29368e8242
Make the linter happy
2022-02-08 16:31:04 -05:00
cd825c5e51
Use "-v6" for kubectl for an e2e test so we can get more failure output
2022-02-08 13:00:49 -08:00
874b567974
Merge pull request #988 from enj/enj/t/e2e_hung
...
e2e_test: handle hung go routines and readers
2022-02-08 12:57:54 -05:00
8ee461ae8a
e2e_test: handle hung go routines and readers
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-02-08 11:40:10 -05:00
1388183bf1
TestE2EFullIntegration: reduce timeout
...
This causes the test to timeout before concourse terminates the entire test run.
2022-02-07 20:53:03 -05:00
0431a072ae
Remove an unnecessary nolint comment
2022-02-07 16:26:39 -08:00
aa56f174db
Capture and print the full kubectl output in an e2e test upon failure
2022-02-07 16:17:38 -08:00
2b93fdf357
Fix a bug in the e2e tests
...
When the test was going to fail, a goroutine would accidentally block
on writing to an unbuffered channel, and the spawnTestGoroutine helper
would wait for that goroutine to end on cleanup, causing the test to
hang forever while it was trying to fail.
2022-02-07 11:57:54 -08:00
7c246784dc
Update ROADMAP.md
...
Updated roadmap to reflect changes planned for v0.14 release and beyond.
2022-02-03 08:57:47 -05:00
0dd3b40694
Update ROADMAP.md
2022-01-31 12:13:18 -05:00
3b1153cd91
Update latest version to v0.13.0
2022-01-21 15:19:40 -08:00
6590230bcd
Merge pull request #954 from anjaltelang/main
...
Blog for v0.13.0
2022-01-21 15:17:18 -08:00
4f06cd3c2e
Update CLI docs for v0.13.0 release
2022-01-21 23:12:12 +00:00
dea9bf9b90
Merge pull request #970 from vmware-tanzu/kubectl-apply-resources
...
When instructing users how to install the concierge with kubectl apply,
2022-01-21 13:36:52 -08:00
726e88ea03
When instructing users how to install the concierge with kubectl apply,
...
reccommend using install-pinniped-concierge-crds.yaml, then
install-pinniped-concierge-resources.yaml.
Previously we recommended install-pinniped-concierge-crds (a subset),
then install-pinniped-concierge (everything concierge related, including
the crds). This works fine for install, but not uninstall. Instead we
should use a separate yaml file that contains everything in
install-pinniped-concierge but *not* in install-pinniped-concierge-crds.
We have been generating this file in CI since a5ced4286b6febc7474b7adee34eeb1b62ec82b7
but we haven't released since then so we haven't been able to recommend
its use.
2022-01-21 10:26:45 -08:00
70c99c6d44
Merge pull request #969 from vmware-tanzu/request-offline-access-in-docs
...
Request offline_access in the concierge with supervisor demo
2022-01-21 10:24:04 -08:00
62a8967db1
Request offline_access in the concierge with supervisor demo
...
It's a generic config and not OIDC provider specific
but since most providers require it it seems like the
best default.
2022-01-21 09:58:04 -08:00
3fc73c21d2
Merge pull request #968 from enj/enj/i/bump_0002
...
Bump to Kube v0.23.2
2022-01-21 12:16:49 -05:00
d55ae3f8bb
Bump all deps to latest
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-01-21 11:25:56 -05:00
c8d4b73f94
Merge pull request #967 from vmware-tanzu/refresh-token-test-warnings
...
Fix new refresh token grace period test to have warnings
2022-01-21 04:20:46 -08:00
b30dad72ed
Fix new refresh token grace period test to have warnings
2022-01-20 14:54:59 -08:00
31cdd808ac
Merge pull request #951 from vmware-tanzu/short-session-warning
...
Supervisor should emit a warning when access token lifetime is too short
2022-01-20 14:44:32 -08:00
e85a6c09f6
Merge pull request #953 from vmware-tanzu/dependabot/go_modules/github.com/tdewolff/minify/v2-2.9.29
...
Bump github.com/tdewolff/minify/v2 from 2.9.26 to 2.9.29
2022-01-20 14:16:05 -08:00
025ef6311b
Merge pull request #943 from vmware-tanzu/dependabot/go_modules/github.com/ory/fosite-0.42.0
...
Bump github.com/ory/fosite from 0.41.0 to 0.42.0
2022-01-20 17:03:52 -05:00
842ef38868
Ensure warning is on stderr and not stdout.
2022-01-20 13:48:50 -08:00
acd23c4c37
Separate test for access token refresh
2022-01-20 13:48:50 -08:00
38d184fe81
Integration test + making sure we get the session correctly in token handler
2022-01-20 13:48:50 -08:00
b0ea7063c7
Supervisor should emit a warning when access token lifetime is too short
2022-01-20 13:48:50 -08:00
fe819e3512
Empty commit to trigger CI
2022-01-20 13:37:15 -08:00
42ca31055a
Empty commit to trigger CI
2022-01-20 13:25:29 -08:00
652797ba0b
Merge branch 'main' into dependabot/go_modules/github.com/tdewolff/minify/v2-2.9.29
2022-01-20 12:23:02 -08:00
89c40259f3
Use latest github.com/ory/x v0.0.336
2022-01-20 12:21:19 -08:00
520fcf195a
Merge branch 'main' into dependabot/go_modules/github.com/ory/fosite-0.42.0
2022-01-20 12:16:54 -08:00
284ce00aef
Merge pull request #957 from vmware-tanzu/dependabot/go_modules/github.com/ory/x-0.0.334
...
