Commit Graph

28 Commits

Author SHA1 Message Date
Ryan Richard
61bb01b31d extract a helper function in federation_domain_watcher.go
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-09-11 11:14:05 -07:00
Ryan Richard
e42e3ca421 Status condition messages for IDP transforms show index of invalid IDP 2023-09-11 11:14:05 -07:00
Ryan Richard
c771328bb1 Validate transforms examples in federation_domain_watcher.go
Also changes the transformation pipeline code to sort and uniq
the transformed group names at the end of the pipeline. This makes
the results more predicable without changing the semantics.
2023-09-11 11:14:05 -07:00
Ryan Richard
52925a2a46 Validate transforms expressions in federation_domain_watcher.go 2023-09-11 11:14:05 -07:00
Ryan Richard
617f57e1c9 Validate transforms const names in federation_domain_watcher.go 2023-09-11 11:14:05 -07:00
Ryan Richard
8e169f9702 Validate IDP objectRef kind names in federation_domain_watcher.go
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-09-11 11:14:05 -07:00
Ryan Richard
32063db46e Validate apiGroup names are valid in federation_domain_watcher.go 2023-09-11 11:14:05 -07:00
Ryan Richard
31d67a1af3 Validate display names are unique in federation_domain_watcher.go 2023-09-11 11:14:05 -07:00
Ryan Richard
a9f2f672c7 Handle some unexpected errors in federation_domain_watcher.go 2023-09-11 11:14:05 -07:00
Ryan Richard
76709892bc Refactor: extract helper functions in federation_domain_watcher.go
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-09-11 11:14:05 -07:00
Ryan Richard
a38fb16295 Load FederationDomain endpoints before updating its status
- Avoid a possible race condition where the status says "Ready" but
  the endpoints take another moment to become available, potentially
  casing a fast client to get a 404 after observing that the status
  is "Ready" and then immediately trying to use the endpoints.

Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-09-11 11:14:05 -07:00
Ryan Richard
e334ad6f7e Fix lint errors in federation_domain_watcher.go, and adjust unit test 2023-09-11 11:14:05 -07:00
Ryan Richard
97a374c00b Refactor federation_domain_watcher_test.go and add new test to its table 2023-09-11 11:14:05 -07:00
Benjamin A. Petersen
fe9364c58b Expand IdentityProvidersFound condition in federation_domain_watcher
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-09-11 11:14:05 -07:00
Benjamin A. Petersen
e9fb4242d5 Update federation_domain_watcher with new IdentityProviderFound
- adds the truthy condition
- TODOs for falsy conditions
- addiional notes for other conditions
- tests updated to pass with the new condition

Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-09-11 11:14:04 -07:00
Ryan Richard
0b408f4fc0 Change FederationDomain.Status to use Phase and Conditions 2023-09-11 11:14:02 -07:00
Ryan Richard
86c791b8a6 reorganize federation domain packages to be more intuitive
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-09-11 11:11:52 -07:00
Benjamin A. Petersen
3160b5bad1 Reorganized FederationDomain packages to avoid circular dependency
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-09-11 11:09:50 -07:00
Benjamin A. Petersen
5c0425fb71 refactor: rename "provider" to "federationdomain" when appropriate
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-09-11 11:09:50 -07:00
Ryan Richard
96098841dd Get tests to compile again and fix lint errors 2023-09-11 11:09:50 -07:00
Ryan Richard
7af75dfe3c First draft of implementation of multiple IDPs support 2023-09-11 11:09:49 -07:00
Ryan Richard
814399324f Merge branch 'main' into upstream_access_revocation_during_gc 2022-01-14 10:49:22 -08:00
Monis Khan
9599ffcfb9
Update all deps to latest where possible, bump Kube deps to v0.23.1
Highlights from this dep bump:

1. Made a copy of the v0.4.0 github.com/go-logr/stdr implementation
   for use in tests.  We must bump this dep as Kube code uses a
   newer version now.  We would have to rewrite hundreds of test log
   assertions without this copy.
2. Use github.com/felixge/httpsnoop to undo the changes made by
   ory/fosite#636 for CLI based login flows.  This is required for
   backwards compatibility with older versions of our CLI.  A
   separate change after this will update the CLI to be more
   flexible (it is purposefully not part of this change to confirm
   that we did not break anything).  For all browser login flows, we
   now redirect using http.StatusSeeOther instead of http.StatusFound.
3. Drop plog.RemoveKlogGlobalFlags as klog no longer mutates global
   process flags
4. Only bump github.com/ory/x to v0.0.297 instead of the latest
   v0.0.321 because v0.0.298+ pulls in a newer version of
   go.opentelemetry.io/otel/semconv which breaks k8s.io/apiserver.
   We should update k8s.io/apiserver to use the newer code.
5. Migrate all code from k8s.io/apimachinery/pkg/util/clock to
   k8s.io/utils/clock and k8s.io/utils/clock/testing
6. Delete testutil.NewDeleteOptionsRecorder and migrate to the new
   kubetesting.NewDeleteActionWithOptions
7. Updated ExpectedAuthorizeCodeSessionJSONFromFuzzing caused by
   fosite's new rotated_secrets OAuth client field.  This new field
   is currently not relevant to us as we have no private clients.

Signed-off-by: Monis Khan <mok@vmware.com>
2021-12-16 21:15:27 -05:00
Matt Moyer
6565265bee
Use new 'go.pinniped.dev/generated/latest' package.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-02-16 13:00:08 -06:00
Monis Khan
b04fd46319
Update federation domain logic to use status subresource
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-10 21:52:10 -05:00
Monis Khan
05a471fdf9
Migrate callers to k8s.io/apimachinery/pkg/util/errors.NewAggregate
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-05 12:56:05 -05:00
Margo Crawford
5611212ea9 Changing references from 1.19 to 1.20 2021-01-07 15:25:47 -08:00
Ryan Richard
b96d49df0f Rename all "op" and "opc" usages
Signed-off-by: Aram Price <pricear@vmware.com>
2020-12-17 11:34:49 -08:00