djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,553 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

3553 Commits

Author SHA1 Message Date
Pinny 52db01d8ef Bump go.mod direct dependencies 2023-09-14 15:15:35 -07:00
Ben Petersen 1d500ded67
Merge pull request #1676 from vmware-tanzu/update_k8s_versions_for_codegen 
update kube-versions.txt for codegen
 2023-09-14 16:48:41 -04:00
Ryan Richard edc5f3fc15 update kube-versions.txt for codegen 2023-09-14 13:01:46 -07:00
Ryan Richard 54fb03153a multiple IDPs and identity transformations docs 2023-09-13 14:33:53 -07:00
Ryan Richard 06d456fc87
Merge pull request #1419 from vmware-tanzu/multiple_idps_and_transformations 
Support multiple IDPs and identity transformations on Supervisor FederationDomains
 2023-09-13 14:26:23 -07:00
Ryan Richard 5573c629b5 remove extra timeoutCtx for exec.CommandContext invocations in e2e test 
These extra timeout contexts were only in the new multiple IDPs e2e
test. Remove this possible cause of test cleanup flakes where the test
runs slow enough in CI that this timeout context has already expired
and then the cleanup function fails with context deadline exceeded
errors.
 2023-09-13 12:48:10 -07:00
Ryan Richard 2cecc17ef0 add celformer unit test demonstrating string regexp in CEL expressions 2023-09-13 12:31:00 -07:00
Ryan Richard c52ed93bf8 make prepare-supervisor-on-kind.sh work with older versions of bash 2023-09-12 10:24:55 -07:00
Ryan Richard 84498d5a55 fix imports grouping in manager.go 2023-09-12 09:34:19 -07:00
Ryan Richard 8faf3b0e26 add workaround in update-codegen.sh for problem seen when run on linux 2023-09-11 13:07:05 -07:00
Ryan Richard a7bd494ec3 update FederationDomain.status.conditions to come from metav1 2023-09-11 13:06:52 -07:00
Ryan Richard b6f0dc3ba7 Fix conflicts caused from rebasing main into multiple IDPs branch 2023-09-11 11:15:40 -07:00
Ryan Richard e2bdab9e2d add the IDP display name to the downstream ID token's `sub` claim 
To make the subject of the downstream ID token more unique when
there are multiple IDPs. It is possible to define two IDPs in a
FederationDomain using the same identity provider CR, in which
case the only thing that would make the subject claim different
is adding the IDP display name into the values of the subject claim.
 2023-09-11 11:15:40 -07:00
Ryan Richard 28210ab14d add units tests to token_handler_test.go 2023-09-11 11:15:40 -07:00
Ryan Richard 593d55ec09 run codegen again after rebasing main branch into feature branch 2023-09-11 11:15:37 -07:00
Ryan Richard 5ad7e9a8ca started add units tests for identity transforms to token_handler_test.go 2023-09-11 11:14:06 -07:00
Ryan Richard 7f70fcf679 add units tests to post_login_handler_test.go 2023-09-11 11:14:06 -07:00
Ryan Richard f653942065 add new unit tests in callback_handler_test.go 2023-09-11 11:14:06 -07:00
Ryan Richard d4611b829d use slices.Contains() instead of custom func in token_handler_test.go 2023-09-11 11:14:06 -07:00
Ryan Richard b2656b9cb1 add new unit tests in auth_handler_test.go 2023-09-11 11:14:06 -07:00
Ryan Richard 2eb82cc1d7 Add more tests with identity transformations in supervisor_login_test.go 2023-09-11 11:14:06 -07:00
Ryan Richard 0a21cb6d08 Replace more pointer.String() with the new ptr.To() 2023-09-11 11:14:06 -07:00
Ryan Richard 519aece8a5 Start adding identity transformations tests to supervisor_login_test.go 2023-09-11 11:14:06 -07:00
Ryan Richard e6c78facfc Fix expectations in FederationDomains status test for old Kube versions 
Also try to avoid flakes by using RetryOnConflict when calling Update
on the FederationDomain.
