Ryan Richard
185bcb6c8c
Add identity transformation packages idtransform and celformer
...
Implements Supervisor identity transformations helpers using CEL.
2023-02-06 16:53:08 -08:00
Ryan Richard
aa57a5150e
Add package starformer, uses Starlark for user-defined authn filters
2023-02-01 10:49:38 -08:00
Ryan Richard
60d12d88ac
Merge pull request #1387 from vmware-tanzu/jtc/bump-to-golang-1.19-semantics
...
Bump to golang 1.18 semantics
2023-01-31 10:23:24 -08:00
Joshua Casey
77041760cc
Ignore lint issues for deprecated Pool.Subjects()
...
- 4aa1efed48/src/crypto/x509/cert_pool.go (L243-L244)
2023-01-31 10:10:44 -06:00
Joshua Casey
b9c8e359ab
Use sync/atomic instead of go.uber.org/atomic
2023-01-31 10:10:44 -06:00
Joshua Casey
24cf7c5bcd
Remove internal/psets in favor of k8s.io/apimachinery/pkg/util/sets
2023-01-31 10:10:44 -06:00
Joshua Casey
0d4a4fd2bf
Bump to go 1.18 semantics
2023-01-31 10:09:55 -06:00
Joshua Casey
d0784eaed2
Merge pull request #1395 from vmware-tanzu/cli_help_messages
...
Unhide login subcommand and improve several command help messages
2023-01-29 21:16:59 -06:00
Ryan Richard
2d3e53e6ac
Increase timeouts in supervisor_oidcclientsecret_test.go
...
They were too short after enabling the race detector for integration
tests in CI.
2023-01-27 14:23:04 -08:00
Ryan Richard
7a74ca9f57
Unhide login subcommand and improve several command help messages
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-01-27 13:34:04 -08:00
Joshua Casey
d9e79eac9d
Merge pull request #1391 from vmware-tanzu/dependabot/go_modules/k8s.io/klog/v2-2.90.0
...
Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0
2023-01-27 10:36:19 -06:00
Joshua Casey
adcfedff68
Merge pull request #1394 from vmware-tanzu/jtc/add-no-cookie-banner-183755195
...
Website now displays that it does not use cookies
2023-01-27 10:35:14 -06:00
Joshua Casey
6d39b81b8f
Website now displays that it does not use cookies.
...
[#183755195 ]
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-01-26 17:09:57 -06:00
dependabot[bot]
efeb9a9de0
Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0
...
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog ) from 2.80.1 to 2.90.0.
- [Release notes](https://github.com/kubernetes/klog/releases )
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md )
- [Commits](https://github.com/kubernetes/klog/compare/v2.80.1...v2.90.0 )
---
updated-dependencies:
- dependency-name: k8s.io/klog/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-25 09:02:36 -06:00
Joshua Casey
d2afdfaf9a
Merge pull request #1389 from vmware-tanzu/error_assertions
...
Accept both old and new cert error strings on MacOS in test assertions
2023-01-24 15:06:40 -06:00
Ryan Richard
bd9d6fab27
Merge branch 'main' into error_assertions
2023-01-24 09:34:19 -08:00
Joshua Casey
5756c56497
Merge pull request #1388 from vmware-tanzu/jtc/add-presentation-to-website-183914671
...
Add 'Sharing is NOT Caring video presentation to website'
2023-01-22 18:04:13 -06:00
Ryan Richard
c6e4133c5e
Accept both old and new cert error strings on MacOS in test assertions
...
Used this as an opportunity to refactor how some tests were
making assertions about error strings.
New test helpers make it easy for an error string to be expected as an
exact string, as a string built using sprintf, as a regexp, or as a
string built to include the platform-specific x509 error string.
All of these helpers can be used in a single `wantErr` field of a test
table. They can be used for both unit tests and integration tests.
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-01-20 15:01:36 -08:00
Joshua Casey
5005f94ebb
Standardize video resource attribution and dates
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-01-20 12:14:00 -06:00
Joshua Casey
15d700a41c
Add video to website resources - 'Sharing is NOT Caring'
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-01-20 12:13:54 -06:00
Pinny
044cbd0325
Updated versions in docs for v0.22.0 release
2023-01-20 05:17:45 +00:00
Ryan Richard
e6a18978d1
Merge pull request #1385 from vmware-tanzu/update_kube_deps_0.26.1
...
