mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-10 16:01:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,113 Commits 21 Branches 50 Tags
a2be4b7b5e5f02e7e953947ab6d5576ad8463a34
Commit Graph

81 Commits

Author SHA1 Message Date
Ryan Richard
a2be4b7b5e clarify some comments based on PR feedback 2024-07-17 09:58:26 -07:00
Ryan Richard
b5a509f27f fix authenticators bug: stop allowing usage when validation fails 2024-07-16 09:59:19 -07:00
Ryan Richard
0380a9ce33 upgrade github.com/go-jose/go-jose and github.com/coreos/go-oidc 
Also standardize some related imports and fix some whitespace in a test
 2024-06-21 11:16:40 -07:00
Joshua Casey
c6463831ac Use plog.Logger instead of logr.Logger wherever possible 2024-06-11 12:47:19 -05:00
Joshua Casey
bafd578866 Merge branch 'main' into jtc/add-importas-linter 2024-06-11 09:39:48 -05:00
Joshua Casey
bdd79a9984 Enforce more imports 
- go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/fake
- go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/fake
- go.pinniped.dev/generated/latest/client/concierge/informers/externalversions
- go.pinniped.dev/generated/latest/client/supervisor/informers/externalversions
 2024-05-21 09:31:15 -05:00
Joshua Casey
f5116cddb4 Enable 'makezero' and 'prealloc' linters, and require 'any' instead of 'interface{}' 
Enforce importas:

