mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2025-12-23 06:15:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,770 Commits 21 Branches 49 Tags
d68761e144ca4cd7dcd39de19920eedd1491e8c6
Commit Graph

338 Commits

Author SHA1 Message Date
Ryan Richard
c600cf7949 upgrade linter to latest 2025-05-12 15:19:50 -07:00
Ryan Richard
02eb26f135 "pinniped get kubeconfig" discovers CA bundle from CertificateAuthorityDataSource 2025-02-05 10:59:02 -08:00
Joshua Casey
31b45525ce Remove deprecated CredentialIssuer.status.kubeConfigInfo 2025-01-27 10:46:55 -06:00
Joshua Casey
51c86795af Backfill unit tests for cmd/pinniped/cmd/audit_id.go 2024-11-27 13:53:02 -06:00
Ryan Richard
6bf9b64778 log response audit-id for tokencredentialrequests made from CLI 
Only logged when PINNIPED_DEBUG=true is used.

Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:02 -06:00
Joshua Casey
b20e890f15 Add testutil.RequireLogLines to verify multiple log lines at once 2024-11-27 13:53:00 -06:00
Joshua Casey
08abff1cae Bump golanglint-ci to 1.60.3 2024-09-04 20:52:01 -05:00
Ryan Richard
376b83050a upgrade linter and fix new lint errors 2024-08-19 15:45:32 -07:00
Ryan Richard
21ee90ae41 unit tests should not depend on real KUBECONFIG env var value to pass 2024-08-19 15:02:10 -07:00
Joshua Casey
011d6ba71b Remove plog.Logr, make plog.TestZapr private, and CLI logs do not need a name 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-06-11 17:27:45 -05:00
Joshua Casey
9296d95084 No need for calling code to use deprecated options 2024-06-11 13:09:59 -05:00
Joshua Casey
c6463831ac Use plog.Logger instead of logr.Logger wherever possible 2024-06-11 12:47:19 -05:00
Joshua Casey
bafd578866 Merge branch 'main' into jtc/add-importas-linter 2024-06-11 09:39:48 -05:00
Joshua Casey
fe911a7b7a Prefer slices package and slices.Concat where possible 2024-05-21 09:31:16 -05:00
Joshua Casey
bdd79a9984 Enforce more imports 
- go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/fake
- go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/fake
- go.pinniped.dev/generated/latest/client/concierge/informers/externalversions
- go.pinniped.dev/generated/latest/client/supervisor/informers/externalversions
 2024-05-21 09:31:15 -05:00
Joshua Casey
513f43f465 Enforce more imports 
- go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1
- go.pinniped.dev/generated/latest/client/concierge/clientset/versioned
- go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/scheme
- go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned
- go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/scheme
 2024-05-21 09:31:15 -05:00
Joshua Casey
f5116cddb4 Enable 'makezero' and 'prealloc' linters, and require 'any' instead of 'interface{}' 
Enforce importas:

- go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1
- go.pinniped.dev/generated/latest/apis/supervisor/idp/v1alpha1
 2024-05-21 09:31:15 -05:00
Joshua Casey
e9252a9ee3 Enforce more imports 
- k8s.io/apimachinery/pkg/apis/meta/v1
- k8s.io/api/core/v1
- github.com/coreos/go-oidc/v3/oidc
- github.com/ory/fosite/handler/oauth2
- go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1
 2024-05-21 09:31:15 -05:00
Joshua Casey
875b0739aa Enforce aliases for 'k8s.io/apimachinery/pkg/util/errors' and 'k8s.io/apimachinery/pkg/api/errors' 2024-05-21 09:31:15 -05:00
Joshua Casey
fd7838ef2c Add 'github' as an example to the 'pinniped login oidc --upstream-identity-provider-type' help text 2024-05-16 16:22:13 -05:00
Joshua Casey
e4daa5a924 Merge branch 'main' into jtc/merge-main-at-3fe3cf71-into-github 2024-05-16 16:05:34 -05:00
Ryan Richard
7e0a3c114d Pinniped CLI and the oidc-client package are now enhanced by pinniped_supported_identity_provider_types 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-05-16 12:57:12 -05:00
Joshua Casey
791b785dea Merge branch 'main' into jtc/merge-main-at-d7849c79-to-github 2024-05-10 14:22:09 -05:00
Joshua Casey
81f3acfa38 Update some build tags since go1.22+ is now required 2024-05-10 12:51:03 -05:00
Joshua Casey
7b36c8ab54 Enable 'copyloopvar' linter 2024-05-10 12:51:02 -05:00
Joshua Casey
e04e5e0185 Fix revive linter issues for all production code, and exclude revive linter issues for test code 2024-05-10 12:51:02 -05:00
Benjamin A. Petersen
6424f45c19 Add IDP Discovery integration test for GitHub 2024-04-29 14:57:14 -04:00
Benjamin A. Petersen
cd86d57763 review cleanup, remove TODOs 2024-04-25 17:02:07 -04:00
Benjamin A. Petersen
79d0e74056 Fix github_upstream_watcher so GitHub is listed in Supervisor idp discovery doc 2024-04-25 17:02:06 -04:00
Benjamin A. Petersen
8de4524428 Add github to kubeconfig.go 2024-04-25 17:02:06 -04:00
Benjamin A. Petersen
8f71f965b9 Add github to login_oidc.go 2024-04-25 17:02:06 -04:00
Benjamin A. Petersen
44edba6f75 Add tests for Github in FederationDomain ListerFinder 2024-04-25 17:01:57 -04:00
Joshua Casey
94bee9e882 Remove testutil.TLSTestServerWithCert in favor of the testutil/tlsserver package 2024-04-19 10:30:23 -05:00
Benjamin A. Petersen
c6b0820438 Fix some utils, spacing, func naming, test inputs, etc. 2024-03-26 16:22:51 -04:00
Benjamin A. Petersen
0467e5c1d5 Refactor logLines to SplitByNewline, deduplicate 2024-03-19 16:48:06 -04:00
Ryan Richard
a70ce9cef7 Add PINNIPED_SKIP_PRINT_LOGIN_URL env var to CLI 2024-03-14 11:32:09 -07:00
Ryan Richard
dce9409ccc login oidc cmd checks access token expiry before doing token exchange 
In the RFC8693 token exchange, the CLI sends your access token and
receives in exchange a new cluster-scoped ID token.

