ContainerImage.Pinniped

Author	SHA1	Message	Date
Ryan Richard	53348b8464	Add custom prefix to downstream access and refresh tokens and authcodes	2022-04-13 10:13:27 -07:00
Monis Khan	3f0753ec5a	Remove duplication in secure TLS tests Signed-off-by: Monis Khan <mok@vmware.com>	2022-04-01 10:56:38 -04:00
Monis Khan	15bc6a4a67	Add more details to FIPS comments Signed-off-by: Monis Khan <mok@vmware.com>	2022-04-01 10:56:38 -04:00
Margo Crawford	53597bb824	Introduce FIPS compatibility Signed-off-by: Margo Crawford <margaretc@vmware.com>	2022-03-29 16:58:41 -07:00
Ryan Richard	cf471d6422	Remove unused env.SupervisorHTTPAddress integration test var	2022-03-29 09:13:44 -07:00
Ryan Richard	bedf4e5a39	Try to avoid getting a second username prompt in a test in e2e_test.go	2022-03-22 14:23:50 -07:00
Ryan Richard	2715741c2c	Increase a test timeout in e2e_test.go	2022-03-22 12:13:10 -07:00
Ryan Richard	d162e294ed	Split up the context timeouts per test in e2e_test.go	2022-03-22 10:17:45 -07:00
Monis Khan	8fac6cb9a4	Rework or remove tests that rely on the http port Signed-off-by: Monis Khan <mok@vmware.com>	2022-03-10 19:43:12 -05:00
Ryan Richard	fffcb7f5b4	Update to github.com/golangci/golangci-lint/cmd/golangci-lint@v1.44.2 - Two of the linters changed their names - Updated code and nolint comments to make all linters pass with 1.44.2 - Added a new hack/install-linter.sh script to help developers install the expected version of the linter for local development	2022-03-08 12:28:09 -08:00
Margo Crawford	f6ad5d5c45	Add group change warning test for Active Directory Also refactor some of the AD test helper functions Signed-off-by: Margo Crawford <margaretc@vmware.com>	2022-03-02 11:54:36 -08:00
Monis Khan	eae55a8595	Fix typo in group removed warning Signed-off-by: Monis Khan <mok@vmware.com>	2022-03-02 12:58:30 -05:00
Margo Crawford	609b55a6d7	Pinniped Supervisor should issue a warning when groups change during refresh	2022-03-01 14:01:57 -08:00
Ryan Richard	e1e3342b3d	Increase a test timeout to account for slower test on EKS in CI The test takes longer on EKS because it has to wait about 2 minutes for the EKS load balancer to be ready during the test.	2022-02-22 11:46:15 -08:00
Margo Crawford	e2c6dcd6e6	Add integration test	2022-02-17 12:50:28 -08:00
Ryan Richard	dec89b5378	Merge branch 'main' into proposal_process	2022-02-17 12:48:58 -08:00
Margo Crawford	662f2cef9c	Integration test for updating group search base Also a small change to a comment	2022-02-17 11:29:59 -08:00
Margo Crawford	ca523b1f20	Always update groups even if it's nil Also de-dup groups and various small formatting changes	2022-02-17 11:29:59 -08:00
Margo Crawford	cd7538861a	Add integration test where we don't get groups back	2022-02-17 11:29:59 -08:00
Margo Crawford	013b521838	Upstream ldap group refresh: - Doing it inline on the refresh request	2022-02-17 11:29:59 -08:00
Ryan Richard	9dbf7d6bf5	Merge branch 'main' into proposal_process	2022-02-17 10:07:37 -08:00
Ryan Richard	c09daa8513	Merge branch 'main' into fix_int_test_macos	2022-02-16 11:09:11 -08:00
Monis Khan	b8202d89d9	Enforce naming convention for browser based tests This allows us to target browser based tests with the regex: go test -v -race -count 1 -timeout 0 ./test/integration -run '/_Browser' New tests that call browsertest.Open will automatically be forced to follow this convention. Signed-off-by: Monis Khan <mok@vmware.com>	2022-02-16 09:20:28 -05:00
Ryan Richard	1aa17bd84d	Check for darwin before relaxing stderr vs stdout assertion in e2e test	2022-02-15 13:45:04 -08:00
Ryan Richard	b0c36c6633	Fix int test that was failing on MacOS, and some small doc changes	2022-02-15 11:19:49 -08:00
Ryan Richard	5d79d4b9dc	Fix form_post.js mistake from recent commit; Better CORS on callback	2022-02-08 17:30:48 -08:00
Mo Khan	29368e8242	Make the linter happy	2022-02-08 16:31:04 -05:00
Ryan Richard	cd825c5e51	Use "-v6" for kubectl for an e2e test so we can get more failure output	2022-02-08 13:00:49 -08:00
