mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2025-12-23 06:15:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,524 Commits 21 Branches 49 Tags
b371389c27e1eeeb1c790832304b0e39af4bb51c
Commit Graph

4524 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ryan Richard
b371389c27 Merge pull request #2154 from vmware-tanzu/jtc/fixup-before-audit-release
Some checks failed
CodeQL / Analyze (go) (push) Failing after 1m11s
Details
CodeQL / Analyze (javascript) (push) Failing after 1m9s
Details 
Small fixups prior to releasing audit log story
v0.36.0 		2024-12-09 12:36:49 -08:00
Joshua Casey
87640ca54a Callback endpoint emits audit log with authorizeID even when code param not found 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-12-09 12:47:54 -06:00
Joshua Casey
8322b03d63 Merge pull request #2153 from vmware-tanzu/pinny/bump-deps
Some checks failed
CodeQL / Analyze (go) (push) Failing after 2m2s
Details
CodeQL / Analyze (javascript) (push) Failing after 1m8s
Details 
Bump dependencies
 2024-12-09 10:04:13 -06:00
Pinny
594c3580f2 Bump dependencies 2024-12-09 14:11:21 +00:00
Joshua Casey
0d80c492f1 Merge pull request #2152 from vmware-tanzu/pinny/bump-deps
Some checks failed
CodeQL / Analyze (go) (push) Failing after 2m28s
Details
CodeQL / Analyze (javascript) (push) Failing after 1m29s
Details 
Bump dependencies
 2024-12-05 15:23:10 -06:00
Pinny
1a29cca1ca Bump dependencies 2024-12-05 14:07:26 +00:00
Ryan Richard
b54191f29f Merge pull request #2150 from vmware-tanzu/pinny/bump-deps
Some checks failed
CodeQL / Analyze (go) (push) Failing after 2m32s
Details
CodeQL / Analyze (javascript) (push) Failing after 1m26s
Details 
Bump dependencies
 2024-12-04 13:39:11 -08:00
Pinny
422e4e4785 Bump dependencies 2024-12-04 14:06:21 +00:00
Joshua Casey
4187cc1f61 Merge pull request #2149 from vmware-tanzu/upgrade_majors
Some checks failed
CodeQL / Analyze (go) (push) Failing after 14m1s
Details
CodeQL / Analyze (javascript) (push) Failing after 14m3s
Details 
New hack script to help us upgrade major versions of modules from `go.mod`
 2024-12-03 19:07:28 -06:00
Ryan Richard
ede9e45211 make audit_test.go ignore pod log lines that aren't JSON 2024-12-03 17:20:25 -06:00
Ryan Richard
a36550d94b ran update.sh after updating kube minor versions for codegen 2024-12-03 13:06:15 -06:00
Ryan Richard
7c3870f3fa update kube-versions.txt for new patch versions 2024-12-03 13:05:27 -06:00
Ryan Richard
7ca2796774 update release_checklist.md for new hack script 2024-12-03 13:05:05 -06:00
Ryan Richard
170cc3bba4 ran new hack script to update all majors: updated github mod 2024-12-03 12:52:29 -06:00
Ryan Richard
1980912ebe add hack script to help update major versions of modules 2024-12-03 12:51:40 -06:00
Joshua Casey
1571859d67 Merge pull request #2147 from vmware-tanzu/pinny/bump-deps
Some checks failed
CodeQL / Analyze (go) (push) Failing after 9m3s
Details
CodeQL / Analyze (javascript) (push) Failing after 3m7s
Details 
Bump dependencies
 2024-12-03 11:22:23 -06:00
Pinny
eb4c20a6aa Bump dependencies 2024-12-03 14:04:18 +00:00
Joshua Casey
1154139b91 Merge pull request #2145 from vmware-tanzu/pinny/bump-deps
Some checks failed
CodeQL / Analyze (go) (push) Failing after 14m14s
Details
CodeQL / Analyze (javascript) (push) Failing after 14m10s
Details 
Bump dependencies
 2024-12-02 16:52:50 -06:00
Joshua Casey
28e22d7dd2 Update error text assertion due to change in ory/fosite 
- db74aa7abd
 2024-12-02 11:08:30 -06:00
Joshua Casey
9cfbbb541a Standardize casing in Dockerfiles 2024-12-02 10:00:39 -06:00
Pinny
21bce1cb92 Bump dependencies 2024-12-02 14:10:28 +00:00
Joshua Casey
fe045343ee Merge pull request #2009 from vmware-tanzu/audit_logging
Some checks failed
CodeQL / Analyze (go) (push) Failing after 18m37s
Details
CodeQL / Analyze (javascript) (push) Failing after 2m36s
Details 
Add audit logging for Supervisor and Concierge
 2024-11-27 15:46:34 -06:00
Ryan Richard
df017f9267 attempt to fix a test flake seen sometimes in CI 2024-11-27 13:53:03 -06:00
Ryan Richard
ae5aad178d TokenCredentialRequest uses actual cert expiry time instead of estimate 
and also audit logs both the NotBefore and NotAfter of the issued cert.
