djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,810 Commits 30 Branches 34 Tags
Commit Graph

724 Commits

Author SHA1 Message Date
Margo Crawford
2d942da0d3
Suppress linter in supervisor_discovery_test 
- I think it may be getting tripped up by the variable coming from
  another package and the build tag stuff going on.

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-03-29 14:40:15 -04:00
Margo Crawford
6bf5489bbb
Fix output for rsa 2048 suites 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-03-29 14:40:15 -04:00
Margo Crawford
c50c4ae85b
Change whitespace in nmap tests 
The git commit hook seemed to have trimmed some whitespace
that was necessary for the formatting

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-03-29 14:40:15 -04:00
Margo Crawford
0a0fb7ede5
Remove expectation for tls 1.3 nmap output 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-03-29 14:40:15 -04:00
Margo Crawford
0de7bc03aa
Change order of hardcoded cipher list for fips 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-03-29 14:40:14 -04:00
Margo Crawford
420f855287
override cipher suites with fips defaults in a few more places 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-03-29 14:40:14 -04:00
Margo Crawford
22aecf9498
test against the default fips ciphers when cipherSuites is nil 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-03-29 14:40:14 -04:00
Margo Crawford
a88abd7e8b
fix compile errors in new securetls_fips_test 
goland wasn't showing me them properly because of the build tags :P

Signed-off-by: Monis Khan <mok@vmware.com>
 2022-03-29 14:40:14 -04:00
Margo Crawford
215961b282
Fix some linter errors, separate securetls test for fips 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-03-29 14:40:14 -04:00
Margo Crawford
52c796b1f4
supervisor discovery test shouldn't require tls 1.3 in fips mode 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-03-29 14:40:13 -04:00
Ryan Richard
cf471d6422 Remove unused env.SupervisorHTTPAddress integration test var 2022-03-29 09:13:44 -07:00
Ryan Richard
bedf4e5a39 Try to avoid getting a second username prompt in a test in e2e_test.go 2022-03-22 14:23:50 -07:00
Ryan Richard
2715741c2c Increase a test timeout in e2e_test.go 2022-03-22 12:13:10 -07:00
Ryan Richard
d162e294ed Split up the context timeouts per test in e2e_test.go 2022-03-22 10:17:45 -07:00
Monis Khan
8fac6cb9a4
Rework or remove tests that rely on the http port 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-03-10 19:43:12 -05:00
Ryan Richard
fffcb7f5b4 Update to github.com/golangci/golangci-lint/cmd/golangci-lint@v1.44.2 
- Two of the linters changed their names
- Updated code and nolint comments to make all linters pass with 1.44.2
- Added a new hack/install-linter.sh script to help developers install
  the expected version of the linter for local development
 2022-03-08 12:28:09 -08:00
Margo Crawford
f6ad5d5c45 Add group change warning test for Active Directory 
Also refactor some of the AD test helper functions

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-03-02 11:54:36 -08:00
Monis Khan
eae55a8595
Fix typo in group removed warning 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-03-02 12:58:30 -05:00
Margo Crawford
609b55a6d7 Pinniped Supervisor should issue a warning when groups change during refresh 2022-03-01 14:01:57 -08:00
Ryan Richard
e1e3342b3d Increase a test timeout to account for slower test on EKS in CI 
The test takes longer on EKS because it has to wait about 2 minutes for
the EKS load balancer to be ready during the test.
 2022-02-22 11:46:15 -08:00
Margo Crawford
e2c6dcd6e6 Add integration test 2022-02-17 12:50:28 -08:00
Ryan Richard
dec89b5378
Merge branch 'main' into proposal_process 2022-02-17 12:48:58 -08:00
Margo Crawford
662f2cef9c Integration test for updating group search base 
Also a small change to a comment
 2022-02-17 11:29:59 -08:00
Margo Crawford
ca523b1f20 Always update groups even if it's nil 
Also de-dup groups and various small formatting changes
 2022-02-17 11:29:59 -08:00
Margo Crawford
cd7538861a Add integration test where we don't get groups back 2022-02-17 11:29:59 -08:00
Margo Crawford
013b521838 Upstream ldap group refresh: 
- Doing it inline on the refresh request
 2022-02-17 11:29:59 -08:00
Ryan Richard
9dbf7d6bf5 Merge branch 'main' into proposal_process 2022-02-17 10:07:37 -08:00
Ryan Richard
c09daa8513 Merge branch 'main' into fix_int_test_macos 2022-02-16 11:09:11 -08:00
Monis Khan
b8202d89d9
Enforce naming convention for browser based tests 
This allows us to target browser based tests with the regex:

go test -v -race -count 1 -timeout 0 ./test/integration -run '/_Browser'

New tests that call browsertest.Open will automatically be forced to
follow this convention.

