Ryan Richard
f302e71b0f
Fix some integration tests' handling of groups to work with Okta
2022-09-26 12:40:07 -07:00
Ryan Richard
110681cdb8
Fix the name of the API Service updater controller in the log messages
2022-09-26 12:37:34 -07:00
Ryan Richard
36dbc7c9bf
Update supervisor_storage_test.go to avoid using fuzzed value
...
The fuzzed value depends on which Go compiler is used. This breaks
the fips tests in CI as long as the fips compiler is a version behind
(we are still waiting for the 1.19 fips compiler to come out).
The fuzzing is still being tested by a separate unit test, so we are
not losing fuzzing test coverage.
2022-09-26 11:19:39 -07:00
Ryan Richard
1e05012bdb
Merge pull request #1303 from vmware-tanzu/dependabot/go_modules/github.com/tdewolff/minify/v2-2.12.2
...
Bump github.com/tdewolff/minify/v2 from 2.12.1 to 2.12.2
2022-09-26 07:56:37 -07:00
dependabot[bot]
e122e65b0a
Bump github.com/tdewolff/minify/v2 from 2.12.1 to 2.12.2
...
Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify ) from 2.12.1 to 2.12.2.
- [Release notes](https://github.com/tdewolff/minify/releases )
- [Commits](https://github.com/tdewolff/minify/compare/v2.12.1...v2.12.2 )
---
updated-dependencies:
- dependency-name: github.com/tdewolff/minify/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-26 01:34:52 +00:00
Ryan Richard
d444242431
Merge pull request #1302 from vmware-tanzu/bump_deps_sept_2022
...
Bump deps sept 2022
2022-09-23 16:38:41 -07:00
Ryan Richard
3b507dab4a
Upgrade generated code to use the latest available versions of Kube libs
...
Manually kube-versions.txt and then ran ./hack/update.sh to update the
generated code.
2022-09-23 14:55:23 -07:00
Ryan Richard
bad95c072e
Upgrade project dependencies to latest
...
- Upgrade Go used in CI from 1.19.0 to 1.19.1
- Upgrade all go.mod direct dependencies to latest available versions
- Upgrade distroless base image to latest available version
- Upgrade Go fips compiler to to latest available version
Note that upgrading the go-oidc library changed an error message
returned by that library, so update the places where tests were
expecting that error message.
2022-09-23 14:41:54 -07:00
Ryan Richard
eb62f04f21
Merge pull request #1181 from vmware-tanzu/dynamic_clients
...
Dynamic OIDC clients feature
2022-09-23 14:03:08 -07:00
Ryan Richard
208a566bdf
Merge branch 'main' into dynamic_clients
2022-09-23 14:01:11 -07:00
Ryan Richard
510286570a
Merge pull request #1286 from vmware-tanzu/psa
...
Make Pinniped compatible with Kube clusters which have enabled PSAs
2022-09-23 13:56:23 -07:00
Ryan Richard
66b1df2dd9
Fix a test assertion in supervisor_oidcclientsecret_test.go
2022-09-23 07:59:05 -07:00
Ryan Richard
a7eb16dde1
Merge pull request #1255 from vmware-tanzu/dynamic_clients_docs
...
Add docs for dynamic clients
2022-09-22 12:34:17 -07:00
Ryan Richard
b46a2f0267
Add more details about OIDCClients to configure-auth-for-webapps.md
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2022-09-22 12:31:31 -07:00
Ryan Richard
e27b04cb41
Merge pull request #1273 from vmware-tanzu/dynamic_client_create_secret
...
Implement OIDCClientSecretRequest API for managing dynamic client secrets
2022-09-22 11:31:47 -07:00
Ryan Richard
3a7b373a7d
Add OIDCClientSecretRequest to code-walkthrough.md
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2022-09-22 11:26:17 -07:00
Ryan Richard
ba98c8cc14
Enhance Kube middleware to rewrite API group of ownerRefs on update verb
...
When oidcclientsecretstorage.Set() wants to update the contents of the
storage Secret, it also wants to keep the original ownerRef of the
storage Secret, so it needs the middleware to rewrite the API group
of the ownerRef again during the update (just like it had initially done
during the create of the Secret).
2022-09-21 21:30:44 -07:00
Ryan Richard
31716358a9
Make the assertNoRestartsDuringTest() helper ignore terminating pods
2022-09-21 21:27:02 -07:00
Ryan Richard
12b3079377
integration tests for oidcclientsecretrequest endpoint
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2022-09-21 16:25:41 -07:00
Benjamin A. Petersen
a7ca2cf2dd
fix test name in clientsecretrequest unit tests
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2022-09-21 15:17:23 -07:00
Ryan Richard
b49dcc7d45
Resolve a todo in oidcclientsecretstorage.go
2022-09-21 15:17:21 -07:00
Ryan Richard
90f13225ef
Update integration test helper to call new OIDCClientSecretRequest API
2022-09-21 15:17:21 -07:00
Ryan Richard
ee3515f23b
Create OIDCClientSecretRequest returns metadata
...
Sets the Name, Namespace, CreationTimestamp fields in the object meta
of the return value.
