mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-02-07 05:21:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,091 Commits 34 Branches 51 Tags
82dbb93e2cccddea992eb4b5f5faee4a133aedda
Commit Graph

78 Commits

Author SHA1 Message Date
Ryan Richard
0380a9ce33 upgrade github.com/go-jose/go-jose and github.com/coreos/go-oidc 
Also standardize some related imports and fix some whitespace in a test
 2024-06-21 11:16:40 -07:00
Joshua Casey
678be9902a Lint new files from the GitHub branch 2024-06-11 10:16:18 -05:00
Joshua Casey
bafd578866 Merge branch 'main' into jtc/add-importas-linter 2024-06-11 09:39:48 -05:00
Joshua Casey
58b4ecc0aa user sees error msg when GitHub login is denied due to allowed orgs 
Also renamed an interface function from GetName to GetResourceName.

Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-06-03 10:56:28 -07:00
Ryan Richard
bb9cb739c6 more unit tests for github in token_handler_test.go 2024-05-29 08:55:41 -07:00
Joshua Casey
cc8d637715 Fix lint 2024-05-28 20:33:55 -05:00
Joshua Casey
d3fb567fdb Add callback_handler tests for GitHub+IdentityTransformations 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-28 15:59:52 -05:00
Joshua Casey
8b1e5aa320 Add callback_handler tests to confirm GitHub with downstream form_post and GitHub with an error case 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-28 15:17:04 -05:00
Joshua Casey
37e654faa0 bunch of renames 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-28 13:41:52 -05:00
Ryan Richard
f323690049 refactor upstream refresh test helpers to be more specific to IDP type 2024-05-23 13:35:31 -07:00
Joshua Casey
02ffff01d5 fix lint 2024-05-23 12:32:18 -05:00
Joshua Casey
65682aa60d Add sample unit test for GitHub in token_handler_test.go 2024-05-22 23:04:15 -05:00
Ryan Richard
fef494949f implement upstream refresh for github 2024-05-22 21:21:45 -05:00
Ryan Richard
0a15d488c8 Merge callback_handler_github_test.go into callback_handler_test.go 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-05-22 21:21:45 -05:00
Ryan Richard
8f8db3f542 Make github org comparison case-insensitive, but return original case 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-05-22 21:21:45 -05:00
Ryan Richard
8923704f3c Finish initial github login flow 
Also:
- fix github teams query: fix bug and sort/unique the results
- add IDP display name to github downstream subject
- fix error types returned by LoginFromCallback
- add trace logs to github API results
- update e2e test
- implement placeholder version of refresh for github
 2024-05-22 21:21:45 -05:00
Joshua Casey
ba2d122308 fix lint 2024-05-22 21:21:45 -05:00
Joshua Casey
938bea9910 upstreamgitub.go now uses githubclient to determine username and groups 2024-05-22 21:21:45 -05:00
Ryan Richard
49c468f00a Add GetUser() interface and implement LoginFromCallback() for GitHub 
ALso fixed some of the GitHub test helpers
 2024-05-22 21:21:45 -05:00
Joshua Casey
b7f79f0adc Add github-specific tests in callback_handler_github_test.go 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-22 21:21:45 -05:00
Joshua Casey
fe911a7b7a Prefer slices package and slices.Concat where possible 2024-05-21 09:31:16 -05:00
Joshua Casey
f5116cddb4 Enable 'makezero' and 'prealloc' linters, and require 'any' instead of 'interface{}' 
Enforce importas:

- go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1
- go.pinniped.dev/generated/latest/apis/supervisor/idp/v1alpha1
 2024-05-21 09:31:15 -05:00
Joshua Casey
e9252a9ee3 Enforce more imports 
- k8s.io/apimachinery/pkg/apis/meta/v1
- k8s.io/api/core/v1
- github.com/coreos/go-oidc/v3/oidc
- github.com/ory/fosite/handler/oauth2
- go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1
 2024-05-21 09:31:15 -05:00
Joshua Casey
875b0739aa Enforce aliases for 'k8s.io/apimachinery/pkg/util/errors' and 'k8s.io/apimachinery/pkg/api/errors' 2024-05-21 09:31:15 -05:00
Joshua Casey
e4daa5a924 Merge branch 'main' into jtc/merge-main-at-3fe3cf71-into-github 2024-05-16 16:05:34 -05:00
Joshua Casey
a86d7d27c1 Add pinniped_supported_identity_provider_types to the IDP discovery endpoint 2024-05-16 12:55:45 -05:00
Joshua Casey
791b785dea Merge branch 'main' into jtc/merge-main-at-d7849c79-to-github 2024-05-10 14:22:09 -05:00
Joshua Casey
7b36c8ab54 Enable 'copyloopvar' linter 2024-05-10 12:51:02 -05:00
Joshua Casey
e04e5e0185 Fix revive linter issues for all production code, and exclude revive linter issues for test code 2024-05-10 12:51:02 -05:00
Ryan Richard
0cdbb710d2 add test for github redirect in auth_handler_test.go 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-05-09 15:35:37 -07:00
Ryan Richard
7c85a511a2 first draft of an e2e integration test for GitHub login (skip while WIP) 2024-05-09 15:35:37 -07:00
Ryan Richard
7277d00e1a refactor upstreamgithub.ProviderConfig to hold more config 2024-05-09 15:35:37 -07:00
Benjamin A. Petersen
29eb3dd384 Update GitHub UpstreamAuthorizeRedirectURL to generate URLs 2024-05-09 15:35:37 -07:00
Benjamin A. Petersen
c43193a0c8 Merge branch 'main' into github_identity_provider 2024-05-01 12:15:08 -04:00
Benjamin A. Petersen
8a961bfa21 Add upstreamgithub unit tests 2024-04-25 17:02:08 -04:00
Benjamin A. Petersen
cd86d57763 review cleanup, remove TODOs 2024-04-25 17:02:07 -04:00
Benjamin A. Petersen
42ef46b74e expand TestUpstreamGitHubIdentityProvider 2024-04-25 17:02:07 -04:00
Benjamin A. Petersen
79d0e74056 Fix github_upstream_watcher so GitHub is listed in Supervisor idp discovery doc 2024-04-25 17:02:06 -04:00
Benjamin A. Petersen
e3aa495e0b Update idp discovery handler test 2024-04-25 17:02:06 -04:00
Benjamin A. Petersen
44edba6f75 Add tests for Github in FederationDomain ListerFinder 2024-04-25 17:01:57 -04:00
Benjamin A. Petersen
0c7e95539f Add GitHub to FederationDomain IdP ListerFinder 2024-04-25 16:51:47 -04:00
Ryan Richard
57a07a498f Refactors for custom ID token lifetime based on PR feedback 2024-04-24 15:05:00 -07:00
Ryan Richard
a1efcefdce Unit tests for token endpoint for custom ID token lifetimes 2024-04-24 14:13:41 -07:00
Ryan Richard
af9612e98e Update more unit tests for configurable token lifetimes 2024-04-24 14:13:41 -07:00
Joshua Casey
c8bc192e0b Start working on units tests for configurable token lifetimes 2024-04-24 14:13:40 -07:00
Ryan Richard
def2b35e6e Make ID token lifetimes configurable on OIDCClient resources 2024-04-24 14:13:40 -07:00
Joshua Casey
c9b61ef010 Populate internal GitHub IDP Config from CRD 2024-04-16 14:33:01 -05:00
Benjamin A. Petersen
a11e1527f0 Add github-upstream-observer Controller 2024-04-02 10:53:26 -04:00
Ryan Richard
0d31e955ae Don't skip upstream group memberships when groups scope is not granted 
Background: For dynamic clients, the groups scope is not always allowed
and/or requested by the client, so it will not always be granted by the
Supervisor for an authorization request.

Previously, when the groups scope was not granted, we would skip
searching for upstream groups in some scenarios.

This commit changes the behavior of authorization flows so that even
when the groups scope is not granted we still search for the upstream
group memberships as configured, and we pass the upstream group
memberships into any configured identity transformations. The identity
transformations could potentially reject the user's authentication based
on their upstream group membership.

When the groups scope is not granted, we don't include the groups in
the final Supervisor-issued ID token. This behavior is not changed.
 2024-02-21 13:12:18 -08:00
Ryan Richard
4b4a4ad592 Rename a func and collapse applying id transforms into creating session 2024-02-20 14:47:28 -08:00