4475 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Ryan Richard	c2018717b6	audit log OIDCClientSecretRequests	2024-11-27 13:53:02 -06:00
Joshua Casey	f388513145	resolve TODO by adding docs	2024-11-27 13:53:02 -06:00
Ryan Richard	c16ebe1707	add unit test for audit logging when token refresh updates groups	2024-11-27 13:53:02 -06:00
Ryan Richard	b54365c199	audit log request params on GET and POST login handlers	2024-11-27 13:53:02 -06:00
Ryan Richard	51d1cc7a96	refactor and add unit test for AuditRequestParams()	2024-11-27 13:53:02 -06:00
Ryan Richard	c06141c871	token handler uses common method to audit HTTP request parameters	2024-11-27 13:53:02 -06:00
Ryan Richard	eab3fde3af	introduce common method to audit HTTP request parameters	2024-11-27 13:53:02 -06:00
Joshua Casey	de7781b7f9	Use correct caller when generating audit events	2024-11-27 13:53:02 -06:00
Joshua Casey	611de03e01	Add audit event 'Incorrect Username Or Password' to auth_handler and audit event 'Using Upstream IDP' to callback_handler	2024-11-27 13:53:01 -06:00
Joshua Casey	de722332b1	Add audit logging to post_login_handler	2024-11-27 13:53:01 -06:00
Ryan Richard	438ca437ec	tokencredentialrequest audit logs failed requests	2024-11-27 13:53:01 -06:00
Ryan Richard	e21e1326b7	tokencredentialrequest audit logs successful responses ... Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-11-27 13:53:01 -06:00
Joshua Casey	37e12b4024	Start backfilling some audit unit tests in post_login_handler	2024-11-27 13:53:01 -06:00
Ryan Richard	e126ee5495	all callers of Audit() identify which keys may contain PII	2024-11-27 13:53:01 -06:00
Ryan Richard	a308f3f22a	audit log: keep key ordering in personalInfo, render nil slices and maps	2024-11-27 13:53:01 -06:00
Ryan Richard	c5f4cce3ae	make Audit() take struct as param for all optional params and redact PII	2024-11-27 13:53:01 -06:00
Ryan Richard	ced8686d11	add config for audit logging, remove Audit() from Logger interface ... Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-11-27 13:53:01 -06:00
Joshua Casey	76f6b725b8	Fix some rebase conflicts	2024-11-27 13:53:01 -06:00
Joshua Casey	f9e1dd4bec	Backfill unit tests for garbage_collector audit logging	2024-11-27 13:53:01 -06:00
Joshua Casey	f4f393e5de	Audit event 'HTTP Request Completed' will now log the location with err, error, and error_description query parameters ... Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-11-27 13:53:01 -06:00
Joshua Casey	2db5dda266	Add last audit log unit tests to auth_handler ... Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-11-27 13:53:01 -06:00
Ryan Richard	8cf9c59957	refactor to move audit event message types to their own pkg	2024-11-27 13:53:01 -06:00
Ryan Richard	088556193d	auth handler audit logs headers and params when http method is wrong ... also refactor some related code into a helper, and fix linter errors	2024-11-27 13:53:01 -06:00
Joshua Casey	18d3ab3d15	The 'HTTP Request Parameters' audit event now logs params as a JSON object	2024-11-27 13:53:01 -06:00
Joshua Casey	dc6faa33bb	Log params to token_handler endpoint even during error cases	2024-11-27 13:53:01 -06:00
Joshua Casey	0d22ae2c1a	Fix lint and unit test compilation	2024-11-27 13:53:01 -06:00
Joshua Casey	362d982906	Start to backfill some audit unit tests for the token_handler	2024-11-27 13:53:01 -06:00
Ryan Richard	1006dd9379	resolve some todos	2024-11-27 13:53:01 -06:00
Joshua Casey	369316556a	Add configuration to audit internal endpoints and backfill unit tests	2024-11-27 13:53:01 -06:00
Joshua Casey	cf4b29de4b	Clarify docs	2024-11-27 13:53:00 -06:00
Joshua Casey	09ca7920ea	Extract testutil helper function	2024-11-27 13:53:00 -06:00
Joshua Casey	9994e033b2	Add audit event tests for login_handler	2024-11-27 13:53:00 -06:00
Joshua Casey	dd56f2b47f	Add audit event tests for callback_handler	2024-11-27 13:53:00 -06:00
Ryan Richard	4df043a91c	document audit logging	2024-11-27 13:53:00 -06:00
Ryan Richard	d020de4b3d	update fips reference doc	2024-11-27 13:53:00 -06:00
Joshua Casey	dd42f35db0	plog.TestLogger returns a buffer that holds the logs ... # Conflicts: # internal/controller/apicerts/certs_expirer_test.go # internal/plog/plog_test.go # internal/plog/testing.go # pkg/oidcclient/login_test.go	2024-11-27 13:53:00 -06:00
Joshua Casey	a67af9455b	Refactor: don't copy the loop variable in test loops	2024-11-27 13:53:00 -06:00
Joshua Casey	d729c82f84	fix lint	2024-11-27 13:53:00 -06:00
Joshua Casey	44e218194b	Add 'AuthorizeID From Parameters' audit logs to the /callback and /login endpoints ... Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-11-27 13:53:00 -06:00
Joshua Casey	bf1e37f149	Use a helper to verify audit messages	2024-11-27 13:53:00 -06:00
Joshua Casey	aee56c388f	Check the sessionID as well ... Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-11-27 13:53:00 -06:00
Joshua Casey	fd5a10bee7	WIP: Add audit event when upstream redirect occurs and backfill tests	2024-11-27 13:53:00 -06:00
Joshua Casey	b20e890f15	Add testutil.RequireLogLines to verify multiple log lines at once	2024-11-27 13:53:00 -06:00
Ryan Richard	4f9530eec7	audit logging WIP	2024-11-27 13:53:00 -06:00
Joshua Casey	615b60bd37	Merge pull request #2143 from vmware-tanzu/rr/kube-cert-agent-for-unschedulable-nodes ... Cert agent controller avoids locating the agent pod on unschedulable nodes when possible	2024-11-27 12:27:33 -06:00
Joshua Casey	e61afcd109	Merge branch 'main' into rr/kube-cert-agent-for-unschedulable-nodes	2024-11-27 10:05:20 -06:00
Joshua Casey	6ac5446940	Merge pull request #2142 from vmware-tanzu/pinny/bump-deps ... Bump dependencies	2024-11-27 09:46:46 -06:00
Pinny	0706681180	Bump dependencies	2024-11-27 14:03:34 +00:00
Ryan Richard	e44d70b41d	kube cert agent controller avoids unschedulable nodes when possible	2024-11-25 14:20:12 -08:00
Joshua Casey	4bf810cb8f	Merge pull request #2139 from vmware-tanzu/pinny/bump-deps ... Bump dependencies	2024-11-21 12:13:23 -06:00