mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-05-18 22:01:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 01941d6b2a Run Tilt containers as root because live-reload breaks otherwise Ryan Richard 2020-11-10 09:27:44 -08:00
  • b21c27b219 Merge branch 'main' into authorize_endpoint Ryan Richard 2020-11-10 09:24:19 -08:00
  • 9bfcaa33c6 Merge pull request #190 from enj/enj/f/klog_levels Mo Khan 2020-11-10 12:14:02 -05:00
  • 1c60e09f13 Make race detector happy by removing parallelism Monis Khan 2020-11-10 11:23:42 -05:00
  • 15a5332428 Reduce log spam Monis Khan 2020-11-10 10:22:16 -05:00
  • a5643e3738 Add log level support Monis Khan 2020-11-10 09:57:29 -05:00
  • 9356f64c55 Remove global klog --log-flush-frequency flag Monis Khan 2020-11-10 08:48:42 -05:00
  • 246471bc91 Also run OIDC validations in supervisor authorize endpoint Ryan Richard 2020-11-06 14:44:58 -08:00
  • 896e1b45f0 Hugo version of Pinniped site Adam Powell 2020-11-06 12:42:57 -10:00
  • 4032ed32ae Auth endpoint integration test initial thoughts Andrew Keesler 2020-11-05 10:59:03 -05:00
  • 33ce79f89d Expose the Supervisor OIDC authorization endpoint to the public Ryan Richard 2020-11-04 17:06:47 -08:00
  • 3bc13517b2 prepare-for-integration-tests.sh: add check for chromedriver Andrew Keesler 2020-11-04 15:53:12 -08:00
  • a36f7c6c07 Test that the port of localhost redirect URI is ignored during validation Andrew Keesler 2020-11-04 15:04:50 -08:00
  • ba688f56aa Supervisor authorize endpoint errors when PKCE code_challenge_method is invalid Ryan Richard 2020-11-04 12:29:43 -08:00
  • 8684f8f628 Merge pull request #139 from enj/enj/i/use_parent_func Matt Moyer 2020-11-04 14:21:50 -06:00
  • 2564d1be42 Supervisor authorize endpoint errors when missing PKCE params Andrew Keesler 2020-11-04 12:19:07 -08:00
  • 4da3d93f6e The supervisor JWKS observer and TLS cert controllers use the ctx after all, whoops. Matt Moyer 2020-11-04 13:08:50 -06:00
  • 0045ce4286 Refactor auth_handler_test.go's creation of paths and urls to use helpers Ryan Richard 2020-11-04 09:58:40 -08:00
  • 418f4d20ae Use parent func to indicate when the controller queue is a singleton Monis Khan 2020-10-02 13:22:18 -04:00
  • 8a7e22e63e @ankeesler: Maybe, but not this time ;) Ryan Richard 2020-11-04 08:43:45 -08:00
  • 9e4ffd1cce One of these days I will get here.Doc() spacing correct Andrew Keesler 2020-11-04 11:29:33 -05:00
  • 6fe455c687 auth_handler.go: comment out currently unused fosite wiring Andrew Keesler 2020-11-04 11:20:03 -05:00
  • d8c8f04860 auth_handler.go: write some more negative tests Andrew Keesler 2020-11-04 11:12:26 -05:00
  • e8f433643f auth_handler.go: only inject oauth store into handler Andrew Keesler 2020-11-04 10:35:26 -05:00
  • 4f95e6a372 auth_handler.go: add test for invalid downstream redirect uri Andrew Keesler 2020-11-04 10:30:53 -05:00
  • 259ffb5267 Checkpoint: write a single negative test using fosite Andrew Keesler 2020-11-04 10:15:19 -05:00
  • aab0fd644f Merge remote-tracking branch 'upstream/main' into authorize_endpoint Andrew Keesler 2020-11-04 10:14:54 -05:00
  • e7a817e67a Merge pull request #186 from ankeesler/bump-jose Andrew Keesler 2020-11-04 10:14:32 -05:00
  • 0bbf55e46f gopkg.in/square/go-jose.v2: v2.2.2 -> v2.5.1 Andrew Keesler 2020-11-04 09:55:18 -05:00
  • c34e5a727d Starting the implementation of an OIDC authorization endpoint handler Ryan Richard 2020-11-03 16:17:38 -08:00
  • 0d8477ea8a Add a type for in-memory caching of upstream OIDC Identity Providers Andrew Keesler 2020-11-03 12:06:07 -08:00
  • 1223cf7877 Merge pull request #154 from vmware-tanzu/change_release_static_yaml_names v0.2.0 Ryan Richard 2020-11-02 17:09:11 -08:00
