59263ea733
Rename CredentialIssuerConfig to CredentialIssuer.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-11-02 17:39:42 -06:00
9e1922f1ed
Split the config CRDs into two API groups.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 19:22:46 -05:00
f3a83882a4
Rename the IdentityProvider field to Authenticator in TokenCredentialRequest.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 15:11:53 -05:00
0f25657a35
Rename WebhookIdentityProvider to WebhookAuthenticator.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 15:11:53 -05:00
e69183aa8a
Rename `idp.concierge.pinniped.dev` to `authentication.concierge.pinniped.dev`.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 14:07:40 -05:00
81390bba89
Rename `idp.pinniped.dev` to `idp.concierge.pinniped.dev`.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 14:07:39 -05:00
f0320dfbd8
Rename login API to `login.concierge.pinniped.dev`.
...
This is the first of a few related changes that re-organize our API after the big recent changes that introduced the supervisor component.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-30 09:58:28 -05:00
eeb110761e
Rename `secretName` to `SNICertificateSecretName` in OIDCProviderConfig
2020-10-26 17:25:45 -07:00
25a91019c2
Add `spec.secretName` to OPC and handle case-insensitive hostnames
...
- When two different Issuers have the same host (i.e. they differ
only by path) then they must have the same secretName. This is because
it wouldn't make sense for there to be two different TLS certificates
for one host. Find any that do not have the same secret name to
put an error status on them and to avoid serving OIDC endpoints for
them. The host comparison is case-insensitive.
- Issuer hostnames should be treated as case-insensitive, because
DNS hostnames are case-insensitive. So https://me.com and
https://mE.cOm are duplicate issuers. However, paths are
case-sensitive, so https://me.com/A and https://me.com/a are
different issuers. Fixed this in the issuer validations and in the
OIDC Manager's request router logic.
2020-10-23 16:25:44 -07:00
1b99983441
apis: fix indentation in Go type
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-15 09:19:00 -04:00
6aed025c79
supervisor-generate-key: initial spike
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-14 09:47:34 -04:00
c555c14ccb
supervisor-oidc: add OIDCProviderConfig.Status.LastUpdateTime
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-09 11:54:50 -04:00
da00fc708f
supervisor-oidc: checkpoint: add status to provider CRD
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-10-08 13:27:45 -04:00
ead1ade24b
supervisor-oidc: forgot OIDCProviderConfig type registration in 14f1d86
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-07 10:50:55 -04:00
14f1d86833
supervisor-oidc: add OIDCProviderConfig CRD
...
This will hopefully come in handy later if we ever decide to add
support for multiple OIDC providers as a part of one supervisor.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-06 15:20:29 -04:00
164f64a370
Add IdentityProvider field to TokenCredentialRequestSpec.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-22 10:03:31 -05:00
78ac27c262
Remove deprecated "pinniped.dev" API group.
...
This has been replaced by the "login.pinniped.dev" group with a slightly different API.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-18 17:32:15 -05:00
907ccb68f5
Move CredentialIssuerConfig into new "config.pinniped.dev" API group.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-18 16:38:45 -05:00
2d4d7e588a
Add Go vanity import paths.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-18 14:56:24 -05:00
8c9c1e206d
Update module/package names to match GitHub org switch.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-17 12:56:54 -05:00
58bf93b10c
Add a new login.pinniped.dev API group with TokenCredentialRequest.
...
This is essentially meant to be be "v1alpha2" of the existing CredentialRequest API, but since we want to move API groups we can just start over at v1alpha1.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-17 09:52:22 -05:00
eab5c2b86b
Save 2 lines by using inline-style comments for Copyright
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-16 10:35:19 -04:00
e7b389ae6c
Update copyright to reference Pinniped contributors
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-16 10:05:51 -04:00
8df910361c
Clean up CredentialRequest `types.go`.
...
Mostly cleaned up and added doc strings, but also removed unneeded protobuf tags.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 14:30:12 -05:00
557fd0df26
Define the WebhookIdentityProvider CRD.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 11:44:23 -05:00
2959b54e7b
Generate CRD YAML using controller-tools, update doc strings.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-31 16:38:48 -05:00
f49317d7e4
Add some generated API documentation. ( #81 )
...
Add some generated API documentation using https://github.com/elastic/crd-ref-docs which is now packaged in the codegen image.
2020-08-31 11:27:39 -05:00
9d9b56073c
Update Kubernetes versions.
...
- Upgrade from `1.19.0-rc.0` to the newly-release `1.19.0`.
- Downgrade from `1.18.6` to `1.18.2` to match some downstream consumers.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-27 13:06:05 -05:00
5ed97f7f9e
Merge branch 'main' into self_test
2020-08-25 19:02:27 -07:00
34d13f71c2
Add newly generated code.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-24 14:32:07 -05:00
Matt Moyer