Commit Graph

736 Commits

Author SHA1 Message Date
Ryan Richard
321abfc98d Merge branch 'dynamic_clients' into token_exchange_aud 2022-06-08 09:03:29 -07:00
Ryan Richard
97d17bbda8 Merge branch 'main' into dynamic_clients 2022-06-08 09:03:06 -07:00
Ryan Richard
ea45e5dfef Disallow certain requested audience strings in token exchange 2022-06-07 16:32:19 -07:00
Ryan Richard
8170889aef Update CSP header expectations in TestSupervisorLogin_Browser int test 2022-06-07 11:20:59 -07:00
Margo Crawford
ca3da0bc90 Fix some disallowed kubebuilder annotations, fix kube api discovery test
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-06-04 21:04:40 -07:00
Ryan Richard
cb8685b942 Add e2e test for PINNIPED_UPSTREAM_IDENTITY_PROVIDER_FLOW env var 2022-06-02 11:27:54 -07:00
Ryan Richard
0f2a984308 Merge branch 'main' into ldap-login-ui 2022-05-11 11:32:15 -07:00
Ryan Richard
aa732a41fb Add LDAP browser flow login failure tests to supervisor_login_test.go
Also do some refactoring to share more common test setup code in
supervisor_login_test.go.
2022-05-10 16:28:08 -07:00
Ryan Richard
0b106c245e Add LDAP browser flow login test to supervisor_login_test.go 2022-05-10 12:54:40 -07:00
Ryan Richard
ab302cf2b7 Add AD via browser login e2e test and refactor e2e tests to share code 2022-05-10 10:30:32 -07:00
Ryan Richard
a4e32d8f3d Extract browsertest.LoginToUpstreamLDAP() integration test helper 2022-05-09 15:43:36 -07:00
Ryan Richard
6e6e1f4add Update login page CSS selectors in e2e test 2022-05-05 13:56:38 -07:00
Margo Crawford
329d41aac7 Add the full end to end test for ldap web ui
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-05 08:49:58 -07:00
Margo Crawford
eb891d77a5 Tiny fix: pinninpeds->pinnipeds
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-04 12:42:55 -07:00
Margo Crawford
07b2306254 Add basic outline of login get handler
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-28 11:51:36 -07:00
Margo Crawford
eb1d3812ec Update authorization endpoint to redirect to new login page
Also fix some test failures on the callback handler, register the
new login handler in manager.go and add a (half baked) integration test

Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-26 12:51:56 -07:00
hectorj2f
a3f7afaec4 oidc: add code challenge supported methods
Signed-off-by: hectorj2f <hectorf@vmware.com>
2022-04-19 01:21:39 +02:00
Margo Crawford
d5337c9c19 Error format of untrusted certificate errors should depend on OS
Go 1.18.1 started using MacOS' x509 verification APIs on Macs
rather than Go's own. The error messages are different.

Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-14 17:37:36 -07:00
Ryan Richard
53348b8464 Add custom prefix to downstream access and refresh tokens and authcodes 2022-04-13 10:13:27 -07:00
Monis Khan
3f0753ec5a
Remove duplication in secure TLS tests
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-01 10:56:38 -04:00
Monis Khan
15bc6a4a67
Add more details to FIPS comments
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-01 10:56:38 -04:00
Margo Crawford
53597bb824 Introduce FIPS compatibility
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-03-29 16:58:41 -07:00
Ryan Richard
cf471d6422 Remove unused env.SupervisorHTTPAddress integration test var 2022-03-29 09:13:44 -07:00
Ryan Richard
bedf4e5a39 Try to avoid getting a second username prompt in a test in e2e_test.go 2022-03-22 14:23:50 -07:00
Ryan Richard
2715741c2c Increase a test timeout in e2e_test.go 2022-03-22 12:13:10 -07:00
Ryan Richard
d162e294ed Split up the context timeouts per test in e2e_test.go 2022-03-22 10:17:45 -07:00
Monis Khan
8fac6cb9a4
Rework or remove tests that rely on the http port
Signed-off-by: Monis Khan <mok@vmware.com>
2022-03-10 19:43:12 -05:00
Ryan Richard
fffcb7f5b4 Update to github.com/golangci/golangci-lint/cmd/golangci-lint@v1.44.2
- Two of the linters changed their names
- Updated code and nolint comments to make all linters pass with 1.44.2
- Added a new hack/install-linter.sh script to help developers install
  the expected version of the linter for local development
2022-03-08 12:28:09 -08:00
Margo Crawford
f6ad5d5c45 Add group change warning test for Active Directory
Also refactor some of the AD test helper functions

Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-03-02 11:54:36 -08:00
Monis Khan
eae55a8595
Fix typo in group removed warning
Signed-off-by: Monis Khan <mok@vmware.com>
2022-03-02 12:58:30 -05:00
Margo Crawford
609b55a6d7 Pinniped Supervisor should issue a warning when groups change during refresh 2022-03-01 14:01:57 -08:00
Ryan Richard
e1e3342b3d Increase a test timeout to account for slower test on EKS in CI
The test takes longer on EKS because it has to wait about 2 minutes for
the EKS load balancer to be ready during the test.
2022-02-22 11:46:15 -08:00
Margo Crawford
e2c6dcd6e6 Add integration test 2022-02-17 12:50:28 -08:00
Ryan Richard
dec89b5378
Merge branch 'main' into proposal_process 2022-02-17 12:48:58 -08:00
Margo Crawford
662f2cef9c Integration test for updating group search base
Also a small change to a comment
2022-02-17 11:29:59 -08:00
Margo Crawford
ca523b1f20 Always update groups even if it's nil
Also de-dup groups and various small formatting changes
2022-02-17 11:29:59 -08:00
Margo Crawford
cd7538861a Add integration test where we don't get groups back 2022-02-17 11:29:59 -08:00
Margo Crawford
013b521838 Upstream ldap group refresh:
- Doing it inline on the refresh request
2022-02-17 11:29:59 -08:00
Ryan Richard
9dbf7d6bf5 Merge branch 'main' into proposal_process 2022-02-17 10:07:37 -08:00
Ryan Richard
c09daa8513 Merge branch 'main' into fix_int_test_macos 2022-02-16 11:09:11 -08:00
Monis Khan
b8202d89d9
Enforce naming convention for browser based tests
This allows us to target browser based tests with the regex:

go test -v -race -count 1 -timeout 0 ./test/integration -run '/_Browser'

New tests that call browsertest.Open will automatically be forced to
follow this convention.

Signed-off-by: Monis Khan <mok@vmware.com>
2022-02-16 09:20:28 -05:00
Ryan Richard
1aa17bd84d Check for darwin before relaxing stderr vs stdout assertion in e2e test 2022-02-15 13:45:04 -08:00
Ryan Richard
b0c36c6633 Fix int test that was failing on MacOS, and some small doc changes 2022-02-15 11:19:49 -08:00
Ryan Richard
5d79d4b9dc Fix form_post.js mistake from recent commit; Better CORS on callback 2022-02-08 17:30:48 -08:00
Mo Khan
29368e8242
Make the linter happy 2022-02-08 16:31:04 -05:00
Ryan Richard
cd825c5e51 Use "-v6" for kubectl for an e2e test so we can get more failure output 2022-02-08 13:00:49 -08:00
Monis Khan
8ee461ae8a
e2e_test: handle hung go routines and readers
Signed-off-by: Monis Khan <mok@vmware.com>
2022-02-08 11:40:10 -05:00
Mo Khan
1388183bf1
TestE2EFullIntegration: reduce timeout
This causes the test to timeout before concourse terminates the entire test run.
2022-02-07 20:53:03 -05:00
Ryan Richard
0431a072ae Remove an unnecessary nolint comment 2022-02-07 16:26:39 -08:00
Ryan Richard
aa56f174db Capture and print the full kubectl output in an e2e test upon failure 2022-02-07 16:17:38 -08:00