ec22b5715b
Add Pinniped favicon to login UI page 🦭
2022-05-05 14:46:07 -07:00
6e6e1f4add
Update login page CSS selectors in e2e test
2022-05-05 13:56:38 -07:00
00d68845c4
Add `--flow` to choose login flow in prepare-supervisor-on-kind.sh
2022-05-05 13:42:23 -07:00
cffa353ffb
Login page styling/structure for users, screen readers, passwd managers
...
Also:
- Add CSS to login page
- Refactor login page HTML and CSS into a new package
- New custom CSP headers for the login page, because the requirements
are different from the form_post page
2022-05-05 13:13:25 -07:00
6ca7c932ae
Add unit test for rendering form_post response from POST /login
2022-05-05 13:13:25 -07:00
b458cd43b9
Merge pull request #1159 from vmware-tanzu/fix-openldap-typo
...
Tiny fix to openldap group name: pinninpeds->pinnipeds
2022-05-05 12:50:43 -07:00
07a3faf449
Merge branch 'main' into fix-openldap-typo
2022-05-05 10:51:09 -07:00
329d41aac7
Add the full end to end test for ldap web ui
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-05 08:49:58 -07:00
079908fb50
Update to reflect further conversations we've had
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-04 13:28:54 -07:00
1a59b6a686
Update ROADMAP.md
...
Changes made to reflect status as of May 4th, 2022
2022-05-04 16:06:33 -04:00
eb891d77a5
Tiny fix: pinninpeds->pinnipeds
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-04 12:42:55 -07:00
572474605f
Merge pull request #1151 from vmware-tanzu/more_unit_tests_for_ldap_escaping
...
More unit tests for LDAP DNs which contain special chars
2022-05-04 09:49:20 -07:00
656f221fb7
Merge branch 'main' into ldap-login-ui
2022-05-04 09:29:15 -07:00
a36688573b
Merge pull request #1150 from vmware-tanzu/prepare_supervisor_on_kind_active_directory
...
Support AD in hack/prepare-supervisor-on-kind.sh
2022-05-04 09:16:13 -07:00
2e031f727b
Use security headers for the form_post page in the POST /login endpoint
...
Also use more specific test assertions where security headers are
expected. And run the unit tests for the login package in parallel.
2022-05-03 16:46:09 -07:00
acc6c50e48
More unit tests for LDAP DNs which contain special chars
...
Adding explicit coverage for PerformRefresh().
2022-05-03 15:43:01 -07:00
388cdb6ddd
Fix bug where form was posting to the wrong path
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-03 15:18:38 -07:00
eaa87c7628
support AD in hack/prepare-supervisor-on-kind.sh
2022-05-03 12:59:39 -07:00
d6e61012c6
Merge pull request #1149 from vmware-tanzu/update_kube_versions
...
Update kube codegen versions
2022-05-02 15:35:49 -07:00
cc1f0b8db9
Merge pull request #1148 from vmware-tanzu/ldap_group_search_escape
...
Escape special characters in LDAP DNs when used in search filters
2022-05-02 14:44:45 -07:00
90e88bb83c
Update kube codegen versions
...
Note that attempting to update 1.18.18 to 1.18.20 didn't work for some
reason, so I skipped that one. The code generator didn't like 1.18.20
and it deleted all the generated code. Avoiding 1.18.19 because it is
listed as having a regression at
https://kubernetes.io/releases/patch-releases/#non-active-branch-history
2022-05-02 14:33:33 -07:00
2ad181c7dd
Merge branch 'main' into ldap_group_search_escape
2022-05-02 13:49:55 -07:00
ee881aa406
Merge pull request #1146 from enj/enj/i/bump_0007
...
Bump deps to latest and go mod compat to 1.17
2022-05-02 16:44:49 -04:00
c74dea6405
Escape special characters in LDAP DNs when used in search filters
2022-05-02 13:37:32 -07:00
dfbc33b933
Apply suggestions from code review
...
Co-authored-by: Mo Khan <i@monis.app>
2022-05-02 09:47:09 -07:00
69e5169fc5
Implement post_login_handler.go to accept form post and auth to LDAP/AD
...
Also extract some helpers from auth_handler.go so they can be shared
with the new handler.
