mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-08 07:11:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,691 Commits 20 Branches 50 Tags
0d31e955aef296119e6a73518b67219b91178d86
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Ryan Richard 0d31e955ae Don't skip upstream group memberships when groups scope is not granted 
Background: For dynamic clients, the groups scope is not always allowed
and/or requested by the client, so it will not always be granted by the
Supervisor for an authorization request.

Previously, when the groups scope was not granted, we would skip
searching for upstream groups in some scenarios.

This commit changes the behavior of authorization flows so that even
when the groups scope is not granted we still search for the upstream
group memberships as configured, and we pass the upstream group
memberships into any configured identity transformations. The identity
transformations could potentially reject the user's authentication based
on their upstream group membership.

When the groups scope is not granted, we don't include the groups in
the final Supervisor-issued ID token. This behavior is not changed.
2024-02-21 13:12:18 -08:00
.github
disable dependabot for some things in favor of our own tooling
2024-01-19 11:34:47 -08:00
apis
Refactor to extract interface for upstream IDP interactions
2024-02-20 09:26:34 -08:00
cmd
login oidc cmd checks access token expiry before doing token exchange
2024-02-09 13:33:30 -08:00
deploy
Rerun codegen after upgrading CI controller-gen from v0.13.0 to v0.14.0
2024-02-08 13:27:02 -08:00
generated
Refactor to extract interface for upstream IDP interactions
2024-02-20 09:26:34 -08:00
hack
Bump dependencies
2024-02-20 15:57:22 +00:00
internal
Don't skip upstream group memberships when groups scope is not granted
2024-02-21 13:12:18 -08:00
pkg
login oidc cmd checks access token expiry before doing token exchange
2024-02-09 13:33:30 -08:00
proposals
Update proposal doc statuses
2023-09-11 11:14:05 -07:00
public
added search functionality to docs on Pinniped.dev
2021-04-09 10:58:39 -05:00
site
Correct doc which explained bug that has since been fixed.
2024-02-13 10:16:41 -08:00
test
Don't skip upstream group memberships when groups scope is not granted
2024-02-21 13:12:18 -08:00
.dockerignore
Update website docs for arm64 support
2023-10-05 14:48:14 -07:00
.gitattributes
Target hack/Dockerfile_fips correctly
2022-04-06 15:32:08 -04:00
.gitignore
Update website docs for arm64 support
2023-10-05 14:48:14 -07:00
.golangci.yaml
Upgrade the linter to golangci-lint@v1.55.1
2023-11-02 09:54:16 -07:00
.pre-commit-config.yaml
Lightly standardize import aliases
2023-11-15 13:52:17 -06:00
ADOPTERS.md
Add OK a.m.b.a. to adopters.md file
2021-04-14 18:38:11 -05:00
CODE_OF_CONDUCT.md
Rename the CoC and contributor guide to the names GitHub recognizes.
2020-10-02 15:53:48 -05:00
CONTRIBUTING.md
update CI URL in CONTRIBUTING.md
2024-01-19 11:34:47 -08:00
Dockerfile
Bump dependencies
2024-02-20 15:57:22 +00:00
go.mod
Bump dependencies
2024-02-21 14:02:55 +00:00
go.sum
Bump dependencies
2024-02-21 14:02:55 +00:00
GOVERNANCE.md
Auto-format GOVERNANCE.md
2022-02-17 10:08:37 -08:00
LICENSE
Add Apache 2.0 license.
2020-07-06 13:50:31 -05:00
MAINTAINERS.md
Update team members on website
2023-04-03 16:54:10 -07:00
README.md
pause community meeting for a little while
2022-07-25 12:07:18 -07:00
ROADMAP.md
Update ROADMAP.md
2022-09-09 11:18:48 -04:00
SCOPE.md
Move scope doc out of website to SCOPE.md.
2021-02-23 11:11:07 -06:00
SECURITY.md
SECURITY.md: follow established pattern
2021-02-09 09:08:19 -05:00

README.md

Pinniped Logo

Overview

Pinniped provides identity services to Kubernetes.

  • Easily plug in external identity providers into Kubernetes clusters while offering a simple install and configuration experience. Leverage first class integration with Kubernetes and kubectl command-line.
  • Give users a consistent, unified login experience across all your clusters, including on-premises and managed cloud environments.
  • Securely integrate with an enterprise IDP using standard protocols or use secure, externally managed identities instead of relying on simple, shared credentials.

To learn more, please visit the Pinniped project's website, https://pinniped.dev.

Getting started with Pinniped

Care to kick the tires? It's easy to install and try Pinniped.

Discussion

Got a question, comment, or idea? Please don't hesitate to reach out via GitHub Discussions, GitHub Issues, or in the Kubernetes Slack Workspace within the #pinniped channel. Join our Google Group to receive updates and meeting invitations.

Contributions

Pinniped is better because of our contributors and maintainers. It is because of you that we can bring great software to the community.

Want to get involved? Contributions are welcome.

Please see the contributing guide for more information about reporting bugs, requesting features, building and testing the code, submitting PRs, and other contributor topics.

Adopters

Some organizations and products using Pinniped are featured in ADOPTERS.md. Add your own organization or product here.

Reporting security vulnerabilities

Please follow the procedure described in SECURITY.md.

License

Pinniped is open source and licensed under Apache License Version 2.0. See LICENSE.

Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.

Description
No description provided
Readme Apache-2.0 32 MiB
Languages
Go 97.3%
Shell 1.6%
HTML 0.4%
SCSS 0.4%
CSS 0.1%
Other 0.1%