mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-03 11:45:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,490 Commits 21 Branches 50 Tags
1ebe2fcd1a95e4dfa80de3105c2d37b5c0a41618
Commit Graph

1049 Commits

Author SHA1 Message Date
Ryan Richard
1ebe2fcd1a add integration test for personal info showing in login audit logs 2024-11-27 13:53:02 -06:00
Joshua Casey
60bd118a9c pinniped CLI should print the audit-ID in certain error cases 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-11-27 13:53:02 -06:00
Joshua Casey
b69507f7f3 Add generic audit integration test 2024-11-27 13:53:02 -06:00
Ryan Richard
51fc86f950 don't audit log missing username or password, change query param value 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:02 -06:00
Ryan Richard
8fad2c5127 update test expectation to match new validation error text in new Kube 2024-11-06 13:57:15 -08:00
Ryan Richard
feef4bf508 fix test flake by removing memory limit from test pod 
On AKS clusters, the pod's container would exceed its memory limit,
get OOMKilled, get restarted, and cause that test to flake.

Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-06 09:56:36 -08:00
Ryan Richard
fedb9812bd add SAN to default cert in supervisor_discovery_test.go 2024-11-04 17:34:53 -08:00
Ryan Richard
5c252fd083 increase allowed delta in test to allow for slower CI workers 2024-10-14 09:32:06 -07:00
Ryan Richard
eca8914760 fix integration test for WebhookAuthenticator status conditions 2024-10-10 14:41:49 -07:00
Ryan Richard
4f661aaa69 pay attention to web proxy settings during connection probes 
- WebhookAuthenticator will now detect the proxy setting and skip
  dialing the connection probe if it should go through a proxy
- GitHubIdentityProvider will avoid using tls.Dial altogether
  by instead making a real request to the GitHub API as its
  connection probe, because this will respect the proxy settings
 2024-10-10 10:41:31 -07:00
Ryan Richard
6fe55a3b48 assume port 443 when not specified in printServerCert() test helper 2024-10-07 13:18:42 -07:00
Joshua Casey
702d5bdc01 Bump golangci-lint to 1.61.0 2024-09-10 15:14:53 -05:00
Joshua Casey
72fa369fc9 Integration tests should use PINNIPED_TEST_SUPERVISOR_SERVICE_NAME to decide where to port-forward 2024-09-04 20:52:01 -05:00
Joshua Casey
08abff1cae Bump golanglint-ci to 1.60.3 2024-09-04 20:52:01 -05:00
Joshua Casey
f476259bbf Bump all dependencies 2024-09-04 20:52:01 -05:00
Joshua Casey
c87f091a44 Upcoming k8s versions have an additional extra field in the CSR response 
- failure due to https://github.com/kubernetes/kubernetes/pull/125634
 2024-09-04 11:23:11 -05:00
Joshua Casey
ca9503e4c0 Be sure to update the DEFAULT cert instead of the per-FederationDomain cert when the supervisor is using an IP address 2024-09-02 07:46:15 -05:00
Joshua Casey
dc72a36cb1 Add some logging to debug TLS validation failures with IP addresses 2024-09-01 08:26:23 -05:00
Joshua Casey
18e2024e3f Environment variables with 'https_address' in them should have 'https://' scheme 2024-08-31 17:46:35 -05:00
Joshua Casey
7d83e209c8 Integration tests should expect that the Supervisor hostname might be an IP address 2024-08-31 08:51:31 -05:00
Joshua Casey
1bbfa4984d Test refactor for clarity 2024-08-30 17:50:29 -05:00
Joshua Casey
557dee06f0 Allow the integration tests to set an IP address for the Supervisor issuer 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-30 15:48:04 -05:00
Joshua Casey
c0bab69cd1 Allow the Dex hostname to be set by integration tests 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-30 12:42:03 -05:00
Ryan Richard
c1328d9619 update expectation in supervisor_ldap_idp_test.go 2024-08-06 16:08:25 -07:00
Joshua Casey
f918edd846 Add integration tests to ensure that LDAP/AD conditions with status Unknown if they cannot be validated 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-06 16:08:25 -07:00
Ryan Richard
