Ryan Richard
65eed7e742
Implement login_handler.go to defer to other handlers
...
The other handlers for GET and POST requests are not yet implemented in
this commit. The shared handler code in login_handler.go takes care of
things checking the method, checking the CSRF cookie, decoding the state
param, and adding security headers on behalf of both the GET and POST
handlers.
Some code has been extracted from callback_handler.go to be shared.
2022-04-26 15:37:30 -07:00
Margo Crawford
eb1d3812ec
Update authorization endpoint to redirect to new login page
...
Also fix some test failures on the callback handler, register the
new login handler in manager.go and add a (half baked) integration test
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-26 12:51:56 -07:00
Margo Crawford
8832362b94
WIP: Add login handler for LDAP/AD web login
...
Also change state param to include IDP type
2022-04-25 16:41:55 -07:00
Margo Crawford
694e4d6df6
Advertise browser_authcode flow in ldap idp discovery
...
To keep this backwards compatible, this PR changes how
the cli deals with ambiguous flows. Previously, if there
was more than one flow advertised, the cli would require users
to set the flag --upstream-identity-provider-flow. Now it
chooses the first one in the list.
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-25 14:54:21 -07:00
Ryan Richard
973c3102bb
add audit logging proposal
2022-04-21 14:50:48 -07:00
Ryan Richard
24b0ddf600
Merge pull request #1140 from vmware-tanzu/bump_kube_deps_v0.23.6
...
bump kube deps from v0.23.5 to v0.23.6
2022-04-21 10:18:43 -07:00
Ryan Richard
cab9ac8368
bump kube deps from v0.23.5 to v0.23.6
2022-04-21 09:17:24 -07:00
Margo Crawford
444cf111d0
Add more detail about how the flow should work
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-20 16:17:49 -07:00
Ryan Richard
793b8b9260
Merge pull request #1121 from anjaltelang/main
...
v0.16.0 Blog
2022-04-20 11:54:20 -07:00
Pinny
4071b48f01
Updated versions in docs for v0.16.0 release
2022-04-20 18:52:59 +00:00
Ryan Richard
46e61bdea9
Update 2022-04-15-fips-and-more.md
...
Update release date
2022-04-20 10:56:21 -07:00
Ryan Richard
52341f4e49
Merge pull request #1083 from vmware-tanzu/dependabot/go_modules/k8s.io/klog/v2-2.60.1
...
Bump k8s.io/klog/v2 from 2.40.1 to 2.60.1
2022-04-19 15:22:08 -07:00
dependabot[bot]
cd982655a2
Bump k8s.io/klog/v2 from 2.40.1 to 2.60.1
...
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog ) from 2.40.1 to 2.60.1.
- [Release notes](https://github.com/kubernetes/klog/releases )
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md )
- [Commits](https://github.com/kubernetes/klog/compare/v2.40.1...v2.60.1 )
---
updated-dependencies:
- dependency-name: k8s.io/klog/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-19 20:33:38 +00:00
Margo Crawford
311bb05993
Merge pull request #1130 from vmware-tanzu/kube-versions-april-22
...
Update kube versions to latest patch
2022-04-19 13:30:40 -07:00
Ryan Richard
0ec5e57114
Merge pull request #1131 from vmware-tanzu/bump_some_deps
...
Bump some deps
2022-04-19 13:29:28 -07:00
Margo Crawford
63779ddac2
Merge pull request #1129 from vmware-tanzu/jwt-authenticator-client-field
...
JWTAuthenticator distributed claims resolution honors tls config
2022-04-19 13:28:43 -07:00
Ryan Richard
4de8004094
Empty commit to trigger CI
2022-04-19 12:12:45 -07:00
Margo Crawford
0b72f7084c
JWTAuthenticator distributed claims resolution honors tls config
...
Kube 1.23 introduced a new field on the OIDC Authenticator which
allows us to pass in a client with our own TLS config. See
https://github.com/kubernetes/kubernetes/pull/106141 .
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-19 11:36:46 -07:00
Ryan Richard
132d2aac72
add a code comment
2022-04-19 11:35:46 -07:00
Ryan Richard
2d4f4e4efd
Merge branch 'main' into bump_some_deps
2022-04-19 11:32:53 -07:00
Margo Crawford
c40bca5e65
Merge pull request #1127 from hectorj2f/add_code_challenge_method_support
...
oidc: add code challenge supported methods to the discovery doc
2022-04-19 11:23:57 -07:00
Margo Crawford
019750a292
Update kube versions to latest patch
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-19 11:19:24 -07:00
Anjali Telang
9e5d4ae51c
Blog for v0.16.0
...
Signed-off-by: Anjali Telang <atelang@vmware.com>
2022-04-19 14:16:45 -04:00
Ryan Richard
5b9831d319
bump the kube direct deps
2022-04-19 11:13:52 -07:00
Ryan Richard
fb8083d024
bump some direct deps
2022-04-19 11:09:24 -07:00
hectorj2f
a3f7afaec4
oidc: add code challenge supported methods
...
