mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-08 07:11:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,367 Commits 20 Branches 50 Tags
f36298c5427b8e03733080cee0567cda03a742e1
Commit Graph

1373 Commits

Author SHA1 Message Date
Ryan Richard
f36298c542 use required headers for GitHub API connection probe request 2024-10-14 11:12:34 -07:00
Ryan Richard
dc195536d0 also use port number when checking https proxy for WebhookAuthenticator 2024-10-11 14:49:46 -07:00
Ryan Richard
4d2bbac674 use .cluster.local address for LUA (squid cannot resolve .svc addresses) 2024-10-10 14:44:14 -07:00
Ryan Richard
4f661aaa69 pay attention to web proxy settings during connection probes 
- WebhookAuthenticator will now detect the proxy setting and skip
  dialing the connection probe if it should go through a proxy
- GitHubIdentityProvider will avoid using tls.Dial altogether
  by instead making a real request to the GitHub API as its
  connection probe, because this will respect the proxy settings
 2024-10-10 10:41:31 -07:00
Joshua T Casey
629f89d95b Check TLS bundle before dialing for performance reasons, and add godoc to clarify intent 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2024-10-02 14:54:30 -05:00
Joshua Casey
01c2377de0 Refactor tests to use a table 2024-09-24 14:45:07 -05:00
Ashish Amarnath
0fab37c089 Update internal/crypto/ptls/dialer_test.go 
ignore lint error on nil context in unit test validating nil context
 2024-09-24 14:14:48 -05:00
Joshua Casey
f7fd209f29 Address PR feedback 2024-09-24 14:14:48 -05:00
Joshua Casey
76a116641f Add ptls.Dialer to provide some common configuration for tls.Dial operations 2024-09-24 14:14:48 -05:00
Ashish Amarnath
ab2c2e30cb refactor and fix comments 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-09-19 13:38:12 -07:00
Joshua Casey
702d5bdc01 Bump golangci-lint to 1.61.0 2024-09-10 15:14:53 -05:00
Joshua Casey
08abff1cae Bump golanglint-ci to 1.60.3 2024-09-04 20:52:01 -05:00
Joshua Casey
c87f091a44 Upcoming k8s versions have an additional extra field in the CSR response 
- failure due to https://github.com/kubernetes/kubernetes/pull/125634
 2024-09-04 11:23:11 -05:00
Joshua Casey
6c97600174 Merge branch 'main' into log_msg_level 2024-09-03 06:22:09 -05:00
Joshua Casey
b78e2c7ded Update comments for testing 2024-08-27 13:26:40 -05:00
Joshua Casey
9b3bcca15e Add test to confirm that pversion.Get() returns something that utilversion.NewEffectiveVersion can consume 2024-08-27 13:26:40 -05:00
Joshua Casey
f7f25a8815 Refactor pversion_test to use a test table 2024-08-27 13:26:39 -05:00
Joshua Casey
94809ee396 Use a real binary version when setting up the aggregated API servers 2024-08-27 13:26:39 -05:00
Joshua Casey
2a6a0d2997 Refactor certauthority_test to not need pool.Subjects() 2024-08-27 13:26:39 -05:00
Joshua Casey
05098c68f6 Refactor kubeclient_test to not use pool.Subjects() 2024-08-27 13:26:39 -05:00
Joshua Casey
a1dafcf45a Refactor provider_test to not use pool.Subjects() 2024-08-27 13:26:39 -05:00
Joshua Casey
0ee8ee80e1 Use sha256.Size 2024-08-27 13:26:39 -05:00
Joshua Casey
436112252d Lint fixes 2024-08-27 13:26:39 -05:00
Joshua Casey
8bd9b94d0a Impersonator server should take in a cancellable context instead of a stop channel 2024-08-27 13:26:39 -05:00
Joshua Casey
504f0dc26f Fix some unit tests 2024-08-27 13:26:38 -05:00
Joshua Casey
f09b3c2f72 Bump K8s libs to 1.31 and fix compilation errors 2024-08-27 13:26:38 -05:00
Ryan Richard
f194594e5b failed token exchanges should show in log at default log config 2024-08-22 10:09:19 -07:00
Ryan Richard
376b83050a upgrade linter and fix new lint errors 2024-08-19 15:45:32 -07:00
Joshua Casey
d0f5c2c7ab Merge branch 'main' into jtc/refactor-conditions-util 2024-08-09 11:22:59 -05:00
Ryan Richard
5e6f6a1c50 support alternate controller-manager flags in kubecertagent controller 2024-08-08 15:52:50 -07:00
Joshua Casey
bab8b54ed8 Update godoc 2024-08-08 10:38:12 -05:00
Joshua Casey
4bd5db14b4 Refactor branching logic when using an early return 2024-08-08 08:12:41 -05:00
Joshua Casey
4a9136040c Refactor to make it obvious that newCondition is a copy 2024-08-08 08:12:41 -05:00
Joshua Casey
8b97414f3d Refactor to simplify logic 2024-08-08 08:12:41 -05:00
Joshua Casey
1e8e9ecc98 Refactor to use slices helpers instead of harder-to-read loops 2024-08-08 08:12:41 -05:00
Joshua Casey
2d8ab9ff5d Refactor variable name for clarity 2024-08-08 08:12:41 -05:00
Joshua Casey
17f66331ea Refactor parameter names for clarity 2024-08-08 08:12:41 -05:00
Joshua Casey
6bf30bc6b5 Backfill test for existing exported function HadErrorCondition 2024-08-08 08:12:41 -05:00
Joshua Casey
f798777a3b Refactor: reorder parameters to MergeConditions 2024-08-08 08:12:41 -05:00
Ryan Richard
6b49cd7d28 add Unknown SearchBaseFound status condition for AD only 2024-08-06 16:08:25 -07:00
Joshua Casey
afa3aa2232 LDAP and AD IDPs now always report condition with type LDAPConnectionValid, even if the status is unknown 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-08-06 16:08:25 -07:00
Joshua Casey
1c59a41cc5 Remove some dead code from LDAP/AD controllers 2024-08-06 16:08:25 -07:00
Joshua Casey
0626b22c70 OIDC Upstream Watcher now reports condition OIDCDiscoverySucceeded with status Unknown if TLS validation fails 2024-08-06 16:08:25 -07:00
Ryan Richard
7483de5e90 upgrade github.com/google/go-github from v62 to v63 2024-08-06 13:45:38 -07:00
Ryan Richard
229b6a262e when dialing github to test connection, dial api.github.com 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-08-06 08:58:30 -07:00
Ashish Amarnath
b70db9dc03 refactor to use new certificateAuthorityDataSourceKind enum 
Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:21 -07:00
Ryan Richard
e0235ed190 update docs and change struct name in types_tls.go.tmpl files 
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:21 -07:00
Ryan Richard
02e41baa47 small refactors 2024-08-05 11:32:21 -07:00
Ryan Richard
ed502949dd webhookcachefiller and jwtcachefiller always update status when needed 
Even when the authenticator is found in the cache, try to update its
status. Failing to do so would mean that the actual status will not
be overwritten by the controller's newly computed desired status.

Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
 2024-08-05 11:32:20 -07:00
Joshua Casey
d6d66faae3 jwtcachefiller now tests for exact log lines and prints when it chooses to not update the status 2024-08-05 11:32:20 -07:00