mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-02-04 03:52:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,824 Commits 29 Branches 51 Tags
5d9b7a3346a9307e4e5dafba2a3c2f94de73cb89
Commit Graph

1485 Commits

Author SHA1 Message Date
Ashish Amarnath
1b7a26d932 test secret and configmap filtering in concierge authenticator controllers 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
cb4b63f8b3 integration tests for concierge authenticators 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
8eb15a924f integration tests for supervisor oidc, ldap, activedirectory IDP 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
6a610a9d51 add namespace to jwt authenticator controller 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
9ab7c39d56 jwt cache filler 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
207bac9452 webhook cache filler 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
199562fd05 get all supervisor unit tests to pass 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
3a969a83b7 update supervisor controllers 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
aab1ee9edc unify TLS Spec between supervisor and concierge 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
080c75efe6 refactor tls spec validation into its own package 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Joshua Casey
bc10d500b7 Merge branch 'main' into host-name-case-insensitve 2024-07-30 09:27:45 -05:00
Ashish Amarnath
7c7f0fdae3 make host name parsing case-insensitive 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>

Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-07-29 14:32:01 -07:00
Ryan Richard
a2be4b7b5e clarify some comments based on PR feedback 2024-07-17 09:58:26 -07:00
Ryan Richard
b5a509f27f fix authenticators bug: stop allowing usage when validation fails 2024-07-16 09:59:19 -07:00
Ryan Richard
e5cfa521da remove unnecessary warning log message 
This message is not needed because the IDP chooser page will take
care of the case where a browser-based authorization flow did not
request any specific IDP. For browserless flows (only allowed for
the `pinniped-cli` client), the client must request a specific IDP
(except in backwards-compatibility mode) because there is no browser
in which to show the IDP chooser page. Failing to request a specific
IDP in a browserless flow will result in a helpful error message
being returned.
 2024-07-10 09:32:23 -07:00
Ryan Richard
0380a9ce33 upgrade github.com/go-jose/go-jose and github.com/coreos/go-oidc 
Also standardize some related imports and fix some whitespace in a test
 2024-06-21 11:16:40 -07:00
Ryan Richard
f7f32f2f98 some mild refactoring of ptls common.go (mostly renames) 2024-06-14 13:27:38 -07:00
Ryan Richard
f0f9efa277 Refactor to make profiles.go and profiles_fips_strict.go more similar 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-06-14 10:42:17 -07:00
Joshua Casey
53031ad8d4 User can now configured allowed ciphers, to restrict the ciphers used by the Default profile 2024-06-14 10:42:17 -07:00
Joshua Casey
ce1ad010e9 Remove Legacy TLS Config, which is not used in the source code 2024-06-14 10:42:17 -07:00
Joshua Casey
011d6ba71b Remove plog.Logr, make plog.TestZapr private, and CLI logs do not need a name 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-06-11 17:27:45 -05:00
Joshua Casey
9296d95084 No need for calling code to use deprecated options 2024-06-11 13:09:59 -05:00
Joshua Casey
c6463831ac Use plog.Logger instead of logr.Logger wherever possible 2024-06-11 12:47:19 -05:00
Joshua Casey
678be9902a Lint new files from the GitHub branch 2024-06-11 10:16:18 -05:00
Joshua Casey
bafd578866 Merge branch 'main' into jtc/add-importas-linter 2024-06-11 09:39:48 -05:00
Ryan Richard
8ea9ba8860 ran go generate to update mocks 2024-06-03 14:48:06 -07:00
Ryan Richard
01723e0d12 Merge branch 'main' into github_identity_provider 2024-06-03 13:21:32 -07:00
Joshua Casey
58b4ecc0aa user sees error msg when GitHub login is denied due to allowed orgs 
Also renamed an interface function from GetName to GetResourceName.

Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-06-03 10:56:28 -07:00
Ryan Richard
6364ac9ac7 change status condition type name to be "ClientCredentialsSecretValid" 
For both GitHubIdentityProvider and OIDCIdentityProvider to make them
consistent with each other.
 2024-05-31 09:59:30 -07:00
Joshua Casey
eee737186f Clean up how lastTransitionTime and observedGeneration are checked in github_upstream_watcher_test 2024-05-30 21:34:29 -05:00
Ryan Richard
bb9cb739c6 more unit tests for github in token_handler_test.go 2024-05-29 08:55:41 -07:00
Joshua Casey
cc8d637715 Fix lint 2024-05-28 20:33:55 -05:00
Joshua Casey
d3fb567fdb Add callback_handler tests for GitHub+IdentityTransformations 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-28 15:59:52 -05:00
Joshua Casey
8b1e5aa320 Add callback_handler tests to confirm GitHub with downstream form_post and GitHub with an error case 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-28 15:17:04 -05:00
Joshua Casey
37e654faa0 bunch of renames 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-28 13:41:52 -05:00
Ryan Richard
f323690049 refactor upstream refresh test helpers to be more specific to IDP type 2024-05-23 13:35:31 -07:00
Joshua Casey
02ffff01d5 fix lint 2024-05-23 12:32:18 -05:00
Joshua Casey
65682aa60d Add sample unit test for GitHub in token_handler_test.go 2024-05-22 23:04:15 -05:00
Ryan Richard
fef494949f implement upstream refresh for github 2024-05-22 21:21:45 -05:00
Ryan Richard
0a15d488c8 Merge callback_handler_github_test.go into callback_handler_test.go 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-05-22 21:21:45 -05:00
Ryan Richard
8f8db3f542 Make github org comparison case-insensitive, but return original case 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-05-22 21:21:45 -05:00
Ryan Richard
8923704f3c Finish initial github login flow 
Also:
- fix github teams query: fix bug and sort/unique the results
- add IDP display name to github downstream subject
- fix error types returned by LoginFromCallback
- add trace logs to github API results
- update e2e test
- implement placeholder version of refresh for github
 2024-05-22 21:21:45 -05:00
Joshua Casey
ba2d122308 fix lint 2024-05-22 21:21:45 -05:00
Joshua Casey
938bea9910 upstreamgitub.go now uses githubclient to determine username and groups 2024-05-22 21:21:45 -05:00
Joshua Casey
8719c7a2db Standardize error messages and url handling within NewGitHubClient 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-22 21:21:45 -05:00
Ryan Richard
16fa12f455 Handle empty or invalid github API responses 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-05-22 21:21:45 -05:00
Joshua Casey
555b1c80e3 Use passed-in context 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-22 21:21:45 -05:00
Joshua Casey
a12a5f387a Empty allowedOrganizations will return all teams 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-22 21:21:45 -05:00
Joshua Casey
c087e33b86 Add client wrapper for github.com/google/go-github/v62 2024-05-22 21:21:45 -05:00
Ryan Richard
49c468f00a Add GetUser() interface and implement LoginFromCallback() for GitHub 
ALso fixed some of the GitHub test helpers
 2024-05-22 21:21:45 -05:00