mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-02-05 20:41:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Commit Graph

  • bf91b2045c Add blog post for v0.33.0 - externally managed CA bundles Joshua Casey 2024-08-07 12:45:27 -05:00
  • fcf6ec6731 update cicd.md to discuss using multiple IDPs for human vs bot accounts Ryan Richard 2024-08-07 10:39:30 -07:00
  • b377040144 Merge pull request #2034 from vmware-tanzu/jtc/older-idps-should-use-unknown-condition-status v0.33.0 Ryan Richard 2024-08-06 20:13:02 -07:00
  • c1328d9619 update expectation in supervisor_ldap_idp_test.go Ryan Richard 2024-08-06 16:06:36 -07:00
  • f918edd846 Add integration tests to ensure that LDAP/AD conditions with status Unknown if they cannot be validated Joshua Casey 2024-08-06 16:28:13 -05:00
  • 6b49cd7d28 add Unknown SearchBaseFound status condition for AD only Ryan Richard 2024-08-06 12:40:19 -07:00
  • afa3aa2232 LDAP and AD IDPs now always report condition with type LDAPConnectionValid, even if the status is unknown Joshua Casey 2024-08-06 13:03:00 -05:00
  • 1c59a41cc5 Remove some dead code from LDAP/AD controllers Joshua Casey 2024-08-06 09:36:48 -05:00
  • 0626b22c70 OIDC Upstream Watcher now reports condition OIDCDiscoverySucceeded with status Unknown if TLS validation fails Joshua Casey 2024-08-06 09:05:14 -05:00
  • fbbec507d1 Merge pull request #2036 from vmware-tanzu/bump_codegen Ryan Richard 2024-08-06 15:08:32 -07:00
  • a4b0416174 Merge pull request #2035 from vmware-tanzu/go-github-v62 Ryan Richard 2024-08-06 15:08:10 -07:00
  • 659f33dc55 run codegen for updated kube-versions.txt Ryan Richard 2024-08-06 13:53:44 -07:00
  • 20ddf553ce update kube-versions.txt Ryan Richard 2024-08-06 13:50:25 -07:00
  • 7483de5e90 upgrade github.com/google/go-github from v62 to v63 Ryan Richard 2024-08-06 13:45:38 -07:00
  • 9f1d6258a2 Merge pull request #2032 from vmware-tanzu/github_api_host Joshua Casey 2024-08-06 12:53:08 -05:00
  • 99b59a90b6 run codegen for gihub doc change from previous commit Ryan Richard 2024-08-06 08:51:34 -07:00
  • 56bf9bad25 GitHubIdentityProvider: document github.com vs. api.github.com Ryan Richard 2024-08-05 16:15:06 -07:00
  • 229b6a262e when dialing github to test connection, dial api.github.com Ryan Richard 2024-08-05 16:14:16 -07:00
  • 74d9fb863f Merge pull request #2028 from vmware-tanzu/doc_typo Ryan Richard 2024-08-06 08:58:00 -07:00
  • e332fb505c Merge branch 'main' into doc_typo Joshua Casey 2024-08-06 09:10:21 -05:00
  • dafde586ec Merge pull request #2033 from vmware-tanzu/update-comments Ashish Amarnath 2024-08-06 06:50:44 -07:00
  • cb101e4dbe Merge branch 'main' into doc_typo Joshua Casey 2024-08-06 08:28:22 -05:00
  • 6fdfee36fe fix typo in integration test function comments Ashish Amarnath 2024-08-05 23:33:31 -07:00
  • 0787301ddb Merge pull request #1996 from ashish-amarnath/ca-bundles-ref Ryan Richard 2024-08-05 14:28:39 -07:00
  • 2af510a3ee Revert "add integration test for TLS config validation in GitHubIdentityProvider" Ryan Richard 2024-08-05 12:52:41 -07:00
  • fdeca2c026 Revert "add integration test for TLS config validation in OIDCIdentityProvider" Ryan Richard 2024-08-05 12:52:29 -07:00
  • 23fd15f840 Revert "Add integration tests for tls spec validation in JWTAuthenticator and WebhookAuthenticator" Ryan Richard 2024-08-05 12:52:21 -07:00
  • 06b7d302a2 fix typo in tmpl and run codegen Ryan Richard 2024-08-05 10:44:04 -07:00
  • b70db9dc03 refactor to use new certificateAuthorityDataSourceKind enum Ashish Amarnath 2024-08-03 16:59:18 -07:00
  • d4ac69d88e run codegen for changes in previous commit Ryan Richard 2024-08-03 17:41:08 -07:00
  • 59c2295dfd improve api docs for TLSSpec in authenticator and IDP specs Ryan Richard 2024-08-03 17:37:34 -07:00
  • 4eb9a09385 test more condition message cases in concierge_tls_spec_test.go and supervisor_tls_spec_test.go Ryan Richard 2024-08-03 17:26:42 -07:00
  • db2d7c8c50 assert on condition message in concierge_tls_spec_test.go and supervisor_tls_spec_test.go Ryan Richard 2024-08-03 16:35:44 -07:00
