pinniped

mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-04 04:04:28 +00:00

Author	SHA1	Message	Date
Ryan Richard	83696fd023	improve errors and docs for JWTAuthenticator features, with int tests	2025-07-18 12:22:06 -07:00
Ryan Richard	64e5e20010	add usernameExpression and groupsExpression to JWTAuthenticator CRD	2025-07-16 14:56:44 -07:00
Ryan Richard	2a83d00373	add claimValidationRules, userValidationRules, and claims.extra to JWTAuthenticator CRD	2025-07-16 14:56:44 -07:00
Ryan Richard	e743beac53	upgrade k8s libs to v0.33.0	2025-05-13 11:56:03 -07:00
Ryan Richard	c600cf7949	upgrade linter to latest	2025-05-12 15:19:50 -07:00
Ryan Richard	ae5aad178d	TokenCredentialRequest uses actual cert expiry time instead of estimate and also audit logs both the NotBefore and NotAfter of the issued cert. Implemented by changing the return type of the cert issuer helpers to make them also return the NotBefore and NotAfter values of the new cert, along with the key PEM and cert PEM.	2024-11-27 13:53:03 -06:00
Joshua Casey	0c131f11f8	plog.TestLogger returns a buffer instead of taking one in	2024-11-07 17:46:01 -06:00
Ryan Richard	106a480dad	JWTAuthenticator must reload when spec.audience or spec.claims changes	2024-11-04 12:49:18 -08:00
Ryan Richard	dc195536d0	also use port number when checking https proxy for WebhookAuthenticator	2024-10-11 14:49:46 -07:00
Ryan Richard	4f661aaa69	pay attention to web proxy settings during connection probes - WebhookAuthenticator will now detect the proxy setting and skip dialing the connection probe if it should go through a proxy - GitHubIdentityProvider will avoid using tls.Dial altogether by instead making a real request to the GitHub API as its connection probe, because this will respect the proxy settings	2024-10-10 10:41:31 -07:00
Joshua Casey	f7fd209f29	Address PR feedback	2024-09-24 14:14:48 -05:00
Joshua Casey	76a116641f	Add ptls.Dialer to provide some common configuration for tls.Dial operations	2024-09-24 14:14:48 -05:00
Joshua Casey	504f0dc26f	Fix some unit tests	2024-08-27 13:26:38 -05:00
Joshua Casey	f798777a3b	Refactor: reorder parameters to MergeConditions	2024-08-08 08:12:41 -05:00
Joshua Casey	afa3aa2232	LDAP and AD IDPs now always report condition with type LDAPConnectionValid, even if the status is unknown Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-08-06 16:08:25 -07:00
Ryan Richard	e0235ed190	update docs and change struct name in types_tls.go.tmpl files Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:21 -07:00
Ryan Richard	02e41baa47	small refactors	2024-08-05 11:32:21 -07:00
Ryan Richard	ed502949dd	webhookcachefiller and jwtcachefiller always update status when needed Even when the authenticator is found in the cache, try to update its status. Failing to do so would mean that the actual status will not be overwritten by the controller's newly computed desired status. Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:20 -07:00
Joshua Casey	d6d66faae3	jwtcachefiller now tests for exact log lines and prints when it chooses to not update the status	2024-08-05 11:32:20 -07:00
Ryan Richard	15c84fcc94	extract helper func in jwtcachefiller and webhookcachefiller	2024-08-05 11:32:20 -07:00
Joshua Casey	1438f06c12	webhookcachefiller adds more detail when it chooses to update or not update status conditions	2024-08-05 11:32:20 -07:00
Joshua Casey	ca5bb2170c	webhookcontroller should use a logger that is built for each webhook authenticator	2024-08-05 11:32:20 -07:00
Joshua Casey	05a2fd97f8	webhookcontroller now only logs the webhook authenticator name instead of an object Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-08-05 11:32:20 -07:00
Joshua Casey	dedd51df91	Test Refactor: webhookauthenticator_test checks exact log line equality Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-08-05 11:32:20 -07:00
Ryan Richard	290676e4d1	improve info/debug log messages for jwtcachefiller & webhookcachefiller Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:20 -07:00
Ryan Richard	9f17ba5ae4	change wording of TLS config loaded success messages	2024-08-05 11:32:20 -07:00
Ryan Richard	dfef9f470f	fix bug in webhookcachefiller caused when status update returns error Also refactor test assertions regarding log statements in jwtcachefiller_test.go and webhookcachefiller_test.go Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:20 -07:00
Ryan Richard	f5da417450	fix bug in jwtcachefiller caused when status update returns error Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:20 -07:00
Joshua Casey	a888083c50	Introduce type alias CABundleHash for the hash of a CA bundle ([32]byte) Co-authored-by: Ryan Richard <richardry@vmware.com> Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:20 -07:00
Joshua Casey	fcceeed9fa	Refactor tlsconfigutil.CABundle 'getters' to not have 'get' in the name Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-08-05 11:32:20 -07:00
Joshua Casey	15d0006841	Pull tlsconfigutil.CABundle into a separate file	2024-08-05 11:32:20 -07:00
Ashish Amarnath	282b949c24	update jwtcachefiller to use new tlsconfigutil.CABundle type Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:20 -07:00
Ashish Amarnath	005dbf3aa8	refactor tlsconfigutil to return a caBundle type Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:20 -07:00
Joshua Casey	9420bfde5b	webhookcachefiller controller loops over all webhookauthenticators	2024-08-05 11:32:20 -07:00
Ryan Richard	06b47a5792	jwtcachefiller controller loops over all jwtauthenticators Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-08-05 11:32:20 -07:00
Ryan Richard	414ff503ef	extract some common condition reason string constants	2024-08-05 11:32:20 -07:00
Ryan Richard	373713f7e0	webhook controller redoes validations when external CA bundle changes	2024-08-05 11:32:19 -07:00
Joshua Casey	2d5943b21a	Move conditions reason Success to conditions_util	2024-08-05 11:32:19 -07:00
Ryan Richard	920b519ebf	error when CA bundle from Secret or ConfigMap is empty Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-08-05 11:32:19 -07:00
Joshua Casey	bf1c02d328	jwtauthenticator controller redoes validations when external CA bundle changes Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-08-05 11:32:19 -07:00
Joshua Casey	6e9023e090	add code review todos and light refactoring Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-08-05 11:32:19 -07:00
Ashish Amarnath	1b7a26d932	test secret and configmap filtering in concierge authenticator controllers Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:19 -07:00
Ashish Amarnath	cb4b63f8b3	integration tests for concierge authenticators Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:19 -07:00
Ashish Amarnath	8eb15a924f	integration tests for supervisor oidc, ldap, activedirectory IDP Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:19 -07:00
Ashish Amarnath	6a610a9d51	add namespace to jwt authenticator controller Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:19 -07:00
Ashish Amarnath	9ab7c39d56	jwt cache filler Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:19 -07:00
Ashish Amarnath	207bac9452	webhook cache filler Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:19 -07:00
Ryan Richard	a2be4b7b5e	clarify some comments based on PR feedback	2024-07-17 09:58:26 -07:00
Ryan Richard	b5a509f27f	fix authenticators bug: stop allowing usage when validation fails	2024-07-16 09:59:19 -07:00
Ryan Richard	0380a9ce33	upgrade github.com/go-jose/go-jose and github.com/coreos/go-oidc Also standardize some related imports and fix some whitespace in a test	2024-06-21 11:16:40 -07:00

1 2 3

128 Commits