mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-09 15:44:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,201 Commits 21 Branches 50 Tags
dfef9f470f85469599c389919cd21fbb97041d61
Commit Graph

4201 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ryan Richard
dfef9f470f fix bug in webhookcachefiller caused when status update returns error 
Also refactor test assertions regarding log statements in
jwtcachefiller_test.go and webhookcachefiller_test.go

Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
f5da417450 fix bug in jwtcachefiller caused when status update returns error 
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
a888083c50 Introduce type alias CABundleHash for the hash of a CA bundle ([32]byte) 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
99cfc4fbce Remove tlsconfigutil.CABundle.IsEqual and ensure that tlsconfigutil.NewCABundle handles nil/empty input 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
fcceeed9fa Refactor tlsconfigutil.CABundle 'getters' to not have 'get' in the name 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
4cf0e46c38 tlsconfigutil.CABundle should generate its own certPool 2024-08-05 11:32:20 -07:00
Joshua Casey
34eff2a2f9 Refactor tlsconfigutil.buildCABundle to make it more clear where the bundle is coming from 2024-08-05 11:32:20 -07:00
Joshua Casey
e82cb2c7ba Refactor tlsconfigutil.getCertPool to return a CABundle and change its name to buildCABundle 2024-08-05 11:32:20 -07:00
Joshua Casey
0711093ccd Add tests for tlsconfigutil.CABundle and all callers should use the constructor 2024-08-05 11:32:20 -07:00
Joshua Casey
15d0006841 Pull tlsconfigutil.CABundle into a separate file 2024-08-05 11:32:20 -07:00
Ashish Amarnath
282b949c24 update jwtcachefiller to use new tlsconfigutil.CABundle type 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ashish Amarnath
005dbf3aa8 refactor tlsconfigutil to return a caBundle type 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ashish Amarnath
a1dcba4731 add unit tests for validatedsettings cache storing ca bundle hash 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Ashish Amarnath
2a62beeb5f store ca bundle hash in validated settings cache 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
242fa8afb2 When reading CA bundle from a secret/configmap, return more specific err 
When the bundle does not contain any certs, make the error more
specific.

Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
e3ed722252 Minor refactor 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
9a16dc28b7 Fix another integration test 2024-08-05 11:32:20 -07:00
Joshua Casey
de86809b69 Fix some integration tests 2024-08-05 11:32:20 -07:00
Joshua Casey
9420bfde5b webhookcachefiller controller loops over all webhookauthenticators 2024-08-05 11:32:20 -07:00
Ryan Richard
adb460b644 refactor integration test to use proper test table 2024-08-05 11:32:20 -07:00
Ryan Richard
06b47a5792 jwtcachefiller controller loops over all jwtauthenticators 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
ca2dd2d476 refactor InferSupervisorIssuerURL() func; remove a TODO 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
60f82d2a55 Fix integration test typo 2024-08-05 11:32:20 -07:00
Ryan Richard
414ff503ef extract some common condition reason string constants 2024-08-05 11:32:20 -07:00
Joshua Casey
4ec5766ea9 Modify Concierge/Superivsor TLS spec integration tests to allow for older K8s versions 2024-08-05 11:32:20 -07:00
Joshua Casey
b7c26c43ca Add LDAPIdentityProvider and ActiveDirectoryIdentityProvider to the Supervisor TLS config static validation integration tests 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
4b2ed52f44 Add GitHubIdentityProvider to the Supervisor TLS config static validation integration tests 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:20 -07:00
Ryan Richard
f381c92f0b Use templates to reduce duplication in concierge_tls_spec_test.go 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
3a303cc8fb Supervisor TLS Spec validation integration tests should use helper method 2024-08-05 11:32:20 -07:00
Ryan Richard
09724cfa71 Add unit test: when discovery is already cached for OIDCIdentityProvider 2024-08-05 11:32:20 -07:00
Joshua Casey
d74c2a6e3f Supervisor TLS spec integration tests should use an OIDC issuer url from the test environment 2024-08-05 11:32:19 -07:00
Joshua Casey
0f9352db3b Integration tests should use a helper func to infer Supervisor's downstream issuer URL 2024-08-05 11:32:19 -07:00
Joshua Casey
afec420ce6 Add JWTAuthenticators to the static validation checks for concierge TLS spec 2024-08-05 11:32:19 -07:00
Joshua Casey
d5e3ad9da0 Concierge external TLS static integration tests use the real URL of the deployed local-user-authenticator 2024-08-05 11:32:19 -07:00
Ryan Richard
0f103ed2a4 Add unit tests for external CA bundle in oidc_upstream_watcher_test.go 2024-08-05 11:32:19 -07:00
Joshua Casey
d62d6a1f27 Refactor github_controller_watcher to simplify the tls Dial 2024-08-05 11:32:19 -07:00
Ryan Richard
a4ad5d68a9 Fix *_tls_spec_test.go for old versions of Kubernetes 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-08-05 11:32:19 -07:00
Ryan Richard
30c0fd479e Fix e2e_test.go 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-08-05 11:32:19 -07:00
Ryan Richard
756966c55b add "Status" printer column to JWTAuthenticator and WebhookAuthenticator 2024-08-05 11:32:19 -07:00
Joshua Casey
288e092d2e GitHub IDP watcher should not dial an address that has already been validated 2024-08-05 11:32:19 -07:00
Ryan Richard
72745cd8fe run codegen to update copyrights 2024-08-05 11:32:19 -07:00
Ryan Richard
8060e82745 include external CA bundles in the cache key in oidc_upstream_watcher.go 2024-08-05 11:32:19 -07:00
Ryan Richard
373713f7e0 webhook controller redoes validations when external CA bundle changes 2024-08-05 11:32:19 -07:00
Joshua Casey
66401b42d8 Add GitHubIDP tests for a CA bundle in a Secret or a ConfigMap 2024-08-05 11:32:19 -07:00
Joshua Casey
2d5943b21a Move conditions reason Success to conditions_util 2024-08-05 11:32:19 -07:00
Ryan Richard
920b519ebf error when CA bundle from Secret or ConfigMap is empty 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-08-05 11:32:19 -07:00
Joshua Casey
bf1c02d328 jwtauthenticator controller redoes validations when external CA bundle changes 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:19 -07:00
Joshua Casey
6e9023e090 add code review todos and light refactoring 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
1b7a26d932 test secret and configmap filtering in concierge authenticator controllers 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00
Ashish Amarnath
cb4b63f8b3 integration tests for concierge authenticators 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:19 -07:00