  • 2ebf9d3d00 minor test refactor Ryan Richard 2024-08-03 14:28:45 -07:00
  • 67de14a3b8 ran codegen on previous commit's changes Ryan Richard 2024-08-03 14:05:30 -07:00
  • a40c88ebf3 document allowed enum values and default values in all CR spec fields Ryan Richard 2024-08-03 14:01:44 -07:00
  • 23129da3e2 add integration test for TLS config validation in GitHubIdentityProvider Ashish Amarnath 2024-08-03 01:08:21 -07:00
  • 59402bca7b add integration test for TLS config validation in OIDCIdentityProvider Ashish Amarnath 2024-08-03 01:06:31 -07:00
  • c3405095b2 Add integration tests for tls spec validation in JWTAuthenticator and WebhookAuthenticator Ashish Amarnath 2024-08-02 23:28:57 -07:00
  • 2181418cc5 refactor test helpers in supervisor_login_test.go Ryan Richard 2024-08-01 16:27:13 -07:00
  • e0235ed190 update docs and change struct name in types_tls.go.tmpl files Ryan Richard 2024-08-01 16:21:31 -07:00
  • 02e41baa47 small refactors Ryan Richard 2024-08-01 15:17:56 -07:00
  • 91ef68992c document new CA bundle source option in howto docs Ryan Richard 2024-07-31 14:55:11 -07:00
  • 43964ff7a2 update generated api docs Ashish Amarnath 2024-07-31 13:11:16 -07:00
  • 19c4acf391 secret/configmap with CA bundle to be created in namespace where pinniped is installed Ashish Amarnath 2024-07-31 12:14:45 -07:00
  • ed502949dd webhookcachefiller and jwtcachefiller always update status when needed Ryan Richard 2024-07-31 11:45:27 -07:00
  • a0c259ffbc update expectation conditions message when CA bundle is not configured Ashish Amarnath 2024-07-31 11:04:20 -07:00
  • d6d66faae3 jwtcachefiller now tests for exact log lines and prints when it chooses to not update the status Joshua Casey 2024-07-30 22:07:17 -05:00
  • 15c84fcc94 extract helper func in jwtcachefiller and webhookcachefiller Ryan Richard 2024-07-30 16:41:50 -07:00
  • 1438f06c12 webhookcachefiller adds more detail when it chooses to update or not update status conditions Joshua Casey 2024-07-30 16:33:40 -05:00
  • ca5bb2170c webhookcontroller should use a logger that is built for each webhook authenticator Joshua Casey 2024-07-30 16:15:01 -05:00
  • 05a2fd97f8 webhookcontroller now only logs the webhook authenticator name instead of an object Joshua Casey 2024-07-30 15:30:32 -05:00
  • dedd51df91 Test Refactor: webhookauthenticator_test checks exact log line equality Joshua Casey 2024-07-30 15:22:44 -05:00
  • 290676e4d1 improve info/debug log messages for jwtcachefiller & webhookcachefiller Ryan Richard 2024-07-29 14:46:18 -07:00
  • 8725ab4caa do not make any assumption about OIDC issuer 404 page body in test Ryan Richard 2024-07-29 11:35:45 -07:00
  • 3891f90f43 skip external CA bundle tests when CA bundle is empty Ryan Richard 2024-07-29 11:15:51 -07:00
  • 9f17ba5ae4 change wording of TLS config loaded success messages Ryan Richard 2024-07-29 09:13:39 -07:00
  • 81d42cb3b9 add unit tests for validatedsettings cache storing ca bundle hash Ashish Amarnath 2024-07-26 15:52:50 -07:00
  • dfef9f470f fix bug in webhookcachefiller caused when status update returns error Ryan Richard 2024-07-26 15:06:37 -07:00
  • f5da417450 fix bug in jwtcachefiller caused when status update returns error Ryan Richard 2024-07-26 13:14:23 -07:00
  • a888083c50 Introduce type alias CABundleHash for the hash of a CA bundle ([32]byte) Joshua Casey 2024-07-26 12:38:44 -05:00
  • 99cfc4fbce Remove tlsconfigutil.CABundle.IsEqual and ensure that tlsconfigutil.NewCABundle handles nil/empty input Joshua Casey 2024-07-26 11:38:42 -05:00
  • fcceeed9fa Refactor tlsconfigutil.CABundle 'getters' to not have 'get' in the name Joshua Casey 2024-07-26 11:11:03 -05:00
  • 4cf0e46c38 tlsconfigutil.CABundle should generate its own certPool Joshua Casey 2024-07-26 10:46:53 -05:00
  • 34eff2a2f9 Refactor tlsconfigutil.buildCABundle to make it more clear where the bundle is coming from Joshua Casey 2024-07-26 10:27:10 -05:00
  • e82cb2c7ba Refactor tlsconfigutil.getCertPool to return a CABundle and change its name to buildCABundle Joshua Casey 2024-07-26 10:03:43 -05:00