Signed-off-by: Monis Khan <mok@vmware.com>
 2022-02-16 09:20:28 -05:00
Ryan Richard
1aa17bd84d Check for darwin before relaxing stderr vs stdout assertion in e2e test 2022-02-15 13:45:04 -08:00
Ryan Richard
b0c36c6633 Fix int test that was failing on MacOS, and some small doc changes 2022-02-15 11:19:49 -08:00
Ryan Richard
5d79d4b9dc Fix form_post.js mistake from recent commit; Better CORS on callback 2022-02-08 17:30:48 -08:00
Mo Khan
29368e8242
Make the linter happy 2022-02-08 16:31:04 -05:00
Ryan Richard
cd825c5e51 Use "-v6" for kubectl for an e2e test so we can get more failure output 2022-02-08 13:00:49 -08:00
Monis Khan
8ee461ae8a
e2e_test: handle hung go routines and readers 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-02-08 11:40:10 -05:00
Mo Khan
1388183bf1
TestE2EFullIntegration: reduce timeout 
This causes the test to timeout before concourse terminates the entire test run.
 2022-02-07 20:53:03 -05:00
Ryan Richard
0431a072ae Remove an unnecessary nolint comment 2022-02-07 16:26:39 -08:00
Ryan Richard
aa56f174db Capture and print the full kubectl output in an e2e test upon failure 2022-02-07 16:17:38 -08:00
Ryan Richard
2b93fdf357 Fix a bug in the e2e tests 
When the test was going to fail, a goroutine would accidentally block
on writing to an unbuffered channel, and the spawnTestGoroutine helper
would wait for that goroutine to end on cleanup, causing the test to
hang forever while it was trying to fail.
 2022-02-07 11:57:54 -08:00
Margo Crawford
842ef38868 Ensure warning is on stderr and not stdout. 2022-01-20 13:48:50 -08:00
Margo Crawford
acd23c4c37 Separate test for access token refresh 2022-01-20 13:48:50 -08:00
Margo Crawford
38d184fe81 Integration test + making sure we get the session correctly in token handler 2022-01-20 13:48:50 -08:00
Margo Crawford
b0ea7063c7 Supervisor should emit a warning when access token lifetime is too short 2022-01-20 13:48:50 -08:00
Margo Crawford
513c943e87 Keep all scopes except offline_access in integration test 2022-01-19 13:29:26 -08:00
Monis Khan
1e1789f6d1
Allow configuration of supervisor endpoints 
This change allows configuration of the http and https listeners
used by the supervisor.

TCP (IPv4 and IPv6 with any interface and port) and Unix domain
socket based listeners are supported.  Listeners may also be
disabled.

Binding the http listener to TCP addresses other than 127.0.0.1 or
::1 is deprecated.

The deployment now uses https health checks.  The supervisor is
always able to complete a TLS connection with the use of a bootstrap
certificate that is signed by an in-memory certificate authority.

To support sidecar containers used by service meshes, Unix domain
socket based listeners include ACLs that allow writes to the socket
file from any runAsUser specified in the pod's containers.

Signed-off-by: Monis Khan <mok@vmware.com>
 2022-01-18 17:43:45 -05:00
Ryan Richard
814399324f Merge branch 'main' into upstream_access_revocation_during_gc 2022-01-14 10:49:22 -08:00
Ryan Richard
91924ec685 Revert adding allowAccessTokenBasedRefresh flag to OIDCIdentityProvider 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-01-12 18:03:25 -08:00
Margo Crawford
683a2c5b23 WIP adding access token to storage upon login 2022-01-12 18:03:25 -08:00
Margo Crawford
2958461970 Addressing PR feedback 
store issuer and subject in storage for refresh
Clean up some constants

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-01-10 11:03:37 -08:00
Margo Crawford
0cd086cf9c Check username claim is unchanged for oidc. 
Also add integration tests for claims changing.
 2022-01-10 11:03:37 -08:00