mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-05 13:07:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,331 Commits 21 Branches 50 Tags
72fa369fc92f7b2b5f61aced7e9826909f113ff2
Commit Graph

119 Commits

Author SHA1 Message Date
Joshua Casey
72fa369fc9 Integration tests should use PINNIPED_TEST_SUPERVISOR_SERVICE_NAME to decide where to port-forward 2024-09-04 20:52:01 -05:00
Joshua Casey
ca9503e4c0 Be sure to update the DEFAULT cert instead of the per-FederationDomain cert when the supervisor is using an IP address 2024-09-02 07:46:15 -05:00
Joshua Casey
dc72a36cb1 Add some logging to debug TLS validation failures with IP addresses 2024-09-01 08:26:23 -05:00
Joshua Casey
18e2024e3f Environment variables with 'https_address' in them should have 'https://' scheme 2024-08-31 17:46:35 -05:00
Joshua Casey
7d83e209c8 Integration tests should expect that the Supervisor hostname might be an IP address 2024-08-31 08:51:31 -05:00
Joshua Casey
557dee06f0 Allow the integration tests to set an IP address for the Supervisor issuer 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-30 15:48:04 -05:00
Joshua Casey
f918edd846 Add integration tests to ensure that LDAP/AD conditions with status Unknown if they cannot be validated 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-06 16:08:25 -07:00
Ryan Richard
ca2dd2d476 refactor InferSupervisorIssuerURL() func; remove a TODO 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
0f9352db3b Integration tests should use a helper func to infer Supervisor's downstream issuer URL 2024-08-05 11:32:19 -07:00
Ashish Amarnath
8eb15a924f integration tests for supervisor oidc, ldap, activedirectory IDP 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
821a893f70 integration tests for supervisor oidc, ldap, activedirectory IDP 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ryan Richard
1f8ac0ff23 Also probe aggregated API ports in new ciphers test 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-06-14 13:27:38 -07:00
Joshua Casey
4ab2ed10f5 Add integration test for allowed ciphers 2024-06-14 10:42:17 -07:00
Joshua Casey
678be9902a Lint new files from the GitHub branch 2024-06-11 10:16:18 -05:00
Joshua Casey
bafd578866 Merge branch 'main' into jtc/add-importas-linter 2024-06-11 09:39:48 -05:00
Ryan Richard
07f8c327e4 handle another githug login interstitial page 2024-06-06 14:00:22 -04:00
Ryan Richard
e3d8c71f97 sleep longer before generating any GitHib OTP codes 2024-05-31 12:03:36 -07:00
Ryan Richard
e89daadfcf dump debugging info when a browser-based test fails 2024-05-31 09:09:24 -07:00
Ryan Richard
6327f51f5b repeat same github int tests using OAuth client in supervisor_login_test 2024-05-30 09:58:10 -07:00
Ryan Richard
bb1737daec slow down github integration tests to avoid OTP reuse errors from github 2024-05-22 21:21:45 -05:00
Ryan Richard
e69eb46911 Add github integration tests to supervisor_login_test.go 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-05-22 21:21:45 -05:00
Ryan Richard
8923704f3c Finish initial github login flow 
Also:
- fix github teams query: fix bug and sort/unique the results
- add IDP display name to github downstream subject
- fix error types returned by LoginFromCallback
- add trace logs to github API results
- update e2e test
- implement placeholder version of refresh for github
 2024-05-22 21:21:45 -05:00
Joshua Casey
513f43f465 Enforce more imports 
- go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1
- go.pinniped.dev/generated/latest/client/concierge/clientset/versioned
- go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/scheme
- go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned
- go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/scheme
 2024-05-21 09:31:15 -05:00
Joshua Casey
f5116cddb4 Enable 'makezero' and 'prealloc' linters, and require 'any' instead of 'interface{}' 
Enforce importas:

