djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,880 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

2880 Commits

Author SHA1 Message Date
Ryan Richard e85a6c09f6
Merge pull request #953 from vmware-tanzu/dependabot/go_modules/github.com/tdewolff/minify/v2-2.9.29 
Bump github.com/tdewolff/minify/v2 from 2.9.26 to 2.9.29
 2022-01-20 14:16:05 -08:00
Mo Khan 025ef6311b
Merge pull request #943 from vmware-tanzu/dependabot/go_modules/github.com/ory/fosite-0.42.0 
Bump github.com/ory/fosite from 0.41.0 to 0.42.0
 2022-01-20 17:03:52 -05:00
Margo Crawford 842ef38868 Ensure warning is on stderr and not stdout. 2022-01-20 13:48:50 -08:00
Margo Crawford acd23c4c37 Separate test for access token refresh 2022-01-20 13:48:50 -08:00
Margo Crawford 38d184fe81 Integration test + making sure we get the session correctly in token handler 2022-01-20 13:48:50 -08:00
Margo Crawford b0ea7063c7 Supervisor should emit a warning when access token lifetime is too short 2022-01-20 13:48:50 -08:00
Ryan Richard fe819e3512 Empty commit to trigger CI 2022-01-20 13:37:15 -08:00
Ryan Richard 42ca31055a Empty commit to trigger CI 2022-01-20 13:25:29 -08:00
Ryan Richard 652797ba0b
Merge branch 'main' into dependabot/go_modules/github.com/tdewolff/minify/v2-2.9.29 2022-01-20 12:23:02 -08:00
Ryan Richard 89c40259f3 Use latest github.com/ory/x v0.0.336 2022-01-20 12:21:19 -08:00
Ryan Richard 520fcf195a Merge branch 'main' into dependabot/go_modules/github.com/ory/fosite-0.42.0 2022-01-20 12:16:54 -08:00
Ryan Richard 284ce00aef
Merge pull request #957 from vmware-tanzu/dependabot/go_modules/github.com/ory/x-0.0.334 
Bump github.com/ory/x from 0.0.331 to 0.0.334
 2022-01-20 12:10:57 -08:00
Ryan Richard db789dc2bf
Merge branch 'main' into dependabot/go_modules/github.com/tdewolff/minify/v2-2.9.29 2022-01-20 12:10:24 -08:00
Ryan Richard 6ddc953989
Merge branch 'main' into dependabot/go_modules/github.com/ory/fosite-0.42.0 2022-01-20 12:10:01 -08:00
Ryan Richard 1f21e30bb2
Merge pull request #948 from vmware-tanzu/upstream-oidc-refresh-groups 
Update group memberships during refresh for upstream OIDC providers
 2022-01-20 12:07:42 -08:00
Margo Crawford 6c923d3bc6
Merge pull request #956 from vmware-tanzu/fix-scopes-access-token-refresh-test 
Keep all scopes except offline_access in access token refresh integration test
 2022-01-19 16:19:13 -08:00
dependabot[bot] cd3d1333de
Bump github.com/ory/x from 0.0.331 to 0.0.334 
Bumps [github.com/ory/x](https://github.com/ory/x) from 0.0.331 to 0.0.334.
- [Release notes](https://github.com/ory/x/releases)
- [Commits](https://github.com/ory/x/compare/v0.0.331...v0.0.334)

---
updated-dependencies:
- dependency-name: github.com/ory/x
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-19 22:07:18 +00:00
Ryan Richard dff53b8144 Changes for Fosite's new RevokeRefreshTokenMaybeGracePeriod() interface 
Fosite v0.42.0 introduced a new RevokeRefreshTokenMaybeGracePeriod()
interface function. Updated our code to support this change. We didn't
support grace periods on refresh tokens before, so implemented it by
making the new RevokeRefreshTokenMaybeGracePeriod() method just call
the old RevokeRefreshToken() method, therefore keeping our old behavior.
 2022-01-19 13:57:01 -08:00
Margo Crawford 513c943e87 Keep all scopes except offline_access in integration test 2022-01-19 13:29:26 -08:00
Ryan Richard 3b1cc30e8d Update unit test to match new JS minify output after minify upgrade 2022-01-19 13:29:07 -08:00
Ryan Richard a4ca44ca14 Improve error handling when upstream groups is invalid during refresh 2022-01-19 12:57:47 -08:00
dependabot[bot] 4ce2f9db50
Bump github.com/tdewolff/minify/v2 from 2.9.26 to 2.9.29 
Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify) from 2.9.26 to 2.9.29.
- [Release notes](https://github.com/tdewolff/minify/releases)
- [Commits](https://github.com/tdewolff/minify/compare/v2.9.26...v2.9.29)

---
updated-dependencies:
- dependency-name: github.com/tdewolff/minify/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-19 01:05:43 +00:00
Ryan Richard 78bdb1928a
Merge branch 'main' into upstream-oidc-refresh-groups 2022-01-18 16:03:14 -08:00
dependabot[bot] b2bdf01152
Bump github.com/ory/fosite from 0.41.0 to 0.42.0 
Bumps [github.com/ory/fosite](https://github.com/ory/fosite) from 0.41.0 to 0.42.0.
- [Release notes](https://github.com/ory/fosite/releases)
- [Changelog](https://github.com/ory/fosite/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ory/fosite/compare/v0.41.0...v0.42.0)

---
updated-dependencies:
- dependency-name: github.com/ory/fosite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-18 23:53:34 +00:00
Mo Khan 956f6f1eab
Merge pull request #945 from enj/enj/i/supervisor_ports 
Allow configuration of supervisor endpoints
 2022-01-18 18:52:32 -05:00
Monis Khan 1e1789f6d1
Allow configuration of supervisor endpoints 
This change allows configuration of the http and https listeners
used by the supervisor.

