djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,848 Commits 30 Branches 34 Tags 22 MiB
311bb05993
Commit Graph

2848 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Margo Crawford
311bb05993
Merge pull request #1130 from vmware-tanzu/kube-versions-april-22 
Update kube versions to latest patch
 2022-04-19 13:30:40 -07:00
Ryan Richard
0ec5e57114
Merge pull request #1131 from vmware-tanzu/bump_some_deps 
Bump some deps
 2022-04-19 13:29:28 -07:00
Margo Crawford
63779ddac2
Merge pull request #1129 from vmware-tanzu/jwt-authenticator-client-field 
JWTAuthenticator distributed claims resolution honors tls config
 2022-04-19 13:28:43 -07:00
Ryan Richard
4de8004094 Empty commit to trigger CI 2022-04-19 12:12:45 -07:00
Margo Crawford
0b72f7084c JWTAuthenticator distributed claims resolution honors tls config 
Kube 1.23 introduced a new field on the OIDC Authenticator which
allows us to pass in a client with our own TLS config. See
https://github.com/kubernetes/kubernetes/pull/106141.

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-19 11:36:46 -07:00
Ryan Richard
132d2aac72 add a code comment 2022-04-19 11:35:46 -07:00
Ryan Richard
2d4f4e4efd Merge branch 'main' into bump_some_deps 2022-04-19 11:32:53 -07:00
Margo Crawford
c40bca5e65
Merge pull request #1127 from hectorj2f/add_code_challenge_method_support 
oidc: add code challenge supported methods to the discovery doc
 2022-04-19 11:23:57 -07:00
Margo Crawford
019750a292 Update kube versions to latest patch 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-19 11:19:24 -07:00
Ryan Richard
5b9831d319 bump the kube direct deps 2022-04-19 11:13:52 -07:00
Ryan Richard
fb8083d024 bump some direct deps 2022-04-19 11:09:24 -07:00
hectorj2f
a3f7afaec4 oidc: add code challenge supported methods 
Signed-off-by: hectorj2f <hectorf@vmware.com>
 2022-04-19 01:21:39 +02:00
Margo Crawford
f5cf3276d5
Merge pull request #1123 from vmware-tanzu/macos-untrusted-certificate-errors 2022-04-14 20:15:31 -07:00
Margo Crawford
d5337c9c19 Error format of untrusted certificate errors should depend on OS 
Go 1.18.1 started using MacOS' x509 verification APIs on Macs
rather than Go's own. The error messages are different.

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-14 17:37:36 -07:00
Mo Khan
c624846eaa
Merge pull request #1122 from vmware-tanzu/impersonator-only-http2 
the http2RoundTripper should only use http2
 2022-04-14 16:55:50 -04:00
Margo Crawford
03f19da21c the http2RoundTripper should only use http2 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-14 10:51:25 -07:00
Mo Khan
8fe635e7ce
Merge pull request #1096 from vmware-tanzu/dependabot/docker/distroless/static-2556293 
Bump distroless/static from `80c956f` to `2556293`
 2022-04-14 12:53:59 -04:00
dependabot[bot]
2fa81546f3
Bump distroless/static from 80c956f to 2556293 
Bumps distroless/static from `80c956f` to `2556293`.

---
updated-dependencies:
- dependency-name: distroless/static
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-14 14:51:17 +00:00
Mo Khan
43485563ff
Merge pull request #1120 from vmware-tanzu/dependabot/docker/hack/google.com/api-project-999119582588/go-boringcrypto/golang-1.18.1b7 
Bump google.com/api-project-999119582588/go-boringcrypto/golang from 1.17.8b7 to 1.18.1b7 in /hack
 2022-04-14 10:26:04 -04:00
dependabot[bot]
5621c1161a
Bump google.com/api-project-999119582588/go-boringcrypto/golang in /hack 
Bumps google.com/api-project-999119582588/go-boringcrypto/golang from 1.17.8b7 to 1.18.1b7.

