mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-03 11:45:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,768 Commits 21 Branches 50 Tags
c6d8539b8a035d0239cac01287a4dc25fe52cb37
Commit Graph

1471 Commits

Author SHA1 Message Date
Ryan Richard
c51fde6c5a upgrade to github.com/google/go-github/v74 2025-08-28 10:52:36 -07:00
Ryan Richard
577797d569 add new supervisor configmap option to ignore userinfo endpoints by matching issuer URLs 2025-08-27 13:22:17 -07:00
Ryan Richard
e427a5202e add new bool supervisor configmap option to ignore userinfo endpoints 2025-08-27 12:13:15 -07:00
Ryan Richard
4fe8167f60 account for move of repo from vmware-tanzu to vmware on GitHub 2025-08-02 15:08:15 -07:00
Ryan Richard
9c1cc8db50 update github.com/google/go-github and Kube versions in generated code 2025-08-01 13:41:39 -07:00
Ryan Richard
3a02eec765 avoid using t.Context inside t.Cleanup because it is already cancelled 2025-07-30 15:22:20 -07:00
Joshua Casey
1c1b3b7f2e Bump golangci-lint to 2.3.0 and fix issues 2025-07-30 10:25:23 -05:00
Joshua Casey
17cb4c2ee5 Update unit test malformed jwt error messages due to https://github.com/coreos/go-oidc/compare/v3.14.1...v3.15.0 2025-07-30 09:21:37 -05:00
Ryan Richard
83696fd023 improve errors and docs for JWTAuthenticator features, with int tests 2025-07-18 12:22:06 -07:00
Ryan Richard
64e5e20010 add usernameExpression and groupsExpression to JWTAuthenticator CRD 2025-07-16 14:56:44 -07:00
Ryan Richard
2a83d00373 add claimValidationRules, userValidationRules, and claims.extra to JWTAuthenticator CRD 2025-07-16 14:56:44 -07:00
Ryan Richard
96ef1b75a7 update github client, kube versions, linter 2025-07-02 13:31:37 -07:00
Ryan Richard
5258bd542c update test expectation due to dependency bump 2025-07-01 13:46:39 -07:00
Ryan Richard
7276a1df53 add new concierge configuration option kubeCertAgent.priorityClassName 2025-05-16 10:43:13 -05:00
Ryan Richard
e743beac53 upgrade k8s libs to v0.33.0 2025-05-13 11:56:03 -07:00
Joshua Casey
b8e7a64afe Bump libs to k8s.io@v0.32.3, add codegen for k8s 1.32, and drop codegen for k8s 1.25 2025-05-12 16:36:46 -07:00
Ryan Richard
dfc4c38259 upgrade github.com/google/go-github to v71 2025-05-12 15:47:36 -07:00
Ryan Richard
c600cf7949 upgrade linter to latest 2025-05-12 15:19:50 -07:00
Ryan Richard
85c94116ce ignore a new lint warning 2025-04-08 12:55:20 -07:00
Joshua Casey
6057b0c912 Bump to github.com/google/go-github/v70 2025-03-24 10:13:45 -05:00
Ryan Richard
d625ada06a upgrade github.com/google/go-github and k8s.io packages 2025-03-18 12:38:29 -07:00
Ryan Richard
d90b3c23ef introduce new configuration option to disable admission plugin types 2025-03-17 14:49:17 -07:00
Ryan Richard
749633e43c support response_mode=form_post in upstream OIDC IDPs 2025-03-06 15:28:47 -08:00
Ryan Richard
3a6573f89e remove fips_enable_tls13_max_for_default_profile build tag 2025-02-19 11:47:34 -08:00
Ryan Richard
4e04f5b606 remove fips_strict insecure ciphers which do not seem to be in Go 1.24 2025-02-19 08:13:55 -08:00
Ryan Richard
39a86e7d52 upgrade Go linter to current latest 2025-02-18 10:47:24 -08:00
Ryan Richard
8cfc1c08ec allow both TLS v1.2 and v1.3 in fips mode, supported starting in Go 1.24 2025-02-18 10:46:59 -08:00
Joshua Casey
5c39374915 Update code for fosite changes 2025-02-03 10:28:42 -06:00
Joshua Casey
1d873be184 Make sure that CEL errors are checked for the appropriate Kube version 2025-01-27 10:46:55 -06:00
Joshua Casey
31b45525ce Remove deprecated CredentialIssuer.status.kubeConfigInfo 2025-01-27 10:46:55 -06:00
Ryan Richard
abe3391cce use github.Ptr where deprecated github.String and github.Int64 were used 2025-01-14 09:40:48 -08:00
Ryan Richard
6ae27c87f6 upgrade dep to github.com/google/go-github/v68/github 2025-01-14 09:03:06 -08:00
Ryan Richard
7221be5a8a add doc describing all tokens and credentials 2025-01-08 12:35:34 -08:00
Ryan Richard
9619a0f226 change remoteAddr to sourceIPs in Supervisor audit log for incoming reqs 2025-01-06 21:21:01 -06:00
Ryan Richard
4872be0a84 upgrade golangci-lint to v1.63.4 2025-01-06 13:03:46 -08:00
Ryan Richard
b625b4a076 introduce build tags to optionally override some TLS settings 2024-12-20 10:28:32 -08:00
Ryan Richard
90c95866d1 upgrade fosite to v0.49.0 and handle its API changes 2024-12-13 10:17:42 -08:00
Joshua Casey
87640ca54a Callback endpoint emits audit log with authorizeID even when code param not found 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-12-09 12:47:54 -06:00
Ryan Richard
170cc3bba4 ran new hack script to update all majors: updated github mod 2024-12-03 12:52:29 -06:00
Joshua Casey
28e22d7dd2 Update error text assertion due to change in ory/fosite 
- db74aa7abd
 2024-12-02 11:08:30 -06:00
Ryan Richard
ae5aad178d TokenCredentialRequest uses actual cert expiry time instead of estimate 
and also audit logs both the NotBefore and NotAfter of the issued cert.
Implemented by changing the return type of the cert issuer helpers
to make them also return the NotBefore and NotAfter values of the new
cert, along with the key PEM and cert PEM.
 2024-11-27 13:53:03 -06:00
Ryan Richard
ecd23e86ce callback endpoint renders more useful user-facing error messages 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:03 -06:00
Ryan Richard
54b35c30da rename tokenIdentifier to tokenID in the audit logs 
Because `tokenID` is more consistent with the names of
the other correlation keys.
 2024-11-27 13:53:03 -06:00
Ryan Richard
4423d472da allow audit correlation between token being issued and being used 2024-11-27 13:53:03 -06:00
Joshua Casey
ce2dcbdbb3 simplify godoc 2024-11-27 13:53:02 -06:00
Joshua Casey
c7e9ee1c61 Backfill unit tests for paramsSafeToLog 2024-11-27 13:53:02 -06:00
Ryan Richard
6bf9b64778 log response audit-id for tokencredentialrequests made from CLI 
Only logged when PINNIPED_DEBUG=true is used.

Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:02 -06:00
Joshua Casey
60bd118a9c pinniped CLI should print the audit-ID in certain error cases 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-11-27 13:53:02 -06:00
Ryan Richard
d0905c02dd use test helper in rest_test.go to reduce some duplication 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:02 -06:00
Ryan Richard
51fc86f950 don't audit log missing username or password, change query param value 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:02 -06:00