djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,301 Commits 30 Branches 34 Tags 22 MiB
44f03af4b9
Commit Graph

132 Commits

Author SHA1 Message Date
Monis Khan
40d70bf1fc
Bump Kube to v0.22.1 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-08-27 07:36:12 -04:00
Monis Khan
c356710f1f
Add leader election middleware 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-08-20 12:18:25 -04:00
Matt Moyer
03a8160a91
Remove replace directive for dgrijalva/jwt-go. 
We no longer have a transitive dependency on this older repository, so we don't need the replace directive anymore.

There is a new fork of this that we should move to (https://github.com/golang-jwt/jwt), but we can't easily do that until a couple of our direct dependencies upgrade.

This is a revert of d162cb9adf.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-08-20 10:15:55 -05:00
Matt Moyer
f379eee7a3
Drop replace directive for oleiade/reflections. 
This is reverting 8358c26107.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-08-20 10:15:55 -05:00
Matt Moyer
4f5312807b
Undo dep hacks to work around gRPC example module. 
This is essentially reverting 87c7e89b13.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-08-20 10:15:54 -05:00
dependabot[bot]
e05a46b7f5
Bump github.com/go-ldap/ldap/v3 from 3.3.0 to 3.4.1 
Bumps [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap) from 3.3.0 to 3.4.1.
- [Release notes](https://github.com/go-ldap/ldap/releases)
- [Commits](https://github.com/go-ldap/ldap/compare/v3.3.0...v3.4.1)

---
updated-dependencies:
- dependency-name: github.com/go-ldap/ldap/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-16 20:46:25 +00:00
Monis Khan
d2891554a4
remove google.golang.org/grpc pin 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-08-09 19:16:14 -04:00
Monis Khan
25b4d82d87
Bump to Go 1.16.7 and Kube v0.22.0 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-08-09 15:32:13 -04:00
Ryan Richard
8afbb4eb4f
Merge pull request #744 from vmware-tanzu/dependabot/go_modules/github.com/tdewolff/minify/v2-2.9.20 
Bump github.com/tdewolff/minify/v2 from 2.9.19 to 2.9.20
 2021-07-28 09:08:22 -07:00
dependabot[bot]
fc82fde585
Bump github.com/tdewolff/minify/v2 from 2.9.19 to 2.9.20 
Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify) from 2.9.19 to 2.9.20.
- [Release notes](https://github.com/tdewolff/minify/releases)
- [Commits](https://github.com/tdewolff/minify/compare/v2.9.19...v2.9.20)

---
updated-dependencies:
- dependency-name: github.com/tdewolff/minify/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-28 00:03:48 +00:00
dependabot[bot]
f352db8072
Bump github.com/creack/pty from 1.1.13 to 1.1.14 
Bumps [github.com/creack/pty](https://github.com/creack/pty) from 1.1.13 to 1.1.14.
- [Release notes](https://github.com/creack/pty/releases)
- [Commits](https://github.com/creack/pty/compare/v1.1.13...v1.1.14)

---
updated-dependencies:
- dependency-name: github.com/creack/pty
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-28 00:03:39 +00:00
Monis Khan
32c9aa5087
Bump to Go 1.16.6 and Kube v0.21.3 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-27 14:18:08 -04:00
dependabot[bot]
25cda4f3e6
Bump github.com/tdewolff/minify/v2 from 2.9.18 to 2.9.19 
Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify) from 2.9.18 to 2.9.19.
- [Release notes](https://github.com/tdewolff/minify/releases)
- [Commits](https://github.com/tdewolff/minify/compare/v2.9.18...v2.9.19)

---
updated-dependencies:
- dependency-name: github.com/tdewolff/minify/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-12 01:20:59 +00:00
Matt Moyer
71d4e05fb6
Add custom response_mode=form_post HTML template. 
This is a new pacakge internal/oidc/provider/formposthtml containing a number of static files embedded using the relatively recent Go "//go:embed" functionality introduced in Go 1.16 (https://blog.golang.org/go1.16).

The Javascript and CSS files are minifiied and injected to make a single self-contained HTML response. There is a special Content-Security-Policy helper to calculate hash-based script-src and style-src rules.

