0501159ac0
Show an IDP chooser UI when appropriate from authorize endpoint
2023-10-30 11:05:53 -07:00
bbf4412ff3
tolerate arm64 in tools deployments and jobs
2023-10-09 10:00:34 -07:00
826d8236d9
Use bitnami/openldap in integration tests instead of our old fork
2023-10-04 10:11:46 -07:00
62c597eb3b
Show errors from the form_post POST request on the page
2023-10-02 09:53:53 -07:00
87b7ea14d5
fix flake seen in pod_shutdown_test.go
2023-09-26 14:06:04 -07:00
5e06c6d5ad
add integration test for graceful shutdowns which release leader leases
2023-09-25 09:51:17 -07:00
cd1e4bacf8
trying to avoid flake on Okta login page in browser
2023-09-19 08:58:22 -07:00
4a89a9fa16
Update LDAP integration tests for changes in github.com/go-ldap/ldap/v3
2023-09-18 10:45:32 -05:00
5573c629b5
remove extra timeoutCtx for exec.CommandContext invocations in e2e test
...
These extra timeout contexts were only in the new multiple IDPs e2e
test. Remove this possible cause of test cleanup flakes where the test
runs slow enough in CI that this timeout context has already expired
and then the cleanup function fails with context deadline exceeded
errors.
2023-09-13 12:48:10 -07:00
a7bd494ec3
update FederationDomain.status.conditions to come from metav1
2023-09-11 13:06:52 -07:00
b6f0dc3ba7
Fix conflicts caused from rebasing main into multiple IDPs branch
2023-09-11 11:15:40 -07:00
e2bdab9e2d
add the IDP display name to the downstream ID token's `sub` claim
...
To make the subject of the downstream ID token more unique when
there are multiple IDPs. It is possible to define two IDPs in a
FederationDomain using the same identity provider CR, in which
case the only thing that would make the subject claim different
is adding the IDP display name into the values of the subject claim.
2023-09-11 11:15:40 -07:00
b2656b9cb1
add new unit tests in auth_handler_test.go
2023-09-11 11:14:06 -07:00
2eb82cc1d7
Add more tests with identity transformations in supervisor_login_test.go
2023-09-11 11:14:06 -07:00
0a21cb6d08
Replace more pointer.String() with the new ptr.To()
2023-09-11 11:14:06 -07:00
519aece8a5
Start adding identity transformations tests to supervisor_login_test.go
2023-09-11 11:14:06 -07:00
e6c78facfc
Fix expectations in FederationDomains status test for old Kube versions
...
Also try to avoid flakes by using RetryOnConflict when calling Update
on the FederationDomain.
2023-09-11 11:14:05 -07:00
01ab7758d8
Add e2e test for rejecting auth using identity transformation policy
2023-09-11 11:14:05 -07:00
957892b677
handle old versions of k8s in supervisor_federationdomain_status_test.go
2023-09-11 11:14:05 -07:00
c701a4a344
remove expectation about TransformsConstantsNamesUnique status condition
...
Forgot to remove this in the previous commit which removed writing that
condition from the controller code.
2023-09-11 11:14:05 -07:00
92bf826ec5
rename a local variable in an integration test
2023-09-11 11:14:05 -07:00
446384a7f5
add an e2e test for a FederationDomain with multiple IDPs and transforms
2023-09-11 11:14:05 -07:00
6d82a11645
CRD already validates that IDP transform constant names are unique
...
- Remove that validation from the controller since the CRD already
validates it during creates and updates.
- Also finish the supervisor_federationdomain_status_test.go by adding
more tests for both controller validations and CRD validations
2023-09-11 11:14:05 -07:00
bd5cabf0ff
fix some here.Doc string indents in federation_domain_watcher_test.go
...
To make things visually line up better.
2023-09-11 11:14:05 -07:00
51742366fe
wordsmith some FederationDomain status messages
2023-09-11 11:14:05 -07:00
5341322071
add integration test for FederationDomain status updates
...
