Monis Khan
212f00ebde
Recommend a single approach to address all goals
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-06-01 10:26:37 -04:00
Monis Khan
6bb34130fe
Add asymmetric crypto based client secret generation
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-05-09 15:58:52 -04:00
Monis Khan
58f8a10919
Add data model and secret generation alternatives
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-05-09 00:05:06 -04:00
Monis Khan
1c4ed8b404
Add recommendation for solving the audience confusion problem
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-05-06 22:26:59 -04:00
Ryan Richard
56c8b9f884
Add recommendations to dynamic client proposal
2022-04-29 12:48:03 -07:00
Ryan Richard
19149ff043
Update proposal state to "in-review"
2022-04-15 13:35:07 -07:00
Ryan Richard
e2836fbdb5
Dynamic Supervisor OIDC Clients proposal
2022-04-15 13:23:40 -07:00
Margo Crawford
f5cf3276d5
Merge pull request #1123 from vmware-tanzu/macos-untrusted-certificate-errors
2022-04-14 20:15:31 -07:00
Margo Crawford
d5337c9c19
Error format of untrusted certificate errors should depend on OS
...
Go 1.18.1 started using MacOS' x509 verification APIs on Macs
rather than Go's own. The error messages are different.
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-14 17:37:36 -07:00
Mo Khan
c624846eaa
Merge pull request #1122 from vmware-tanzu/impersonator-only-http2
...
the http2RoundTripper should only use http2
2022-04-14 16:55:50 -04:00
Margo Crawford
03f19da21c
the http2RoundTripper should only use http2
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-14 10:51:25 -07:00
Mo Khan
8fe635e7ce
Merge pull request #1096 from vmware-tanzu/dependabot/docker/distroless/static-2556293
...
Bump distroless/static from `80c956f` to `2556293`
2022-04-14 12:53:59 -04:00
dependabot[bot]
2fa81546f3
Bump distroless/static from 80c956f
to 2556293
...
Bumps distroless/static from `80c956f` to `2556293`.
---
updated-dependencies:
- dependency-name: distroless/static
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-14 14:51:17 +00:00
Mo Khan
43485563ff
Merge pull request #1120 from vmware-tanzu/dependabot/docker/hack/google.com/api-project-999119582588/go-boringcrypto/golang-1.18.1b7
...
Bump google.com/api-project-999119582588/go-boringcrypto/golang from 1.17.8b7 to 1.18.1b7 in /hack
2022-04-14 10:26:04 -04:00
dependabot[bot]
5621c1161a
Bump google.com/api-project-999119582588/go-boringcrypto/golang in /hack
...
Bumps google.com/api-project-999119582588/go-boringcrypto/golang from 1.17.8b7 to 1.18.1b7.
---
updated-dependencies:
- dependency-name: google.com/api-project-999119582588/go-boringcrypto/golang
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-14 13:26:21 +00:00
Mo Khan
79fd8e2901
Merge pull request #1119 from enj/enj/i/fips_log_errs
...
Only emit FIPS startup log when running a server component
2022-04-14 09:19:40 -04:00
Monis Khan
e0886c6948
Only emit FIPS startup log when running a server component
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-13 18:31:02 -04:00
Mo Khan
f5cc2f20f7
Merge pull request #1118 from enj/enj/i/go1.18_linter_fix
...
Bump to go1.18.1 and fix linter errors
2022-04-13 18:15:20 -04:00
Monis Khan
8fd77b72df
Bump to go1.18.1 and fix linter errors
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-13 16:43:06 -04:00
Mo Khan
8ecf18521c
Merge pull request #1112 from vmware-tanzu/fips-website-docs
...
document how to use the fips dockerfile on our website
2022-04-13 16:41:25 -04:00
Margo Crawford
96c705bf94
document how to use the fips dockerfile on our website
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-13 12:45:58 -07:00
Mo Khan
d0d20e00e4
Merge pull request #1117 from vmware-tanzu/prefix_tokens
...
Add custom prefix to downstream access and refresh tokens and authcodes
2022-04-13 15:34:42 -04:00
Ryan Richard
53348b8464
Add custom prefix to downstream access and refresh tokens and authcodes
2022-04-13 10:13:27 -07:00
Ryan Richard
13daf59217
Merge pull request #1108 from vicmarbev/main
...
