pinniped

mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-07 05:57:02 +00:00

Author	SHA1	Message	Date
Ryan Richard	1ebe2fcd1a	add integration test for personal info showing in login audit logs	2024-11-27 13:53:02 -06:00
Joshua Casey	c7e9ee1c61	Backfill unit tests for paramsSafeToLog	2024-11-27 13:53:02 -06:00
Joshua Casey	51c86795af	Backfill unit tests for cmd/pinniped/cmd/audit_id.go	2024-11-27 13:53:02 -06:00
Joshua Casey	8dffd60f0b	Backfill unit tests for audit logging from the CLI	2024-11-27 13:53:02 -06:00
Ryan Richard	6bf9b64778	log response audit-id for tokencredentialrequests made from CLI Only logged when PINNIPED_DEBUG=true is used. Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-11-27 13:53:02 -06:00
Ryan Richard	26ec7fa346	prepare-supervisor-on-kind.sh takes new --api-group-suffix flag Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-11-27 13:53:02 -06:00
Joshua Casey	60bd118a9c	pinniped CLI should print the audit-ID in certain error cases Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-11-27 13:53:02 -06:00
Joshua Casey	b69507f7f3	Add generic audit integration test	2024-11-27 13:53:02 -06:00
Ryan Richard	7d59df0f86	update original audit logging proposal	2024-11-27 13:53:02 -06:00
Ryan Richard	9c0272382f	clean up audit logging documentation	2024-11-27 13:53:02 -06:00
Ryan Richard	2de8d9f0f3	cleanup example audit logs to make them prettier	2024-11-27 13:53:02 -06:00
Ryan Richard	d0905c02dd	use test helper in rest_test.go to reduce some duplication Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-11-27 13:53:02 -06:00
Ryan Richard	51fc86f950	don't audit log missing username or password, change query param value Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-11-27 13:53:02 -06:00
Ryan Richard	76bda12760	update audit-logging.md to resolve todos	2024-11-27 13:53:02 -06:00
Ryan Richard	a84b76e56a	audit log session ID in token handler for every grant type Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-11-27 13:53:02 -06:00
Ryan Richard	c2018717b6	audit log OIDCClientSecretRequests	2024-11-27 13:53:02 -06:00
Joshua Casey	f388513145	resolve TODO by adding docs	2024-11-27 13:53:02 -06:00
Ryan Richard	c16ebe1707	add unit test for audit logging when token refresh updates groups	2024-11-27 13:53:02 -06:00
Ryan Richard	b54365c199	audit log request params on GET and POST login handlers	2024-11-27 13:53:02 -06:00
Ryan Richard	51d1cc7a96	refactor and add unit test for AuditRequestParams()	2024-11-27 13:53:02 -06:00
Ryan Richard	c06141c871	token handler uses common method to audit HTTP request parameters	2024-11-27 13:53:02 -06:00
Ryan Richard	eab3fde3af	introduce common method to audit HTTP request parameters	2024-11-27 13:53:02 -06:00
Joshua Casey	de7781b7f9	Use correct caller when generating audit events	2024-11-27 13:53:02 -06:00
Joshua Casey	611de03e01	Add audit event 'Incorrect Username Or Password' to auth_handler and audit event 'Using Upstream IDP' to callback_handler	2024-11-27 13:53:01 -06:00
Joshua Casey	de722332b1	Add audit logging to post_login_handler	2024-11-27 13:53:01 -06:00
Ryan Richard	438ca437ec	tokencredentialrequest audit logs failed requests	2024-11-27 13:53:01 -06:00
Ryan Richard	e21e1326b7	tokencredentialrequest audit logs successful responses Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-11-27 13:53:01 -06:00
Joshua Casey	37e12b4024	Start backfilling some audit unit tests in post_login_handler	2024-11-27 13:53:01 -06:00
Ryan Richard	e126ee5495	all callers of Audit() identify which keys may contain PII	2024-11-27 13:53:01 -06:00
Ryan Richard	a308f3f22a	audit log: keep key ordering in personalInfo, render nil slices and maps	2024-11-27 13:53:01 -06:00
Ryan Richard	c5f4cce3ae	make Audit() take struct as param for all optional params and redact PII	2024-11-27 13:53:01 -06:00
Ryan Richard	ced8686d11	add config for audit logging, remove Audit() from Logger interface Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-11-27 13:53:01 -06:00
Joshua Casey	76f6b725b8	Fix some rebase conflicts	2024-11-27 13:53:01 -06:00
Joshua Casey	f9e1dd4bec	Backfill unit tests for garbage_collector audit logging	2024-11-27 13:53:01 -06:00
Joshua Casey	f4f393e5de	Audit event 'HTTP Request Completed' will now log the location with err, error, and error_description query parameters Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-11-27 13:53:01 -06:00
Joshua Casey	2db5dda266	Add last audit log unit tests to auth_handler Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-11-27 13:53:01 -06:00
Ryan Richard	8cf9c59957	refactor to move audit event message types to their own pkg	2024-11-27 13:53:01 -06:00
Ryan Richard	088556193d	auth handler audit logs headers and params when http method is wrong also refactor some related code into a helper, and fix linter errors	2024-11-27 13:53:01 -06:00
Joshua Casey	18d3ab3d15	The 'HTTP Request Parameters' audit event now logs params as a JSON object	2024-11-27 13:53:01 -06:00
Joshua Casey	dc6faa33bb	Log params to token_handler endpoint even during error cases	2024-11-27 13:53:01 -06:00
Joshua Casey	0d22ae2c1a	Fix lint and unit test compilation	2024-11-27 13:53:01 -06:00
Joshua Casey	362d982906	Start to backfill some audit unit tests for the token_handler	2024-11-27 13:53:01 -06:00
Ryan Richard	1006dd9379	resolve some todos	2024-11-27 13:53:01 -06:00
Joshua Casey	369316556a	Add configuration to audit internal endpoints and backfill unit tests	2024-11-27 13:53:01 -06:00
Joshua Casey	cf4b29de4b	Clarify docs	2024-11-27 13:53:00 -06:00
Joshua Casey	09ca7920ea	Extract testutil helper function	2024-11-27 13:53:00 -06:00
Joshua Casey	9994e033b2	Add audit event tests for login_handler	2024-11-27 13:53:00 -06:00
Joshua Casey	dd56f2b47f	Add audit event tests for callback_handler	2024-11-27 13:53:00 -06:00
Ryan Richard	4df043a91c	document audit logging	2024-11-27 13:53:00 -06:00
Ryan Richard	d020de4b3d	update fips reference doc	2024-11-27 13:53:00 -06:00

1 2 3 4 5 ...

4490 Commits