Matt Moyer
59263ea733
Rename CredentialIssuerConfig to CredentialIssuer.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-11-02 17:39:42 -06:00
Matt Moyer
9e1922f1ed
Split the config CRDs into two API groups.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 19:22:46 -05:00
Matt Moyer
f3a83882a4
Rename the IdentityProvider field to Authenticator in TokenCredentialRequest.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 15:11:53 -05:00
Matt Moyer
0f25657a35
Rename WebhookIdentityProvider to WebhookAuthenticator.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 15:11:53 -05:00
Matt Moyer
e69183aa8a
Rename idp.concierge.pinniped.dev
to authentication.concierge.pinniped.dev
.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 14:07:40 -05:00
Matt Moyer
81390bba89
Rename idp.pinniped.dev
to idp.concierge.pinniped.dev
.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 14:07:39 -05:00
Matt Moyer
f0320dfbd8
Rename login API to login.concierge.pinniped.dev
.
...
This is the first of a few related changes that re-organize our API after the big recent changes that introduced the supervisor component.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 09:58:28 -05:00
Ryan Richard
eeb110761e
Rename secretName
to SNICertificateSecretName
in OIDCProviderConfig
2020-10-26 17:25:45 -07:00
Ryan Richard
25a91019c2
Add spec.secretName
to OPC and handle case-insensitive hostnames
...
- When two different Issuers have the same host (i.e. they differ
only by path) then they must have the same secretName. This is because
it wouldn't make sense for there to be two different TLS certificates
for one host. Find any that do not have the same secret name to
put an error status on them and to avoid serving OIDC endpoints for
them. The host comparison is case-insensitive.
- Issuer hostnames should be treated as case-insensitive, because
DNS hostnames are case-insensitive. So https://me.com and
https://mE.cOm are duplicate issuers. However, paths are
case-sensitive, so https://me.com/A and https://me.com/a are
different issuers. Fixed this in the issuer validations and in the
OIDC Manager's request router logic.
2020-10-23 16:25:44 -07:00
Andrew Keesler
1b99983441
apis: fix indentation in Go type
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-15 09:19:00 -04:00
Andrew Keesler
6aed025c79
supervisor-generate-key: initial spike
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-14 09:47:34 -04:00
Andrew Keesler
c555c14ccb
supervisor-oidc: add OIDCProviderConfig.Status.LastUpdateTime
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-09 11:54:50 -04:00
Andrew Keesler
da00fc708f
supervisor-oidc: checkpoint: add status to provider CRD
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-10-08 13:27:45 -04:00
Andrew Keesler
ead1ade24b
supervisor-oidc: forgot OIDCProviderConfig type registration in 14f1d86
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-07 10:50:55 -04:00
Ryan Richard
14f1d86833
supervisor-oidc: add OIDCProviderConfig CRD
...
This will hopefully come in handy later if we ever decide to add
support for multiple OIDC providers as a part of one supervisor.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-06 15:20:29 -04:00
Matt Moyer
164f64a370
Add IdentityProvider field to TokenCredentialRequestSpec.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-22 10:03:31 -05:00
Matt Moyer
78ac27c262
Remove deprecated "pinniped.dev" API group.
...
This has been replaced by the "login.pinniped.dev" group with a slightly different API.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-18 17:32:15 -05:00
Matt Moyer
907ccb68f5
Move CredentialIssuerConfig into new "config.pinniped.dev" API group.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-18 16:38:45 -05:00
Matt Moyer
2d4d7e588a
Add Go vanity import paths.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-18 14:56:24 -05:00
Matt Moyer
8c9c1e206d
Update module/package names to match GitHub org switch.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-17 12:56:54 -05:00
Matt Moyer
58bf93b10c
Add a new login.pinniped.dev API group with TokenCredentialRequest.
...
This is essentially meant to be be "v1alpha2" of the existing CredentialRequest API, but since we want to move API groups we can just start over at v1alpha1.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-17 09:52:22 -05:00
Andrew Keesler
eab5c2b86b
Save 2 lines by using inline-style comments for Copyright
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-16 10:35:19 -04:00
Andrew Keesler
e7b389ae6c
Update copyright to reference Pinniped contributors
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-16 10:05:51 -04:00
Matt Moyer
8df910361c
Clean up CredentialRequest types.go
.
...
Mostly cleaned up and added doc strings, but also removed unneeded protobuf tags.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 14:30:12 -05:00
Matt Moyer
557fd0df26
Define the WebhookIdentityProvider CRD.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 11:44:23 -05:00
Matt Moyer
2959b54e7b
Generate CRD YAML using controller-tools, update doc strings.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-31 16:38:48 -05:00
Matt Moyer
f49317d7e4
Add some generated API documentation. ( #81 )
...
Add some generated API documentation using https://github.com/elastic/crd-ref-docs which is now packaged in the codegen image.
2020-08-31 11:27:39 -05:00
Ryan Richard
5ed97f7f9e
Merge branch 'main' into self_test
2020-08-25 19:02:27 -07:00
Matt Moyer
1aef2f07d3
Add new ./apis
directory and codegen scripts.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-24 14:32:07 -05:00