Use vmware-tanzu/carvel instead of the deprecated k14s/tap to install deps with brew
2022-04-13 08:43:39 -07:00
Ryan Richard
9ebf3a5b92
Merge branch 'main' into main
2022-04-13 08:41:04 -07:00
Mo Khan
6af1aaeb20
Merge pull request #1114 from enj/enj/i/fips_init_log
...
Use klog to make sure FIPS init log is emitted
2022-04-12 16:23:38 -04:00
Monis Khan
6b4fbb6e0e
Use klog to make sure FIPS init log is emitted
...
We cannot use plog until the log level config has been setup, but
that occurs after this init function has run.
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-12 14:36:06 -04:00
Mo Khan
edf4ffb018
Merge pull request #1101 from vmware-tanzu/dependabot/docker/hack/distroless/static-2556293
...
Bump distroless/static from `80c956f` to `2556293` in /hack
2022-04-11 12:37:25 -04:00
dependabot[bot]
721526b7e7
Bump distroless/static from 80c956f
to 2556293
in /hack
...
Bumps distroless/static from `80c956f` to `2556293`.
---
updated-dependencies:
- dependency-name: distroless/static
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-07 14:13:12 +00:00
anjalitelang
91681b9368
Update ROADMAP.md
...
Edits to the wiki based on our current backlog 4/5/2022
2022-04-06 16:08:04 -04:00
Mo Khan
3c6f97a457
Target hack/Dockerfile_fips correctly
2022-04-06 15:32:08 -04:00
Mo Khan
12cbd744b7
Syntax highlighting for Dockerfile_fips
2022-04-06 15:31:07 -04:00
Ryan Richard
103538858f
Merge pull request #1094 from vmware-tanzu/disable_http
...
Supervisor HTTP listener disabled by default and may only bind to loopback interfaces
2022-04-05 12:39:04 -07:00
Ryan Richard
bdabdf0f42
Update comment in FederationDomainTLSSpec
2022-04-05 09:53:22 -07:00
Ryan Richard
25d20d4081
Merge branch 'main' into disable_http
2022-04-05 09:00:26 -07:00
Víctor Martínez Bevià
dc24397df4
Use vmware-tanzu/carvel instead of the deprecated k14/tap to install deps with brew
2022-04-05 16:43:22 +02:00
Mo Khan
c0874706d9
Merge pull request #1106 from enj/enj/i/fips_followup
...
Add more details to FIPS comments
2022-04-01 13:16:50 -04:00
Monis Khan
07066e020d
Explicitly set defaultServing ciphers in FIPS mode
...
This is a no-op today, but could change in the future when we add
support for FIPS in non-strict mode.
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-01 10:59:47 -04:00
Monis Khan
3f0753ec5a
Remove duplication in secure TLS tests
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-01 10:56:38 -04:00
Monis Khan
15bc6a4a67
Add more details to FIPS comments
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-01 10:56:38 -04:00
Mo Khan
ce82d799c9
Run OSSF scorecard on release branches
2022-04-01 10:41:23 -04:00
Mo Khan
a453522d81
Add OSSF Scorecard GitHub Action
2022-04-01 10:30:01 -04:00
Ryan Richard
51c527a965
Change to camel-case for insecureAcceptExternalUnencryptedHttpRequests
...
- Use camel-case in the static configmap
- Parse the value into a boolean in the go struct instead of a string
- Add test for when unsupported value is used in the configmap
- Run the config_test.go tests in parallel
- Update some paragraphs in configure-supervisor.md for clarity
2022-03-31 16:23:45 -07:00
Ryan Richard
ae7aac020a
Merge branch 'main' into disable_http
2022-03-30 11:30:32 -07:00
Mo Khan
17e8faa0fe
Have dependabot keep the FIPS dockerfile updated
2022-03-30 13:55:19 -04:00
Mo Khan
6639ce2a1f
Merge pull request #1061 from vmware-tanzu/fips-boringcrypto
...
FIPs compatibility
2022-03-30 13:43:23 -04:00
Margo Crawford
53597bb824
Introduce FIPS compatibility
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-03-29 16:58:41 -07:00
Ryan Richard
0e54ba1a20
Slightly fancier way to prevent old values.yaml names from being used
2022-03-29 14:24:40 -07:00
Ryan Richard
b07a4131e5
Merge branch 'main' into disable_http
2022-03-29 12:47:53 -07:00
Mo Khan
2cffea5880
Merge pull request #1099 from vmware-tanzu/remove_supervisorhttpaddress_var
...
Remove unused env.SupervisorHTTPAddress integration test var
2022-03-29 13:36:00 -04:00