mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-09 23:48:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,892 Commits 21 Branches 50 Tags
afb032f8f9a4eaa33e5121db51e2b86c96e6b330
Commit Graph

543 Commits

Author SHA1 Message Date
Benjamin A. Petersen
c43193a0c8 Merge branch 'main' into github_identity_provider 2024-05-01 12:15:08 -04:00
Benjamin A. Petersen
6424f45c19 Add IDP Discovery integration test for GitHub 2024-04-29 14:57:14 -04:00
Joshua Casey
9c2df74e54 Adjust to new K8s 1.30 API 2024-04-26 11:54:53 -07:00
Benjamin A. Petersen
cd86d57763 review cleanup, remove TODOs 2024-04-25 17:02:07 -04:00
Benjamin A. Petersen
79d0e74056 Fix github_upstream_watcher so GitHub is listed in Supervisor idp discovery doc 2024-04-25 17:02:06 -04:00
Benjamin A. Petersen
7968ed6d69 Allow GitHubIdentityProvider IDP type by FederationDomainWatcher 2024-04-25 17:02:05 -04:00
Benjamin A. Petersen
44edba6f75 Add tests for Github in FederationDomain ListerFinder 2024-04-25 17:01:57 -04:00
Ryan Richard
5dbf05c31d Update the session storage versions due to new ID token lifetime field 2024-04-24 14:13:41 -07:00
Joshua Casey
14b1b7c862 Polish up the github_upstream_watcher: default and verify spec.claims correctly 2024-04-24 13:37:40 -05:00
Joshua Casey
c8b90df6f1 Inline using phttp.Default 2024-04-23 18:06:26 -05:00
Joshua Casey
fe5d037600 Merge branch 'main' into jtc/merge-main-5fe94c4e-into-github 2024-04-23 12:42:07 -05:00
Ryan Richard
1d8310ed44 clarify error message for when there is no healthy controller manager 2024-04-22 09:29:37 -07:00
Ryan Richard
0ef98f0558 Use new helpers to assert that all webhook dials use ptls settings 2024-04-19 11:15:59 -07:00
Joshua Casey
94bee9e882 Remove testutil.TLSTestServerWithCert in favor of the testutil/tlsserver package 2024-04-19 10:30:23 -05:00
Joshua Casey
da135d9958 Webhookcachefiller now uses a real tls.Dial, which means we can test IPv6 2024-04-19 09:24:17 -05:00
Ryan Richard
e048859afd Use ptls package when calling webhook during authentication 2024-04-18 16:00:57 -07:00
Ryan Richard
8c081c50d4 Use ptls package to determine TLS config when probing webhook for status 2024-04-18 12:55:49 -07:00
Joshua Casey
c9b61ef010 Populate internal GitHub IDP Config from CRD 2024-04-16 14:33:01 -05:00
Benjamin A. Petersen
e2db152c6c Stub in TestUpstreamGithubIdentityProvider for unit tests 2024-04-02 13:59:11 -04:00
Benjamin A. Petersen
5c490e999d Stub in unit tests for github_upstream_watcher 2024-04-02 12:38:06 -04:00
Benjamin A. Petersen
a11e1527f0 Add github-upstream-observer Controller 2024-04-02 10:53:26 -04:00
Benjamin A. Petersen
c6b0820438 Fix some utils, spacing, func naming, test inputs, etc. 2024-03-26 16:22:51 -04:00
Benjamin A. Petersen
f86c46e160 Update WebhookAuthenticator Status WebhookConnectionValid 
- ConnectionProbeValid -> WebhookConnectionValid
  - This is to conform with the pattern of other controllers, ex:
    LDAPConnectionValid
 2024-03-26 15:33:44 -04:00
Benjamin A. Petersen
e38a27d93d Add endpointaddr.ParseFromURL helper, WebhookAuthenticator handle additional IPv6 cases 2024-03-22 15:57:57 -04:00
Benjamin A. Petersen
b0904c2e99 change TestNewWebhookAuthenticator to test table style 2024-03-20 11:39:55 -04:00
Benjamin A. Petersen
bec5fe85cc change WebhookAuthenticator TLSConnectionNegotiationValid to ConnectionProbeValid 2024-03-19 18:00:40 -04:00
Joshua Casey
90e7343fb5 Add IPv6 test to WebhookAuthenticator ctrl tests 
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2024-03-19 16:48:08 -04:00
Benjamin A. Petersen
5c0d67dc50 refactor WebhookAuthenticator newWebhookAuthenticator func 2024-03-19 16:48:08 -04:00
Benjamin A. Petersen
b6512bcbb6 add WebhookCacheFiller updateStatus tests 2024-03-19 16:48:07 -04:00
Benjamin A. Petersen
097e6d5340 Always pass spec to CreateTestWebhookAuthenticator 2024-03-19 16:48:07 -04:00
Benjamin A. Petersen
a45a537cdb Improve JWTAuthenticator validation of Issuer,Discovery 2024-03-19 16:48:06 -04:00
Benjamin A. Petersen