 2023-09-11 11:14:05 -07:00
Ryan Richard 01ab7758d8 Add e2e test for rejecting auth using identity transformation policy 2023-09-11 11:14:05 -07:00
Ryan Richard 957892b677 handle old versions of k8s in supervisor_federationdomain_status_test.go 2023-09-11 11:14:05 -07:00
Ryan Richard c701a4a344 remove expectation about TransformsConstantsNamesUnique status condition 
Forgot to remove this in the previous commit which removed writing that
condition from the controller code.
 2023-09-11 11:14:05 -07:00
Ryan Richard 92bf826ec5 rename a local variable in an integration test 2023-09-11 11:14:05 -07:00
Ryan Richard 446384a7f5 add an e2e test for a FederationDomain with multiple IDPs and transforms 2023-09-11 11:14:05 -07:00
Ryan Richard 6d82a11645 CRD already validates that IDP transform constant names are unique 
- Remove that validation from the controller since the CRD already
  validates it during creates and updates.
- Also finish the supervisor_federationdomain_status_test.go by adding
  more tests for both controller validations and CRD validations
 2023-09-11 11:14:05 -07:00
Ryan Richard bd5cabf0ff fix some here.Doc string indents in federation_domain_watcher_test.go 
To make things visually line up better.
 2023-09-11 11:14:05 -07:00
Ryan Richard 51742366fe wordsmith some FederationDomain status messages 2023-09-11 11:14:05 -07:00
Ryan Richard 5341322071 add integration test for FederationDomain status updates 
- Also fix small bug in controller where it used Sprintf wrong
- Rename WaitForTestFederationDomainStatus test helper to
  WaitForFederationDomainStatusPhase
 2023-09-11 11:14:05 -07:00
Ryan Richard 23ed2856ce small refactor in supervisor_discovery_test.go 2023-09-11 11:14:05 -07:00
Ryan Richard 84041e0c55 add unit test for ApplyIdentityTransformations helper 2023-09-11 11:14:05 -07:00
Ryan Richard 4b75ced52c add unit tests for getters in federation_domain_issuer_test.go 2023-09-11 11:14:05 -07:00
Ryan Richard 61bb01b31d extract a helper function in federation_domain_watcher.go 
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-09-11 11:14:05 -07:00
Ryan Richard 64f41d0d0c use multiple IDPs in manager_test.go 2023-09-11 11:14:05 -07:00
Ryan Richard e42e3ca421 Status condition messages for IDP transforms show index of invalid IDP 2023-09-11 11:14:05 -07:00
Ryan Richard b89e6d9d93 Make it possible to compare transformation pipelines in unit tests 2023-09-11 11:14:05 -07:00
Ryan Richard c771328bb1 Validate transforms examples in federation_domain_watcher.go 
Also changes the transformation pipeline code to sort and uniq
the transformed group names at the end of the pipeline. This makes
the results more predicable without changing the semantics.
 2023-09-11 11:14:05 -07:00
Ryan Richard 52925a2a46 Validate transforms expressions in federation_domain_watcher.go 2023-09-11 11:14:05 -07:00
Benjamin A. Petersen 013030041a Add helper for happy/sad conditions to federation_domain_watcher_test.go 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2023-09-11 11:14:05 -07:00
Ryan Richard be973bc87e Allow for slower CI workers in celformer_test.go 2023-09-11 11:14:05 -07:00
Ryan Richard 617f57e1c9 Validate transforms const names in federation_domain_watcher.go 2023-09-11 11:14:05 -07:00
Ryan Richard 0aacedf943 Update proposal doc statuses 2023-09-11 11:14:05 -07:00
Ryan Richard b05e8a5e24 Replace sleep with kubectl wait in prepare-supervisor-on-kind.sh 
- Now that the FederationDomain has `status.conditions`, we can use
  `kubectl wait` to wait for it to be ready in this hack script
 2023-09-11 11:14:05 -07:00
Ryan Richard 8e169f9702 Validate IDP objectRef kind names in federation_domain_watcher.go 
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-09-11 11:14:05 -07:00
Ryan Richard 32063db46e Validate apiGroup names are valid in federation_domain_watcher.go 2023-09-11 11:14:05 -07:00
Ryan Richard 31d67a1af3 Validate display names are unique in federation_domain_watcher.go 2023-09-11 11:14:05 -07:00