mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-07 14:05:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,180 Commits 23 Branches 50 Tags
ca2dd2d476838557f5c691d6cd12a425e9a38b41
Commit Graph

998 Commits

Author SHA1 Message Date
Ryan Richard
ca2dd2d476 refactor InferSupervisorIssuerURL() func; remove a TODO 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
60f82d2a55 Fix integration test typo 2024-08-05 11:32:20 -07:00
Joshua Casey
4ec5766ea9 Modify Concierge/Superivsor TLS spec integration tests to allow for older K8s versions 2024-08-05 11:32:20 -07:00
Joshua Casey
b7c26c43ca Add LDAPIdentityProvider and ActiveDirectoryIdentityProvider to the Supervisor TLS config static validation integration tests 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
4b2ed52f44 Add GitHubIdentityProvider to the Supervisor TLS config static validation integration tests 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
f381c92f0b Use templates to reduce duplication in concierge_tls_spec_test.go 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
3a303cc8fb Supervisor TLS Spec validation integration tests should use helper method 2024-08-05 11:32:20 -07:00
Joshua Casey
d74c2a6e3f Supervisor TLS spec integration tests should use an OIDC issuer url from the test environment 2024-08-05 11:32:19 -07:00
Joshua Casey
0f9352db3b Integration tests should use a helper func to infer Supervisor's downstream issuer URL 2024-08-05 11:32:19 -07:00
Joshua Casey
afec420ce6 Add JWTAuthenticators to the static validation checks for concierge TLS spec 2024-08-05 11:32:19 -07:00
Joshua Casey
d5e3ad9da0 Concierge external TLS static integration tests use the real URL of the deployed local-user-authenticator 2024-08-05 11:32:19 -07:00
Ryan Richard
a4ad5d68a9 Fix *_tls_spec_test.go for old versions of Kubernetes 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-08-05 11:32:19 -07:00
Ryan Richard
30c0fd479e Fix e2e_test.go 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-08-05 11:32:19 -07:00
Ryan Richard
756966c55b add "Status" printer column to JWTAuthenticator and WebhookAuthenticator 2024-08-05 11:32:19 -07:00
Joshua Casey
bf1c02d328 jwtauthenticator controller redoes validations when external CA bundle changes 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:19 -07:00
Joshua Casey
6e9023e090 add code review todos and light refactoring 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
1b7a26d932 test secret and configmap filtering in concierge authenticator controllers 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
cb4b63f8b3 integration tests for concierge authenticators 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
8eb15a924f integration tests for supervisor oidc, ldap, activedirectory IDP 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
821a893f70 integration tests for supervisor oidc, ldap, activedirectory IDP 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
afcd80de37 more integration tests pass 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
90e8cc86c2 integration tests pass 2024-08-05 11:32:19 -07:00
Ashish Amarnath
199562fd05 get all supervisor unit tests to pass 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
7e6dadb508 add CRD validation integration tests 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ryan Richard
a2be4b7b5e clarify some comments based on PR feedback 2024-07-17 09:58:26 -07:00
Ryan Richard
0380a9ce33 upgrade github.com/go-jose/go-jose and github.com/coreos/go-oidc 
Also standardize some related imports and fix some whitespace in a test
 2024-06-21 11:16:40 -07:00
Ryan Richard
88bcdbadce rewrite flaky category test 2024-06-18 08:40:56 -07:00
Ryan Richard
1f8ac0ff23 Also probe aggregated API ports in new ciphers test 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-06-14 13:27:38 -07:00
Joshua Casey
75ff3efb59 fix lint 2024-06-14 10:42:17 -07:00
Joshua Casey
4ab2ed10f5 Add integration test for allowed ciphers 2024-06-14 10:42:17 -07:00
Joshua Casey
53031ad8d4 User can now configured allowed ciphers, to restrict the ciphers used by the Default profile 2024-06-14 10:42:17 -07:00
Joshua Casey
678be9902a Lint new files from the GitHub branch 2024-06-11 10:16:18 -05:00
Joshua Casey
bafd578866 Merge branch 'main' into jtc/add-importas-linter 2024-06-11 09:39:48 -05:00
Ryan Richard
07f8c327e4 handle another githug login interstitial page 2024-06-06 14:00:22 -04:00
Joshua Casey
58b4ecc0aa user sees error msg when GitHub login is denied due to allowed orgs 
Also renamed an interface function from GetName to GetResourceName.

Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-06-03 10:56:28 -07:00
Ryan Richard
e3d8c71f97 sleep longer before generating any GitHib OTP codes 2024-05-31 12:03:36 -07:00
Ryan Richard
6364ac9ac7 change status condition type name to be "ClientCredentialsSecretValid" 
For both GitHubIdentityProvider and OIDCIdentityProvider to make them
consistent with each other.
 2024-05-31 09:59:30 -07:00
Ryan Richard
e89daadfcf dump debugging info when a browser-based test fails 2024-05-31 09:09:24 -07:00
Ryan Richard
c5b54ec27e resolve a todo in supervisor_discovery_test.go 2024-05-30 14:48:35 -07:00
Ryan Richard
6327f51f5b repeat same github int tests using OAuth client in supervisor_login_test 2024-05-30 09:58:10 -07:00
Ryan Richard
2bf11ffde1 update error message assertion for github in supervisor_login_test.go 2024-05-29 09:45:43 -07:00
Ryan Richard
bb1737daec slow down github integration tests to avoid OTP reuse errors from github 2024-05-22 21:21:45 -05:00
Ryan Richard
fef494949f implement upstream refresh for github 2024-05-22 21:21:45 -05:00
Ryan Richard
e69eb46911 Add github integration tests to supervisor_login_test.go 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-05-22 21:21:45 -05:00
Ryan Richard
8923704f3c Finish initial github login flow 
Also:
- fix github teams query: fix bug and sort/unique the results
- add IDP display name to github downstream subject
- fix error types returned by LoginFromCallback
- add trace logs to github API results
- update e2e test
- implement placeholder version of refresh for github
 2024-05-22 21:21:45 -05:00
Joshua Casey
fe911a7b7a Prefer slices package and slices.Concat where possible 2024-05-21 09:31:16 -05:00
Joshua Casey
513f43f465 Enforce more imports 
- go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1
- go.pinniped.dev/generated/latest/client/concierge/clientset/versioned
- go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/scheme
- go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned
- go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/scheme
 2024-05-21 09:31:15 -05:00
Joshua Casey
f5116cddb4 Enable 'makezero' and 'prealloc' linters, and require 'any' instead of 'interface{}' 
Enforce importas:

- go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1
- go.pinniped.dev/generated/latest/apis/supervisor/idp/v1alpha1
 2024-05-21 09:31:15 -05:00
Joshua Casey
bbe10004b4 Enforce more imports 
- go.pinniped.dev/generated/latest/apis/supervisor/clientsecret/v1alpha1
- go.pinniped.dev/internal/concierge/scheme
 2024-05-21 09:31:15 -05:00
Joshua Casey
e9252a9ee3 Enforce more imports 
- k8s.io/apimachinery/pkg/apis/meta/v1
- k8s.io/api/core/v1
- github.com/coreos/go-oidc/v3/oidc
- github.com/ory/fosite/handler/oauth2
- go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1
 2024-05-21 09:31:15 -05:00