mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-03 11:45:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,798 Commits 21 Branches 50 Tags
1a5a1eefe4b9f0ff3e185a5e5fbe7523b9355c4f
Commit Graph

335 Commits

Author SHA1 Message Date
Ryan Richard
1623b2c46e ran codegen after update of kube-versions.txt 2025-08-28 12:34:05 -07:00
Ryan Richard
4fe8167f60 account for move of repo from vmware-tanzu to vmware on GitHub 2025-08-02 15:08:15 -07:00
Ryan Richard
83696fd023 improve errors and docs for JWTAuthenticator features, with int tests 2025-07-18 12:22:06 -07:00
Ryan Richard
64e5e20010 add usernameExpression and groupsExpression to JWTAuthenticator CRD 2025-07-16 14:56:44 -07:00
Ryan Richard
2a83d00373 add claimValidationRules, userValidationRules, and claims.extra to JWTAuthenticator CRD 2025-07-16 14:56:44 -07:00
Joshua Casey
1254f730f2 Revert the Concierge configmap data to inline rendering 2025-05-16 10:43:14 -05:00
Joshua Casey
69281a4620 Fix concierge config deployment manifest 2025-05-16 10:43:14 -05:00
Ryan Richard
1428444c24 refactor how Concierge ConfigMap gets templated 
Make it similar to how the Supervisor templates
work. This creates a more human-readable ConfigMap
on the cluster.
 2025-05-16 10:43:13 -05:00
Ryan Richard
b50da60c84 run codegen post-bump controller-gen to v0.18.0 2025-05-12 15:52:11 -07:00
Ryan Richard
a010794873 generated code changes from running update.sh 2025-03-18 15:32:37 -07:00
Ryan Richard
d90b3c23ef introduce new configuration option to disable admission plugin types 2025-03-17 14:49:17 -07:00
Joshua Casey
31b45525ce Remove deprecated CredentialIssuer.status.kubeConfigInfo 2025-01-27 10:46:55 -06:00
Joshua Casey
430c73b903 FederationDomain.spec.issuer must now be an HTTPS URL 2025-01-27 10:46:55 -06:00
Ryan Richard
f040f098dc rerun codegen after bumping controller-gen and crd-ref-docs 2025-01-14 11:04:42 -08:00
Ryan Richard
ced8686d11 add config for audit logging, remove Audit() from Logger interface 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:01 -06:00
Ryan Richard
a7edbd19ad run codegen again after updating version of controller-gen in CI 2024-11-04 15:36:24 -08:00
Ryan Richard
eb5ed1490c run codegen again after bumping controller-gen to v0.16.4 2024-10-15 14:22:09 -07:00
Ryan Richard
bee87395b1 ran update.sh 2024-08-19 15:23:51 -07:00
Ryan Richard
99b59a90b6 run codegen for gihub doc change from previous commit 2024-08-06 08:58:30 -07:00
Ryan Richard
06b7d302a2 fix typo in tmpl and run codegen 2024-08-05 11:32:21 -07:00
Ryan Richard
d4ac69d88e run codegen for changes in previous commit 2024-08-05 11:32:21 -07:00
Ryan Richard
67de14a3b8 ran codegen on previous commit's changes 2024-08-05 11:32:21 -07:00
Ryan Richard
e0235ed190 update docs and change struct name in types_tls.go.tmpl files 
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:21 -07:00
Ashish Amarnath
43964ff7a2 update generated api docs 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
756966c55b add "Status" printer column to JWTAuthenticator and WebhookAuthenticator 2024-08-05 11:32:19 -07:00
Ashish Amarnath
edc327ba33 update supervisor RBAC to allow get, list, and watch on configmaps 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
19c3f2cb04 run hack/update.sh 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ryan Richard
f0f9efa277 Refactor to make profiles.go and profiles_fips_strict.go more similar 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-06-14 10:42:17 -07:00
Joshua Casey
53031ad8d4 User can now configured allowed ciphers, to restrict the ciphers used by the Default profile 2024-06-14 10:42:17 -07:00
Ryan Richard
6b64a8a9c6 ran update.sh to update generated code 2024-06-03 16:48:57 -07:00
Ryan Richard
dd3c1ac3cf Merge branch 'main' into github_identity_provider 2024-06-03 16:40:36 -07:00
Ryan Richard
1d8decfdad ran update.sh to update generated code 2024-06-03 14:30:53 -07:00
Ryan Richard
afb032f8f9 Merge branch 'main' into github_identity_provider 2024-05-07 13:08:50 -07:00
Ryan Richard
ad7df9f7d1 don't remove user's ability to configure http port to listen on loopback 2024-05-01 12:36:39 -07:00
Joshua Casey
5ec1ee086d Remove deprecated deploy options 2024-05-01 12:36:39 -07:00
Benjamin A. Petersen
c43193a0c8 Merge branch 'main' into github_identity_provider 2024-05-01 12:15:08 -04:00
Ryan Richard
9838a7cb6d avoid the ValidatingAdmissionPolicy admission plugin when it can't work 2024-04-29 13:22:14 -07:00
Joshua Casey
51b1dbd2af WIP for deployment templates 2024-04-26 11:54:53 -07:00
Ryan Richard
def2b35e6e Make ID token lifetimes configurable on OIDCClient resources 2024-04-24 14:13:40 -07:00
Joshua Casey
14b1b7c862 Polish up the github_upstream_watcher: default and verify spec.claims correctly 2024-04-24 13:37:40 -05:00
Joshua Casey
c9b61ef010 Populate internal GitHub IDP Config from CRD 2024-04-16 14:33:01 -05:00
Joshua Casey
42dd8d1d9d First draft of a GitHubIdentityProvider CRD 2024-04-01 15:10:46 -05:00
Benjamin A. Petersen
590e2d18f7 Add WebhookAuthenticator integration tests, expand unit tests 
- Add WebhookAuthenticator unit tests, update generated code
- Add validateTLSNegotiation(), update tests
- Update validateTLSNegotiation, add unit tests, factor out helpers
- Update generated code
 2024-03-19 16:48:05 -04:00
Ryan Richard
4a8cd180f8 Use ghcr instead of Harbor as the default for pinniped-server images 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-03-08 15:52:39 -08:00
Benjamin A. Petersen
a4447fa606 Add .Status to JWTAuthenticator with Conditions,Phase 
- "Ready" condition & supporting conditions
- Legacy "Phase" for convenience
- Refactor newCachedJWTAuthenticator() func
  to improve ability to provide additional conditions
- Update JWTAuthenticator.Status type
- Update RBAC for SA to get/watch/update JWTAuthenticator.Status
- Update logger to plog, add tests for logs & statuses
- update Sync() to reduce enqueue when error is config/user managed, perhaps remove validateJWKSResponse()
 2024-02-27 15:45:32 -08:00
Ryan Richard
bf3b4bfca7 Rerun codegen after upgrading CI controller-gen from v0.13.0 to v0.14.0 2024-02-08 13:27:02 -08:00
Joshua Casey
2603bbfcd6 Do not use long-lived service account tokens in secrets 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2023-11-30 09:57:57 -08:00
Ryan Richard
88a97033fb Refined ytt schemas 
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-11-08 13:37:31 -08:00
Benjamin A. Petersen
c4f9869e7c Relax image_pull_dockerconfigjson validation, improve endpoints 
validation
 2023-11-08 13:10:20 -08:00
Benjamin A. Petersen
c455a17abe Adjust validation for run_as_user,run_as_group 2023-11-08 13:10:20 -08:00