mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-08 15:21:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,128 Commits 20 Branches 50 Tags
0e4f7082b0c722d70f73f30c2d4b445b825ab4bd
Commit Graph

1275 Commits

Author SHA1 Message Date
Joshua Casey
bc10d500b7 Merge branch 'main' into host-name-case-insensitve 2024-07-30 09:27:45 -05:00
Ashish Amarnath
7c7f0fdae3 make host name parsing case-insensitive 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>

Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-07-29 14:32:01 -07:00
Ryan Richard
a2be4b7b5e clarify some comments based on PR feedback 2024-07-17 09:58:26 -07:00
Ryan Richard
b5a509f27f fix authenticators bug: stop allowing usage when validation fails 2024-07-16 09:59:19 -07:00
Ryan Richard
e5cfa521da remove unnecessary warning log message 
This message is not needed because the IDP chooser page will take
care of the case where a browser-based authorization flow did not
request any specific IDP. For browserless flows (only allowed for
the `pinniped-cli` client), the client must request a specific IDP
(except in backwards-compatibility mode) because there is no browser
in which to show the IDP chooser page. Failing to request a specific
IDP in a browserless flow will result in a helpful error message
being returned.
 2024-07-10 09:32:23 -07:00
Ryan Richard
0380a9ce33 upgrade github.com/go-jose/go-jose and github.com/coreos/go-oidc 
Also standardize some related imports and fix some whitespace in a test
 2024-06-21 11:16:40 -07:00
Ryan Richard
f7f32f2f98 some mild refactoring of ptls common.go (mostly renames) 2024-06-14 13:27:38 -07:00
Ryan Richard
f0f9efa277 Refactor to make profiles.go and profiles_fips_strict.go more similar 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-06-14 10:42:17 -07:00
Joshua Casey
53031ad8d4 User can now configured allowed ciphers, to restrict the ciphers used by the Default profile 2024-06-14 10:42:17 -07:00
Joshua Casey
ce1ad010e9 Remove Legacy TLS Config, which is not used in the source code 2024-06-14 10:42:17 -07:00
Joshua Casey
011d6ba71b Remove plog.Logr, make plog.TestZapr private, and CLI logs do not need a name 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-06-11 17:27:45 -05:00
Joshua Casey
9296d95084 No need for calling code to use deprecated options 2024-06-11 13:09:59 -05:00
Joshua Casey
c6463831ac Use plog.Logger instead of logr.Logger wherever possible 2024-06-11 12:47:19 -05:00
Joshua Casey
678be9902a Lint new files from the GitHub branch 2024-06-11 10:16:18 -05:00
Joshua Casey
bafd578866 Merge branch 'main' into jtc/add-importas-linter 2024-06-11 09:39:48 -05:00
Ryan Richard
8ea9ba8860 ran go generate to update mocks 2024-06-03 14:48:06 -07:00
Ryan Richard
01723e0d12 Merge branch 'main' into github_identity_provider 2024-06-03 13:21:32 -07:00
Joshua Casey
58b4ecc0aa user sees error msg when GitHub login is denied due to allowed orgs 
Also renamed an interface function from GetName to GetResourceName.

Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-06-03 10:56:28 -07:00
Ryan Richard
6364ac9ac7 change status condition type name to be "ClientCredentialsSecretValid" 
For both GitHubIdentityProvider and OIDCIdentityProvider to make them
consistent with each other.
 2024-05-31 09:59:30 -07:00
Joshua Casey
eee737186f Clean up how lastTransitionTime and observedGeneration are checked in github_upstream_watcher_test 2024-05-30 21:34:29 -05:00
Ryan Richard
bb9cb739c6 more unit tests for github in token_handler_test.go 2024-05-29 08:55:41 -07:00
Joshua Casey
cc8d637715 Fix lint 2024-05-28 20:33:55 -05:00
Joshua Casey
d3fb567fdb Add callback_handler tests for GitHub+IdentityTransformations 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-28 15:59:52 -05:00
Joshua Casey
8b1e5aa320 Add callback_handler tests to confirm GitHub with downstream form_post and GitHub with an error case 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-28 15:17:04 -05:00
Joshua Casey
37e654faa0 bunch of renames 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-28 13:41:52 -05:00
Ryan Richard
f323690049 refactor upstream refresh test helpers to be more specific to IDP type 2024-05-23 13:35:31 -07:00
Joshua Casey
02ffff01d5 fix lint 2024-05-23 12:32:18 -05:00
Joshua Casey
65682aa60d Add sample unit test for GitHub in token_handler_test.go 2024-05-22 23:04:15 -05:00
Ryan Richard
fef494949f implement upstream refresh for github 2024-05-22 21:21:45 -05:00
Ryan Richard
0a15d488c8 Merge callback_handler_github_test.go into callback_handler_test.go 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-05-22 21:21:45 -05:00
Ryan Richard
8f8db3f542 Make github org comparison case-insensitive, but return original case 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-05-22 21:21:45 -05:00
Ryan Richard
8923704f3c Finish initial github login flow 
Also:
- fix github teams query: fix bug and sort/unique the results
- add IDP display name to github downstream subject
- fix error types returned by LoginFromCallback
- add trace logs to github API results
- update e2e test
- implement placeholder version of refresh for github
 2024-05-22 21:21:45 -05:00
Joshua Casey
ba2d122308 fix lint 2024-05-22 21:21:45 -05:00
Joshua Casey
938bea9910 upstreamgitub.go now uses githubclient to determine username and groups 2024-05-22 21:21:45 -05:00
Joshua Casey
8719c7a2db Standardize error messages and url handling within NewGitHubClient 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-22 21:21:45 -05:00
Ryan Richard
16fa12f455 Handle empty or invalid github API responses 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-05-22 21:21:45 -05:00
Joshua Casey
555b1c80e3 Use passed-in context 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-22 21:21:45 -05:00
Joshua Casey
a12a5f387a Empty allowedOrganizations will return all teams 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-22 21:21:45 -05:00
Joshua Casey
c087e33b86 Add client wrapper for github.com/google/go-github/v62 2024-05-22 21:21:45 -05:00
Ryan Richard
49c468f00a Add GetUser() interface and implement LoginFromCallback() for GitHub 
ALso fixed some of the GitHub test helpers
 2024-05-22 21:21:45 -05:00
Joshua Casey
b7f79f0adc Add github-specific tests in callback_handler_github_test.go 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-22 21:21:45 -05:00
Joshua Casey
c6749560b5 Fix plog test assertions that contain the plog library version 2024-05-22 09:35:16 -05:00
Joshua Casey
2f9df8c8e2 Add module generate command and update all generated files 2024-05-21 10:43:52 -05:00
Joshua Casey
0076f1251c Move all mock files into internal/mocks and use mock prefix 2024-05-21 10:38:25 -05:00
Joshua Casey
fe911a7b7a Prefer slices package and slices.Concat where possible 2024-05-21 09:31:16 -05:00
Joshua Casey
bdd79a9984 Enforce more imports 
- go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/fake
- go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/fake
- go.pinniped.dev/generated/latest/client/concierge/informers/externalversions
- go.pinniped.dev/generated/latest/client/supervisor/informers/externalversions
 2024-05-21 09:31:15 -05:00
Joshua Casey
513f43f465 Enforce more imports 
- go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1
- go.pinniped.dev/generated/latest/client/concierge/clientset/versioned
- go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/scheme
- go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned
- go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/scheme
 2024-05-21 09:31:15 -05:00
Joshua Casey
f5116cddb4 Enable 'makezero' and 'prealloc' linters, and require 'any' instead of 'interface{}' 
Enforce importas:

- go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1
- go.pinniped.dev/generated/latest/apis/supervisor/idp/v1alpha1
 2024-05-21 09:31:15 -05:00
Joshua Casey
e9252a9ee3 Enforce more imports 
- k8s.io/apimachinery/pkg/apis/meta/v1
- k8s.io/api/core/v1
- github.com/coreos/go-oidc/v3/oidc
- github.com/ory/fosite/handler/oauth2
- go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1
 2024-05-21 09:31:15 -05:00
Joshua Casey
875b0739aa Enforce aliases for 'k8s.io/apimachinery/pkg/util/errors' and 'k8s.io/apimachinery/pkg/api/errors' 2024-05-21 09:31:15 -05:00