- Also fix small bug in controller where it used Sprintf wrong
- Rename WaitForTestFederationDomainStatus test helper to
WaitForFederationDomainStatusPhase
2023-09-11 11:14:05 -07:00
23ed2856ce
small refactor in supervisor_discovery_test.go
2023-09-11 11:14:05 -07:00
c771328bb1
Validate transforms examples in federation_domain_watcher.go
...
Also changes the transformation pipeline code to sort and uniq
the transformed group names at the end of the pipeline. This makes
the results more predicable without changing the semantics.
2023-09-11 11:14:05 -07:00
52925a2a46
Validate transforms expressions in federation_domain_watcher.go
2023-09-11 11:14:05 -07:00
617f57e1c9
Validate transforms const names in federation_domain_watcher.go
2023-09-11 11:14:05 -07:00
8e169f9702
Validate IDP objectRef kind names in federation_domain_watcher.go
...
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-09-11 11:14:05 -07:00
40dcc8a7f1
Update integration tests for new FederationDomain phase behavior
...
- Refactor testlib.CreateTestFederationDomain helper
- Call testlib.WaitForTestFederationDomainStatus after each integration
test creates an IDP and expects the FederationDomain to become ready
- Create an IDP for some tests which want the FederationDomain to be
ready but were previously not creating any IDP
- Expect the new FederationDomain condition type
"IdentityProvidersFound" in those tests where it is needed
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
2023-09-11 11:14:05 -07:00
3521e129cd
Change name of FederationDomain printer column back to "Status"
...
To be consistent with the name of the pinter columns on our other CRDs,
which call the Phase "Status" in the printer column names.
2023-09-11 11:14:04 -07:00
0b408f4fc0
Change FederationDomain.Status to use Phase and Conditions
2023-09-11 11:14:02 -07:00
022fdb9cfd
Update a test assertion to make failure easier to understand
2023-09-11 11:12:27 -07:00
e4f43683d4
fix more integration tests for multiple IDPs
2023-09-11 11:12:27 -07:00
0f23931fe4
Fix some tests in supervisor_login_test.go
2023-09-11 11:11:56 -07:00
86c791b8a6
reorganize federation domain packages to be more intuitive
...
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-09-11 11:11:52 -07:00
64f1bff13f
Use Conditions from apimachinery, specifically k8s.io/apimachinery/pkg/apis/meta/v1.Conditions
2023-09-11 10:13:39 -07:00
3908097c54
Run 'go fix ./...' with go1.21.0
2023-09-06 14:52:01 -05:00
12f18cbed8
Inline and remove testutil.TempDir
2023-09-06 14:52:01 -05:00
05a1187e2e
Simplify build tags associated with unsupported golang versions
2023-09-06 14:52:01 -05:00
ca05969f8d
Integration tests should use 'kubectl explain --output plaintext-openapiv2'
...
- OpenAPIV3 discovery of aggregate APIs seems to need a little more work in K8s 1.28
2023-08-28 10:50:11 -05:00
7f0d04dba6
Address PR feedback
2023-08-09 11:42:42 -05:00
1707995378
Fix #1582 by not double-decoding the ca.crt field in external TLS secrets for the impersonation proxy
2023-08-08 20:17:21 -05:00
dc61d132cf
Address PR feedback, especially to check that the CA bundle is some kind of valid cert
2023-08-03 14:57:21 -05:00
959f18b67b
Add integration test to verify that the impersonation proxy will use an external TLS serving cert
2023-08-03 14:57:21 -05:00
bd035a180e
Impersonation proxy detects when the user has configured an externally provided TLS secret to serve TLS
...
- https://github.com/vmware-tanzu/pinniped/tree/main/proposals/1547_impersonation-proxy-external-certs
- https://joshuatcasey.medium.com/k8s-mtls-auth-with-tls-passthrough-1bc25e750f52
2023-08-03 14:57:21 -05:00
4512eeca9a
Replace agouti and chromedriver with chromedp across the whole project
2023-08-01 11:27:09 -07:00
63b5f921e1
Use k8s.io/utils/ptr instead of k8s.io/utils/pointer, which is deprecated
2023-07-28 09:16:02 -05:00
Ryan Richard