djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,033 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

3033 Commits

Author SHA1 Message Date
Margo Crawford 3cacb5b022 Fix typo in oidcclient spec and status descriptions 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-06-06 07:38:57 -07:00
Margo Crawford ca3da0bc90 Fix some disallowed kubebuilder annotations, fix kube api discovery test 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-06-04 21:04:40 -07:00
Margo Crawford cd47ba53c2 Add CRD for OIDCClient 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-06-03 16:22:15 -07:00
anjalitelang 2f6349c96d
Merge pull request #1166 from anjaltelang/main 
Roadmap updates for future
 2022-06-02 17:27:14 -04:00
anjalitelang 225bbdd36b
Merge branch 'main' into main 2022-06-02 17:25:43 -04:00
Ryan Richard 30d09b2b7e Empty commit 2022-06-02 13:10:34 -07:00
Ryan Richard cb8685b942 Add e2e test for PINNIPED_UPSTREAM_IDENTITY_PROVIDER_FLOW env var 2022-06-02 11:27:54 -07:00
Ryan Richard 6e461821d6 Allow PINNIPED_UPSTREAM_IDENTITY_PROVIDER_FLOW env var to override flow 
Env var may be used with CLI to override the flow selected by the
--upstream-identity-provider-flow CLI flag.
 2022-06-02 10:30:03 -07:00
Ryan Richard b99c4773a2 Use CSP headers in auth handler response 
When response_mode=form_post is requested, some error cases will be
returned to the client using the form_post web page to POST the result
back to the client's redirect URL.
 2022-06-02 09:23:34 -07:00
Monis Khan 212f00ebde
Recommend a single approach to address all goals 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-06-01 10:26:37 -04:00
Mo Khan 75a32ae243
Merge pull request #1145 from enj/enj/f/json_logs 
Switch to go.uber.org/zap for JSON formatted logging
 2022-05-24 13:15:22 -04:00
Monis Khan 0674215ef3
Switch to go.uber.org/zap for JSON formatted logging 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-05-24 11:17:42 -04:00
Ryan Richard 03ccef03fe
Merge pull request #1163 from vmware-tanzu/ldap-login-ui 
Support a browser-based login flow for LDAP and Active Directory providers
 2022-05-24 10:19:34 -04:00
Ryan Richard 438ab0a0e1
Merge branch 'main' into ldap-login-ui 2022-05-20 08:40:34 -07:00
Ryan Richard 39fd9ba270 Small refactors and comments for LDAP/AD UI 2022-05-19 16:02:08 -07:00
Anjali Telang cc985aa98a Roadmap updates for future 
Signed-off-by: Anjali Telang <atelang@vmware.com>
 2022-05-19 15:53:53 -04:00
Ryan Richard 7388097de7
Merge pull request #1116 from vmware-tanzu/proposal-ldap-web-ui 
ldap/ad web ui proposal
 2022-05-16 16:22:17 -07:00
Ryan Richard f008c081b3
Accept LDAP UI proposal 2022-05-16 16:21:33 -07:00
Ryan Richard 1092fc4a9e
Add PR link to LDAP UI proposal 2022-05-16 16:21:17 -07:00
Ryan Richard dc6874e9cd
Move remaining open q's to answered q's 2022-05-16 16:20:42 -07:00
Ryan Richard 0f2a984308 Merge branch 'main' into ldap-login-ui 2022-05-11 11:32:15 -07:00
Ryan Richard 4101a55001 Update docs for new LDAP/AD browser-based login flow 
Also fix some comments that didn't fit onto one line in the yaml
examples, be consistent about putting a blank line above `---` yaml
separators, and some other small doc improvements.
 2022-05-11 11:19:08 -07:00
Ryan Richard aa732a41fb Add LDAP browser flow login failure tests to supervisor_login_test.go 
Also do some refactoring to share more common test setup code in
supervisor_login_test.go.
