mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-07 05:57:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,741 Commits 23 Branches 50 Tags
4a8cd180f83eb21b91ab08fa3a53cff6efa77155
Commit Graph

3741 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ryan Richard
4a8cd180f8 Use ghcr instead of Harbor as the default for pinniped-server images 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-03-08 15:52:39 -08:00
Joshua Casey
6c7d3e62dd Merge pull request #1885 from vmware-tanzu/pinny/bump-deps 
Bump dependencies
 2024-03-08 17:28:34 -06:00
Pinny
c4b5476088 Bump dependencies 2024-03-08 14:31:58 -08:00
Ryan Richard
61835e9f08 Merge pull request #1887 from vmware-tanzu/cli_callback_cors_get 
CLI's localhost listener handles CORS preflight requests for GETs
 2024-03-08 14:24:01 -08:00
Ryan Richard
d49b011d65 Merge branch 'main' into cli_callback_cors_get 2024-03-08 11:36:32 -08:00
Ryan Richard
f881bbb137 Merge pull request #1884 from vmware-tanzu/jtc/new-whoami-identity-document-extra-fields 
whoami integration test now allows for additional extra fields in K8s 1.30+
 2024-03-08 11:16:23 -08:00
Ryan Richard
f55d56bf4a CLI's localhost listener handles CORS preflight requests for GETs 2024-03-08 10:45:57 -08:00
Joshua Casey
ffc49d96b3 Integration tests should use a valid value for CredentialIssuer spec.impersonationProxy.service.type 2024-03-08 11:19:15 -06:00
Joshua Casey
8a40dda3ab Bump google.golang.org/protobuf to v1.33.0 for CVE-2024-24786 2024-03-08 11:19:15 -06:00
Joshua Casey
ab0682917a whoami integration test now allows for additional extra fields in K8s 1.30+ 2024-03-07 08:09:16 -06:00
Joshua Casey
ed15927d90 Merge pull request #1882 from vmware-tanzu/chrome_debugging 
Add some logging and comments making it easier to debug with chrome
 2024-03-05 16:15:40 -06:00
Ryan Richard
e43cf81c38 Add some logging and comments making it easier to debug with chrome 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-03-05 13:26:08 -08:00
Ryan Richard
eb08a9f91f Merge pull request #1881 from vmware-tanzu/pinny/bump-deps 
Bump dependencies
 2024-03-05 08:18:47 -08:00
Pinny
9423ff5e48 Bump dependencies 2024-03-05 14:01:54 +00:00
Joshua Casey
df580fcb39 Merge pull request #1879 from vmware-tanzu/replace_otelhttptrace 
replace verison of otelhttptrace in go.mod
 2024-03-04 17:33:00 -06:00
Ryan Richard
ca58911cc2 replace verison of otelhttptrace in go.mod 2024-03-04 14:38:42 -08:00
Ryan Richard
6afc48849a Merge pull request #1878 from vmware-tanzu/pinny/bump-deps 
Bump dependencies
 2024-03-01 09:29:44 -08:00
Pinny
5569b114ba Bump dependencies 2024-03-01 14:02:56 +00:00
Ryan Richard
c8bfe780c7 Merge pull request #1877 from vmware-tanzu/codegen-Feb29 
Add generated code for Kube 1.29, update other generated code
 2024-02-29 12:57:11 -08:00
Ryan Richard
b79a2ccf7c Add 1.29 and update patch versions in kube-versions.txt; run codegen 2024-02-29 12:00:02 -08:00
Ryan Richard
27d0c58319 Change codegen scripts to work with Kube 1.29 
- Also add support for having comments in kube-versions.txt.
- Update boilerplate copyright dates for generated code files.
 2024-02-29 11:46:26 -08:00
Ryan Richard
ffadca7f68 Merge pull request #1876 from vmware-tanzu/pinny/bump-deps 
Bump dependencies
 2024-02-28 08:18:08 -08:00
Pinny
62c086a725 Bump dependencies 2024-02-28 14:02:53 +00:00
Ryan Richard
99781443b0 Merge pull request #1851 from vmware-tanzu/ben/status/jwt-authenticator 
Improve JWTAuthenticator Status
 2024-02-27 16:41:54 -08:00
Ryan Richard
f498cb3918 wait for JWTAuthenticator to be phase=ready in supervisor warnings test 2024-02-27 15:45:33 -08:00
Benjamin A. Petersen
e8482ab9e9 Update jwtauthenticator unit tests to check actions 
- Add test to verify timestamps are particularly updated
- Improve diff output in tests for actions
- Make jwtauthenticator status tests parallel
- Update copyright headers in multiple files
 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
868ff9ed2b Update jwk authenticator status integration tests 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
42acf8dcce Add Status & tests for jwks key fetching 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
1c7e7048a8 Update copyright year in modified files 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
73e4d3144b Add integration tests for JWTAuthenticators 
- paired with changes to e2e_test.go, adds Status.Condition assertions
  around JWTAuthenticators
 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
1a633adde6 add WaitForJWTAuthenticatorStatusPhase() integration helper 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
09bd51f481 fix comment in testlib/client.go 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
084c3114f4 Improve jwtcachefiller tests 
- some format updates
- add timestamp to test
- fix order of expect,actual in some assertions
- remove some commented code no longer needed
 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
47639340ec extract status comparison test helpers 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
fd14a5794e ldap upstream watcher: rename local var for clarity 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
a4447fa606 Add .Status to JWTAuthenticator with Conditions,Phase 
- "Ready" condition & supporting conditions
- Legacy "Phase" for convenience
- Refactor newCachedJWTAuthenticator() func
  to improve ability to provide additional conditions
- Update JWTAuthenticator.Status type
- Update RBAC for SA to get/watch/update JWTAuthenticator.Status
- Update logger to plog, add tests for logs & statuses
- update Sync() to reduce enqueue when error is config/user managed, perhaps remove validateJWKSResponse()
 2024-02-27 15:45:32 -08:00
Ryan Richard
f18d7310a8 Merge pull request #1875 from vmware-tanzu/pinny/bump-deps 
Bump dependencies (adds gotoolchain to go.mod) and fix CodeQL and unit test races
 2024-02-27 15:43:32 -08:00
Ryan Richard
28251f8b92 Update some comments in go.mod 2024-02-27 14:54:26 -08:00
Ryan Richard
50b54580de Fix races in login_test.go units tests 2024-02-27 14:54:05 -08:00
Ryan Richard
d88883328a Update codeql workflow actions to latest versions and add setup-go 
See deprecation of v2 message in README.md at
https://github.com/github/codeql-action

