mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-08 15:21:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,461 Commits 20 Branches 50 Tags
a308f3f22afffff902124f1969c5e8c24e91cb36
Commit Graph

1406 Commits

Author SHA1 Message Date
Ryan Richard
a308f3f22a audit log: keep key ordering in personalInfo, render nil slices and maps 2024-11-27 13:53:01 -06:00
Ryan Richard
c5f4cce3ae make Audit() take struct as param for all optional params and redact PII 2024-11-27 13:53:01 -06:00
Ryan Richard
ced8686d11 add config for audit logging, remove Audit() from Logger interface 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:01 -06:00
Joshua Casey
76f6b725b8 Fix some rebase conflicts 2024-11-27 13:53:01 -06:00
Joshua Casey
f9e1dd4bec Backfill unit tests for garbage_collector audit logging 2024-11-27 13:53:01 -06:00
Joshua Casey
f4f393e5de Audit event 'HTTP Request Completed' will now log the location with err, error, and error_description query parameters 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-11-27 13:53:01 -06:00
Joshua Casey
2db5dda266 Add last audit log unit tests to auth_handler 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-11-27 13:53:01 -06:00
Ryan Richard
8cf9c59957 refactor to move audit event message types to their own pkg 2024-11-27 13:53:01 -06:00
Ryan Richard
088556193d auth handler audit logs headers and params when http method is wrong 
also refactor some related code into a helper, and fix linter errors
 2024-11-27 13:53:01 -06:00
Joshua Casey
18d3ab3d15 The 'HTTP Request Parameters' audit event now logs params as a JSON object 2024-11-27 13:53:01 -06:00
Joshua Casey
dc6faa33bb Log params to token_handler endpoint even during error cases 2024-11-27 13:53:01 -06:00
Joshua Casey
0d22ae2c1a Fix lint and unit test compilation 2024-11-27 13:53:01 -06:00
Joshua Casey
362d982906 Start to backfill some audit unit tests for the token_handler 2024-11-27 13:53:01 -06:00
Ryan Richard
1006dd9379 resolve some todos 2024-11-27 13:53:01 -06:00
Joshua Casey
369316556a Add configuration to audit internal endpoints and backfill unit tests 2024-11-27 13:53:01 -06:00
Joshua Casey
cf4b29de4b Clarify docs 2024-11-27 13:53:00 -06:00
Joshua Casey
09ca7920ea Extract testutil helper function 2024-11-27 13:53:00 -06:00
Joshua Casey
9994e033b2 Add audit event tests for login_handler 2024-11-27 13:53:00 -06:00
Joshua Casey
dd56f2b47f Add audit event tests for callback_handler 2024-11-27 13:53:00 -06:00
Joshua Casey
dd42f35db0 plog.TestLogger returns a buffer that holds the logs 
# Conflicts:
#	internal/controller/apicerts/certs_expirer_test.go
#	internal/plog/plog_test.go
#	internal/plog/testing.go
#	pkg/oidcclient/login_test.go
 2024-11-27 13:53:00 -06:00
Joshua Casey
a67af9455b Refactor: don't copy the loop variable in test loops 2024-11-27 13:53:00 -06:00
Joshua Casey
d729c82f84 fix lint 2024-11-27 13:53:00 -06:00
Joshua Casey
44e218194b Add 'AuthorizeID From Parameters' audit logs to the /callback and /login endpoints 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-11-27 13:53:00 -06:00
Joshua Casey
bf1e37f149 Use a helper to verify audit messages 2024-11-27 13:53:00 -06:00
Joshua Casey
aee56c388f Check the sessionID as well 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-11-27 13:53:00 -06:00
Joshua Casey
fd5a10bee7 WIP: Add audit event when upstream redirect occurs and backfill tests 2024-11-27 13:53:00 -06:00
Joshua Casey
b20e890f15 Add testutil.RequireLogLines to verify multiple log lines at once 2024-11-27 13:53:00 -06:00
Ryan Richard
4f9530eec7 audit logging WIP 2024-11-27 13:53:00 -06:00
Ryan Richard
e44d70b41d kube cert agent controller avoids unschedulable nodes when possible 2024-11-25 14:20:12 -08:00
Joshua Casey
0c131f11f8 plog.TestLogger returns a buffer instead of taking one in 2024-11-07 17:46:01 -06:00
Ryan Richard
106a480dad JWTAuthenticator must reload when spec.audience or spec.claims changes 2024-11-04 12:49:18 -08:00
Joshua Casey
590f001f17 Run go generate with new version of mock library 2024-10-23 09:09:41 -05:00
Ryan Richard
e37d1444c4 bump to github.com/google/go-github/v66 2024-10-15 14:06:34 -07:00
Ryan Richard
f36298c542 use required headers for GitHub API connection probe request 2024-10-14 11:12:34 -07:00
Ryan Richard
dc195536d0 also use port number when checking https proxy for WebhookAuthenticator 2024-10-11 14:49:46 -07:00
Ryan Richard
4d2bbac674 use .cluster.local address for LUA (squid cannot resolve .svc addresses) 2024-10-10 14:44:14 -07:00
Ryan Richard
4f661aaa69 pay attention to web proxy settings during connection probes 
- WebhookAuthenticator will now detect the proxy setting and skip
  dialing the connection probe if it should go through a proxy
- GitHubIdentityProvider will avoid using tls.Dial altogether
  by instead making a real request to the GitHub API as its
  connection probe, because this will respect the proxy settings
 2024-10-10 10:41:31 -07:00
Joshua T Casey
629f89d95b Check TLS bundle before dialing for performance reasons, and add godoc to clarify intent 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2024-10-02 14:54:30 -05:00
Joshua Casey
01c2377de0 Refactor tests to use a table 2024-09-24 14:45:07 -05:00
Ashish Amarnath
0fab37c089 Update internal/crypto/ptls/dialer_test.go 
ignore lint error on nil context in unit test validating nil context
 2024-09-24 14:14:48 -05:00
Joshua Casey
f7fd209f29 Address PR feedback 2024-09-24 14:14:48 -05:00
Joshua Casey
76a116641f Add ptls.Dialer to provide some common configuration for tls.Dial operations 2024-09-24 14:14:48 -05:00
Ashish Amarnath
ab2c2e30cb refactor and fix comments 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-09-19 13:38:12 -07:00
Joshua Casey
702d5bdc01 Bump golangci-lint to 1.61.0 2024-09-10 15:14:53 -05:00
Joshua Casey
08abff1cae Bump golanglint-ci to 1.60.3 2024-09-04 20:52:01 -05:00
Joshua Casey
c87f091a44 Upcoming k8s versions have an additional extra field in the CSR response 
- failure due to https://github.com/kubernetes/kubernetes/pull/125634
 2024-09-04 11:23:11 -05:00
Joshua Casey
6c97600174 Merge branch 'main' into log_msg_level 2024-09-03 06:22:09 -05:00
Joshua Casey
b78e2c7ded Update comments for testing 2024-08-27 13:26:40 -05:00
Joshua Casey
9b3bcca15e Add test to confirm that pversion.Get() returns something that utilversion.NewEffectiveVersion can consume 2024-08-27 13:26:40 -05:00
Joshua Casey
f7f25a8815 Refactor pversion_test to use a test table 2024-08-27 13:26:39 -05:00