  • 036845deee Merge pull request #184 from vmware-tanzu/bump_golang_and_slim Ryan Richard 2020-11-02 17:08:48 -08:00
  • c451604816 Merge pull request #182 from mattmoyer/more-renames Matt Moyer 2020-11-02 18:34:26 -06:00
  • 05cf56a0fa Merge pull request #180 from vmware-tanzu/limits Ryan Richard 2020-11-02 16:22:37 -08:00
  • 5a0e7fd358 Upgrade golang patch release to 1.15.3 and debian 10.5-slim -> 10.6-slim Ryan Richard 2020-11-02 16:17:15 -08:00
  • 2bf5c8b48b Replace the OIDCProvider field SNICertificateSecretName with a TLS.SecretName field. Matt Moyer 2020-11-02 16:55:29 -06:00
  • 05233963fb Add CPU requests and limits to the Concierge and Supervisor deployments Ryan Richard 2020-11-02 15:47:20 -08:00
  • 2b8773aa54 Rename OIDCProviderConfig to OIDCProvider. Matt Moyer 2020-11-02 16:24:55 -06:00
  • 59263ea733 Rename CredentialIssuerConfig to CredentialIssuer. Matt Moyer 2020-11-02 15:39:43 -06:00
  • b13a8075e4 Merge pull request #183 from vmware-tanzu/non-root Matt Moyer 2020-11-02 17:39:14 -06:00
  • d596f8c3e5 Empty commit to trigger CI Ryan Richard 2020-11-02 15:18:39 -08:00
  • 75c35e74cc Refactor and add unit tests for previous commit to run agent pod as root Ryan Richard 2020-11-02 15:03:37 -08:00
  • e4f4cd7ca0 Merge pull request #181 from mattmoyer/add-psp-cluster-role-permission Matt Moyer 2020-11-02 15:35:56 -06:00
  • a01921012d kubecertagent: explicitly run as root Ryan Richard 2020-11-02 16:33:46 -05:00
  • 2e50e8f01b hack/lib/tilt: run Tilt images with non-root user Ryan Richard 2020-11-02 16:32:50 -05:00
  • 935577f8e7 Give the concierge access to use any PodSecurityPolicy. Matt Moyer 2020-11-02 15:10:00 -06:00
  • 781f86d18c deploy: add memory limits Ryan Richard 2020-11-02 14:57:39 -05:00
  • fcea48c8f9 Run as non-root Andrew Keesler 2020-11-02 11:57:05 -05:00
  • 7639d5e161 Merge pull request #178 from ankeesler/test-cleanup Andrew Keesler 2020-11-02 12:22:34 -05:00
  • ab5c04b1f3 Merge pull request #176 from vmware-tanzu/agent_pod_additional_label_handling Ryan Richard 2020-11-02 09:08:42 -08:00
  • fb3c5749e8 test/integration: protect from NPE and follow doc conventions Andrew Keesler 2020-11-02 11:42:46 -05:00
  • 7597b12a51 Small unit test changes for deleter_test.go Ryan Richard 2020-11-02 08:40:39 -08:00
  • 5bbfc35d27 Merge pull request #175 from mattmoyer/split-config-apis Matt Moyer 2020-10-30 19:42:03 -05:00
  • f76b9857da Don't use custom labels when selecting an agent pod Ryan Richard 2020-10-30 17:41:17 -07:00
  • 9e1922f1ed Split the config CRDs into two API groups. Matt Moyer 2020-10-30 15:09:14 -05:00
  • 01f4fdb5c3 Remove namespace from a ClusterRoleBinding, which are not namespaced Ryan Richard 2020-10-30 16:10:04 -07:00
  • a5379c08e2 Whitespace-only change in two files Andrew Keesler 2020-10-30 15:18:40 -07:00
  • ad95bb44b0 Merge pull request #174 from mattmoyer/rename-webhook-idp Matt Moyer 2020-10-30 15:50:39 -05:00
  • 4b7592feaf Skip a part of an integration test which is not so easy with real Ingress Ryan Richard 2020-10-30 13:19:23 -07:00
  • 34da8c7877 Rename existing references to "IDP" and "Identity Provider". Matt Moyer 2020-10-30 14:02:21 -05:00
  • f3a83882a4 Rename the IdentityProvider field to Authenticator in TokenCredentialRequest. Matt Moyer 2020-10-30 12:41:21 -05:00
  • 0f25657a35 Rename WebhookIdentityProvider to WebhookAuthenticator. Matt Moyer 2020-10-30 11:39:26 -05:00
  • e69183aa8a Rename idp.concierge.pinniped.dev to authentication.concierge.pinniped.dev. Matt Moyer 2020-10-30 11:03:25 -05:00
  • 81390bba89 Rename idp.pinniped.dev to idp.concierge.pinniped.dev. Matt Moyer 2020-10-30 10:51:56 -05:00
  • 59431a3d3d Merge pull request #173 from mattmoyer/parallel-codegen Matt Moyer 2020-10-30 13:45:21 -05:00
  • 9760c03617 Do codegen across all version in parallel. Matt Moyer 2020-10-30 11:12:53 -05:00