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2022-09-21 15:17:10 -07:00
Ryan Richard
7997285b19
Make fields optional on OIDCClientSecretRequest
2022-09-21 15:17:08 -07:00
Benjamin A. Petersen
6d863a159b
Add unit tests for clientsecretrequest logs
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2022-09-21 15:17:02 -07:00
Benjamin A. Petersen
5e3a912200
Add unit tests for clientsecretrequest
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2022-09-21 15:16:48 -07:00
Benjamin A. Petersen
a812646dd1
Update pre-commit-config
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2022-09-21 15:16:39 -07:00
Benjamin A. Petersen
488296a480
adding tests
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2022-09-21 15:16:12 -07:00
Benjamin A. Petersen
55fb62d060
Fix OIDCClientSecretStorage.Get to check version, add tests for OIDCClientSecretStorage
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2022-09-21 15:15:50 -07:00
Ryan Richard
af01c3aeb6
Make kubectl explain
work for Pinniped aggregated APIs
...
- Change update-codegen.sh script to also generated openapi code for the
aggregated API types
- Update both aggregated API servers' configuration to make them serve
the openapi docs for the aggregated APIs
- Add new integration test which runs `kubectl explain` for all Pinniped
API resources, and all fields and subfields of those resources
- Update some the comments on the API structs
- Change some names of the tmpl files to make the filename better match
the struct names
2022-09-21 15:15:37 -07:00
Ryan Richard
1c296e5c4c
Implement the OIDCClientSecretRequest API
...
This commit is a WIP commit because it doesn't include many tests
for the new feature.
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2022-09-21 15:15:07 -07:00
Ryan Richard
b564454bab
Make Pinniped compatible with Kube clusters which have enabled PSAs
...
Where possible, use securityContext settings which will work with the
most restrictive Pod Security Admission policy level (as of Kube 1.25).
Where privileged containers are needed, use the namespace-level
annotation to allow them.
Also adjust some integration tests to make similar changes to allow the
integration tests to pass on test clusters which use restricted PSAs.
2022-09-15 14:58:15 -07:00
Ryan Richard
7c247e9000
Merge branch 'main' into dynamic_clients
2022-09-15 12:00:41 -07:00
anjalitelang
6b3a2e87c0
Update ROADMAP.md
2022-09-09 11:18:48 -04:00
anjalitelang
3c2820fdae
Update ROADMAP.md
...
Updating the roadmap based on current needs of users 9/9/2022
2022-09-09 11:18:19 -04:00
Pinny
4441ac0600
Updated versions in docs for v0.19.0 release
2022-08-26 20:08:48 +00:00
Ryan Richard
dc39162597
Rerun codegen after merging main into dynamic_clients
...
Needed to update the new v1.25 generated code to include the new APIs
that were added in the dynamic_clients branch.
2022-08-26 12:13:53 -07:00
Ryan Richard
8d8f980e86
Merge branch 'main' into dynamic_clients
2022-08-26 11:35:35 -07:00
Ryan Richard
a5ac710831
Add unit test for expired refresh tokens used in refresh flow
2022-08-26 09:23:25 -07:00
Ryan Richard
5246ff9005
Give more time for slow envs to update in concierge_api_serving_certs_test.go
...
This test is a little flaky in slow Kubernetes clusters. Try giving a
little more time for things to update before failing the test, to
hopefully make this test a little more reliable.
2022-08-25 11:20:54 -07:00
Ryan Richard
24a3588eb0
Run codegen again using Go 1.19, causes whitespace diffs in generated code
2022-08-25 09:36:54 -07:00
Ryan Richard
8f27219ac9
Change allowed gcp auth plugin is deprecation warning text
...
It seems that google changed it from "the gcp auth plugin is deprecated
in v1.22+, unavailable in v1.25+; use gcloud instead" to instead say
"unavailable in v1.26+". Make the matcher in category_test.go more loose
to allow both to match.
2022-08-25 08:11:37 -07:00
Ryan Richard
736b385d7b
Merge pull request #1264 from vmware-tanzu/access_token_validation
...
Improve token exchange error messages and error test cases
2022-08-24 17:53:53 -07:00
Ryan Richard
c40465127e
Merge branch 'main' into access_token_validation
2022-08-24 16:50:21 -07:00
Ryan Richard
af7cf673e0
Merge pull request #1192 from vmware-tanzu/dependabot/docker/distroless/static-66cd130
...
Bump distroless/static from `2556293` to `66cd130`
2022-08-24 16:49:37 -07:00
Ryan Richard
ee99106160
Merge pull request #1193 from vmware-tanzu/dependabot/docker/hack/distroless/static-66cd130
...
Bump distroless/static from `2556293` to `66cd130` in /hack
2022-08-24 16:49:18 -07:00
Ryan Richard
65197d0f9d
Merge branch 'main' into access_token_validation
2022-08-24 16:41:12 -07:00
dependabot[bot]
f320a04125
Bump distroless/static from 2556293
to 66cd130
...
Bumps distroless/static from `2556293` to `66cd130`.
---
updated-dependencies:
- dependency-name: distroless/static
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-08-24 23:40:35 +00:00
dependabot[bot]
036c937db5
Bump distroless/static from 2556293
to 66cd130
in /hack
...
Bumps distroless/static from `2556293` to `66cd130`.
---
updated-dependencies:
- dependency-name: distroless/static
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-08-24 23:40:34 +00:00
Ryan Richard
4e8601e73b
Merge pull request #1272 from vmware-tanzu/bump_deps_aug_2022
...
Bump all deps
2022-08-24 16:39:45 -07:00