This new code is covered by a new integration test that exercises the JS/HTML functionality in a real browser outside of the rest of the Supervisor.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-07-09 12:08:43 -05:00
dependabot[bot]
1c746feafe
Bump github.com/spf13/cobra from 1.2.0 to 1.2.1 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.2.0...v1.2.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-05 01:28:57 +00:00
dependabot[bot]
e26486bd41
Bump github.com/spf13/cobra from 1.1.3 to 1.2.0 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.3 to 1.2.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.3...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-02 01:11:11 +00:00
dependabot[bot]
43fee6bb94
Bump github.com/gofrs/flock from 0.8.0 to 0.8.1 
Bumps [github.com/gofrs/flock](https://github.com/gofrs/flock) from 0.8.0 to 0.8.1.
- [Release notes](https://github.com/gofrs/flock/releases)
- [Commits](https://github.com/gofrs/flock/compare/v0.8.0...v0.8.1)

---
updated-dependencies:
- dependency-name: github.com/gofrs/flock
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-06-28 01:28:52 +00:00
Matt Moyer
594e47efdf
Update to Kubernetes 1.21.2 runtime components. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-06-22 11:55:22 -05:00
dependabot[bot]
9f06869f76
Bump github.com/golang/mock from 1.5.0 to 1.6.0 
Bumps [github.com/golang/mock](https://github.com/golang/mock) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/golang/mock/releases)
- [Changelog](https://github.com/golang/mock/blob/master/.goreleaser.yml)
- [Commits](https://github.com/golang/mock/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/golang/mock
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-06-16 01:22:04 +00:00
dependabot[bot]
c88aad873b
Bump gopkg.in/square/go-jose.v2 from 2.5.1 to 2.6.0 
Bumps [gopkg.in/square/go-jose.v2](https://github.com/square/go-jose) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/square/go-jose/releases)
- [Commits](https://github.com/square/go-jose/compare/v2.5.1...v2.6.0)

---
updated-dependencies:
- dependency-name: gopkg.in/square/go-jose.v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-06-08 05:41:45 +00:00
dependabot[bot]
d4a6a61560
Bump github.com/creack/pty from 1.1.12 to 1.1.13 
Bumps [github.com/creack/pty](https://github.com/creack/pty) from 1.1.12 to 1.1.13.
- [Release notes](https://github.com/creack/pty/releases)
- [Commits](https://github.com/creack/pty/compare/v1.1.12...v1.1.13)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-06-01 20:15:47 +00:00
Matt Moyer
83f418e7f2
Upgrade k8s.io/klog/v2 to v2.9.0. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-28 12:53:37 -05:00
Matt Moyer
87c7e89b13
Upgrade github.com/ory/fosite to v0.40.2. 
This required a weird hack because some of the Fosite tests (or a transitive dependency of them) depends on a newer version of gRPC that's incompatible with the Kubernetes runtime version we use. It wasn't as simple as just replacing the gRPC module with an older version, because in the latest versions of gRPC, they split out the "examples" packages into their own module. This new module name doesn't exist at the old version.

Ultimately, the workaround was to make a fake "examples" module locally. This module can be empty because we never actually depend on that code (it's only used in transitive dependency tests).

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-28 12:53:37 -05:00
dependabot[bot]
f89f2281d8
Bump github.com/google/go-cmp from 0.5.5 to 0.5.6 
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.5 to 0.5.6.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.5...v0.5.6)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-25 05:51:17 +00:00
Matt Moyer
fd9d9b8c73
Stop generating zz_generated.openapi.go files. 
It turns out we no longer need these and can skip this bit of code generation.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 11:16:59 -05:00
Matt Moyer
f0d5923091
Downgrade k8s.io/kube-openapi back to a previous version. 
9b07d72531...00de3ae54c