  • 8b8ffc21c4 Merge pull request #172 from mattmoyer/rename-login-api Matt Moyer 2020-10-30 10:23:45 -05:00
  • f0320dfbd8 Rename login API to login.concierge.pinniped.dev. Matt Moyer 2020-10-30 09:34:43 -05:00
  • 3277e778ea Add a comment to an integration test Ryan Richard 2020-10-29 15:42:22 -07:00
  • 9c13b7144e Merge pull request #170 from vmware-tanzu/oidc_https_endpoints Ryan Richard 2020-10-28 17:15:11 -07:00
  • 059b6e885f Allow ytt templating of the loadBalancerIP for the supervisor Ryan Richard 2020-10-28 16:45:23 -07:00
  • 4af508981a Make default TLS secret name from app name in supervisor_discovery_test.go Ryan Richard 2020-10-28 16:11:19 -07:00
  • a007fc3bd3 Form paths correctly when the path arg is empty in supervisor_discovery_test.go Ryan Richard 2020-10-28 15:22:53 -07:00
  • c52874250a Fix a mistake in supervisor_discovery_test.go Ryan Richard 2020-10-28 14:25:01 -07:00
  • 01dddd3cae Add some docs for configuring supervisor TLS Ryan Richard 2020-10-28 13:42:02 -07:00
  • bd04570e51 supervisor_discovery_test.go tests hostnames are treated as case-insensitive Andrew Keesler 2020-10-28 13:09:20 -07:00
  • 8ff64d4c1a Require https scheme for OIDCProviderConfig Issuer field Ryan Richard 2020-10-28 12:49:41 -07:00
  • 2542a8e175 Stash and restore any pre-existing default TLS cert in supervisor_discovery_test.go Andrew Keesler 2020-10-28 12:32:21 -07:00
  • 29e0ce5662 Configure name of the supervisor default TLS cert secret via ConfigMap Ryan Richard 2020-10-28 11:56:50 -07:00
  • 978ecda758 Test SNI & default certs being used at the same time in integration test Ryan Richard 2020-10-28 08:58:50 -07:00
  • 170d3a3993 Forgot to commit some test fixtures in a prior commit Ryan Richard 2020-10-27 17:00:00 -07:00
  • 2777c4e9f3 Update prepare-for-integration-tests.sh to use ./hack/kind-{up,down}.sh Ryan Richard 2020-10-27 16:56:53 -07:00
  • 38802c2184 Add a way to set a default supervisor TLS cert for when SNI won't work Ryan Richard 2020-10-27 16:33:08 -07:00
  • 7bce16737b Get rid of WIP workflow Andrew Keesler 2020-10-27 18:39:19 -04:00
  • 96c4661a25 Fix unit-tests workflow YAML. Andrew Keesler 2020-10-27 18:26:11 -04:00
  • 45189e3e2b No way this windows-unit-tests workflow works. Andrew Keesler 2020-10-27 18:20:12 -04:00
  • d5dd65cfe8 So...does this macos-unit-tests workflow work? Andrew Keesler 2020-10-27 18:00:54 -04:00
  • 1f1b6c884e Add integration test: supervisor TLS termination and SNI virtual hosting Ryan Richard 2020-10-27 14:57:25 -07:00
  • eeb110761e Rename secretName to SNICertificateSecretName in OIDCProviderConfig Ryan Richard 2020-10-26 17:25:45 -07:00
  • 8b7c30cfbd Supervisor listens for HTTPS on port 443 with configurable TLS certs Ryan Richard 2020-10-26 17:03:26 -07:00
  • 7880f7ea41 Merge pull request #171 from danjahner/main Matt Moyer 2020-10-26 17:20:36 -05:00
  • 13ccb07fe4 Rename logo file Dan Jahner 2020-10-26 15:06:04 -07:00
  • 6c092deba5 Merge pull request #169 from mattmoyer/promote-login-command Matt Moyer 2020-10-23 19:48:44 -05:00
  • 25a91019c2 Add spec.secretName to OPC and handle case-insensitive hostnames Ryan Richard 2020-10-23 16:25:44 -07:00
  • 7615667b9b Update TestCLILoginOIDC to use new non-alpha login command. Matt Moyer 2020-10-23 14:31:15 -05:00
  • 0948457521 Promote the pinniped login command out of alpha. Matt Moyer 2020-10-23 14:26:51 -05:00
  • 110c72a5d4 dynamiccertauthority: fix cert expiration test failure Andrew Keesler 2020-10-23 15:34:25 -04:00
  • f928ef4752 Also mention using a service mesh is an option for supervisor ingress Andrew Keesler 2020-10-23 10:23:17 -07:00
  • eafdef7b11 Add docs for creating an Ingress for the Supervisor Ryan Richard 2020-10-22 16:57:41 -07:00