djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,392 Commits 30 Branches 34 Tags 22 MiB
0b408f4fc0
Commit Graph

843 Commits

Author SHA1 Message Date
Ryan Richard
0b408f4fc0 Change FederationDomain.Status to use Phase and Conditions 2023-09-11 11:14:02 -07:00
Ryan Richard
022fdb9cfd Update a test assertion to make failure easier to understand 2023-09-11 11:12:27 -07:00
Ryan Richard
e4f43683d4 fix more integration tests for multiple IDPs 2023-09-11 11:12:27 -07:00
Ryan Richard
0f23931fe4 Fix some tests in supervisor_login_test.go 2023-09-11 11:11:56 -07:00
Ryan Richard
86c791b8a6 reorganize federation domain packages to be more intuitive 
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-09-11 11:11:52 -07:00
Joshua Casey
64f1bff13f Use Conditions from apimachinery, specifically k8s.io/apimachinery/pkg/apis/meta/v1.Conditions 2023-09-11 10:13:39 -07:00
Joshua Casey
3908097c54 Run 'go fix ./...' with go1.21.0 2023-09-06 14:52:01 -05:00
Joshua Casey
12f18cbed8 Inline and remove testutil.TempDir 2023-09-06 14:52:01 -05:00
Joshua Casey
05a1187e2e Simplify build tags associated with unsupported golang versions 2023-09-06 14:52:01 -05:00
Joshua Casey
ca05969f8d Integration tests should use 'kubectl explain --output plaintext-openapiv2' 
- OpenAPIV3 discovery of aggregate APIs seems to need a little more work in K8s 1.28
 2023-08-28 10:50:11 -05:00
Joshua Casey
7f0d04dba6 Address PR feedback 2023-08-09 11:42:42 -05:00
Joshua Casey
1707995378 Fix #1582 by not double-decoding the ca.crt field in external TLS secrets for the impersonation proxy 2023-08-08 20:17:21 -05:00
Joshua Casey
dc61d132cf Address PR feedback, especially to check that the CA bundle is some kind of valid cert 2023-08-03 14:57:21 -05:00
Joshua Casey
959f18b67b Add integration test to verify that the impersonation proxy will use an external TLS serving cert 2023-08-03 14:57:21 -05:00
Joshua Casey
bd035a180e Impersonation proxy detects when the user has configured an externally provided TLS secret to serve TLS 
- https://github.com/vmware-tanzu/pinniped/tree/main/proposals/1547_impersonation-proxy-external-certs
- https://joshuatcasey.medium.com/k8s-mtls-auth-with-tls-passthrough-1bc25e750f52
 2023-08-03 14:57:21 -05:00
Ryan Richard
4512eeca9a Replace agouti and chromedriver with chromedp across the whole project 2023-08-01 11:27:09 -07:00
Joshua Casey
63b5f921e1 Use k8s.io/utils/ptr instead of k8s.io/utils/pointer, which is deprecated 2023-07-28 09:16:02 -05:00
Ryan Richard
6c65fd910e Improve performance of supervisor_oidcclientsecret_test.go 
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-07-13 12:48:46 -07:00
Ryan Richard
914861c5da Increase a test timeout in supervisor_secrets_test.go 2023-06-01 12:54:45 -07:00
Ryan Richard
86e360dc14 Increase a test timeout for when pulling container image is slow 2023-06-01 10:04:59 -07:00
Ryan Richard
d30d76b7ac Increase some test timeouts 2023-05-31 17:41:36 -07:00
Ryan Richard
020e04baf8
Merge branch 'main' into ldap_userAttributeForFilter 2023-05-31 16:42:30 -07:00
Ryan Richard
b6b11a6d0c increase timeout in a test 2023-05-31 15:59:44 -07:00
Ryan Richard
d4710cb16e Add integration test for AD UserAttributeForFilter group search setting 2023-05-31 11:36:49 -07:00
Ryan Richard
0a1f966886 Add ActiveDirectoryIdentityProvider.spec.groupSearch.userAttributeForFilter 
Add the field to the tmpl file and run codegen.
Also update the count of the fields of our APIs in an integration test.
 2023-05-31 11:09:08 -07:00
Ryan Richard
552eceabdb Add integration test for UserAttributeForFilter group search setting 
Also adds new integration test env var to support the new test:
PINNIPED_TEST_LDAP_EXPECTED_DIRECT_POSIX_GROUPS_CN
 2023-05-31 10:29:44 -07:00
Ryan Richard
e3b7ba3677 Add group search tests for UserAttributeForFilter in ldap_client_test.go 2023-05-31 10:29:44 -07:00
Ryan Richard
bad5e60a8e Add LDAPIdentityProvider.spec.groupSearch.userAttributeForFilter 
Add the field to the tmpl file and run codegen.
Also update the count of the fields of our APIs in an integration test.
 2023-05-25 09:52:15 -07:00
Ryan Richard
e4dc810bff Add some posixGroups to the openldap server for use in integration tests 2023-05-23 16:47:39 -07:00
Ryan Richard
187ee80ee3 Handle the new output of kubectl explain which indents differently 2023-05-10 19:56:59 -07:00
Ryan Richard
484f134a98 Handle the new output of kubectl explain which shows GROUP separately 2023-05-10 18:03:40 -07:00
Ryan Richard
1e6e9e0c0e Change tests to expect new error format from pkg golang.org/x/oauth2 2023-05-10 16:52:09 -07:00
Ryan Richard
bc9afc4554 Aggregated API endpoints now must implement rest.SingularNameProvider 
This was a change in the interface requirements introduced in Kube 1.27.
 2023-05-10 16:50:50 -07:00
Ryan Richard
a1a99b9eeb Replace usages of deprecated funcs from the wait pkg 2023-05-10 11:41:11 -07:00
Ryan Richard
19b60fe563 Clarify audience value in Concierge-only auth doc, and other doc updates 
Also renamed a couple of integration test files to make their names
more clear.
 2023-04-03 16:54:10 -07:00
Ryan Richard
7cd16b179c Fix integration tests to pass with Kube 1.27/1.28 pre-release builds 
Fix test failures that occurred in the k8s-main integration test CI job
when using Kube 1.27 and 1.28 pre-release builds.
 2023-04-03 14:16:47 -07:00
Ryan Richard
a04129548f Increase some test timeouts that failed once on Kind jobs in CI 2023-04-03 11:46:11 -07:00
Joshua Casey
fc0f9d959a Bump golangci-lint to 1.51.2 and fix lint issues 2023-03-16 14:55:37 -05:00
Joshua Casey
24cf7c5bcd Remove internal/psets in favor of k8s.io/apimachinery/pkg/util/sets 2023-01-31 10:10:44 -06:00
Ryan Richard
2d3e53e6ac Increase timeouts in supervisor_oidcclientsecret_test.go 
They were too short after enabling the race detector for integration
tests in CI.
 2023-01-27 14:23:04 -08:00
Ryan Richard
c6e4133c5e Accept both old and new cert error strings on MacOS in test assertions 
Used this as an opportunity to refactor how some tests were
making assertions about error strings.