TCP (IPv4 and IPv6 with any interface and port) and Unix domain
socket based listeners are supported.  Listeners may also be
disabled.

Binding the http listener to TCP addresses other than 127.0.0.1 or
::1 is deprecated.

The deployment now uses https health checks.  The supervisor is
always able to complete a TLS connection with the use of a bootstrap
certificate that is signed by an in-memory certificate authority.

To support sidecar containers used by service meshes, Unix domain
socket based listeners include ACLs that allow writes to the socket
file from any runAsUser specified in the pod's containers.

Signed-off-by: Monis Khan <mok@vmware.com>
 2022-01-18 17:43:45 -05:00
Ryan Richard 70bd831099
Merge branch 'main' into upstream-oidc-refresh-groups 2022-01-18 14:36:18 -08:00
Ryan Richard 01a7978387
Merge pull request #940 from vmware-tanzu/ldap_and_activedirectory_status_conditions_bug 
Fix bug where LDAP or AD status conditions were not updated correctly
 2022-01-18 14:35:49 -08:00
Ryan Richard 1a2514f417
Merge branch 'main' into ldap_and_activedirectory_status_conditions_bug 2022-01-18 10:09:14 -08:00
Ryan Richard 6143d66504 Increase timeout on linter for when CI gets slow 2022-01-18 10:07:36 -08:00
Ryan Richard 1602fca5ed Increase timeout on linter for when CI gets slow 2022-01-18 10:06:53 -08:00
anjalitelang ebcf71c30c
Update ROADMAP.md 
Proposed changes based on multiple tracks of work- Compliance, IDP features
 2022-01-18 10:34:09 -05:00
Ryan Richard 88f3b29515 Merge branch 'main' into upstream-oidc-refresh-groups 2022-01-14 16:51:12 -08:00
Ryan Richard 75e4093067 Merge branch 'main' into ldap_and_activedirectory_status_conditions_bug 2022-01-14 16:50:34 -08:00
Ryan Richard 619b0ba052
Merge pull request #904 from vmware-tanzu/upstream_access_revocation_during_gc 
Revoke upstream OIDC access tokens during downstream session garbage collection
 2022-01-14 16:45:29 -08:00
Ryan Richard 548977f579 Update group memberships during refresh for upstream OIDC providers 
Update the user's group memberships when possible. Note that we won't
always have enough information to be able to update it (see code
comments).
 2022-01-14 16:38:21 -08:00
Ryan Richard 7551af3eb8 Fix code that did not auto-merge correctly in previous merge from main 2022-01-14 10:59:39 -08:00
Ryan Richard 814399324f Merge branch 'main' into upstream_access_revocation_during_gc 2022-01-14 10:49:22 -08:00
Margo Crawford 50e4871d65
Merge pull request #944 from vmware-tanzu/refresh-with-no-refresh-token 
Access Token based OIDC refresh by checking the UserInfo endpoint
 2022-01-14 10:23:41 -08:00
Ryan Richard db0a765b98 Merge branch 'main' into ldap_and_activedirectory_status_conditions_bug 2022-01-14 10:06:16 -08:00
Ryan Richard 092a80f849 Refactor some variable names and update one comment 
Change variable names to match previously renamed interface name.
 2022-01-14 10:06:00 -08:00
Margo Crawford 5b161be334 Refactored oidcUpstreamRefresh 
Various style changes, updated some comments and variable names and
extracted a helper function for validation.
 2022-01-12 18:05:22 -08:00
Margo Crawford 62be761ef1 Perform access token based refresh by fetching the userinfo 2022-01-12 18:05:10 -08:00
Ryan Richard 651d392b00 Refuse logins when no upstream refresh token and no userinfo endpoint 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-01-12 18:03:25 -08:00
Margo Crawford 6f3977de9d Store access token when refresh not available for authcode flow. 
Also refactor oidc downstreamsessiondata code to be shared between
callback handler and auth handler.

Signed-off-by: Ryan Richard <richardry@vmware.com>
 2022-01-12 18:03:25 -08:00
Ryan Richard 91924ec685 Revert adding allowAccessTokenBasedRefresh flag to OIDCIdentityProvider 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-01-12 18:03:25 -08:00
Margo Crawford 683a2c5b23 WIP adding access token to storage upon login 2022-01-12 18:03:25 -08:00
Ryan Richard 1f146f905a Add struct field for storing upstream access token in downstream session 2022-01-12 18:03:25 -08:00
Mo Khan 82f54b5556
Merge pull request #917 from vmware-tanzu/oidc-refresh-user-info-checks 
OIDC refresh user info checks
 2022-01-12 20:27:00 -05:00
Margo Crawford 2b744b2eef Add back comment about deferring validation when id token subject is missing 2022-01-12 11:19:43 -08:00