2022-04-29 16:02:00 -07:00
646c6ec9ed
Show error message on login page
...
Also add autocomplete attribute and title element
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-29 10:36:13 -07:00
2cdb55e7da
Bump deps to latest and go mod compat to 1.17
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-28 15:37:51 -04:00
453c69af7d
Fix some errors and pass state as form element
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-28 12:07:04 -07:00
07b2306254
Add basic outline of login get handler
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-28 11:51:36 -07:00
77f016fb64
Allow browser_authcode flow for pinniped login command
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-27 08:53:53 -07:00
ae60d4356b
Some refactoring of shared code between OIDC and LDAP browser flows
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-27 08:51:37 -07:00
379a803509
when password header but not username is sent to password grant, error
...
also add more unit tests
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-26 16:46:58 -07:00
65eed7e742
Implement login_handler.go to defer to other handlers
...
The other handlers for GET and POST requests are not yet implemented in
this commit. The shared handler code in login_handler.go takes care of
things checking the method, checking the CSRF cookie, decoding the state
param, and adding security headers on behalf of both the GET and POST
handlers.
Some code has been extracted from callback_handler.go to be shared.
2022-04-26 15:37:30 -07:00
eb1d3812ec
Update authorization endpoint to redirect to new login page
...
Also fix some test failures on the callback handler, register the
new login handler in manager.go and add a (half baked) integration test
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-26 12:51:56 -07:00
8832362b94
WIP: Add login handler for LDAP/AD web login
...
Also change state param to include IDP type
2022-04-25 16:41:55 -07:00
694e4d6df6
Advertise browser_authcode flow in ldap idp discovery
...
To keep this backwards compatible, this PR changes how
the cli deals with ambiguous flows. Previously, if there
was more than one flow advertised, the cli would require users
to set the flag --upstream-identity-provider-flow. Now it
chooses the first one in the list.
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-25 14:54:21 -07:00
973c3102bb
add audit logging proposal
2022-04-21 14:50:48 -07:00
24b0ddf600
Merge pull request #1140 from vmware-tanzu/bump_kube_deps_v0.23.6
...
bump kube deps from v0.23.5 to v0.23.6
2022-04-21 10:18:43 -07:00
cab9ac8368
bump kube deps from v0.23.5 to v0.23.6
2022-04-21 09:17:24 -07:00
444cf111d0
Add more detail about how the flow should work
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-20 16:17:49 -07:00
793b8b9260
Merge pull request #1121 from anjaltelang/main
...
v0.16.0 Blog
2022-04-20 11:54:20 -07:00
4071b48f01
Updated versions in docs for v0.16.0 release
2022-04-20 18:52:59 +00:00
46e61bdea9
Update 2022-04-15-fips-and-more.md
...
Update release date
2022-04-20 10:56:21 -07:00
52341f4e49
Merge pull request #1083 from vmware-tanzu/dependabot/go_modules/k8s.io/klog/v2-2.60.1
...
Bump k8s.io/klog/v2 from 2.40.1 to 2.60.1
2022-04-19 15:22:08 -07:00
cd982655a2
Bump k8s.io/klog/v2 from 2.40.1 to 2.60.1
...
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog ) from 2.40.1 to 2.60.1.
- [Release notes](https://github.com/kubernetes/klog/releases )
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md )
- [Commits](https://github.com/kubernetes/klog/compare/v2.40.1...v2.60.1 )
---
updated-dependencies:
- dependency-name: k8s.io/klog/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-19 20:33:38 +00:00
311bb05993
Merge pull request #1130 from vmware-tanzu/kube-versions-april-22
...
Update kube versions to latest patch
2022-04-19 13:30:40 -07:00
0ec5e57114
Merge pull request #1131 from vmware-tanzu/bump_some_deps
...
Bump some deps
2022-04-19 13:29:28 -07:00
63779ddac2
Merge pull request #1129 from vmware-tanzu/jwt-authenticator-client-field
...
JWTAuthenticator distributed claims resolution honors tls config
2022-04-19 13:28:43 -07:00
4de8004094
Empty commit to trigger CI
2022-04-19 12:12:45 -07:00
Ryan Richard