Fix a bug in the CLI. Whenever the "pinniped login oidc" command was
planning to perform the RFC8693 token exchange, it failed to check if
the cached access token was still valid before performing the exchange,
which sends the access token. It instead checked if the cached ID token
was still valid, but that it not relevant in this situation because the
ID token is not going to be used for anything (instead the new ID token
returned by the RFC8693 token exchange will be used for auth).

This bug doesn't actually matter today, because the Supervisor-issued
access and ID tokens always both have the same 2-minute lifetimes.
However, future enhancements may cause them to have different lifetimes
in certain circumstances. Fixing this CLI bug now to prepare for those
potential future enhancements.
 2024-02-09 13:33:30 -08:00
Ryan Richard
47f6de58c3 Infinite default timeout for WhoAmI API call & add --timeout CLI flag 2023-11-14 09:40:03 -08:00
Joshua Casey
bf1366412a Unit test fixes 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2023-11-02 14:17:29 -05:00
Joshua Casey
9d89a8dea4 Shorten kubeconfigCommand func for lint funlen 2023-10-09 21:25:14 -05:00
Joshua Casey
d965b65b0a Allow 'pinniped get kubeconfig' to override the client-go credential plugin command 
[#184673465]
 2023-10-09 21:25:14 -05:00
Ryan Richard
96098841dd Get tests to compile again and fix lint errors 2023-09-11 11:09:50 -07:00
Joshua Casey
12f18cbed8 Inline and remove testutil.TempDir 2023-09-06 14:52:01 -05:00
Joshua Casey
38230fc518 Use pversion to retrieve buildtime information 2023-08-28 11:54:27 -05:00
Ryan Richard
d659b90e19 pinniped get kubeconfig discovers support for username/groups scopes 2023-03-30 11:52:53 -07:00
Joshua Casey
77041760cc Ignore lint issues for deprecated Pool.Subjects() 
- 4aa1efed48/src/crypto/x509/cert_pool.go (L243-L244)
 2023-01-31 10:10:44 -06:00
Joshua Casey
24cf7c5bcd Remove internal/psets in favor of k8s.io/apimachinery/pkg/util/sets 2023-01-31 10:10:44 -06:00
Ryan Richard
7a74ca9f57 Unhide login subcommand and improve several command help messages 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-01-27 13:34:04 -08:00
Ryan Richard
c6e4133c5e Accept both old and new cert error strings on MacOS in test assertions 
Used this as an opportunity to refactor how some tests were
making assertions about error strings.

New test helpers make it easy for an error string to be expected as an
exact string, as a string built using sprintf, as a regexp, or as a
string built to include the platform-specific x509 error string.

All of these helpers can be used in a single `wantErr` field of a test
table. They can be used for both unit tests and integration tests.

Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-01-20 15:01:36 -08:00
Ryan Richard
7ff3b3d9cb Code changes to support Kube 0.26 deps 2023-01-18 14:39:22 -08:00