Monis Khan	8ee461ae8a	e2e_test: handle hung go routines and readers Signed-off-by: Monis Khan <mok@vmware.com>	2022-02-08 11:40:10 -05:00
Mo Khan	1388183bf1	TestE2EFullIntegration: reduce timeout This causes the test to timeout before concourse terminates the entire test run.	2022-02-07 20:53:03 -05:00
Ryan Richard	0431a072ae	Remove an unnecessary nolint comment	2022-02-07 16:26:39 -08:00
Ryan Richard	aa56f174db	Capture and print the full kubectl output in an e2e test upon failure	2022-02-07 16:17:38 -08:00
Ryan Richard	2b93fdf357	Fix a bug in the e2e tests When the test was going to fail, a goroutine would accidentally block on writing to an unbuffered channel, and the spawnTestGoroutine helper would wait for that goroutine to end on cleanup, causing the test to hang forever while it was trying to fail.	2022-02-07 11:57:54 -08:00
Margo Crawford	842ef38868	Ensure warning is on stderr and not stdout.	2022-01-20 13:48:50 -08:00
Margo Crawford	acd23c4c37	Separate test for access token refresh	2022-01-20 13:48:50 -08:00
Margo Crawford	38d184fe81	Integration test + making sure we get the session correctly in token handler	2022-01-20 13:48:50 -08:00
Margo Crawford	b0ea7063c7	Supervisor should emit a warning when access token lifetime is too short	2022-01-20 13:48:50 -08:00
Margo Crawford	513c943e87	Keep all scopes except offline_access in integration test	2022-01-19 13:29:26 -08:00
Monis Khan	1e1789f6d1	Allow configuration of supervisor endpoints This change allows configuration of the http and https listeners used by the supervisor. TCP (IPv4 and IPv6 with any interface and port) and Unix domain socket based listeners are supported. Listeners may also be disabled. Binding the http listener to TCP addresses other than 127.0.0.1 or ::1 is deprecated. The deployment now uses https health checks. The supervisor is always able to complete a TLS connection with the use of a bootstrap certificate that is signed by an in-memory certificate authority. To support sidecar containers used by service meshes, Unix domain socket based listeners include ACLs that allow writes to the socket file from any runAsUser specified in the pod's containers. Signed-off-by: Monis Khan <mok@vmware.com>	2022-01-18 17:43:45 -05:00
Ryan Richard	814399324f	Merge branch 'main' into upstream_access_revocation_during_gc	2022-01-14 10:49:22 -08:00
Ryan Richard	91924ec685	Revert adding allowAccessTokenBasedRefresh flag to OIDCIdentityProvider Signed-off-by: Margo Crawford <margaretc@vmware.com>	2022-01-12 18:03:25 -08:00
Margo Crawford	683a2c5b23	WIP adding access token to storage upon login	2022-01-12 18:03:25 -08:00
Margo Crawford	2958461970	Addressing PR feedback store issuer and subject in storage for refresh Clean up some constants Signed-off-by: Margo Crawford <margaretc@vmware.com>	2022-01-10 11:03:37 -08:00
Margo Crawford	0cd086cf9c	Check username claim is unchanged for oidc. Also add integration tests for claims changing.	2022-01-10 11:03:37 -08:00
Monis Khan	c155c6e629	Clean up nits in AD code - Make everything private - Drop unused AuthTime field - Use %q format string instead of "%s" - Only rely on GetRawAttributeValues in AttributeUnchangedSinceLogin Signed-off-by: Monis Khan <mok@vmware.com>	2021-12-17 08:53:44 -05:00
Margo Crawford	59d999956c	Move ad specific stuff to controller also make extra refresh attributes a separate field rather than part of Extra Signed-off-by: Margo Crawford <margaretc@vmware.com>	2021-12-09 16:16:36 -08:00
Margo Crawford	65f3464995	Fix issue with very high integer value parsing, add unit tests also add comment about urgent replication	2021-12-09 16:16:36 -08:00
Margo Crawford	ee4f725209	Incorporate PR feedback	2021-12-09 16:16:36 -08:00
Margo Crawford	ef5a04c7ce	Check for locked users on ad upstream refresh Signed-off-by: Margo Crawford <margaretc@vmware.com>	2021-12-09 16:16:36 -08:00
Margo Crawford	f62e9a2d33	Active directory checks for deactivated user Signed-off-by: Margo Crawford <margaretc@vmware.com>	2021-12-09 16:16:36 -08:00

1 2 3 4 5 ...

718 Commits