Joshua Casey
|
0711093ccd
|
Add tests for tlsconfigutil.CABundle and all callers should use the constructor
|
2024-08-05 11:32:20 -07:00 |
|
Joshua Casey
|
15d0006841
|
Pull tlsconfigutil.CABundle into a separate file
|
2024-08-05 11:32:20 -07:00 |
|
Ashish Amarnath
|
282b949c24
|
update jwtcachefiller to use new tlsconfigutil.CABundle type
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
|
2024-08-05 11:32:20 -07:00 |
|
Ashish Amarnath
|
005dbf3aa8
|
refactor tlsconfigutil to return a caBundle type
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
|
2024-08-05 11:32:20 -07:00 |
|
Ashish Amarnath
|
a1dcba4731
|
add unit tests for validatedsettings cache storing ca bundle hash
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
|
2024-08-05 11:32:20 -07:00 |
|
Ashish Amarnath
|
2a62beeb5f
|
store ca bundle hash in validated settings cache
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
|
2024-08-05 11:32:20 -07:00 |
|
Joshua Casey
|
242fa8afb2
|
When reading CA bundle from a secret/configmap, return more specific err
When the bundle does not contain any certs, make the error more
specific.
Co-authored-by: Ryan Richard <richardry@vmware.com>
|
2024-08-05 11:32:20 -07:00 |
|
Joshua Casey
|
e3ed722252
|
Minor refactor
Co-authored-by: Ryan Richard <richardry@vmware.com>
|
2024-08-05 11:32:20 -07:00 |
|
Joshua Casey
|
9a16dc28b7
|
Fix another integration test
|
2024-08-05 11:32:20 -07:00 |
|
Joshua Casey
|
de86809b69
|
Fix some integration tests
|
2024-08-05 11:32:20 -07:00 |
|
Joshua Casey
|
9420bfde5b
|
webhookcachefiller controller loops over all webhookauthenticators
|
2024-08-05 11:32:20 -07:00 |
|
Ryan Richard
|
adb460b644
|
refactor integration test to use proper test table
|
2024-08-05 11:32:20 -07:00 |
|
Ryan Richard
|
06b47a5792
|
jwtcachefiller controller loops over all jwtauthenticators
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
|
2024-08-05 11:32:20 -07:00 |
|
Ryan Richard
|
ca2dd2d476
|
refactor InferSupervisorIssuerURL() func; remove a TODO
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
|
2024-08-05 11:32:20 -07:00 |
|
Joshua Casey
|
60f82d2a55
|
Fix integration test typo
|
2024-08-05 11:32:20 -07:00 |
|
Ryan Richard
|
414ff503ef
|
extract some common condition reason string constants
|
2024-08-05 11:32:20 -07:00 |
|
Joshua Casey
|
4ec5766ea9
|
Modify Concierge/Superivsor TLS spec integration tests to allow for older K8s versions
|
2024-08-05 11:32:20 -07:00 |
|
Joshua Casey
|
b7c26c43ca
|
Add LDAPIdentityProvider and ActiveDirectoryIdentityProvider to the Supervisor TLS config static validation integration tests
Co-authored-by: Ryan Richard <richardry@vmware.com>
|
2024-08-05 11:32:20 -07:00 |
|
Joshua Casey
|
4b2ed52f44
|
Add GitHubIdentityProvider to the Supervisor TLS config static validation integration tests
Co-authored-by: Ryan Richard <richardry@vmware.com>
|
2024-08-05 11:32:20 -07:00 |
|
Ryan Richard
|
f381c92f0b
|
Use templates to reduce duplication in concierge_tls_spec_test.go
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
|
2024-08-05 11:32:20 -07:00 |
|
Joshua Casey
|
3a303cc8fb
|
Supervisor TLS Spec validation integration tests should use helper method
|
2024-08-05 11:32:20 -07:00 |
|
Ryan Richard
|
09724cfa71
|
Add unit test: when discovery is already cached for OIDCIdentityProvider
|
2024-08-05 11:32:20 -07:00 |
|
Joshua Casey
|
d74c2a6e3f
|
Supervisor TLS spec integration tests should use an OIDC issuer url from the test environment
|
2024-08-05 11:32:19 -07:00 |
|
Joshua Casey
|
0f9352db3b
|
Integration tests should use a helper func to infer Supervisor's downstream issuer URL
|
2024-08-05 11:32:19 -07:00 |
|
Joshua Casey
|
afec420ce6
|
Add JWTAuthenticators to the static validation checks for concierge TLS spec