229b6a262e when dialing github to test connection, dial api.github.com 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-08-06 08:58:30 -07:00
Ashish Amarnath
6fdfee36fe fix typo in integration test function comments 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 23:33:31 -07:00
Ryan Richard
2af510a3ee Revert "add integration test for TLS config validation in GitHubIdentityProvider" 
This reverts commit 23129da3e2.
 2024-08-05 12:52:41 -07:00
Ryan Richard
fdeca2c026 Revert "add integration test for TLS config validation in OIDCIdentityProvider" 
This reverts commit 59402bca7b.
 2024-08-05 12:52:29 -07:00
Ryan Richard
23fd15f840 Revert "Add integration tests for tls spec validation in JWTAuthenticator and WebhookAuthenticator" 
This reverts commit c3405095b2.
 2024-08-05 12:52:21 -07:00
Ashish Amarnath
b70db9dc03 refactor to use new certificateAuthorityDataSourceKind enum 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:21 -07:00
Ryan Richard
4eb9a09385 test more condition message cases in concierge_tls_spec_test.go and supervisor_tls_spec_test.go 2024-08-05 11:32:21 -07:00
Ryan Richard
db2d7c8c50 assert on condition message in concierge_tls_spec_test.go and supervisor_tls_spec_test.go 2024-08-05 11:32:21 -07:00
Ryan Richard
2ebf9d3d00 minor test refactor 2024-08-05 11:32:21 -07:00
Ashish Amarnath
23129da3e2 add integration test for TLS config validation in GitHubIdentityProvider 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:21 -07:00
Ashish Amarnath
59402bca7b add integration test for TLS config validation in OIDCIdentityProvider 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:21 -07:00
Ashish Amarnath
c3405095b2 Add integration tests for tls spec validation in JWTAuthenticator and WebhookAuthenticator 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:21 -07:00
Ryan Richard
2181418cc5 refactor test helpers in supervisor_login_test.go 
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:21 -07:00
Ryan Richard
e0235ed190 update docs and change struct name in types_tls.go.tmpl files 
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:21 -07:00
Ryan Richard
02e41baa47 small refactors 2024-08-05 11:32:21 -07:00
Ryan Richard
ed502949dd webhookcachefiller and jwtcachefiller always update status when needed 
Even when the authenticator is found in the cache, try to update its
status. Failing to do so would mean that the actual status will not
be overwritten by the controller's newly computed desired status.

Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ashish Amarnath
a0c259ffbc update expectation conditions message when CA bundle is not configured 
fix a typo where we intended to use a configmap instead of a secret

Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>

Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
290676e4d1 improve info/debug log messages for jwtcachefiller & webhookcachefiller 
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
8725ab4caa do not make any assumption about OIDC issuer 404 page body in test 
Instead of using Dex or Okta, use a fake localhost issuer which
does not exist. This will give a consistent connection error
message. Needed because Dex and Okta return different 404 error
pages, so we can't easily make a test assertion that works for both.

Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
3891f90f43 skip external CA bundle tests when CA bundle is empty 
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
9f17ba5ae4 change wording of TLS config loaded success messages 2024-08-05 11:32:20 -07:00
Joshua Casey
9a16dc28b7 Fix another integration test 2024-08-05 11:32:20 -07:00
Joshua Casey
de86809b69 Fix some integration tests 2024-08-05 11:32:20 -07:00
Joshua Casey
9420bfde5b webhookcachefiller controller loops over all webhookauthenticators 2024-08-05 11:32:20 -07:00
Ryan Richard
adb460b644 refactor integration test to use proper test table 2024-08-05 11:32:20 -07:00