---
updated-dependencies:
- dependency-name: google.com/api-project-999119582588/go-boringcrypto/golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-14 13:26:21 +00:00
Mo Khan
79fd8e2901
Merge pull request #1119 from enj/enj/i/fips_log_errs 
Only emit FIPS startup log when running a server component
 2022-04-14 09:19:40 -04:00
Monis Khan
e0886c6948
Only emit FIPS startup log when running a server component 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-04-13 18:31:02 -04:00
Mo Khan
f5cc2f20f7
Merge pull request #1118 from enj/enj/i/go1.18_linter_fix 
Bump to go1.18.1 and fix linter errors
 2022-04-13 18:15:20 -04:00
Monis Khan
8fd77b72df
Bump to go1.18.1 and fix linter errors 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-04-13 16:43:06 -04:00
Mo Khan
8ecf18521c
Merge pull request #1112 from vmware-tanzu/fips-website-docs 
document how to use the fips dockerfile on our website
 2022-04-13 16:41:25 -04:00
Margo Crawford
96c705bf94 document how to use the fips dockerfile on our website 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-13 12:45:58 -07:00
Mo Khan
d0d20e00e4
Merge pull request #1117 from vmware-tanzu/prefix_tokens 
Add custom prefix to downstream access and refresh tokens and authcodes
 2022-04-13 15:34:42 -04:00
Ryan Richard
53348b8464 Add custom prefix to downstream access and refresh tokens and authcodes 2022-04-13 10:13:27 -07:00
Ryan Richard
13daf59217
Merge pull request #1108 from vicmarbev/main 
Use vmware-tanzu/carvel instead of the deprecated k14s/tap to install deps with brew
 2022-04-13 08:43:39 -07:00
Ryan Richard
9ebf3a5b92
Merge branch 'main' into main 2022-04-13 08:41:04 -07:00
Mo Khan
6af1aaeb20
Merge pull request #1114 from enj/enj/i/fips_init_log 
Use klog to make sure FIPS init log is emitted
 2022-04-12 16:23:38 -04:00
Monis Khan
6b4fbb6e0e
Use klog to make sure FIPS init log is emitted 
We cannot use plog until the log level config has been setup, but
that occurs after this init function has run.

Signed-off-by: Monis Khan <mok@vmware.com>
 2022-04-12 14:36:06 -04:00
Mo Khan
edf4ffb018
Merge pull request #1101 from vmware-tanzu/dependabot/docker/hack/distroless/static-2556293 
Bump distroless/static from `80c956f` to `2556293` in /hack
 2022-04-11 12:37:25 -04:00
dependabot[bot]
721526b7e7
Bump distroless/static from 80c956f to 2556293 in /hack 
Bumps distroless/static from `80c956f` to `2556293`.

---
updated-dependencies:
- dependency-name: distroless/static
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-07 14:13:12 +00:00
anjalitelang
91681b9368
Update ROADMAP.md 
Edits to the wiki based on our current backlog 4/5/2022
 2022-04-06 16:08:04 -04:00
Mo Khan
3c6f97a457
Target hack/Dockerfile_fips correctly 2022-04-06 15:32:08 -04:00
Mo Khan
12cbd744b7
Syntax highlighting for Dockerfile_fips 2022-04-06 15:31:07 -04:00
Ryan Richard
103538858f
Merge pull request #1094 from vmware-tanzu/disable_http 
Supervisor HTTP listener disabled by default and may only bind to loopback interfaces
 2022-04-05 12:39:04 -07:00
Ryan Richard
bdabdf0f42 Update comment in FederationDomainTLSSpec 2022-04-05 09:53:22 -07:00
Ryan Richard
25d20d4081 Merge branch 'main' into disable_http 2022-04-05 09:00:26 -07:00
Víctor Martínez Bevià
dc24397df4 Use vmware-tanzu/carvel instead of the deprecated k14/tap to install deps with brew 2022-04-05 16:43:22 +02:00
Mo Khan
c0874706d9
Merge pull request #1106 from enj/enj/i/fips_followup 
Add more details to FIPS comments
 2022-04-01 13:16:50 -04:00
Monis Khan
07066e020d
Explicitly set defaultServing ciphers in FIPS mode 
This is a no-op today, but could change in the future when we add
support for FIPS in non-strict mode.

Signed-off-by: Monis Khan <mok@vmware.com>
 2022-04-01 10:59:47 -04:00
Monis Khan
3f0753ec5a
Remove duplication in secure TLS tests 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-04-01 10:56:38 -04:00
Monis Khan
15bc6a4a67
Add more details to FIPS comments 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-04-01 10:56:38 -04:00
Mo Khan
ce82d799c9
Run OSSF scorecard on release branches 2022-04-01 10:41:23 -04:00
Mo Khan
a453522d81
Add OSSF Scorecard GitHub Action 2022-04-01 10:30:01 -04:00
Ryan Richard
51c527a965 Change to camel-case for insecureAcceptExternalUnencryptedHttpRequests 
- Use camel-case in the static configmap
- Parse the value into a boolean in the go struct instead of a string
- Add test for when unsupported value is used in the configmap
- Run the config_test.go tests in parallel
- Update some paragraphs in configure-supervisor.md for clarity
 2022-03-31 16:23:45 -07:00
Ryan Richard
ae7aac020a Merge branch 'main' into disable_http 2022-03-30 11:30:32 -07:00
Mo Khan
17e8faa0fe
Have dependabot keep the FIPS dockerfile updated 2022-03-30 13:55:19 -04:00