mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-05 21:15:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,678 Commits 19 Branches 50 Tags
c600cf79498fa340480a34720cf8d2d0a8840bdc
Commit Graph

665 Commits

Author SHA1 Message Date
Benjamin A. Petersen
b6512bcbb6 add WebhookCacheFiller updateStatus tests 2024-03-19 16:48:07 -04:00
Benjamin A. Petersen
097e6d5340 Always pass spec to CreateTestWebhookAuthenticator 2024-03-19 16:48:07 -04:00
Benjamin A. Petersen
a45a537cdb Improve JWTAuthenticator validation of Issuer,Discovery 2024-03-19 16:48:06 -04:00
Benjamin A. Petersen
0467e5c1d5 Refactor logLines to SplitByNewline, deduplicate 2024-03-19 16:48:06 -04:00
Benjamin A. Petersen
337459feb0 Update webhook status integration tests 
- total api fields test 260->261
 2024-03-19 16:48:05 -04:00
Benjamin A. Petersen
590e2d18f7 Add WebhookAuthenticator integration tests, expand unit tests 
- Add WebhookAuthenticator unit tests, update generated code
- Add validateTLSNegotiation(), update tests
- Update validateTLSNegotiation, add unit tests, factor out helpers
- Update generated code
 2024-03-19 16:48:05 -04:00
Benjamin A. Petersen
ef36b454ba Improve WebhookAuthenticator Status and Validations 
- Validate TLS Configuration
- Validate Endpoint
- Validate TLS Negotiation
  - Report status handshake negotiation with webhook
- Unit tests
- Integration tests
 2024-03-19 16:48:03 -04:00
Joshua Casey
bc8aebeffe Use go.uber.org/mock instead of github.com/golang/mock and rerun mock generation 2024-03-11 13:42:30 -05:00
Benjamin A. Petersen
e8482ab9e9 Update jwtauthenticator unit tests to check actions 
- Add test to verify timestamps are particularly updated
- Improve diff output in tests for actions
- Make jwtauthenticator status tests parallel
- Update copyright headers in multiple files
 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
42acf8dcce Add Status & tests for jwks key fetching 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
1c7e7048a8 Update copyright year in modified files 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
73e4d3144b Add integration tests for JWTAuthenticators 
- paired with changes to e2e_test.go, adds Status.Condition assertions
  around JWTAuthenticators
 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
084c3114f4 Improve jwtcachefiller tests 
- some format updates
- add timestamp to test
- fix order of expect,actual in some assertions
- remove some commented code no longer needed
 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
47639340ec extract status comparison test helpers 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
fd14a5794e ldap upstream watcher: rename local var for clarity 2024-02-27 15:45:32 -08:00
Benjamin A. Petersen
a4447fa606 Add .Status to JWTAuthenticator with Conditions,Phase 
- "Ready" condition & supporting conditions
- Legacy "Phase" for convenience
- Refactor newCachedJWTAuthenticator() func
  to improve ability to provide additional conditions
- Update JWTAuthenticator.Status type
- Update RBAC for SA to get/watch/update JWTAuthenticator.Status
- Update logger to plog, add tests for logs & statuses
- update Sync() to reduce enqueue when error is config/user managed, perhaps remove validateJWKSResponse()
 2024-02-27 15:45:32 -08:00
Ryan Richard
1bc13e94f7 Refactor to extract interface for upstream IDP interactions 
Create an interface to abstract the upstream IDP from the
authorize, IDP discovery, callback, choose IDP, and login
endpoints. This commit does not refactor the token endpoint,
which will be refactored in a similar way in the next commit.
 2024-02-20 09:26:34 -08:00
Ryan Richard
cf82cf996e Adjust tests and comments for upgrade to latest version of fosite 2024-02-13 10:16:41 -08:00
Ryan Richard
c7299f4daf Update dependencies, including Kube packages to v0.29.0 2024-01-04 12:30:22 -08:00
Ryan Richard
e1954b1df9 update session storage version from 5 to 6 due to fosite upgrade 
A small part of the session storage changed type in the latest version
of fosite compared to the old version of fosite that we were using.
Just to be safe, update our session storage version to invalidate
any pre-existing sessions upon upgrade of Pinniped.
 2023-12-04 14:49:22 -08:00
Ryan Richard
ca5ad85bbd Switch from gopkg.in/square/go-jose.v2 to github.com/go-jose/go-jose/v3 
Made the switch wherever possible, but since fosite still uses the old
gopkg.in/square/go-jose.v2 there was one test where we still need to use
it as a direct dependency.
 2023-12-04 11:05:12 -08:00
Ryan Richard
7616799adb Minor refactors in legacy SA token Secret cleanup controller 2023-11-30 16:40:21 -08:00
