Unknown SearchBaseFound status condition for AD only 2024-08-06 16:08:25 -07:00
Joshua Casey
afa3aa2232 LDAP and AD IDPs now always report condition with type LDAPConnectionValid, even if the status is unknown 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-06 16:08:25 -07:00
Joshua Casey
1c59a41cc5 Remove some dead code from LDAP/AD controllers 2024-08-06 16:08:25 -07:00
Joshua Casey
0626b22c70 OIDC Upstream Watcher now reports condition OIDCDiscoverySucceeded with status Unknown if TLS validation fails 2024-08-06 16:08:25 -07:00
Ryan Richard
7483de5e90 upgrade github.com/google/go-github from v62 to v63 2024-08-06 13:45:38 -07:00
Ryan Richard
229b6a262e when dialing github to test connection, dial api.github.com 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-08-06 08:58:30 -07:00
Ashish Amarnath
b70db9dc03 refactor to use new certificateAuthorityDataSourceKind enum 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:21 -07:00
Ryan Richard
e0235ed190 update docs and change struct name in types_tls.go.tmpl files 
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:21 -07:00
Ryan Richard
02e41baa47 small refactors 2024-08-05 11:32:21 -07:00
Ryan Richard
ed502949dd webhookcachefiller and jwtcachefiller always update status when needed 
Even when the authenticator is found in the cache, try to update its
status. Failing to do so would mean that the actual status will not
be overwritten by the controller's newly computed desired status.

Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
d6d66faae3 jwtcachefiller now tests for exact log lines and prints when it chooses to not update the status 2024-08-05 11:32:20 -07:00
Ryan Richard
15c84fcc94 extract helper func in jwtcachefiller and webhookcachefiller 2024-08-05 11:32:20 -07:00
Joshua Casey
1438f06c12 webhookcachefiller adds more detail when it chooses to update or not update status conditions 2024-08-05 11:32:20 -07:00
Joshua Casey
ca5bb2170c webhookcontroller should use a logger that is built for each webhook authenticator 2024-08-05 11:32:20 -07:00
Joshua Casey
05a2fd97f8 webhookcontroller now only logs the webhook authenticator name instead of an object 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
dedd51df91 Test Refactor: webhookauthenticator_test checks exact log line equality 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
290676e4d1 improve info/debug log messages for jwtcachefiller & webhookcachefiller 
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
9f17ba5ae4 change wording of TLS config loaded success messages 2024-08-05 11:32:20 -07:00
Ashish Amarnath
81d42cb3b9 add unit tests for validatedsettings cache storing ca bundle hash 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>

Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
dfef9f470f fix bug in webhookcachefiller caused when status update returns error 
Also refactor test assertions regarding log statements in
jwtcachefiller_test.go and webhookcachefiller_test.go

Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
f5da417450 fix bug in jwtcachefiller caused when status update returns error 
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
a888083c50 Introduce type alias CABundleHash for the hash of a CA bundle ([32]byte) 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
99cfc4fbce Remove tlsconfigutil.CABundle.IsEqual and ensure that tlsconfigutil.NewCABundle handles nil/empty input 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
fcceeed9fa Refactor tlsconfigutil.CABundle 'getters' to not have 'get' in the name 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
4cf0e46c38 tlsconfigutil.CABundle should generate its own certPool 2024-08-05 11:32:20 -07:00
Joshua Casey
34eff2a2f9 Refactor tlsconfigutil.buildCABundle to make it more clear where the bundle is coming from 2024-08-05 11:32:20 -07:00
Joshua Casey
e82cb2c7ba Refactor tlsconfigutil.getCertPool to return a CABundle and change its name to buildCABundle 2024-08-05 11:32:20 -07:00
Joshua Casey
0711093ccd Add tests for tlsconfigutil.CABundle and all callers should use the constructor 2024-08-05 11:32:20 -07:00
Joshua Casey
15d0006841 Pull tlsconfigutil.CABundle into a separate file 2024-08-05 11:32:20 -07:00
Ashish Amarnath
282b949c24 update jwtcachefiller to use new tlsconfigutil.CABundle type 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ashish Amarnath
005dbf3aa8 refactor tlsconfigutil to return a caBundle type 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ashish Amarnath
a1dcba4731 add unit tests for validatedsettings cache storing ca bundle hash 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ashish Amarnath
2a62beeb5f store ca bundle hash in validated settings cache 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
242fa8afb2 When reading CA bundle from a secret/configmap, return more specific err 
When the bundle does not contain any certs, make the error more
specific.

Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
e3ed722252 Minor refactor 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
9420bfde5b webhookcachefiller controller loops over all webhookauthenticators 2024-08-05 11:32:20 -07:00
Ryan Richard
06b47a5792 jwtcachefiller controller loops over all jwtauthenticators 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
414ff503ef extract some common condition reason string constants 2024-08-05 11:32:20 -07:00
Ryan Richard
09724cfa71 Add unit test: when discovery is already cached for OIDCIdentityProvider 2024-08-05 11:32:20 -07:00
Ryan Richard
0f103ed2a4 Add unit tests for external CA bundle in oidc_upstream_watcher_test.go 2024-08-05 11:32:19 -07:00