mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-08 07:11:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,695 Commits 20 Branches 50 Tags
01d6bdb4971cc5e52ce6d9a211d2d9a06bdbaef3
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Ryan Richard 01d6bdb497 CLI deciding if token exchange needed should not look at ID token expiry 
This fixes a small mistake in PR #1864. When the "pinniped login oidc"
CLI command is deciding if the RFC8693 token exchange is needed, it
should not look at the expiry of the ID token. This mistake would cause
the RFC8693 token exchange to happen when the OIDC provider is not
a Pinniped Supervisor, which would fail because most other providers
do not support that type of token exchange.

It does not matter if the current ID token is close to expiring when
deciding if the RFC8693 token exchange is needed, because the token
exchange is going to yield a new ID token anyway. It does matter if the
current ID token is close to expiring if the CLI decides that it is
not going to perform the token exchange, and this commit does not change
that logic.
2024-02-23 08:37:01 -08:00
.github
disable dependabot for some things in favor of our own tooling
2024-01-19 11:34:47 -08:00
apis
Refactor to extract interface for upstream IDP interactions
2024-02-20 09:26:34 -08:00
cmd
login oidc cmd checks access token expiry before doing token exchange
2024-02-09 13:33:30 -08:00
deploy
Rerun codegen after upgrading CI controller-gen from v0.13.0 to v0.14.0
2024-02-08 13:27:02 -08:00
generated
Refactor to extract interface for upstream IDP interactions
2024-02-20 09:26:34 -08:00
hack
Bump dependencies
2024-02-20 15:57:22 +00:00
internal
Don't skip upstream group memberships when groups scope is not granted
2024-02-21 13:12:18 -08:00
pkg
CLI deciding if token exchange needed should not look at ID token expiry
2024-02-23 08:37:01 -08:00
proposals
Update proposal doc statuses
2023-09-11 11:14:05 -07:00
public
added search functionality to docs on Pinniped.dev
2021-04-09 10:58:39 -05:00
site
Correct doc which explained bug that has since been fixed.
2024-02-13 10:16:41 -08:00
test
Don't skip upstream group memberships when groups scope is not granted
2024-02-21 13:12:18 -08:00
.dockerignore
Update website docs for arm64 support
2023-10-05 14:48:14 -07:00
.gitattributes
Target hack/Dockerfile_fips correctly
2022-04-06 15:32:08 -04:00
.gitignore
Update website docs for arm64 support
2023-10-05 14:48:14 -07:00
.golangci.yaml
Upgrade the linter to golangci-lint@v1.55.1
2023-11-02 09:54:16 -07:00
.pre-commit-config.yaml
Lightly standardize import aliases
2023-11-15 13:52:17 -06:00
ADOPTERS.md
Add OK a.m.b.a. to adopters.md file
2021-04-14 18:38:11 -05:00
CODE_OF_CONDUCT.md
Rename the CoC and contributor guide to the names GitHub recognizes.
2020-10-02 15:53:48 -05:00
CONTRIBUTING.md
update CI URL in CONTRIBUTING.md
2024-01-19 11:34:47 -08:00
Dockerfile
Bump dependencies
2024-02-20 15:57:22 +00:00
go.mod
Bump dependencies
2024-02-23 14:00:47 +00:00
go.sum
Bump dependencies
2024-02-23 14:00:47 +00:00
GOVERNANCE.md
Auto-format GOVERNANCE.md
2022-02-17 10:08:37 -08:00
LICENSE
Add Apache 2.0 license.
2020-07-06 13:50:31 -05:00
MAINTAINERS.md
Update team members on website
2023-04-03 16:54:10 -07:00
README.md
pause community meeting for a little while
2022-07-25 12:07:18 -07:00
ROADMAP.md
Update ROADMAP.md
2022-09-09 11:18:48 -04:00
SCOPE.md
Move scope doc out of website to SCOPE.md.
2021-02-23 11:11:07 -06:00
SECURITY.md
SECURITY.md: follow established pattern
2021-02-09 09:08:19 -05:00

README.md

Pinniped Logo

Overview

Pinniped provides identity services to Kubernetes.

  • Easily plug in external identity providers into Kubernetes clusters while offering a simple install and configuration experience. Leverage first class integration with Kubernetes and kubectl command-line.
  • Give users a consistent, unified login experience across all your clusters, including on-premises and managed cloud environments.
  • Securely integrate with an enterprise IDP using standard protocols or use secure, externally managed identities instead of relying on simple, shared credentials.

To learn more, please visit the Pinniped project's website, https://pinniped.dev.

Getting started with Pinniped

Care to kick the tires? It's easy to install and try Pinniped.

Discussion

Got a question, comment, or idea? Please don't hesitate to reach out via GitHub Discussions, GitHub Issues, or in the Kubernetes Slack Workspace within the #pinniped channel. Join our Google Group to receive updates and meeting invitations.

Contributions

Pinniped is better because of our contributors and maintainers. It is because of you that we can bring great software to the community.

Want to get involved? Contributions are welcome.

Please see the contributing guide for more information about reporting bugs, requesting features, building and testing the code, submitting PRs, and other contributor topics.

Adopters

Some organizations and products using Pinniped are featured in ADOPTERS.md. Add your own organization or product here.

Reporting security vulnerabilities

Please follow the procedure described in SECURITY.md.

License

Pinniped is open source and licensed under Apache License Version 2.0. See LICENSE.

Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.

Description
No description provided
Readme Apache-2.0 32 MiB
Languages
Go 97.3%
Shell 1.6%
HTML 0.4%
SCSS 0.4%
CSS 0.1%
Other 0.1%