mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-07 05:57:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,678 Commits 23 Branches 50 Tags
c600cf79498fa340480a34720cf8d2d0a8840bdc
Commit Graph

308 Commits

Author SHA1 Message Date
Ryan Richard
ae5aad178d TokenCredentialRequest uses actual cert expiry time instead of estimate 
and also audit logs both the NotBefore and NotAfter of the issued cert.
Implemented by changing the return type of the cert issuer helpers
to make them also return the NotBefore and NotAfter values of the new
cert, along with the key PEM and cert PEM.
 2024-11-27 13:53:03 -06:00
Joshua Casey
dd42f35db0 plog.TestLogger returns a buffer that holds the logs 
# Conflicts:
#	internal/controller/apicerts/certs_expirer_test.go
#	internal/plog/plog_test.go
#	internal/plog/testing.go
#	pkg/oidcclient/login_test.go
 2024-11-27 13:53:00 -06:00
Joshua Casey
b20e890f15 Add testutil.RequireLogLines to verify multiple log lines at once 2024-11-27 13:53:00 -06:00
Joshua Casey
0c131f11f8 plog.TestLogger returns a buffer instead of taking one in 2024-11-07 17:46:01 -06:00
Ryan Richard
f36298c542 use required headers for GitHub API connection probe request 2024-10-14 11:12:34 -07:00
Ryan Richard
4f661aaa69 pay attention to web proxy settings during connection probes 
- WebhookAuthenticator will now detect the proxy setting and skip
  dialing the connection probe if it should go through a proxy
- GitHubIdentityProvider will avoid using tls.Dial altogether
  by instead making a real request to the GitHub API as its
  connection probe, because this will respect the proxy settings
 2024-10-10 10:41:31 -07:00
Joshua Casey
f7fd209f29 Address PR feedback 2024-09-24 14:14:48 -05:00
Joshua Casey
76a116641f Add ptls.Dialer to provide some common configuration for tls.Dial operations 2024-09-24 14:14:48 -05:00
Joshua Casey
08abff1cae Bump golanglint-ci to 1.60.3 2024-09-04 20:52:01 -05:00
Joshua Casey
504f0dc26f Fix some unit tests 2024-08-27 13:26:38 -05:00
Joshua Casey
f798777a3b Refactor: reorder parameters to MergeConditions 2024-08-08 08:12:41 -05:00
Ryan Richard
6b49cd7d28 add Unknown SearchBaseFound status condition for AD only 2024-08-06 16:08:25 -07:00
Joshua Casey
afa3aa2232 LDAP and AD IDPs now always report condition with type LDAPConnectionValid, even if the status is unknown 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-06 16:08:25 -07:00
Joshua Casey
1c59a41cc5 Remove some dead code from LDAP/AD controllers 2024-08-06 16:08:25 -07:00
Joshua Casey
0626b22c70 OIDC Upstream Watcher now reports condition OIDCDiscoverySucceeded with status Unknown if TLS validation fails 2024-08-06 16:08:25 -07:00
Ryan Richard
229b6a262e when dialing github to test connection, dial api.github.com 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-08-06 08:58:30 -07:00
Ryan Richard
e0235ed190 update docs and change struct name in types_tls.go.tmpl files 
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:21 -07:00
Ryan Richard
9f17ba5ae4 change wording of TLS config loaded success messages 2024-08-05 11:32:20 -07:00
Ashish Amarnath
81d42cb3b9 add unit tests for validatedsettings cache storing ca bundle hash 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>

Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
a888083c50 Introduce type alias CABundleHash for the hash of a CA bundle ([32]byte) 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
fcceeed9fa Refactor tlsconfigutil.CABundle 'getters' to not have 'get' in the name 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
15d0006841 Pull tlsconfigutil.CABundle into a separate file 2024-08-05 11:32:20 -07:00
Ashish Amarnath
005dbf3aa8 refactor tlsconfigutil to return a caBundle type 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ashish Amarnath
a1dcba4731 add unit tests for validatedsettings cache storing ca bundle hash 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ashish Amarnath
2a62beeb5f store ca bundle hash in validated settings cache 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
242fa8afb2 When reading CA bundle from a secret/configmap, return more specific err 
When the bundle does not contain any certs, make the error more
specific.

Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
414ff503ef extract some common condition reason string constants 2024-08-05 11:32:20 -07:00
Ryan Richard
09724cfa71 Add unit test: when discovery is already cached for OIDCIdentityProvider 2024-08-05 11:32:20 -07:00
Ryan Richard
0f103ed2a4 Add unit tests for external CA bundle in oidc_upstream_watcher_test.go 2024-08-05 11:32:19 -07:00
Joshua Casey
d62d6a1f27 Refactor github_controller_watcher to simplify the tls Dial 2024-08-05 11:32:19 -07:00
Joshua Casey
288e092d2e GitHub IDP watcher should not dial an address that has already been validated 2024-08-05 11:32:19 -07:00
Ryan Richard
8060e82745 include external CA bundles in the cache key in oidc_upstream_watcher.go 2024-08-05 11:32:19 -07:00
Joshua Casey
66401b42d8 Add GitHubIDP tests for a CA bundle in a Secret or a ConfigMap 2024-08-05 11:32:19 -07:00
Joshua Casey
2d5943b21a Move conditions reason Success to conditions_util 2024-08-05 11:32:19 -07:00
Joshua Casey
6e9023e090 add code review todos and light refactoring 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
1b7a26d932 test secret and configmap filtering in concierge authenticator controllers 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
199562fd05 get all supervisor unit tests to pass 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
3a969a83b7 update supervisor controllers 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
aab1ee9edc unify TLS Spec between supervisor and concierge 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
080c75efe6 refactor tls spec validation into its own package 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ryan Richard
0380a9ce33 upgrade github.com/go-jose/go-jose and github.com/coreos/go-oidc 
Also standardize some related imports and fix some whitespace in a test
 2024-06-21 11:16:40 -07:00
Joshua Casey
c6463831ac Use plog.Logger instead of logr.Logger wherever possible 2024-06-11 12:47:19 -05:00
Joshua Casey
678be9902a Lint new files from the GitHub branch 2024-06-11 10:16:18 -05:00
Joshua Casey
bafd578866 Merge branch 'main' into jtc/add-importas-linter 2024-06-11 09:39:48 -05:00
Joshua Casey
58b4ecc0aa user sees error msg when GitHub login is denied due to allowed orgs 
Also renamed an interface function from GetName to GetResourceName.

Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-06-03 10:56:28 -07:00
Ryan Richard
6364ac9ac7 change status condition type name to be "ClientCredentialsSecretValid" 
For both GitHubIdentityProvider and OIDCIdentityProvider to make them
consistent with each other.
 2024-05-31 09:59:30 -07:00
Joshua Casey
eee737186f Clean up how lastTransitionTime and observedGeneration are checked in github_upstream_watcher_test 2024-05-30 21:34:29 -05:00
Ryan Richard
f323690049 refactor upstream refresh test helpers to be more specific to IDP type 2024-05-23 13:35:31 -07:00
Ryan Richard
8f8db3f542 Make github org comparison case-insensitive, but return original case 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-05-22 21:21:45 -05:00
Joshua Casey
bdd79a9984 Enforce more imports 
- go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/fake
- go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/fake
- go.pinniped.dev/generated/latest/client/concierge/informers/externalversions
- go.pinniped.dev/generated/latest/client/supervisor/informers/externalversions
 2024-05-21 09:31:15 -05:00