Ryan Richard
106a480dad
JWTAuthenticator must reload when spec.audience or spec.claims changes
2024-11-04 12:49:18 -08:00
Joshua Casey
590f001f17
Run go generate with new version of mock library
2024-10-23 09:09:41 -05:00
Ryan Richard
e37d1444c4
bump to github.com/google/go-github/v66
2024-10-15 14:06:34 -07:00
Ryan Richard
f36298c542
use required headers for GitHub API connection probe request
2024-10-14 11:12:34 -07:00
Ryan Richard
dc195536d0
also use port number when checking https proxy for WebhookAuthenticator
2024-10-11 14:49:46 -07:00
Ryan Richard
4d2bbac674
use .cluster.local address for LUA (squid cannot resolve .svc addresses)
2024-10-10 14:44:14 -07:00
Ryan Richard
4f661aaa69
pay attention to web proxy settings during connection probes
...
- WebhookAuthenticator will now detect the proxy setting and skip
dialing the connection probe if it should go through a proxy
- GitHubIdentityProvider will avoid using tls.Dial altogether
by instead making a real request to the GitHub API as its
connection probe, because this will respect the proxy settings
2024-10-10 10:41:31 -07:00
Joshua T Casey
629f89d95b
Check TLS bundle before dialing for performance reasons, and add godoc to clarify intent
...
Signed-off-by: Ryan Richard <richardry@vmware.com >
2024-10-02 14:54:30 -05:00
Joshua Casey
01c2377de0
Refactor tests to use a table
2024-09-24 14:45:07 -05:00
Ashish Amarnath
0fab37c089
Update internal/crypto/ptls/dialer_test.go
...
ignore lint error on nil context in unit test validating nil context
2024-09-24 14:14:48 -05:00
Joshua Casey
f7fd209f29
Address PR feedback
2024-09-24 14:14:48 -05:00
Joshua Casey
76a116641f
Add ptls.Dialer to provide some common configuration for tls.Dial operations
2024-09-24 14:14:48 -05:00
Ashish Amarnath
ab2c2e30cb
refactor and fix comments
...
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com >
2024-09-19 13:38:12 -07:00
Joshua Casey
702d5bdc01
Bump golangci-lint to 1.61.0
2024-09-10 15:14:53 -05:00
Joshua Casey
08abff1cae
Bump golanglint-ci to 1.60.3
2024-09-04 20:52:01 -05:00
Joshua Casey
c87f091a44
Upcoming k8s versions have an additional extra field in the CSR response
...
- failure due to https://github.com/kubernetes/kubernetes/pull/125634
2024-09-04 11:23:11 -05:00
Joshua Casey
6c97600174
Merge branch 'main' into log_msg_level
2024-09-03 06:22:09 -05:00
Joshua Casey
b78e2c7ded
Update comments for testing
2024-08-27 13:26:40 -05:00
Joshua Casey
9b3bcca15e
Add test to confirm that pversion.Get() returns something that utilversion.NewEffectiveVersion can consume
2024-08-27 13:26:40 -05:00
Joshua Casey
f7f25a8815
Refactor pversion_test to use a test table
2024-08-27 13:26:39 -05:00
Joshua Casey
94809ee396
Use a real binary version when setting up the aggregated API servers
2024-08-27 13:26:39 -05:00
Joshua Casey
2a6a0d2997
Refactor certauthority_test to not need pool.Subjects()
2024-08-27 13:26:39 -05:00
Joshua Casey
05098c68f6
Refactor kubeclient_test to not use pool.Subjects()
2024-08-27 13:26:39 -05:00
Joshua Casey
a1dafcf45a
Refactor provider_test to not use pool.Subjects()
2024-08-27 13:26:39 -05:00
Joshua Casey
0ee8ee80e1
Use sha256.Size
2024-08-27 13:26:39 -05:00
Joshua Casey
436112252d
Lint fixes
2024-08-27 13:26:39 -05:00
Joshua Casey
8bd9b94d0a
Impersonator server should take in a cancellable context instead of a stop channel
2024-08-27 13:26:39 -05:00
Joshua Casey
504f0dc26f
Fix some unit tests
2024-08-27 13:26:38 -05:00
Joshua Casey
f09b3c2f72
Bump K8s libs to 1.31 and fix compilation errors
2024-08-27 13:26:38 -05:00
Ryan Richard
f194594e5b
failed token exchanges should show in log at default log config
2024-08-22 10:09:19 -07:00
Ryan Richard
376b83050a
upgrade linter and fix new lint errors
2024-08-19 15:45:32 -07:00
Joshua Casey
d0f5c2c7ab
Merge branch 'main' into jtc/refactor-conditions-util
2024-08-09 11:22:59 -05:00
Ryan Richard
5e6f6a1c50
support alternate controller-manager flags in kubecertagent controller
2024-08-08 15:52:50 -07:00
Joshua Casey
bab8b54ed8
Update godoc
2024-08-08 10:38:12 -05:00
Joshua Casey
4bd5db14b4
Refactor branching logic when using an early return
2024-08-08 08:12:41 -05:00
Joshua Casey
4a9136040c
Refactor to make it obvious that newCondition is a copy
2024-08-08 08:12:41 -05:00
Joshua Casey
8b97414f3d
Refactor to simplify logic
2024-08-08 08:12:41 -05:00
Joshua Casey
1e8e9ecc98
Refactor to use slices helpers instead of harder-to-read loops
2024-08-08 08:12:41 -05:00
Joshua Casey
2d8ab9ff5d
Refactor variable name for clarity
2024-08-08 08:12:41 -05:00
Joshua Casey
17f66331ea
Refactor parameter names for clarity
2024-08-08 08:12:41 -05:00
Joshua Casey
6bf30bc6b5
Backfill test for existing exported function HadErrorCondition
2024-08-08 08:12:41 -05:00
Joshua Casey
f798777a3b
Refactor: reorder parameters to MergeConditions
2024-08-08 08:12:41 -05:00
Ryan Richard
6b49cd7d28
add Unknown SearchBaseFound status condition for AD only
2024-08-06 16:08:25 -07:00
Joshua Casey
afa3aa2232
LDAP and AD IDPs now always report condition with type LDAPConnectionValid, even if the status is unknown
...
Co-authored-by: Ryan Richard <richardry@vmware.com >
2024-08-06 16:08:25 -07:00
Joshua Casey
1c59a41cc5
Remove some dead code from LDAP/AD controllers
2024-08-06 16:08:25 -07:00
Joshua Casey
0626b22c70
OIDC Upstream Watcher now reports condition OIDCDiscoverySucceeded with status Unknown if TLS validation fails
2024-08-06 16:08:25 -07:00
Ryan Richard
7483de5e90
upgrade github.com/google/go-github from v62 to v63
2024-08-06 13:45:38 -07:00
Ryan Richard
229b6a262e
when dialing github to test connection, dial api.github.com
...
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com >
2024-08-06 08:58:30 -07:00
Ashish Amarnath
b70db9dc03
refactor to use new certificateAuthorityDataSourceKind enum
...
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com >
2024-08-05 11:32:21 -07:00
Ryan Richard
e0235ed190
update docs and change struct name in types_tls.go.tmpl files
...
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com >
2024-08-05 11:32:21 -07:00
