Monis Khan
59d67322d3
Static validation for OIDC clients
...
The following validation is enforced:
1. Names must start with client.oauth.pinniped.dev-
2. Redirect URIs must start with https://
or http://127.0.0.1
or http://::1
3. All spec lists must not have duplicates
Added an integration test to assert all static validations.
Signed-off-by: Monis Khan <mok@vmware.com>
2022-06-15 15:09:40 -04:00
Mo Khan
c77bee67c1
Merge pull request #1189 from vmware-tanzu/token_exchange_aud
...
Disallow certain requested audience strings in token exchange
2022-06-14 16:41:51 -04:00
Ryan Richard
268e1108d1
Merge pull request #1194 from vmware-tanzu/config_oidcclient
...
Move oidcclient into config.supervisor.pinniped.dev
2022-06-13 16:03:05 -07:00
Margo Crawford
0c1f48cbc1
Move oidcclient into config.supervisor.pinniped.dev
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-06-13 15:48:54 -07:00
Ryan Richard
aceea7888b
Merge branch 'main' into dynamic_clients
2022-06-13 12:29:09 -07:00
Ryan Richard
b9272b2729
Reserve all of *.pinniped.dev for requested aud in token exchanges
...
Our previous plan was to reserve only *.oauth.pinniped.dev but we
changed our minds during PR review.
2022-06-13 12:08:11 -07:00
Margo Crawford
018bdacc6d
Merge pull request #1191 from vmware-tanzu/codegen-docker-pull-always
...
Always attempt to docker pull before codegen
2022-06-10 13:31:47 -07:00
Ryan Richard
e7096c61a8
Merge branch 'main' into dynamic_clients
2022-06-10 12:52:59 -07:00
Margo Crawford
b3ad29fe1c
Always attempt to docker pull before codegen
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-06-10 12:26:40 -07:00
Ryan Richard
484c8f4bf3
Merge pull request #1183 from anjaltelang/main
...
Blog for v0.18.0
2022-06-08 15:14:31 -07:00
Ryan Richard
221f174768
Update v0.18.0 blog post date
2022-06-08 15:14:02 -07:00
Pinny
3ebf5ad4c3
Updated versions in docs for v0.18.0 release
2022-06-08 22:13:13 +00:00
Ryan Richard
ec533cd781
Skip some recently added integration tests when LDAP is unavailable
...
Also refactor to use shared test helper for skipping LDAP and AD tests.
2022-06-08 12:57:00 -07:00
Ryan Richard
dd61ada540
Allow new warning messages about GCP plugin in TestGetPinnipedCategory
2022-06-08 10:22:15 -07:00
Ryan Richard
0b6b8b4fcd
Merge branch 'dynamic_clients' into token_exchange_aud
2022-06-08 09:58:38 -07:00
Ryan Richard
77f37b5a57
run codegen
2022-06-08 09:41:35 -07:00
Ryan Richard
321abfc98d
Merge branch 'dynamic_clients' into token_exchange_aud
2022-06-08 09:03:29 -07:00
Ryan Richard
97d17bbda8
Merge branch 'main' into dynamic_clients
2022-06-08 09:03:06 -07:00
Mo Khan
cc1163e326
Merge pull request #1179 from vmware-tanzu/auth_handler_form_post_csp
...
Fix bug in certain error handling for authorize endpoint when response_mode=form_post is requested
2022-06-08 08:47:56 -04:00
Ryan Richard
ea45e5dfef
Disallow certain requested audience strings in token exchange
2022-06-07 16:32:19 -07:00
Mo Khan
472ab229e7
Merge branch 'main' into auth_handler_form_post_csp
2022-06-07 18:26:52 -04:00
Mo Khan
2c7b52dce8
Merge pull request #1186 from vmware-tanzu/bump_deps
...
Bump all project dependencies
2022-06-07 18:25:12 -04:00
Ryan Richard
2c048bcb4f
Bump all deps to latest
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-06-07 15:26:30 -04:00
Ryan Richard
e78c7d4e0e
update kube codegen versions and add 1.24 codegen
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-06-07 15:26:30 -04:00
Ryan Richard
7751c0bf59
Bump project deps, including kube 0.23.6->0.24.1 and Go 1.18.1->1.18.3
...
Several API changes in Kube required changes in Pinniped code.
