pinniped

mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-06 05:27:23 +00:00

Author	SHA1	Message	Date
Ryan Richard	c600cf7949	upgrade linter to latest	2025-05-12 15:19:50 -07:00
Ryan Richard	749633e43c	support response_mode=form_post in upstream OIDC IDPs	2025-03-06 15:28:47 -08:00
Joshua Casey	5c39374915	Update code for fosite changes	2025-02-03 10:28:42 -06:00
Ryan Richard	7221be5a8a	add doc describing all tokens and credentials	2025-01-08 12:35:34 -08:00
Ryan Richard	9619a0f226	change remoteAddr to sourceIPs in Supervisor audit log for incoming reqs	2025-01-06 21:21:01 -06:00
Ryan Richard	4872be0a84	upgrade golangci-lint to v1.63.4	2025-01-06 13:03:46 -08:00
Ryan Richard	90c95866d1	upgrade fosite to v0.49.0 and handle its API changes	2024-12-13 10:17:42 -08:00
Joshua Casey	87640ca54a	Callback endpoint emits audit log with authorizeID even when code param not found Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-12-09 12:47:54 -06:00
Ryan Richard	ecd23e86ce	callback endpoint renders more useful user-facing error messages Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-11-27 13:53:03 -06:00
Ryan Richard	54b35c30da	rename `tokenIdentifier` to `tokenID` in the audit logs Because `tokenID` is more consistent with the names of the other correlation keys.	2024-11-27 13:53:03 -06:00
Ryan Richard	4423d472da	allow audit correlation between token being issued and being used	2024-11-27 13:53:03 -06:00
Joshua Casey	ce2dcbdbb3	simplify godoc	2024-11-27 13:53:02 -06:00
Joshua Casey	c7e9ee1c61	Backfill unit tests for paramsSafeToLog	2024-11-27 13:53:02 -06:00
Ryan Richard	51fc86f950	don't audit log missing username or password, change query param value Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-11-27 13:53:02 -06:00
Ryan Richard	a84b76e56a	audit log session ID in token handler for every grant type Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-11-27 13:53:02 -06:00
Joshua Casey	f388513145	resolve TODO by adding docs	2024-11-27 13:53:02 -06:00
Ryan Richard	c16ebe1707	add unit test for audit logging when token refresh updates groups	2024-11-27 13:53:02 -06:00
Ryan Richard	b54365c199	audit log request params on GET and POST login handlers	2024-11-27 13:53:02 -06:00
Ryan Richard	51d1cc7a96	refactor and add unit test for AuditRequestParams()	2024-11-27 13:53:02 -06:00
Ryan Richard	c06141c871	token handler uses common method to audit HTTP request parameters	2024-11-27 13:53:02 -06:00
Ryan Richard	eab3fde3af	introduce common method to audit HTTP request parameters	2024-11-27 13:53:02 -06:00
Joshua Casey	611de03e01	Add audit event 'Incorrect Username Or Password' to auth_handler and audit event 'Using Upstream IDP' to callback_handler	2024-11-27 13:53:01 -06:00
Joshua Casey	de722332b1	Add audit logging to post_login_handler	2024-11-27 13:53:01 -06:00
Joshua Casey	37e12b4024	Start backfilling some audit unit tests in post_login_handler	2024-11-27 13:53:01 -06:00
Ryan Richard	e126ee5495	all callers of Audit() identify which keys may contain PII	2024-11-27 13:53:01 -06:00
Ryan Richard	c5f4cce3ae	make Audit() take struct as param for all optional params and redact PII	2024-11-27 13:53:01 -06:00
Ryan Richard	ced8686d11	add config for audit logging, remove Audit() from Logger interface Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-11-27 13:53:01 -06:00
Joshua Casey	76f6b725b8	Fix some rebase conflicts	2024-11-27 13:53:01 -06:00
Joshua Casey	f4f393e5de	Audit event 'HTTP Request Completed' will now log the location with err, error, and error_description query parameters Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-11-27 13:53:01 -06:00
Joshua Casey	2db5dda266	Add last audit log unit tests to auth_handler Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-11-27 13:53:01 -06:00
Ryan Richard	8cf9c59957	refactor to move audit event message types to their own pkg	2024-11-27 13:53:01 -06:00
Ryan Richard	088556193d	auth handler audit logs headers and params when http method is wrong also refactor some related code into a helper, and fix linter errors	2024-11-27 13:53:01 -06:00
Joshua Casey	18d3ab3d15	The 'HTTP Request Parameters' audit event now logs params as a JSON object	2024-11-27 13:53:01 -06:00
Joshua Casey	dc6faa33bb	Log params to token_handler endpoint even during error cases	2024-11-27 13:53:01 -06:00
Joshua Casey	0d22ae2c1a	Fix lint and unit test compilation	2024-11-27 13:53:01 -06:00
Joshua Casey	362d982906	Start to backfill some audit unit tests for the token_handler	2024-11-27 13:53:01 -06:00
Ryan Richard	1006dd9379	resolve some todos	2024-11-27 13:53:01 -06:00
Joshua Casey	369316556a	Add configuration to audit internal endpoints and backfill unit tests	2024-11-27 13:53:01 -06:00
Joshua Casey	cf4b29de4b	Clarify docs	2024-11-27 13:53:00 -06:00
Joshua Casey	09ca7920ea	Extract testutil helper function	2024-11-27 13:53:00 -06:00
Joshua Casey	9994e033b2	Add audit event tests for login_handler	2024-11-27 13:53:00 -06:00
Joshua Casey	dd56f2b47f	Add audit event tests for callback_handler	2024-11-27 13:53:00 -06:00
Joshua Casey	dd42f35db0	plog.TestLogger returns a buffer that holds the logs # Conflicts: # internal/controller/apicerts/certs_expirer_test.go # internal/plog/plog_test.go # internal/plog/testing.go # pkg/oidcclient/login_test.go	2024-11-27 13:53:00 -06:00
Joshua Casey	a67af9455b	Refactor: don't copy the loop variable in test loops	2024-11-27 13:53:00 -06:00
Joshua Casey	d729c82f84	fix lint	2024-11-27 13:53:00 -06:00
Joshua Casey	44e218194b	Add 'AuthorizeID From Parameters' audit logs to the /callback and /login endpoints Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-11-27 13:53:00 -06:00
Joshua Casey	bf1e37f149	Use a helper to verify audit messages	2024-11-27 13:53:00 -06:00
Joshua Casey	aee56c388f	Check the sessionID as well Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-11-27 13:53:00 -06:00
Joshua Casey	fd5a10bee7	WIP: Add audit event when upstream redirect occurs and backfill tests	2024-11-27 13:53:00 -06:00
Ryan Richard	4f9530eec7	audit logging WIP	2024-11-27 13:53:00 -06:00

1 2 3

132 Commits