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 10:42:39 -05:00
Matt Moyer
85ebaa96d5
Upgrade k8s.io/kube-openapi dependency. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 10:11:26 -05:00
Matt Moyer
cf5bc9f1b4
Upgrade k8s.io/utils dependency. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 10:07:41 -05:00
Matt Moyer
0d02ba6af3
Upgrade k8s.io/gengo dependency. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 10:07:00 -05:00
Matt Moyer
74a569fa82
Upgrade golang.org/x/* module dependencies. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 10:06:29 -05:00
Matt Moyer
01c0514057
Upgrade github.com/pkg/browser. 
This some some kind of improvement on Windows.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 10:00:19 -05:00
Matt Moyer
0d42c1e9fe
Update to Kubernetes 1.21.1 runtime components. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 09:57:41 -05:00
dependabot[bot]
f595e81dbb
Bump github.com/creack/pty from 1.1.11 to 1.1.12 
Bumps [github.com/creack/pty](https://github.com/creack/pty) from 1.1.11 to 1.1.12.
- [Release notes](https://github.com/creack/pty/releases)
- [Commits](https://github.com/creack/pty/compare/v1.1.11...v1.1.12)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-18 05:56:45 +00:00
Ryan Richard
6723ed9fd8 Add end-to-end integration test for CLI-based LDAP login 2021-05-11 13:55:46 -07:00
Ryan Richard
c176d15aa7 Add Supervisor upstream LDAP login to the Pinniped CLI 
- Also enhance prepare-supervisor-on-kind.sh to allow setup of
  a working LDAP upstream IDP.
 2021-04-19 17:59:46 -07:00
Ryan Richard
8d75825635 Merge branch 'main' into initial_ldap 2021-04-14 17:47:26 -07:00
Matt Moyer
38f3ea3f2f
Upgrade to client-go and apimachinery from Kubernetes 1.21. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-04-09 13:00:49 -05:00
Andrew Keesler
4ab704b7de
ldap: add initial stub upstream LDAP connection package 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-04-09 11:38:53 -04:00
Matt Moyer
bea75bb7ac
Upgrade to prereleased Kubernetes v1.20.5++ dependencies. 
These commits include security fixes (CVE-2021-3121) for code generated by github.com/gogo/protobuf.
We expect this fix to also land in v1.20.6, but we don't want to wait for it.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-31 12:53:41 -05:00
Ryan Richard
c9b1982767 Merge branch 'main' into impersonation-proxy 2021-03-22 09:27:18 -07:00
Matt Moyer
1e7f2c7735
Upgrade Kubernetes runtime libraries to v0.20.5. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-22 09:33:29 -05:00
Andrew Keesler
28d00ce67b
Merge remote-tracking branch 'upstream/main' into impersonation-proxy 2021-03-18 20:13:49 -04:00
Monis Khan
d162cb9adf
Move to github.com/form3tech-oss/jwt-go 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-18 16:56:04 -04:00
Ryan Richard
a5384a6e38 Merge branch 'main' into impersonation-proxy 2021-03-15 13:06:36 -07:00
dependabot[bot]
c2b0acf241
Bump k8s.io/klog/v2 from 2.6.0 to 2.8.0 
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.6.0 to 2.8.0.
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.6.0...v2.8.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-15 17:36:36 +00:00
Ryan Richard
c12a23725d Fix lint errors from a previous commit 2021-03-11 16:21:40 -08:00
Matt Moyer
78fdc59d2d
Merge branch 'main' of github.com:vmware-tanzu/pinniped into impersonation-proxy 2021-03-11 14:56:11 -06:00
Ryan Richard
d13bb07b3e Add integration test for using WhoAmIRequest through impersonator 2021-03-10 16:57:15 -08:00
Margo Crawford
24396b6af1 Use gorilla websocket library so squid proxy works 2021-03-10 16:03:52 -08:00
Ryan Richard
0b300cbe42 Use TokenCredentialRequest instead of base64 token with impersonator 
To make an impersonation request, first make a TokenCredentialRequest
to get a certificate. That cert will either be issued by the Kube
API server's CA or by a new CA specific to the impersonator. Either
way, you can then make a request to the impersonator and present
that client cert for auth and the impersonator will accept it and
make the impesonation call on your behalf.

The impersonator http handler now borrows some Kube library code
to handle request processing. This will allow us to more closely
mimic the behavior of a real API server, e.g. the client cert
auth will work exactly like the real API server.

Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-10 10:30:06 -08:00