|
2024-08-05 11:32:19 -07:00 |
|
Joshua Casey
|
d5e3ad9da0
|
Concierge external TLS static integration tests use the real URL of the deployed local-user-authenticator
|
2024-08-05 11:32:19 -07:00 |
|
Ryan Richard
|
0f103ed2a4
|
Add unit tests for external CA bundle in oidc_upstream_watcher_test.go
|
2024-08-05 11:32:19 -07:00 |
|
Joshua Casey
|
d62d6a1f27
|
Refactor github_controller_watcher to simplify the tls Dial
|
2024-08-05 11:32:19 -07:00 |
|
Ryan Richard
|
a4ad5d68a9
|
Fix *_tls_spec_test.go for old versions of Kubernetes
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
|
2024-08-05 11:32:19 -07:00 |
|
Ryan Richard
|
30c0fd479e
|
Fix e2e_test.go
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
|
2024-08-05 11:32:19 -07:00 |
|
Ryan Richard
|
756966c55b
|
add "Status" printer column to JWTAuthenticator and WebhookAuthenticator
|
2024-08-05 11:32:19 -07:00 |
|
Joshua Casey
|
288e092d2e
|
GitHub IDP watcher should not dial an address that has already been validated
|
2024-08-05 11:32:19 -07:00 |
|
Ryan Richard
|
72745cd8fe
|
run codegen to update copyrights
|
2024-08-05 11:32:19 -07:00 |
|
Ryan Richard
|
8060e82745
|
include external CA bundles in the cache key in oidc_upstream_watcher.go
|
2024-08-05 11:32:19 -07:00 |
|
Ryan Richard
|
373713f7e0
|
webhook controller redoes validations when external CA bundle changes
|
2024-08-05 11:32:19 -07:00 |
|
Joshua Casey
|
66401b42d8
|
Add GitHubIDP tests for a CA bundle in a Secret or a ConfigMap
|
2024-08-05 11:32:19 -07:00 |
|
Joshua Casey
|
2d5943b21a
|
Move conditions reason Success to conditions_util
|
2024-08-05 11:32:19 -07:00 |
|
Ryan Richard
|
920b519ebf
|
error when CA bundle from Secret or ConfigMap is empty
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
|
2024-08-05 11:32:19 -07:00 |
|
Joshua Casey
|
bf1c02d328
|
jwtauthenticator controller redoes validations when external CA bundle changes
Co-authored-by: Ryan Richard <richardry@vmware.com>
|
2024-08-05 11:32:19 -07:00 |
|
Joshua Casey
|
6e9023e090
|
add code review todos and light refactoring
Co-authored-by: Ryan Richard <richardry@vmware.com>
|
2024-08-05 11:32:19 -07:00 |
|
Ashish Amarnath
|
1b7a26d932
|
test secret and configmap filtering in concierge authenticator controllers
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
|
2024-08-05 11:32:19 -07:00 |
|
Ashish Amarnath
|
cb4b63f8b3
|
integration tests for concierge authenticators
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
|
2024-08-05 11:32:19 -07:00 |
|
Ashish Amarnath
|
8eb15a924f
|
integration tests for supervisor oidc, ldap, activedirectory IDP
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
|
2024-08-05 11:32:19 -07:00 |
|
Ashish Amarnath
|
6a610a9d51
|
add namespace to jwt authenticator controller
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
|
2024-08-05 11:32:19 -07:00 |
|
Ashish Amarnath
|
821a893f70
|
integration tests for supervisor oidc, ldap, activedirectory IDP
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
|
2024-08-05 11:32:19 -07:00 |
|
Ashish Amarnath
|
afcd80de37
|
more integration tests pass
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
|
2024-08-05 11:32:19 -07:00 |
|
Ashish Amarnath
|
edc327ba33
|
update supervisor RBAC to allow get, list, and watch on configmaps
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
|
2024-08-05 11:32:19 -07:00 |
|
Ashish Amarnath
|
90e8cc86c2
|
integration tests pass
|
2024-08-05 11:32:19 -07:00 |
|
Ashish Amarnath
|
9ab7c39d56
|
jwt cache filler
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
|
2024-08-05 11:32:19 -07:00 |
|
Ashish Amarnath
|
207bac9452
|
webhook cache filler
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
|
2024-08-05 11:32:19 -07:00 |
|