  • 0711093ccd Add tests for tlsconfigutil.CABundle and all callers should use the constructor Joshua Casey 2024-07-26 09:59:32 -05:00
  • 15d0006841 Pull tlsconfigutil.CABundle into a separate file Joshua Casey 2024-07-26 09:15:47 -05:00
  • 282b949c24 update jwtcachefiller to use new tlsconfigutil.CABundle type Ashish Amarnath 2024-07-25 19:53:27 -07:00
  • 005dbf3aa8 refactor tlsconfigutil to return a caBundle type Ashish Amarnath 2024-07-25 19:20:57 -07:00
  • a1dcba4731 add unit tests for validatedsettings cache storing ca bundle hash Ashish Amarnath 2024-07-25 14:10:38 -07:00
  • 2a62beeb5f store ca bundle hash in validated settings cache Ashish Amarnath 2024-07-25 13:06:52 -07:00
  • 242fa8afb2 When reading CA bundle from a secret/configmap, return more specific err Joshua Casey 2024-07-25 14:19:17 -05:00
  • e3ed722252 Minor refactor Joshua Casey 2024-07-25 13:40:21 -05:00
  • 9a16dc28b7 Fix another integration test Joshua Casey 2024-07-25 12:45:52 -05:00
  • de86809b69 Fix some integration tests Joshua Casey 2024-07-25 10:05:59 -05:00
  • 9420bfde5b webhookcachefiller controller loops over all webhookauthenticators Joshua Casey 2024-07-24 22:16:48 -05:00
  • adb460b644 refactor integration test to use proper test table Ryan Richard 2024-07-24 16:57:23 -07:00
  • 06b47a5792 jwtcachefiller controller loops over all jwtauthenticators Ryan Richard 2024-07-24 16:31:01 -07:00
  • ca2dd2d476 refactor InferSupervisorIssuerURL() func; remove a TODO Ryan Richard 2024-07-24 10:27:39 -07:00
  • 60f82d2a55 Fix integration test typo Joshua Casey 2024-07-24 12:06:05 -05:00
  • 414ff503ef extract some common condition reason string constants Ryan Richard 2024-07-24 10:00:55 -07:00
  • 4ec5766ea9 Modify Concierge/Superivsor TLS spec integration tests to allow for older K8s versions Joshua Casey 2024-07-24 10:25:00 -05:00
  • b7c26c43ca Add LDAPIdentityProvider and ActiveDirectoryIdentityProvider to the Supervisor TLS config static validation integration tests Joshua Casey 2024-07-23 17:22:21 -05:00
  • 4b2ed52f44 Add GitHubIdentityProvider to the Supervisor TLS config static validation integration tests Joshua Casey 2024-07-23 17:11:37 -05:00
  • f381c92f0b Use templates to reduce duplication in concierge_tls_spec_test.go Ryan Richard 2024-07-23 14:25:44 -07:00
  • 3a303cc8fb Supervisor TLS Spec validation integration tests should use helper method Joshua Casey 2024-07-23 15:41:46 -05:00
  • 09724cfa71 Add unit test: when discovery is already cached for OIDCIdentityProvider Ryan Richard 2024-07-23 13:40:13 -07:00
  • d74c2a6e3f Supervisor TLS spec integration tests should use an OIDC issuer url from the test environment Joshua Casey 2024-07-23 15:12:26 -05:00
  • 0f9352db3b Integration tests should use a helper func to infer Supervisor's downstream issuer URL Joshua Casey 2024-07-23 14:43:38 -05:00
  • afec420ce6 Add JWTAuthenticators to the static validation checks for concierge TLS spec Joshua Casey 2024-07-23 14:32:21 -05:00
  • d5e3ad9da0 Concierge external TLS static integration tests use the real URL of the deployed local-user-authenticator Joshua Casey 2024-07-23 13:55:10 -05:00
  • 0f103ed2a4 Add unit tests for external CA bundle in oidc_upstream_watcher_test.go Ryan Richard 2024-07-23 11:51:32 -07:00
  • d62d6a1f27 Refactor github_controller_watcher to simplify the tls Dial Joshua Casey 2024-07-23 13:40:12 -05:00
  • a4ad5d68a9 Fix *_tls_spec_test.go for old versions of Kubernetes Ryan Richard 2024-07-23 10:10:04 -07:00
  • 30c0fd479e Fix e2e_test.go Ryan Richard 2024-07-23 09:51:11 -07:00
  • 756966c55b add "Status" printer column to JWTAuthenticator and WebhookAuthenticator Ryan Richard 2024-07-23 08:41:31 -07:00
  • 288e092d2e GitHub IDP watcher should not dial an address that has already been validated Joshua Casey 2024-07-22 23:47:45 -05:00
  • 72745cd8fe run codegen to update copyrights Ryan Richard 2024-07-22 15:41:46 -07:00
  • 8060e82745 include external CA bundles in the cache key in oidc_upstream_watcher.go Ryan Richard 2024-07-22 14:59:16 -07:00