 2022-05-10 16:28:08 -07:00
Ryan Richard 0b106c245e Add LDAP browser flow login test to supervisor_login_test.go 2022-05-10 12:54:40 -07:00
Ryan Richard ab302cf2b7 Add AD via browser login e2e test and refactor e2e tests to share code 2022-05-10 10:30:32 -07:00
Ryan Richard a4e32d8f3d Extract browsertest.LoginToUpstreamLDAP() integration test helper 2022-05-09 15:43:36 -07:00
Ryan Richard 831abc315e Update audit log proposal key names and timestamp format 2022-05-09 14:45:18 -07:00
Monis Khan 6bb34130fe
Add asymmetric crypto based client secret generation 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-05-09 15:58:52 -04:00
Margo Crawford 22aea6ab9d Address some small comments to make the doc more understandable 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-05-09 12:55:32 -07:00
Monis Khan 58f8a10919
Add data model and secret generation alternatives 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-05-09 00:05:06 -04:00
Monis Khan 1c4ed8b404
Add recommendation for solving the audience confusion problem 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-05-06 22:26:59 -04:00
Pinny afc73221d6 Updated versions in docs for v0.17.0 release 2022-05-06 19:28:56 +00:00
Ryan Richard 4c44f583e9 Don't add pinniped_idp_name pinniped_idp_type params into upstream state 2022-05-06 12:00:46 -07:00
Margo Crawford 408e390094 Add more detail on how we should display errors 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-05-06 11:00:01 -07:00
Ryan Richard ec22b5715b Add Pinniped favicon to login UI page 🦭 2022-05-05 14:46:07 -07:00
Ryan Richard 6e6e1f4add Update login page CSS selectors in e2e test 2022-05-05 13:56:38 -07:00
Ryan Richard 00d68845c4 Add `--flow` to choose login flow in prepare-supervisor-on-kind.sh 2022-05-05 13:42:23 -07:00
Ryan Richard cffa353ffb Login page styling/structure for users, screen readers, passwd managers 
Also:
- Add CSS to login page
- Refactor login page HTML and CSS into a new package
- New custom CSP headers for the login page, because the requirements
  are different from the form_post page
 2022-05-05 13:13:25 -07:00
Ryan Richard 6ca7c932ae Add unit test for rendering form_post response from POST /login 2022-05-05 13:13:25 -07:00
Margo Crawford b458cd43b9
Merge pull request #1159 from vmware-tanzu/fix-openldap-typo 
Tiny fix to openldap group name: pinninpeds->pinnipeds
 2022-05-05 12:50:43 -07:00
Margo Crawford 07a3faf449
Merge branch 'main' into fix-openldap-typo 2022-05-05 10:51:09 -07:00
Margo Crawford 329d41aac7 Add the full end to end test for ldap web ui 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-05-05 08:49:58 -07:00
Margo Crawford 079908fb50 Update to reflect further conversations we've had 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-05-04 13:28:54 -07:00
anjalitelang 1a59b6a686
Update ROADMAP.md 
Changes made to reflect status as of May 4th, 2022
 2022-05-04 16:06:33 -04:00
Margo Crawford eb891d77a5 Tiny fix: pinninpeds->pinnipeds 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-05-04 12:42:55 -07:00
Ryan Richard 572474605f
Merge pull request #1151 from vmware-tanzu/more_unit_tests_for_ldap_escaping 
More unit tests for LDAP DNs which contain special chars
 2022-05-04 09:49:20 -07:00
Ryan Richard 656f221fb7 Merge branch 'main' into ldap-login-ui 2022-05-04 09:29:15 -07:00
Ryan Richard a36688573b
Merge pull request #1150 from vmware-tanzu/prepare_supervisor_on_kind_active_directory 
Support AD in hack/prepare-supervisor-on-kind.sh
 2022-05-04 09:16:13 -07:00
Ryan Richard 2e031f727b Use security headers for the form_post page in the POST /login endpoint 
Also use more specific test assertions where security headers are
expected. And run the unit tests for the login package in parallel.
 2022-05-03 16:46:09 -07:00
Ryan Richard acc6c50e48 More unit tests for LDAP DNs which contain special chars 
Adding explicit coverage for PerformRefresh().
 2022-05-03 15:43:01 -07:00