Added setup-go because codeql code scanning stopped working and gave
this error message:
The go.mod file requires version v1.21.3 of Go, but version v1.20.14 is installed. Consider adding an actions/setup-go step to your workflow.
 2024-02-27 12:26:32 -08:00
Pinny
ca6687d428 Bump dependencies 2024-02-27 14:03:11 +00:00
Ryan Richard
848d83c496 Merge pull request #1874 from vmware-tanzu/cli_checks_if_stderr_is_tty 
"login oidc" CLI command sometimes skips printing auth URL for non-ttys
 2024-02-26 14:56:24 -08:00
Ryan Richard
5bd73fc10d "login oidc" CLI command sometimes skips printing auth URL for non-ttys 2024-02-23 12:23:07 -08:00
Ryan Richard
40e548ebf0 Merge pull request #1873 from vmware-tanzu/1864_followup 
CLI deciding if token exchange needed should not look at ID token expiry
 2024-02-23 12:17:54 -08:00
Ryan Richard
64b0e69430 Update configure-concierge-jwt.md doc with clarifications 2024-02-23 08:37:43 -08:00
Ryan Richard
daec673b81 Add hack/prepare-jwtauthenticator-on-kind.sh 2024-02-23 08:37:43 -08:00
Ryan Richard
01d6bdb497 CLI deciding if token exchange needed should not look at ID token expiry 
This fixes a small mistake in PR #1864. When the "pinniped login oidc"
CLI command is deciding if the RFC8693 token exchange is needed, it
should not look at the expiry of the ID token. This mistake would cause
the RFC8693 token exchange to happen when the OIDC provider is not
a Pinniped Supervisor, which would fail because most other providers
do not support that type of token exchange.

It does not matter if the current ID token is close to expiring when
deciding if the RFC8693 token exchange is needed, because the token
exchange is going to yield a new ID token anyway. It does matter if the
current ID token is close to expiring if the CLI decides that it is
not going to perform the token exchange, and this commit does not change
that logic.
 2024-02-23 08:37:01 -08:00
Ryan Richard
216fce70aa Merge pull request #1872 from vmware-tanzu/pinny/bump-deps 
Bump dependencies
 2024-02-23 06:51:43 -08:00
Pinny
5939ce8cc6 Bump dependencies 2024-02-23 14:00:47 +00:00
Ryan Richard
9471ed2d09 Merge pull request #1871 from vmware-tanzu/always_search_groups 
Don't skip upstream group memberships when groups scope is not granted
 2024-02-22 08:11:08 -08:00