Update Kube deps to 0.26.1
2023-01-19 15:48:41 -08:00
Ryan Richard
14858a6db3
Increase lint timeout to 20m for CI
2023-01-19 14:41:42 -08:00
Ryan Richard
8cad5ea3c9
Update Kube deps to 0.26.1
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
2023-01-19 14:03:37 -08:00
Ryan Richard
0ffd01d993
Merge pull request #1372 from vmware-tanzu/jtc/support-k8s-0.26-and-bump-generated-code
...
bump k8s deps to 0.26 and bump generated code to include 1.26
2023-01-19 13:47:12 -08:00
Ryan Richard
23f6dd44a0
Use Go 1.19 for fips builds
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
2023-01-18 16:00:16 -08:00
Ryan Richard
7ff3b3d9cb
Code changes to support Kube 0.26 deps
2023-01-18 14:39:22 -08:00
Joshua Casey
a430f4b730
Bump K8s deps to 0.26 and add codegen for 0.26
2023-01-18 13:41:06 -08:00
Joshua Casey
585adc96d8
Bump generated files for K8s 1.22, 1.23, 1.24, 1.25
2023-01-18 13:38:36 -08:00
Ryan Richard
3b46547efc
add hack/update-copyright-year.sh
2023-01-18 13:36:23 -08:00
Ryan Richard
53f56f328b
Merge pull request #1371 from vmware-tanzu/jtc/bump-deps-except-k8s
...
Bump Golang and Deps (except K8s)
2023-01-18 09:19:27 -08:00
Ryan Richard
9aafff78f1
bump two more direct deps
2023-01-18 08:26:55 -08:00
Joshua Casey
a49e48c6f7
Bump FIPS Golang to 1.18.10b7
...
Resolves #1367
2023-01-17 21:20:50 -06:00
Joshua Casey
6926c1ab64
Bump Golang to 1.19.5
...
Resolves #1368
2023-01-17 21:20:37 -06:00
Joshua Casey
f9e2212882
Bump all deps except K8s
...
Resolves:
- #1360
- #1361
- #1362
- #1363
- #1364
- #1365
2023-01-17 21:11:39 -06:00
Joshua Casey
95d35a174d
Merge pull request #1294 from vmware-tanzu/additional_claim_mapping
...
Add `spec.claims.additionalClaimMappings` to OIDCIdentityProvider
2023-01-17 20:48:58 -06:00
Ryan Richard
2f9b8b105d
update copyright to 2023 in files changed by this PR
2023-01-17 15:54:16 -08:00
Ryan Richard
3d20fa79a7
Two more integration tests for additionalClaimMappings
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
2023-01-17 15:36:39 -08:00
Ryan Richard
74c3156059
Assert more cluster-scoped ID token claims in supervisor_login_test.go
2023-01-17 13:10:51 -08:00
Joshua Casey
6156fdf175
Expect complex subclaims of additionalClaims to have type interface{}
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-01-17 13:27:40 -06:00
Joshua Casey
f494c61790
additionalClaims claim should not be present when no sub claims are expected
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-01-17 11:58:08 -06:00
Ryan Richard
2633d72ce2
Change some test variable names related to additional claims
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
2023-01-13 14:59:59 -08:00
Joshua Casey
a94bbe70c7
Add integration test to verify that additionalClaims are present in an ID Token
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-01-13 14:59:59 -08:00
Joshua Casey
9acc456fd7
Update token_handler_test to check additionalClaims for bools, numbers, and slices
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-01-13 14:59:59 -08:00
Ryan Richard
8ff6ef32e9
Allow additional claims to map into an ID token issued by the supervisor
...
- Specify mappings on OIDCIdentityProvider.spec.claims.additionalClaimMappings
- Advertise additionalClaims in the OIDC discovery endpoint under claims_supported
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
2023-01-13 14:59:50 -08:00
Joshua Casey
f4c9202f49
Merge pull request #1369 from vmware-tanzu/kube_cert_agent_reduce_memory
...
Reduce memory consumption of pinniped-concierge-kube-cert-agent binary
2023-01-13 14:26:39 -06:00
Ryan Richard
bc7ffd37a6
Reduce memory consumption of pinniped-concierge-kube-cert-agent binary
...
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
2023-01-13 11:07:42 -08:00
Pinny
f691baec74
Updated versions in docs for v0.21.0 release
2022-12-21 13:12:06 +00:00
Ryan Richard
39a95e1198
Merge pull request #1354 from vmware-tanzu/dump_more_deps_dec_2022
...
Bump Go 1.19.1 -> 1.19.4, and go-boringcrypto 1.18.6b7 -> 1.18.9b7
2022-12-15 10:35:54 -08:00
Ryan Richard
6d3ed73eee
Bump Go 1.19.1 -> 1.19.4, and go-boringcrypto 1.18.6b7 -> 1.18.9b7
2022-12-15 09:40:32 -08:00