- go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1
- go.pinniped.dev/generated/latest/apis/supervisor/idp/v1alpha1
 2024-05-21 09:31:15 -05:00
Joshua Casey
e9252a9ee3 Enforce more imports 
- k8s.io/apimachinery/pkg/apis/meta/v1
- k8s.io/api/core/v1
- github.com/coreos/go-oidc/v3/oidc
- github.com/ory/fosite/handler/oauth2
- go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1
 2024-05-21 09:31:15 -05:00
Joshua Casey
875b0739aa Enforce aliases for 'k8s.io/apimachinery/pkg/util/errors' and 'k8s.io/apimachinery/pkg/api/errors' 2024-05-21 09:31:15 -05:00
Joshua Casey
791b785dea Merge branch 'main' into jtc/merge-main-at-d7849c79-to-github 2024-05-10 14:22:09 -05:00
Joshua Casey
81f3acfa38 Update some build tags since go1.22+ is now required 2024-05-10 12:51:03 -05:00
Joshua Casey
e9d0ac5110 Enable 'intrange' linter 2024-05-10 12:51:02 -05:00
Joshua Casey
7b36c8ab54 Enable 'copyloopvar' linter 2024-05-10 12:51:02 -05:00
Benjamin A. Petersen
c43193a0c8 Merge branch 'main' into github_identity_provider 2024-05-01 12:15:08 -04:00
Joshua Casey
9c2df74e54 Adjust to new K8s 1.30 API 2024-04-26 11:54:53 -07:00
Joshua Casey
fe5d037600 Merge branch 'main' into jtc/merge-main-5fe94c4e-into-github 2024-04-23 12:42:07 -05:00
Ryan Richard
0ef98f0558 Use new helpers to assert that all webhook dials use ptls settings 2024-04-19 11:15:59 -07:00
Joshua Casey
94bee9e882 Remove testutil.TLSTestServerWithCert in favor of the testutil/tlsserver package 2024-04-19 10:30:23 -05:00
Joshua Casey
da135d9958 Webhookcachefiller now uses a real tls.Dial, which means we can test IPv6 2024-04-19 09:24:17 -05:00
Ryan Richard
e048859afd Use ptls package when calling webhook during authentication 2024-04-18 16:00:57 -07:00
Ryan Richard
8c081c50d4 Use ptls package to determine TLS config when probing webhook for status 2024-04-18 12:55:49 -07:00
Joshua Casey
c9b61ef010 Populate internal GitHub IDP Config from CRD 2024-04-16 14:33:01 -05:00
Benjamin A. Petersen
c6b0820438 Fix some utils, spacing, func naming, test inputs, etc. 2024-03-26 16:22:51 -04:00
Benjamin A. Petersen
f86c46e160 Update WebhookAuthenticator Status WebhookConnectionValid 
- ConnectionProbeValid -> WebhookConnectionValid
  - This is to conform with the pattern of other controllers, ex:
    LDAPConnectionValid
 2024-03-26 15:33:44 -04:00
Benjamin A. Petersen
e38a27d93d Add endpointaddr.ParseFromURL helper, WebhookAuthenticator handle additional IPv6 cases 2024-03-22 15:57:57 -04:00
Benjamin A. Petersen
b0904c2e99 change TestNewWebhookAuthenticator to test table style 2024-03-20 11:39:55 -04:00
Benjamin A. Petersen
bec5fe85cc change WebhookAuthenticator TLSConnectionNegotiationValid to ConnectionProbeValid 2024-03-19 18:00:40 -04:00
Joshua Casey
90e7343fb5 Add IPv6 test to WebhookAuthenticator ctrl tests 
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2024-03-19 16:48:08 -04:00
Benjamin A. Petersen
5c0d67dc50 refactor WebhookAuthenticator newWebhookAuthenticator func 2024-03-19 16:48:08 -04:00
Benjamin A. Petersen
b6512bcbb6 add WebhookCacheFiller updateStatus tests 2024-03-19 16:48:07 -04:00
Benjamin A. Petersen
097e6d5340 Always pass spec to CreateTestWebhookAuthenticator 2024-03-19 16:48:07 -04:00
Benjamin A. Petersen
a45a537cdb Improve JWTAuthenticator validation of Issuer,Discovery 2024-03-19 16:48:06 -04:00
Benjamin A. Petersen
0467e5c1d5 Refactor logLines to SplitByNewline, deduplicate 2024-03-19 16:48:06 -04:00
Benjamin A. Petersen
337459feb0 Update webhook status integration tests 
- total api fields test 260->261
 2024-03-19 16:48:05 -04:00
Benjamin A. Petersen
590e2d18f7 Add WebhookAuthenticator integration tests, expand unit tests 
- Add WebhookAuthenticator unit tests, update generated code
- Add validateTLSNegotiation(), update tests
- Update validateTLSNegotiation, add unit tests, factor out helpers
- Update generated code
 2024-03-19 16:48:05 -04:00
Benjamin A. Petersen
ef36b454ba Improve WebhookAuthenticator Status and Validations 
- Validate TLS Configuration
- Validate Endpoint
- Validate TLS Negotiation
  - Report status handshake negotiation with webhook
- Unit tests
- Integration tests
 2024-03-19 16:48:03 -04:00
Joshua Casey
bc8aebeffe Use go.uber.org/mock instead of github.com/golang/mock and rerun mock generation 2024-03-11 13:42:30 -05:00
Benjamin A. Petersen
e8482ab9e9 Update jwtauthenticator unit tests to check actions 
- Add test to verify timestamps are particularly updated
- Improve diff output in tests for actions
- Make jwtauthenticator status tests parallel
- Update copyright headers in multiple files
 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
42acf8dcce Add Status & tests for jwks key fetching 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
1c7e7048a8 Update copyright year in modified files 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
73e4d3144b Add integration tests for JWTAuthenticators 
- paired with changes to e2e_test.go, adds Status.Condition assertions
  around JWTAuthenticators
 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
084c3114f4 Improve jwtcachefiller tests 
- some format updates
- add timestamp to test
- fix order of expect,actual in some assertions
- remove some commented code no longer needed
 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
47639340ec extract status comparison test helpers 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
a4447fa606 Add .Status to JWTAuthenticator with Conditions,Phase 
- "Ready" condition & supporting conditions
- Legacy "Phase" for convenience
- Refactor newCachedJWTAuthenticator() func
  to improve ability to provide additional conditions
- Update JWTAuthenticator.Status type
- Update RBAC for SA to get/watch/update JWTAuthenticator.Status
- Update logger to plog, add tests for logs & statuses
- update Sync() to reduce enqueue when error is config/user managed, perhaps remove validateJWKSResponse()
 2024-02-27 15:45:32 -08:00
Ryan Richard
c7299f4daf Update dependencies, including Kube packages to v0.29.0 2024-01-04 12:30:22 -08:00
Ryan Richard
ca5ad85bbd Switch from gopkg.in/square/go-jose.v2 to github.com/go-jose/go-jose/v3 
Made the switch wherever possible, but since fosite still uses the old
gopkg.in/square/go-jose.v2 there was one test where we still need to use
it as a direct dependency.
 2023-12-04 11:05:12 -08:00
Ryan Richard
a1a99b9eeb Replace usages of deprecated funcs from the wait pkg 2023-05-10 11:41:11 -07:00
Ryan Richard
c6e4133c5e Accept both old and new cert error strings on MacOS in test assertions 
Used this as an opportunity to refactor how some tests were
making assertions about error strings.

New test helpers make it easy for an error string to be expected as an
exact string, as a string built using sprintf, as a regexp, or as a
string built to include the platform-specific x509 error string.

All of these helpers can be used in a single `wantErr` field of a test
table. They can be used for both unit tests and integration tests.

Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-01-20 15:01:36 -08:00
Ryan Richard
8d8f980e86 Merge branch 'main' into dynamic_clients 2022-08-26 11:35:35 -07:00
Ryan Richard
c6c2c525a6 Upgrade the linter and fix all new linter warnings 
Also fix some tests that were broken by bumping golang and dependencies
in the previous commits.

Note that in addition to changes made to satisfy the linter which do not
impact the behavior of the code, this commit also adds ReadHeaderTimeout
to all usages of http.Server to satisfy the linter (and because it
seemed like a good suggestion).
 2022-08-24 14:45:55 -07:00