0467e5c1d5 Refactor logLines to SplitByNewline, deduplicate 2024-03-19 16:48:06 -04:00
Benjamin A. Petersen
337459feb0 Update webhook status integration tests 
- total api fields test 260->261
 2024-03-19 16:48:05 -04:00
Benjamin A. Petersen
590e2d18f7 Add WebhookAuthenticator integration tests, expand unit tests 
- Add WebhookAuthenticator unit tests, update generated code
- Add validateTLSNegotiation(), update tests
- Update validateTLSNegotiation, add unit tests, factor out helpers
- Update generated code
 2024-03-19 16:48:05 -04:00
Benjamin A. Petersen
ef36b454ba Improve WebhookAuthenticator Status and Validations 
- Validate TLS Configuration
- Validate Endpoint
- Validate TLS Negotiation
  - Report status handshake negotiation with webhook
- Unit tests
- Integration tests
 2024-03-19 16:48:03 -04:00
Joshua Casey
bc8aebeffe Use go.uber.org/mock instead of github.com/golang/mock and rerun mock generation 2024-03-11 13:42:30 -05:00
Benjamin A. Petersen
e8482ab9e9 Update jwtauthenticator unit tests to check actions 
- Add test to verify timestamps are particularly updated
- Improve diff output in tests for actions
- Make jwtauthenticator status tests parallel
- Update copyright headers in multiple files
 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
42acf8dcce Add Status & tests for jwks key fetching 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
1c7e7048a8 Update copyright year in modified files 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
73e4d3144b Add integration tests for JWTAuthenticators 
- paired with changes to e2e_test.go, adds Status.Condition assertions
  around JWTAuthenticators
 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
084c3114f4 Improve jwtcachefiller tests 
- some format updates
- add timestamp to test
- fix order of expect,actual in some assertions
- remove some commented code no longer needed
 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
47639340ec extract status comparison test helpers 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
fd14a5794e ldap upstream watcher: rename local var for clarity 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
a4447fa606 Add .Status to JWTAuthenticator with Conditions,Phase 
- "Ready" condition & supporting conditions
- Legacy "Phase" for convenience
- Refactor newCachedJWTAuthenticator() func
  to improve ability to provide additional conditions
- Update JWTAuthenticator.Status type
- Update RBAC for SA to get/watch/update JWTAuthenticator.Status
- Update logger to plog, add tests for logs & statuses
- update Sync() to reduce enqueue when error is config/user managed, perhaps remove validateJWKSResponse()
 2024-02-27 15:45:32 -08:00
Ryan Richard
1bc13e94f7 Refactor to extract interface for upstream IDP interactions 
Create an interface to abstract the upstream IDP from the
authorize, IDP discovery, callback, choose IDP, and login
endpoints. This commit does not refactor the token endpoint,
which will be refactored in a similar way in the next commit.
 2024-02-20 09:26:34 -08:00
Ryan Richard
cf82cf996e Adjust tests and comments for upgrade to latest version of fosite 2024-02-13 10:16:41 -08:00
Ryan Richard
c7299f4daf Update dependencies, including Kube packages to v0.29.0 2024-01-04 12:30:22 -08:00
Ryan Richard
e1954b1df9 update session storage version from 5 to 6 due to fosite upgrade 
A small part of the session storage changed type in the latest version
of fosite compared to the old version of fosite that we were using.
Just to be safe, update our session storage version to invalidate
any pre-existing sessions upon upgrade of Pinniped.
 2023-12-04 14:49:22 -08:00
Ryan Richard
ca5ad85bbd Switch from gopkg.in/square/go-jose.v2 to github.com/go-jose/go-jose/v3 
Made the switch wherever possible, but since fosite still uses the old
gopkg.in/square/go-jose.v2 there was one test where we still need to use
it as a direct dependency.
 2023-12-04 11:05:12 -08:00
Ryan Richard
7616799adb Minor refactors in legacy SA token Secret cleanup controller 2023-11-30 16:40:21 -08:00