mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-05 04:56:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,479 Commits 21 Branches 50 Tags
d0905c02ddfb2138637444dd0016c6f94ac103f0
Commit Graph

4479 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ryan Richard
d0905c02dd use test helper in rest_test.go to reduce some duplication 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:02 -06:00
Ryan Richard
51fc86f950 don't audit log missing username or password, change query param value 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:02 -06:00
Ryan Richard
76bda12760 update audit-logging.md to resolve todos 2024-11-27 13:53:02 -06:00
Ryan Richard
a84b76e56a audit log session ID in token handler for every grant type 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:02 -06:00
Ryan Richard
c2018717b6 audit log OIDCClientSecretRequests 2024-11-27 13:53:02 -06:00
Joshua Casey
f388513145 resolve TODO by adding docs 2024-11-27 13:53:02 -06:00
Ryan Richard
c16ebe1707 add unit test for audit logging when token refresh updates groups 2024-11-27 13:53:02 -06:00
Ryan Richard
b54365c199 audit log request params on GET and POST login handlers 2024-11-27 13:53:02 -06:00
Ryan Richard
51d1cc7a96 refactor and add unit test for AuditRequestParams() 2024-11-27 13:53:02 -06:00
Ryan Richard
c06141c871 token handler uses common method to audit HTTP request parameters 2024-11-27 13:53:02 -06:00
Ryan Richard
eab3fde3af introduce common method to audit HTTP request parameters 2024-11-27 13:53:02 -06:00
Joshua Casey
de7781b7f9 Use correct caller when generating audit events 2024-11-27 13:53:02 -06:00
Joshua Casey
611de03e01 Add audit event 'Incorrect Username Or Password' to auth_handler and audit event 'Using Upstream IDP' to callback_handler 2024-11-27 13:53:01 -06:00
Joshua Casey
de722332b1 Add audit logging to post_login_handler 2024-11-27 13:53:01 -06:00
Ryan Richard
438ca437ec tokencredentialrequest audit logs failed requests 2024-11-27 13:53:01 -06:00
Ryan Richard
e21e1326b7 tokencredentialrequest audit logs successful responses 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:01 -06:00
Joshua Casey
37e12b4024 Start backfilling some audit unit tests in post_login_handler 2024-11-27 13:53:01 -06:00
Ryan Richard
e126ee5495 all callers of Audit() identify which keys may contain PII 2024-11-27 13:53:01 -06:00
Ryan Richard
a308f3f22a audit log: keep key ordering in personalInfo, render nil slices and maps 2024-11-27 13:53:01 -06:00
Ryan Richard
c5f4cce3ae make Audit() take struct as param for all optional params and redact PII 2024-11-27 13:53:01 -06:00
Ryan Richard
ced8686d11 add config for audit logging, remove Audit() from Logger interface 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:01 -06:00
Joshua Casey
76f6b725b8 Fix some rebase conflicts 2024-11-27 13:53:01 -06:00
Joshua Casey
f9e1dd4bec Backfill unit tests for garbage_collector audit logging 2024-11-27 13:53:01 -06:00
Joshua Casey
f4f393e5de Audit event 'HTTP Request Completed' will now log the location with err, error, and error_description query parameters 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-11-27 13:53:01 -06:00
Joshua Casey
2db5dda266 Add last audit log unit tests to auth_handler 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-11-27 13:53:01 -06:00
Ryan Richard
8cf9c59957 refactor to move audit event message types to their own pkg 2024-11-27 13:53:01 -06:00
Ryan Richard
088556193d auth handler audit logs headers and params when http method is wrong 
also refactor some related code into a helper, and fix linter errors
 2024-11-27 13:53:01 -06:00
Joshua Casey
18d3ab3d15 The 'HTTP Request Parameters' audit event now logs params as a JSON object 2024-11-27 13:53:01 -06:00
Joshua Casey
dc6faa33bb Log params to token_handler endpoint even during error cases 2024-11-27 13:53:01 -06:00
Joshua Casey
0d22ae2c1a Fix lint and unit test compilation 2024-11-27 13:53:01 -06:00
Joshua Casey
362d982906 Start to backfill some audit unit tests for the token_handler 2024-11-27 13:53:01 -06:00
Ryan Richard
1006dd9379 resolve some todos 2024-11-27 13:53:01 -06:00
Joshua Casey
369316556a Add configuration to audit internal endpoints and backfill unit tests 2024-11-27 13:53:01 -06:00
Joshua Casey
cf4b29de4b Clarify docs 2024-11-27 13:53:00 -06:00
Joshua Casey
09ca7920ea Extract testutil helper function 2024-11-27 13:53:00 -06:00
Joshua Casey
9994e033b2 Add audit event tests for login_handler 2024-11-27 13:53:00 -06:00
Joshua Casey
dd56f2b47f Add audit event tests for callback_handler 2024-11-27 13:53:00 -06:00
Ryan Richard
4df043a91c document audit logging 2024-11-27 13:53:00 -06:00
Ryan Richard
d020de4b3d update fips reference doc 2024-11-27 13:53:00 -06:00
Joshua Casey
dd42f35db0 plog.TestLogger returns a buffer that holds the logs 
# Conflicts:
#	internal/controller/apicerts/certs_expirer_test.go
#	internal/plog/plog_test.go
#	internal/plog/testing.go
#	pkg/oidcclient/login_test.go
 2024-11-27 13:53:00 -06:00
Joshua Casey
a67af9455b Refactor: don't copy the loop variable in test loops 2024-11-27 13:53:00 -06:00
Joshua Casey
d729c82f84 fix lint 2024-11-27 13:53:00 -06:00
Joshua Casey
44e218194b Add 'AuthorizeID From Parameters' audit logs to the /callback and /login endpoints 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-11-27 13:53:00 -06:00
Joshua Casey
bf1e37f149 Use a helper to verify audit messages 2024-11-27 13:53:00 -06:00
Joshua Casey
aee56c388f Check the sessionID as well 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-11-27 13:53:00 -06:00
Joshua Casey
fd5a10bee7 WIP: Add audit event when upstream redirect occurs and backfill tests 2024-11-27 13:53:00 -06:00
Joshua Casey
b20e890f15 Add testutil.RequireLogLines to verify multiple log lines at once 2024-11-27 13:53:00 -06:00
Ryan Richard
4f9530eec7 audit logging WIP 2024-11-27 13:53:00 -06:00
Joshua Casey
615b60bd37 Merge pull request #2143 from vmware-tanzu/rr/kube-cert-agent-for-unschedulable-nodes
Some checks failed
CodeQL / Analyze (go) (push) Failing after 24m0s
Details
CodeQL / Analyze (javascript) (push) Failing after 4m25s
Details 
Cert agent controller avoids locating the agent pod on unschedulable nodes when possible
 2024-11-27 12:27:33 -06:00
Joshua Casey
e61afcd109 Merge branch 'main' into rr/kube-cert-agent-for-unschedulable-nodes 2024-11-27 10:05:20 -06:00