Bump github.com/ory/x from 0.0.331 to 0.0.334
2022-01-20 12:10:57 -08:00
db789dc2bf
Merge branch 'main' into dependabot/go_modules/github.com/tdewolff/minify/v2-2.9.29
2022-01-20 12:10:24 -08:00
6ddc953989
Merge branch 'main' into dependabot/go_modules/github.com/ory/fosite-0.42.0
2022-01-20 12:10:01 -08:00
1f21e30bb2
Merge pull request #948 from vmware-tanzu/upstream-oidc-refresh-groups
...
Update group memberships during refresh for upstream OIDC providers
2022-01-20 12:07:42 -08:00
6c923d3bc6
Merge pull request #956 from vmware-tanzu/fix-scopes-access-token-refresh-test
...
Keep all scopes except offline_access in access token refresh integration test
2022-01-19 16:19:13 -08:00
cd3d1333de
Bump github.com/ory/x from 0.0.331 to 0.0.334
...
Bumps [github.com/ory/x](https://github.com/ory/x ) from 0.0.331 to 0.0.334.
- [Release notes](https://github.com/ory/x/releases )
- [Commits](https://github.com/ory/x/compare/v0.0.331...v0.0.334 )
---
updated-dependencies:
- dependency-name: github.com/ory/x
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-19 22:07:18 +00:00
dff53b8144
Changes for Fosite's new RevokeRefreshTokenMaybeGracePeriod() interface
...
Fosite v0.42.0 introduced a new RevokeRefreshTokenMaybeGracePeriod()
interface function. Updated our code to support this change. We didn't
support grace periods on refresh tokens before, so implemented it by
making the new RevokeRefreshTokenMaybeGracePeriod() method just call
the old RevokeRefreshToken() method, therefore keeping our old behavior.
2022-01-19 13:57:01 -08:00
513c943e87
Keep all scopes except offline_access in integration test
2022-01-19 13:29:26 -08:00
3b1cc30e8d
Update unit test to match new JS minify output after minify upgrade
2022-01-19 13:29:07 -08:00
a4ca44ca14
Improve error handling when upstream groups is invalid during refresh
2022-01-19 12:57:47 -08:00
4ce2f9db50
Bump github.com/tdewolff/minify/v2 from 2.9.26 to 2.9.29
...
Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify ) from 2.9.26 to 2.9.29.
- [Release notes](https://github.com/tdewolff/minify/releases )
- [Commits](https://github.com/tdewolff/minify/compare/v2.9.26...v2.9.29 )
---
updated-dependencies:
- dependency-name: github.com/tdewolff/minify/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-19 01:05:43 +00:00
78bdb1928a
Merge branch 'main' into upstream-oidc-refresh-groups
2022-01-18 16:03:14 -08:00
b2bdf01152
Bump github.com/ory/fosite from 0.41.0 to 0.42.0
...
Bumps [github.com/ory/fosite](https://github.com/ory/fosite ) from 0.41.0 to 0.42.0.
- [Release notes](https://github.com/ory/fosite/releases )
- [Changelog](https://github.com/ory/fosite/blob/master/CHANGELOG.md )
- [Commits](https://github.com/ory/fosite/compare/v0.41.0...v0.42.0 )
---
updated-dependencies:
- dependency-name: github.com/ory/fosite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-18 23:53:34 +00:00
956f6f1eab
Merge pull request #945 from enj/enj/i/supervisor_ports
...
Allow configuration of supervisor endpoints
2022-01-18 18:52:32 -05:00
1e1789f6d1
Allow configuration of supervisor endpoints
...
This change allows configuration of the http and https listeners
used by the supervisor.
TCP (IPv4 and IPv6 with any interface and port) and Unix domain
socket based listeners are supported. Listeners may also be
disabled.
Binding the http listener to TCP addresses other than 127.0.0.1 or
::1 is deprecated.
The deployment now uses https health checks. The supervisor is
always able to complete a TLS connection with the use of a bootstrap
certificate that is signed by an in-memory certificate authority.
To support sidecar containers used by service meshes, Unix domain
socket based listeners include ACLs that allow writes to the socket
file from any runAsUser specified in the pod's containers.
Signed-off-by: Monis Khan <mok@vmware.com>
2022-01-18 17:43:45 -05:00
70bd831099
Merge branch 'main' into upstream-oidc-refresh-groups
2022-01-18 14:36:18 -08:00
01a7978387
Merge pull request #940 from vmware-tanzu/ldap_and_activedirectory_status_conditions_bug
...
Fix bug where LDAP or AD status conditions were not updated correctly
2022-01-18 14:35:49 -08:00
Mo Khan