Implemented by changing the return type of the cert issuer helpers
to make them also return the NotBefore and NotAfter values of the new
cert, along with the key PEM and cert PEM.
 2024-11-27 13:53:03 -06:00
Ryan Richard
032160a85e simplify single-node.yaml 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:03 -06:00
Ryan Richard
ecd23e86ce callback endpoint renders more useful user-facing error messages 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:03 -06:00
Ryan Richard
51ae782135 fix typo in audit-logging.md 2024-11-27 13:53:03 -06:00
Ryan Richard
54b35c30da rename tokenIdentifier to tokenID in the audit logs 
Because `tokenID` is more consistent with the names of
the other correlation keys.
 2024-11-27 13:53:03 -06:00
Ryan Richard
dfe04c5a58 update audit-logging.md to reflect changes in recent commits 2024-11-27 13:53:03 -06:00
Ryan Richard
4423d472da allow audit correlation between token being issued and being used 2024-11-27 13:53:03 -06:00
Joshua Casey
c803a182be Allow override of audit.log_usernames_and_groups for local debugging 2024-11-27 13:53:02 -06:00
Joshua Casey
bc73505e35 Easily enable kind audit logs with ENABLE_AUDIT_LOGGING=true ./hack/kind-up.sh 2024-11-27 13:53:02 -06:00
Joshua Casey
0a28c818ad Small fixes for integration tests 2024-11-27 13:53:02 -06:00
Joshua Casey
ce2dcbdbb3 simplify godoc 2024-11-27 13:53:02 -06:00
Ryan Richard
1ebe2fcd1a add integration test for personal info showing in login audit logs 2024-11-27 13:53:02 -06:00
Joshua Casey
c7e9ee1c61 Backfill unit tests for paramsSafeToLog 2024-11-27 13:53:02 -06:00
Joshua Casey
51c86795af Backfill unit tests for cmd/pinniped/cmd/audit_id.go 2024-11-27 13:53:02 -06:00
Joshua Casey
8dffd60f0b Backfill unit tests for audit logging from the CLI 2024-11-27 13:53:02 -06:00
Ryan Richard
6bf9b64778 log response audit-id for tokencredentialrequests made from CLI 
Only logged when PINNIPED_DEBUG=true is used.

Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:02 -06:00
Ryan Richard
26ec7fa346 prepare-supervisor-on-kind.sh takes new --api-group-suffix flag 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:02 -06:00
Joshua Casey
60bd118a9c pinniped CLI should print the audit-ID in certain error cases 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-11-27 13:53:02 -06:00
Joshua Casey
b69507f7f3 Add generic audit integration test 2024-11-27 13:53:02 -06:00
Ryan Richard
7d59df0f86 update original audit logging proposal 2024-11-27 13:53:02 -06:00
Ryan Richard
9c0272382f clean up audit logging documentation 2024-11-27 13:53:02 -06:00
Ryan Richard
2de8d9f0f3 cleanup example audit logs to make them prettier 2024-11-27 13:53:02 -06:00
Ryan Richard
d0905c02dd use test helper in rest_test.go to reduce some duplication 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:02 -06:00
Ryan Richard
51fc86f950 don't audit log missing username or password, change query param value 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:02 -06:00
Ryan Richard
76bda12760 update audit-logging.md to resolve todos 2024-11-27 13:53:02 -06:00
Ryan Richard
a84b76e56a audit log session ID in token handler for every grant type 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:02 -06:00
Ryan Richard
c2018717b6 audit log OIDCClientSecretRequests 2024-11-27 13:53:02 -06:00