- go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1
- go.pinniped.dev/generated/latest/apis/supervisor/idp/v1alpha1
 2024-05-21 09:31:15 -05:00
Joshua Casey
e9252a9ee3 Enforce more imports 
- k8s.io/apimachinery/pkg/apis/meta/v1
- k8s.io/api/core/v1
- github.com/coreos/go-oidc/v3/oidc
- github.com/ory/fosite/handler/oauth2
- go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1
 2024-05-21 09:31:15 -05:00
Joshua Casey
875b0739aa Enforce aliases for 'k8s.io/apimachinery/pkg/util/errors' and 'k8s.io/apimachinery/pkg/api/errors' 2024-05-21 09:31:15 -05:00
Joshua Casey
791b785dea Merge branch 'main' into jtc/merge-main-at-d7849c79-to-github 2024-05-10 14:22:09 -05:00
Joshua Casey
e9d0ac5110 Enable 'intrange' linter 2024-05-10 12:51:02 -05:00
Joshua Casey
e04e5e0185 Fix revive linter issues for all production code, and exclude revive linter issues for test code 2024-05-10 12:51:02 -05:00
Ryan Richard
7c85a511a2 first draft of an e2e integration test for GitHub login (skip while WIP) 2024-05-09 15:35:37 -07:00
Benjamin A. Petersen
c43193a0c8 Merge branch 'main' into github_identity_provider 2024-05-01 12:15:08 -04:00
Benjamin A. Petersen
6424f45c19 Add IDP Discovery integration test for GitHub 2024-04-29 14:57:14 -04:00
Joshua Casey
9c2df74e54 Adjust to new K8s 1.30 API 2024-04-26 11:54:53 -07:00
Joshua Casey
fe5d037600 Merge branch 'main' into jtc/merge-main-5fe94c4e-into-github 2024-04-23 12:42:07 -05:00
Joshua Casey
c9b61ef010 Populate internal GitHub IDP Config from CRD 2024-04-16 14:33:01 -05:00
Joshua Casey
8ea339139e ldap.Conn.Start() is now deprecated as of https://github.com/go-ldap/ldap/releases/tag/v3.4.7 2024-04-08 06:49:03 -05:00
Benjamin A. Petersen
097e6d5340 Always pass spec to CreateTestWebhookAuthenticator 2024-03-19 16:48:07 -04:00
Benjamin A. Petersen
5c1fa6d52c Adjust testlib/client.go for lint quirk 2024-03-19 16:48:06 -04:00
Benjamin A. Petersen
337459feb0 Update webhook status integration tests 
- total api fields test 260->261
 2024-03-19 16:48:05 -04:00
Ryan Richard
e43cf81c38 Add some logging and comments making it easier to debug with chrome 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-03-05 13:26:08 -08:00
Benjamin A. Petersen
868ff9ed2b Update jwk authenticator status integration tests 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
73e4d3144b Add integration tests for JWTAuthenticators 
- paired with changes to e2e_test.go, adds Status.Condition assertions
  around JWTAuthenticators
 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
1a633adde6 add WaitForJWTAuthenticatorStatusPhase() integration helper 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
09bd51f481 fix comment in testlib/client.go 2024-02-27 15:45:32 -08:00
Ryan Richard
50e4d6db6c Support the new Go FIPS compiler which was upgraded inside Go 1.21.6 
The release of Go 1.21.6 includes the new boring crypto when compiling
with FIPS enabled. See https://go.dev/doc/devel/release#go1.21.0 and
https://github.com/golang/go/issues/64717.

This new version of boring crypto allows the use of TLS v1.3 for the
first time, so we changed the Pinniped code to use TLS v1.3 where
appropriate when compiled with the FIPS compiler. It also changed the
allowed TLS v1.2 ciphers, so we updated those as well.

After this commit, the project must be compiled by at least Go v1.21.6
when compiling in fips mode. The hack/Dockerfile_fips was already
updated to use that version of Go in a previous commit.

Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2024-01-18 14:23:26 -08:00
Ryan Richard
29e939db7f Upgrade the linter to golangci-lint@v1.55.1 
The unused-parameter linter became stricter, so we adjust it to
allow unused params that start with underscore. It can be nice to keep
unused param names when implementing an interface sometimes, to help
readers understand why it is unused in that particular implementation.
 2023-11-02 09:54:16 -07:00
Ryan Richard
0501159ac0 Show an IDP chooser UI when appropriate from authorize endpoint 2023-10-30 11:05:53 -07:00
Ryan Richard
5e06c6d5ad add integration test for graceful shutdowns which release leader leases 2023-09-25 09:51:17 -07:00
Ryan Richard
cd1e4bacf8 trying to avoid flake on Okta login page in browser 2023-09-19 08:58:22 -07:00
Ryan Richard
a7bd494ec3 update FederationDomain.status.conditions to come from metav1 2023-09-11 13:06:52 -07:00