Signed-off-by: hectorj2f <hectorf@vmware.com>
2022-04-19 01:21:39 +02:00
Ryan Richard
19149ff043
Update proposal state to "in-review"
2022-04-15 13:35:07 -07:00
Ryan Richard
e2836fbdb5
Dynamic Supervisor OIDC Clients proposal
2022-04-15 13:23:40 -07:00
Margo Crawford
f5cf3276d5
Merge pull request #1123 from vmware-tanzu/macos-untrusted-certificate-errors
2022-04-14 20:15:31 -07:00
Margo Crawford
d5337c9c19
Error format of untrusted certificate errors should depend on OS
...
Go 1.18.1 started using MacOS' x509 verification APIs on Macs
rather than Go's own. The error messages are different.
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-14 17:37:36 -07:00
Margo Crawford
96137cd0ee
ldap/ad web ui proposal
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-14 13:58:31 -07:00
Mo Khan
c624846eaa
Merge pull request #1122 from vmware-tanzu/impersonator-only-http2
...
the http2RoundTripper should only use http2
2022-04-14 16:55:50 -04:00
Margo Crawford
03f19da21c
the http2RoundTripper should only use http2
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-14 10:51:25 -07:00
Mo Khan
8fe635e7ce
Merge pull request #1096 from vmware-tanzu/dependabot/docker/distroless/static-2556293
...
Bump distroless/static from `80c956f` to `2556293`
2022-04-14 12:53:59 -04:00
dependabot[bot]
2fa81546f3
Bump distroless/static from 80c956f
to 2556293
...
Bumps distroless/static from `80c956f` to `2556293`.
---
updated-dependencies:
- dependency-name: distroless/static
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-14 14:51:17 +00:00
Mo Khan
43485563ff
Merge pull request #1120 from vmware-tanzu/dependabot/docker/hack/google.com/api-project-999119582588/go-boringcrypto/golang-1.18.1b7
...
Bump google.com/api-project-999119582588/go-boringcrypto/golang from 1.17.8b7 to 1.18.1b7 in /hack
2022-04-14 10:26:04 -04:00
dependabot[bot]
5621c1161a
Bump google.com/api-project-999119582588/go-boringcrypto/golang in /hack
...
Bumps google.com/api-project-999119582588/go-boringcrypto/golang from 1.17.8b7 to 1.18.1b7.
---
updated-dependencies:
- dependency-name: google.com/api-project-999119582588/go-boringcrypto/golang
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-14 13:26:21 +00:00
Mo Khan
79fd8e2901
Merge pull request #1119 from enj/enj/i/fips_log_errs
...
Only emit FIPS startup log when running a server component
2022-04-14 09:19:40 -04:00
Monis Khan
e0886c6948
Only emit FIPS startup log when running a server component
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-13 18:31:02 -04:00
Mo Khan
f5cc2f20f7
Merge pull request #1118 from enj/enj/i/go1.18_linter_fix
...
Bump to go1.18.1 and fix linter errors
2022-04-13 18:15:20 -04:00
Monis Khan
8fd77b72df
Bump to go1.18.1 and fix linter errors
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-13 16:43:06 -04:00
Mo Khan
8ecf18521c
Merge pull request #1112 from vmware-tanzu/fips-website-docs
...
document how to use the fips dockerfile on our website
2022-04-13 16:41:25 -04:00
Margo Crawford
96c705bf94
document how to use the fips dockerfile on our website
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-13 12:45:58 -07:00
Mo Khan
d0d20e00e4
Merge pull request #1117 from vmware-tanzu/prefix_tokens
...
Add custom prefix to downstream access and refresh tokens and authcodes
2022-04-13 15:34:42 -04:00
Ryan Richard
53348b8464
Add custom prefix to downstream access and refresh tokens and authcodes
2022-04-13 10:13:27 -07:00
Ryan Richard
13daf59217
Merge pull request #1108 from vicmarbev/main
...
Use vmware-tanzu/carvel instead of the deprecated k14s/tap to install deps with brew
2022-04-13 08:43:39 -07:00
Ryan Richard
9ebf3a5b92
Merge branch 'main' into main
2022-04-13 08:41:04 -07:00
Mo Khan
6af1aaeb20
Merge pull request #1114 from enj/enj/i/fips_init_log
...
Use klog to make sure FIPS init log is emitted
2022-04-12 16:23:38 -04:00
Monis Khan
6b4fbb6e0e
Use klog to make sure FIPS init log is emitted
...
We cannot use plog until the log level config has been setup, but
that occurs after this init function has run.
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-12 14:36:06 -04:00
Mo Khan
edf4ffb018
Merge pull request #1101 from vmware-tanzu/dependabot/docker/hack/distroless/static-2556293
...
Bump distroless/static from `80c956f` to `2556293` in /hack
2022-04-11 12:37:25 -04:00