New test helpers make it easy for an error string to be expected as an
exact string, as a string built using sprintf, as a regexp, or as a
string built to include the platform-specific x509 error string.

All of these helpers can be used in a single `wantErr` field of a test
table. They can be used for both unit tests and integration tests.

Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-01-20 15:01:36 -08:00
Ryan Richard
7ff3b3d9cb Code changes to support Kube 0.26 deps 2023-01-18 14:39:22 -08:00
Ryan Richard
2f9b8b105d update copyright to 2023 in files changed by this PR 2023-01-17 15:54:16 -08:00
Ryan Richard
3d20fa79a7 Two more integration tests for additionalClaimMappings 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2023-01-17 15:36:39 -08:00
Ryan Richard
74c3156059 Assert more cluster-scoped ID token claims in supervisor_login_test.go 2023-01-17 13:10:51 -08:00
Joshua Casey
6156fdf175 Expect complex subclaims of additionalClaims to have type interface{} 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2023-01-17 13:27:40 -06:00
Joshua Casey
f494c61790 additionalClaims claim should not be present when no sub claims are expected 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-01-17 11:58:08 -06:00
Joshua Casey
a94bbe70c7 Add integration test to verify that additionalClaims are present in an ID Token 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-01-13 14:59:59 -08:00
Ryan Richard
8ff6ef32e9 Allow additional claims to map into an ID token issued by the supervisor 
- Specify mappings on OIDCIdentityProvider.spec.claims.additionalClaimMappings
- Advertise additionalClaims in the OIDC discovery endpoint under claims_supported

Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2023-01-13 14:59:50 -08:00
Ryan Richard
976035115e Stop using pointer pkg functions that were deprecated by dependency bump 2022-12-14 08:47:16 -08:00