Signed-off-by: Monis Khan <mok@vmware.com>
2022-06-07 15:26:30 -04:00
Ryan Richard
8170889aef
Update CSP header expectations in TestSupervisorLogin_Browser int test
2022-06-07 11:20:59 -07:00
Mo Khan
38bfdd6b70
Merge branch 'main' into auth_handler_form_post_csp
2022-06-07 11:42:09 -04:00
Margo Crawford
e5a96e353c
Merge pull request #1185 from vmware-tanzu/oidc_client_crd
...
OIDC client crd
2022-06-06 14:16:10 -07:00
Anjali Telang
52bbbcf7e8
margo's suggestions
2022-06-06 17:03:52 -04:00
Mo Khan
a3ec15862d
Run CodeQL on dynamic_clients branch
2022-06-06 16:41:38 -04:00
Ryan Richard
98c45fefe9
Merge branch 'main' into auth_handler_form_post_csp
2022-06-06 11:51:51 -07:00
Margo Crawford
d6442ed53d
Merge pull request #1180 from vmware-tanzu/cli_flow_env_var
...
Allow `PINNIPED_UPSTREAM_IDENTITY_PROVIDER_FLOW` env var to override `--upstream-identity-provider-flow` CLI flag
2022-06-06 11:49:00 -07:00
Margo Crawford
0dec2eee32
Add enum validation for scopes and grant types
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-06-06 10:15:25 -07:00
Ryan Richard
fd9d641b5c
Add doc for PINNIPED_UPSTREAM_IDENTITY_PROVIDER_FLOW env var
2022-06-06 09:47:50 -07:00
Ryan Richard
326cc194e9
Merge branch 'main' into cli_flow_env_var
2022-06-06 09:38:57 -07:00
Margo Crawford
3cacb5b022
Fix typo in oidcclient spec and status descriptions
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-06-06 07:38:57 -07:00
Margo Crawford
ca3da0bc90
Fix some disallowed kubebuilder annotations, fix kube api discovery test
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-06-04 21:04:40 -07:00
Margo Crawford
cd47ba53c2
Add CRD for OIDCClient
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-06-03 16:22:15 -07:00
anjalitelang
2f6349c96d
Merge pull request #1166 from anjaltelang/main
...
Roadmap updates for future
2022-06-02 17:27:14 -04:00
anjalitelang
225bbdd36b
Merge branch 'main' into main
2022-06-02 17:25:43 -04:00
Ryan Richard
30d09b2b7e
Empty commit
2022-06-02 13:10:34 -07:00
Ryan Richard
cb8685b942
Add e2e test for PINNIPED_UPSTREAM_IDENTITY_PROVIDER_FLOW env var
2022-06-02 11:27:54 -07:00
Ryan Richard
6e461821d6
Allow PINNIPED_UPSTREAM_IDENTITY_PROVIDER_FLOW env var to override flow
...
Env var may be used with CLI to override the flow selected by the
--upstream-identity-provider-flow CLI flag.
2022-06-02 10:30:03 -07:00
Ryan Richard
b99c4773a2
Use CSP headers in auth handler response
...
When response_mode=form_post is requested, some error cases will be
returned to the client using the form_post web page to POST the result
back to the client's redirect URL.
2022-06-02 09:23:34 -07:00
Mo Khan
75a32ae243
Merge pull request #1145 from enj/enj/f/json_logs
...
Switch to go.uber.org/zap for JSON formatted logging
2022-05-24 13:15:22 -04:00
Monis Khan
0674215ef3
Switch to go.uber.org/zap for JSON formatted logging
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-05-24 11:17:42 -04:00
Ryan Richard
03ccef03fe
Merge pull request #1163 from vmware-tanzu/ldap-login-ui
...
Support a browser-based login flow for LDAP and Active Directory providers
2022-05-24 10:19:34 -04:00
Ryan Richard
438ab0a0e1
Merge branch 'main' into ldap-login-ui
2022-05-20 08:40:34 -07:00
Ryan Richard
39fd9ba270
Small refactors and comments for LDAP/AD UI
2022-05-19 16:02:08 -07:00
Anjali Telang
cc985aa98a
Roadmap updates for future
...
Signed-off-by: Anjali Telang <atelang@vmware.com>
2022-05-19 15:53:53 -04:00