Ryan Richard
5f4645d505 Improve unit tests in tokenclient_test.go 
Also fix a linter error and rename some new files.
 2023-11-30 13:29:52 -08:00
Joshua Casey
2603bbfcd6 Do not use long-lived service account tokens in secrets 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2023-11-30 09:57:57 -08:00
Joshua Casey
b68e7f3e9e Lightly standardize import aliases 2023-11-15 13:52:17 -06:00
Ryan Richard
4b4cc93ae7 specify the container name when fetching keys from kube cert agent pod 
Avoid errors seen when the cluster has been configured to automatically
inject additional sidecar containers into every pod.
 2023-09-18 09:19:57 -07:00
Ryan Richard
a7bd494ec3 update FederationDomain.status.conditions to come from metav1 2023-09-11 13:06:52 -07:00
Ryan Richard
b6f0dc3ba7 Fix conflicts caused from rebasing main into multiple IDPs branch 2023-09-11 11:15:40 -07:00
Ryan Richard
0a21cb6d08 Replace more pointer.String() with the new ptr.To() 2023-09-11 11:14:06 -07:00
Ryan Richard
6d82a11645 CRD already validates that IDP transform constant names are unique 
- Remove that validation from the controller since the CRD already
  validates it during creates and updates.
- Also finish the supervisor_federationdomain_status_test.go by adding
  more tests for both controller validations and CRD validations
 2023-09-11 11:14:05 -07:00
Ryan Richard
bd5cabf0ff fix some here.Doc string indents in federation_domain_watcher_test.go 
To make things visually line up better.
 2023-09-11 11:14:05 -07:00
Ryan Richard
51742366fe wordsmith some FederationDomain status messages 2023-09-11 11:14:05 -07:00
Ryan Richard
5341322071 add integration test for FederationDomain status updates 
- Also fix small bug in controller where it used Sprintf wrong
- Rename WaitForTestFederationDomainStatus test helper to
  WaitForFederationDomainStatusPhase
 2023-09-11 11:14:05 -07:00
Ryan Richard
84041e0c55 add unit test for ApplyIdentityTransformations helper 2023-09-11 11:14:05 -07:00
Ryan Richard
61bb01b31d extract a helper function in federation_domain_watcher.go 
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-09-11 11:14:05 -07:00
Ryan Richard
e42e3ca421 Status condition messages for IDP transforms show index of invalid IDP 2023-09-11 11:14:05 -07:00
Ryan Richard
b89e6d9d93 Make it possible to compare transformation pipelines in unit tests 2023-09-11 11:14:05 -07:00
Ryan Richard
c771328bb1 Validate transforms examples in federation_domain_watcher.go 
Also changes the transformation pipeline code to sort and uniq
the transformed group names at the end of the pipeline. This makes
the results more predicable without changing the semantics.
 2023-09-11 11:14:05 -07:00
Ryan Richard
52925a2a46 Validate transforms expressions in federation_domain_watcher.go 2023-09-11 11:14:05 -07:00
Benjamin A. Petersen
013030041a Add helper for happy/sad conditions to federation_domain_watcher_test.go 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2023-09-11 11:14:05 -07:00
Ryan Richard
617f57e1c9 Validate transforms const names in federation_domain_watcher.go 2023-09-11 11:14:05 -07:00
Ryan Richard
8e169f9702 Validate IDP objectRef kind names in federation_domain_watcher.go 
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-09-11 11:14:05 -07:00
Ryan Richard
32063db46e Validate apiGroup names are valid in federation_domain_watcher.go 2023-09-11 11:14:05 -07:00
Ryan Richard
31d67a1af3 Validate display names are unique in federation_domain_watcher.go 2023-09-11 11:14:05 -07:00
Ryan Richard
a9f2f672c7 Handle some unexpected errors in federation_domain_watcher.go 2023-09-11 11:14:05 -07:00
Ryan Richard
76709892bc Refactor: extract helper functions in federation_domain_watcher.go 
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-09-11 11:14:05 -07:00
Ryan Richard
a38fb16295 Load FederationDomain endpoints before updating its status 
- Avoid a possible race condition where the status says "Ready" but
  the endpoints take another moment to become available, potentially
  casing a fast client to get a 404 after observing that the status
  is "Ready" and then immediately trying to use the endpoints.

Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-09-11 11:14:05 -07:00
Ryan Richard
e334ad6f7e Fix lint errors in federation_domain_watcher.go, and adjust unit test 2023-09-11 11:14:05 -07:00
Ryan Richard
97a374c00b Refactor federation_domain_watcher_test.go and add new test to its table 2023-09-11 11:14:05 -07:00
Benjamin A. Petersen
fe9364c58b Expand IdentityProvidersFound condition in federation_domain_watcher 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2023-09-11 11:14:05 -07:00